RubyGems - pwn - Versions diffs - 0.5.23 → 0.5.25 - Mend

pwn 0.5.23 → 0.5.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/Gemfile +1 -0
data/README.md +3 -3
data/lib/pwn/plugins/assembly.rb +41 -27
data/lib/pwn/version.rb +1 -1
metadata +15 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 891006d13f97eb099047b3596fef7232f66532b32431914990360d0d0274fa26
-  data.tar.gz: a426cafcccb59fbaf64a1d728b0e45a251dd713f9684aa894f8b56d2e34acde6
+  metadata.gz: dadd39787409b581c7e107e807d9dc488d9ff6f030b3f8267cf97181c076ea94
+  data.tar.gz: cbf8770e949609afa29736c2035aa0d272e2a64c728630a46771767e5c13c2c3
 SHA512:
-  metadata.gz: b71a807d4441bd2b3a94a76c02d80a6505e82a87ffe8f7469f1bd88f71a89e1dfc9220606765726dea68065c4532d40c016090aeb2aceaeae6b7ba0afc2891a4
-  data.tar.gz: c9d404cd2f07bdee5bdc6bda8f256d255997220dfc584dc5ca559b794b24f90104bec3e138cf71d49d983015a17b81b3bc2a038d72c929c361c07673ffb08e9f
+  metadata.gz: 9e74854f00d56728fd72baa1129d863e15577c93974b1fc471a57fe81b923badba073f915eb9fe25b3dfa643669166f65df113f5d9015a5698eb2e097ad6fec8
+  data.tar.gz: cfd9e46e1d2dfd58b40d42f0e85807dc37bf204ca642e1533363f2bb816ba792db26f594fbf12eb5251b54e4bade76d1e0eb6f6d4f91e1b4c219dd13183c3ccb

data/Gemfile CHANGED Viewed

@@ -44,6 +44,7 @@ gem 'jwt', '2.8.0'
 gem 'libusb', '0.6.4'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.8.1'
+gem 'metasm', '1.0.5'
 # gem 'mongo', '2.19.3'
 gem 'msfrpc-client', '1.1.2'
 gem 'netaddr', '2.0.6'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.23]:001 >>> PWN.help
+pwn[v0.5.25]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.23]:001 >>> PWN.help
+pwn[v0.5.25]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.23]:001 >>> PWN.help
+pwn[v0.5.25]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/assembly.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require 'metasm'
 require 'tempfile'
 module PWN
@@ -9,50 +10,61 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::Assembly.opcodes_to_asm(
       #   opcodes: 'required - hex escaped opcode(s) (e.g. "\x90\x90\x90")',
-      #   arch: 'optional - objdump -i architecture (defaults to i386)'
+      #   arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+      #   endian: 'optional - endianess (defaults to :little)'
       # )
       public_class_method def self.opcodes_to_asm(opts = {})
         opcodes = opts[:opcodes]
-        arch = opts[:arch] || 'i386'
+        arch = opts[:arch] ||= PWN::Plugins::DetectOS.arch
+        endian = opts[:endian] ||= :little
-        opcodes_tmp = Tempfile.new('pwn_opcodes')
-        File.binwrite(opcodes_tmp.path, opcodes)
-        # TODO: Implement support for other architectures
-        # for both 32bit and 64bit
-        `objdump --disassemble-all --target binary --architecture #{arch} #{opcodes_tmp.path}`
+        case arch
+        when 'i386'
+          arch_obj = Metasm::Ia32.new(endian)
+        when 'amd64', 'x86_64'
+          arch_obj = Metasm::X86_64.new(endian)
+        when 'armv71'
+          arch_obj = Metasm::ARM.new(endian)
+        when 'aarch64'
+          arch_obj = Metasm::ARM64.new(endian)
+        else
+          raise "Unsupported architecture: #{arch}"
+        end
+        Metasm::Shellcode.disassemble(arch_obj, opcodes).to_s
       rescue StandardError => e
         raise e
-      ensure
-        opcodes_tmp.unlink if File.exist?(opcodes_tmp.path)
       end
       # Supported Method Parameters::
       # PWN::Plugins::Assembly.asm_to_opcodes(
       #   asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)',
-      #   arch: 'optional - objdump -i architecture (defaults to i386)'
+      #   arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+      #   endian: 'optional - endianess (defaults to :little)'
       # )
       public_class_method def self.asm_to_opcodes(opts = {})
         asm = opts[:asm]
-        arch = opts[:arch] || 'i386'
-        asm_code = ".global _start\n_start:\n#{asm}"
+        arch = opts[:arch] ||= PWN::Plugins::DetectOS.arch
+        endian = opts[:endian] ||= :little
-        asm_tmp = Tempfile.new('pwn_asm')
-        asm_tmp.write(asm_code)
-        asm_tmp.close
+        case arch
+        when 'i386'
+          arch_obj = Metasm::Ia32.new(endian)
+        when 'amd64', 'x86_64'
+          arch_obj = Metasm::X86_64.new(endian)
+        when 'armv71'
+          arch_obj = Metasm::ARM.new(endian)
+        when 'aarch64'
+          arch_obj = Metasm::ARM64.new(endian)
+        else
+          raise "Unsupported architecture: #{arch}"
+        end
-        asm_tmp_o = "#{asm_tmp.path}.o"
-        # TODO: Implement support for other architectures
-        # for both 32bit and 64bit
-        system('as', '-o', asm_tmp_o, asm_tmp.path)
-        `objdump --disassemble-all #{asm_tmp.path}.o`
+        Metasm::Shellcode.assemble(arch_obj, asm).encode_string
       rescue StandardError => e
         raise e
-      ensure
-        files = [asm_tmp.path, asm_tmp_o]
-        FileUtils.rm_f(files) if File.exist?(asm_tmp.path)
       end
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
@@ -69,12 +81,14 @@ module PWN
         puts "USAGE:
           #{self}.opcodes_to_asm(
             opcodes: 'required - hex escaped opcode(s) (e.g. \"\\x90\\x90\\x90\")',
-            arch: 'optional - objdump -i architecture (defaults to i386)'
+            arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+            endian: 'optional - endianess (defaults to :little)'
           )
           #{self}.asm_to_opcodes(
-            asm: 'required - assembly instruction(s) (e.g. 'jmp rsp')',
-            arch: 'optional - objdump -i architecture (defaults to i386)'
+            asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)',
+            arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
+            endian: 'optional - endianess (defaults to :little)'
           )
           #{self}.authors

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.23'
+  VERSION = '0.5.25'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.23
+  version: 0.5.25
 platform: ruby
 authors:
 - 0day Inc.
@@ -458,6 +458,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.8.1
+- !ruby/object:Gem::Dependency
+  name: metasm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.5
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement