pwn 0.4.489 → 0.4.492
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +2 -2
- data/bin/pwn_nessus_cloud_scan_crud +2 -3
- data/bin/pwn_serial_son_micro_sm132_rfid +7 -1
- data/lib/pwn/plugins/msr206.rb +5 -6
- data/lib/pwn/plugins/nessus_cloud.rb +2 -2
- data/lib/pwn/plugins/son_micro_rfid.rb +3 -10
- data/lib/pwn/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c322dc457a88e28d2bd2b87830653da3e167a7c25c7cea9b5df5d8e8ae7a1ae3
|
4
|
+
data.tar.gz: 770907db6691c4f639a40d497e6084952c554e1289cad3ba02b2bd37d4136134
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: abfc7d67a3cf2b18c25e771d648fb9c6f7c1ab6483a96958ff45b962b55612c7961f0ab094abbd7b272a2dcd1aa6b3a43dc00ff9ae6b1d33cff9ac3af53a6303
|
7
|
+
data.tar.gz: b73297289b1cfb8feb41381b66e93c9b22e3027b39cbb502ffc79f20d850fbebff4eb134fea232639e9b93f94cf571143a2fd7454d567ad77689aaeb017620a3
|
data/Gemfile
CHANGED
@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
|
|
18
18
|
gem 'bettercap', '1.6.2'
|
19
19
|
gem 'brakeman', '5.2.3'
|
20
20
|
gem 'bson', '4.15.0'
|
21
|
-
gem 'bundler', '>=2.3.
|
21
|
+
gem 'bundler', '>=2.3.16'
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
23
23
|
gem 'bunny', '2.19.0'
|
24
24
|
gem 'colorize', '0.8.1'
|
@@ -73,7 +73,7 @@ gem 'sinatra', '2.2.0'
|
|
73
73
|
gem 'slack-ruby-client', '1.1.0'
|
74
74
|
gem 'socksify', '1.7.1'
|
75
75
|
gem 'spreadsheet', '1.3.0'
|
76
|
-
gem 'sqlite3', '1.4.
|
76
|
+
gem 'sqlite3', '1.4.4'
|
77
77
|
gem 'thin', '1.8.1'
|
78
78
|
gem 'tty-prompt', '0.23.1'
|
79
79
|
gem 'watir', '7.1.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.492]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.492]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -67,7 +67,7 @@ OptionParser.new do |options|
|
|
67
67
|
opts[:starttime] = t
|
68
68
|
end
|
69
69
|
|
70
|
-
options.on('-rRRULES', '--rrules=RRULES', '<Optional - For One-Time Scans, the Starting Time and Date for the Scan (Defaults to "FREQ=
|
70
|
+
options.on('-rRRULES', '--rrules=RRULES', '<Optional - For One-Time Scans, the Starting Time and Date for the Scan (Defaults to "FREQ=null;INTERVAL=0;BYDAY=null")>') do |r|
|
71
71
|
opts[:rrules] = r
|
72
72
|
end
|
73
73
|
|
@@ -147,7 +147,7 @@ begin
|
|
147
147
|
starttime ||= Time.now.strftime('%Y%m%dT%H%M%S')
|
148
148
|
|
149
149
|
rrules = opts[:rrules]
|
150
|
-
rrules ||= 'FREQ=
|
150
|
+
rrules ||= 'FREQ=null;INTERVAL=0;BYDAY=null'
|
151
151
|
|
152
152
|
timezone = opts[:timezone]
|
153
153
|
timezone ||= 'UTC'
|
@@ -218,7 +218,6 @@ begin
|
|
218
218
|
name: scan_template_name
|
219
219
|
)
|
220
220
|
scan_template_uuid = scan_template[:uuid]
|
221
|
-
puts scan_template_uuid
|
222
221
|
|
223
222
|
# Part 2: Populate settings object from options passed to driver
|
224
223
|
settings = {}
|
@@ -67,7 +67,13 @@ begin
|
|
67
67
|
son_micro_rfid_obj: son_micro_rfid_obj,
|
68
68
|
cmd: :firmware
|
69
69
|
)
|
70
|
-
|
70
|
+
|
71
|
+
firmware_decoded = ''
|
72
|
+
exec_resp.last[:hex_resp].split.each do |byte_str|
|
73
|
+
firmware_decoded += [byte_str].pack('H*')
|
74
|
+
end
|
75
|
+
|
76
|
+
puts "Firmware Version: #{firmware_decoded.scrub.strip.chomp}"
|
71
77
|
|
72
78
|
# Main Menu
|
73
79
|
menu_msg = ''
|
data/lib/pwn/plugins/msr206.rb
CHANGED
@@ -615,7 +615,7 @@ module PWN
|
|
615
615
|
)
|
616
616
|
puts exec_resp.inspect
|
617
617
|
|
618
|
-
print '
|
618
|
+
print 'Reader Activated. Please Swipe Card...'
|
619
619
|
loop do
|
620
620
|
exec_resp = parse_responses(
|
621
621
|
msr206_obj: msr206_obj,
|
@@ -813,7 +813,7 @@ module PWN
|
|
813
813
|
)
|
814
814
|
puts exec_resp.inspect
|
815
815
|
|
816
|
-
print '
|
816
|
+
print 'Writer Activated. Please Swipe Card...'
|
817
817
|
loop do
|
818
818
|
exec_resp = parse_responses(
|
819
819
|
msr206_obj: msr206_obj,
|
@@ -923,6 +923,8 @@ module PWN
|
|
923
923
|
cmd: :yellow_off
|
924
924
|
)
|
925
925
|
|
926
|
+
puts 'complete.'
|
927
|
+
|
926
928
|
track_data
|
927
929
|
rescue StandardError => e
|
928
930
|
raise e
|
@@ -1017,7 +1019,6 @@ module PWN
|
|
1017
1019
|
)
|
1018
1020
|
|
1019
1021
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
1020
|
-
# TODO: Save Original Card Contents
|
1021
1022
|
write_card(
|
1022
1023
|
msr206_obj: msr206_obj,
|
1023
1024
|
encoding: encoding,
|
@@ -1061,6 +1062,7 @@ module PWN
|
|
1061
1062
|
)
|
1062
1063
|
end
|
1063
1064
|
|
1065
|
+
# Read Card from Backup
|
1064
1066
|
track_data = JSON.parse(
|
1065
1067
|
File.read(file),
|
1066
1068
|
symbolize_names: true
|
@@ -1071,10 +1073,7 @@ module PWN
|
|
1071
1073
|
cmd: :yellow_off
|
1072
1074
|
)
|
1073
1075
|
|
1074
|
-
# Read Card from Backup
|
1075
1076
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
1076
|
-
|
1077
|
-
# TODO: Save Original Card Contents
|
1078
1077
|
write_card(
|
1079
1078
|
msr206_obj: msr206_obj,
|
1080
1079
|
encoding: encoding,
|
@@ -431,13 +431,13 @@ module PWN
|
|
431
431
|
|
432
432
|
public_class_method def self.create_scan(opts = {})
|
433
433
|
nessus_obj = opts[:nessus_obj]
|
434
|
-
|
434
|
+
scan_template_uuid = opts[:scan_template_uuid]
|
435
435
|
settings = opts[:settings]
|
436
436
|
credentials = opts[:credentials]
|
437
437
|
plugins = opts[:plugins]
|
438
438
|
|
439
439
|
http_body = {
|
440
|
-
uuid:
|
440
|
+
uuid: scan_template_uuid,
|
441
441
|
settings: settings,
|
442
442
|
credentials: credentials,
|
443
443
|
plugins: plugins
|
@@ -149,7 +149,6 @@ module PWN
|
|
149
149
|
end
|
150
150
|
next_response_detected = false
|
151
151
|
last_a_cmd_r_len = a_cmd_r_len
|
152
|
-
print "\n"
|
153
152
|
|
154
153
|
# Third byte
|
155
154
|
expected_cmd_resp_byte_len = cmd_resp.split[2].to_i(16) + 4
|
@@ -172,17 +171,10 @@ module PWN
|
|
172
171
|
|
173
172
|
# puts "\nALL CMD RESPS >>>"
|
174
173
|
# puts "#{all_cmd_responses}\n\n\n"
|
175
|
-
decoded = ''
|
176
|
-
cmd_resp.split.each do |byte_str|
|
177
|
-
decoded += [byte_str].pack('H*')
|
178
|
-
end
|
179
|
-
|
180
174
|
parsed_cmd_resp_hash = {}
|
181
|
-
parsed_cmd_resp_hash[:raw_resp] = PWN::Plugins::Serial.dump_session_data.inspect
|
182
|
-
parsed_cmd_resp_hash[:hex_resp] = cmd_resp
|
183
|
-
parsed_cmd_resp_hash[:decoded_resp] = decoded.to_s.scrub.strip.chomp
|
184
175
|
parsed_cmd_resp_hash[:cmd_hex] = cmd_hex
|
185
176
|
parsed_cmd_resp_hash[:cmd_desc] = cmd.to_sym
|
177
|
+
parsed_cmd_resp_hash[:hex_resp] = cmd_resp
|
186
178
|
resp_code = '?'
|
187
179
|
|
188
180
|
# TODO: Detect EMV
|
@@ -348,7 +340,7 @@ module PWN
|
|
348
340
|
|
349
341
|
public_class_method def self.read_card(opts = {})
|
350
342
|
son_micro_rfid_obj = opts[:son_micro_rfid_obj]
|
351
|
-
print '
|
343
|
+
print 'Reader Activated. Please Scan Card...'
|
352
344
|
exec_resp = exec(
|
353
345
|
son_micro_rfid_obj: son_micro_rfid_obj,
|
354
346
|
cmd: :seek_for_tag
|
@@ -399,6 +391,7 @@ module PWN
|
|
399
391
|
end
|
400
392
|
File.write(file, "#{JSON.pretty_generate(rfid_data)}\n")
|
401
393
|
|
394
|
+
puts 'complete.'
|
402
395
|
rfid_data
|
403
396
|
rescue StandardError => e
|
404
397
|
raise e
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.492
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-06-
|
11
|
+
date: 2022-06-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - ">="
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.3.
|
117
|
+
version: 2.3.16
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 2.3.
|
124
|
+
version: 2.3.16
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: bundler-audit
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -870,14 +870,14 @@ dependencies:
|
|
870
870
|
requirements:
|
871
871
|
- - '='
|
872
872
|
- !ruby/object:Gem::Version
|
873
|
-
version: 1.4.
|
873
|
+
version: 1.4.4
|
874
874
|
type: :runtime
|
875
875
|
prerelease: false
|
876
876
|
version_requirements: !ruby/object:Gem::Requirement
|
877
877
|
requirements:
|
878
878
|
- - '='
|
879
879
|
- !ruby/object:Gem::Version
|
880
|
-
version: 1.4.
|
880
|
+
version: 1.4.4
|
881
881
|
- !ruby/object:Gem::Dependency
|
882
882
|
name: thin
|
883
883
|
requirement: !ruby/object:Gem::Requirement
|