RubyGems - pwn - Versions diffs - 0.5.22 → 0.5.24 - Mend

pwn 0.5.22 → 0.5.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/Gemfile +1 -0
data/README.md +3 -3
data/lib/pwn/plugins/assembly.rb +42 -19
data/lib/pwn/version.rb +1 -1
metadata +15 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15749f47853a4b45e74230feed45754ace51556f464cf43f37dbb27dad3ede54
-  data.tar.gz: fc41034c5b35f20dfa42eca23546d7fbf77e328f705f269b0a0d46169e78c48e
+  metadata.gz: 833f2055842c7ea2beaaa250cbf13763b540cbdc8ee79e8b8d68a5fc14147adb
+  data.tar.gz: '0586ab2fb44e10f0bad1f597827368f6c9b915159545aed0a5608f125b5eefc1'
 SHA512:
-  metadata.gz: 660c31ae940155bf196aeca986719ecdc74af3e82b83a6a4a99881a04c090483665049313dbb14de645eabc937a1bb6640c198019a70e0ef71fac57c1077959c
-  data.tar.gz: 2a9ae878f1b5ea2cd67dd76243d05470f31a299b68c9df2f3c738f17c56a21ec1657753a218204deca7162aed437e3827a188a7d30bbfacc994575629a80f122
+  metadata.gz: 3917d7c131039161725cac99d74528a31ecdb15cb28bf9dce318be2330c23ec5363876728fda087f247843d83bf3cc0fec330080c22721631f851039262008ed
+  data.tar.gz: ecfb3ed335b995423363f8c9de534c1bdb4422a9b485465d677e01bcb814c167080356903d0feecefd72b1430428b9f30d798db53f2a1968bd06e78a955b479a

data/Gemfile CHANGED Viewed

@@ -44,6 +44,7 @@ gem 'jwt', '2.8.0'
 gem 'libusb', '0.6.4'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.8.1'
+gem 'metasm', '1.0.5'
 # gem 'mongo', '2.19.3'
 gem 'msfrpc-client', '1.1.2'
 gem 'netaddr', '2.0.6'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.22]:001 >>> PWN.help
+pwn[v0.5.24]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.22]:001 >>> PWN.help
+pwn[v0.5.24]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.22]:001 >>> PWN.help
+pwn[v0.5.24]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/assembly.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require 'metasm'
 require 'tempfile'
 module PWN
@@ -9,16 +10,29 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::Assembly.opcodes_to_asm(
       #   opcodes: 'required - hex escaped opcode(s) (e.g. "\x90\x90\x90")',
-      #   arch: 'optional - objdump -i architecture (defaults to i386)'
+      #   arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+      #   endian: 'optional - endianess (defaults to :little)'
       # )
       public_class_method def self.opcodes_to_asm(opts = {})
         opcodes = opts[:opcodes]
-        arch = opts[:arch] || 'i386'
+        arch = opts[:arch] ||= PNW::Plugins::DetectOS.arch
+        endian = opts[:endian] ||= :little
-        opcodes_tmp = Tempfile.new('pwn_opcodes')
-        File.binwrite(opcodes_tmp.path, opcodes)
-        `objdump --disassemble-all --target binary --architecture #{arch} #{opcodes_tmp.path}`
+        case arch
+        when 'i386'
+          arch_obj = Metasm::Ia32.new(endian)
+        when 'amd64', 'x86_64'
+          arch_obj = Metasm::X86_64.new(endian)
+        when 'armv71'
+          arch_obj = Metasm::ARM.new(endian)
+        when 'aarch64'
+          arch_obj = Metasm::ARM64.new(endian)
+        else
+          raise "Unsupported architecture: #{arch}"
+        end
+        Metasm::Shellcode.disassemble(arch_obj, opcodes).to_s
       rescue StandardError => e
         raise e
       ensure
@@ -27,26 +41,32 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::Assembly.asm_to_opcodes(
-      #   asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)'
+      #   asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)',
+      #   arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+      #   endian: 'optional - endianess (defaults to :little)'
       # )
       public_class_method def self.asm_to_opcodes(opts = {})
         asm = opts[:asm]
+        arch = opts[:arch] ||= PNW::Plugins::DetectOS.arch
+        endian = opts[:endian] ||= :little
-        asm_code = ".global _start\n_start:\n#{asm}"
-        asm_tmp = Tempfile.new('pwn_asm')
-        asm_tmp.write(asm_code)
-        asm_tmp.close
+        case arch
+        when 'i386'
+          arch_obj = Metasm::Ia32.new(endian)
+        when 'amd64', 'x86_64'
+          arch_obj = Metasm::X86_64.new(endian)
+        when 'armv71'
+          arch_obj = Metasm::ARM.new(endian)
+        when 'aarch64'
+          arch_obj = Metasm::ARM64.new(endian)
+        else
+          raise "Unsupported architecture: #{arch}"
+        end
-        asm_tmp_o = "#{asm_tmp.path}.o"
-        system('as', '-o', asm_tmp_o, asm_tmp.path)
-        `objdump --disassemble-all #{asm_tmp.path}.o`
+        Metasm::Shellcode.assemble(arch_obj, asm).encode_string
       rescue StandardError => e
         raise e
-      ensure
-        files = [asm_tmp.path, asm_tmp_o]
-        FileUtils.rm_f(files) if File.exist?(asm_tmp.path)
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
@@ -63,11 +83,14 @@ module PWN
         puts "USAGE:
           #{self}.opcodes_to_asm(
             opcodes: 'required - hex escaped opcode(s) (e.g. \"\\x90\\x90\\x90\")',
-            arch: 'optional - objdump -i architecture (defaults to i386)'
+            arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+            endian: 'optional - endianess (defaults to :little)'
           )
           #{self}.asm_to_opcodes(
-            asm: 'required - assembly instruction(s) (e.g. 'jmp rsp')'
+            asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)',
+            arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+            endian: 'optional - endianess (defaults to :little)'
           )
           #{self}.authors

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.22'
+  VERSION = '0.5.24'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.22
+  version: 0.5.24
 platform: ruby
 authors:
 - 0day Inc.
@@ -458,6 +458,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.8.1
+- !ruby/object:Gem::Dependency
+  name: metasm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.5
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement