pwn 0.5.23 → 0.5.25

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/README.md +3 -3
  4. data/lib/pwn/plugins/assembly.rb +41 -27
  5. data/lib/pwn/version.rb +1 -1
  6. metadata +15 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 891006d13f97eb099047b3596fef7232f66532b32431914990360d0d0274fa26
4
- data.tar.gz: a426cafcccb59fbaf64a1d728b0e45a251dd713f9684aa894f8b56d2e34acde6
3
+ metadata.gz: dadd39787409b581c7e107e807d9dc488d9ff6f030b3f8267cf97181c076ea94
4
+ data.tar.gz: cbf8770e949609afa29736c2035aa0d272e2a64c728630a46771767e5c13c2c3
5
5
  SHA512:
6
- metadata.gz: b71a807d4441bd2b3a94a76c02d80a6505e82a87ffe8f7469f1bd88f71a89e1dfc9220606765726dea68065c4532d40c016090aeb2aceaeae6b7ba0afc2891a4
7
- data.tar.gz: c9d404cd2f07bdee5bdc6bda8f256d255997220dfc584dc5ca559b794b24f90104bec3e138cf71d49d983015a17b81b3bc2a038d72c929c361c07673ffb08e9f
6
+ metadata.gz: 9e74854f00d56728fd72baa1129d863e15577c93974b1fc471a57fe81b923badba073f915eb9fe25b3dfa643669166f65df113f5d9015a5698eb2e097ad6fec8
7
+ data.tar.gz: cfd9e46e1d2dfd58b40d42f0e85807dc37bf204ca642e1533363f2bb816ba792db26f594fbf12eb5251b54e4bade76d1e0eb6f6d4f91e1b4c219dd13183c3ccb
data/Gemfile CHANGED
@@ -44,6 +44,7 @@ gem 'jwt', '2.8.0'
44
44
  gem 'libusb', '0.6.4'
45
45
  gem 'luhn', '1.0.2'
46
46
  gem 'mail', '2.8.1'
47
+ gem 'metasm', '1.0.5'
47
48
  # gem 'mongo', '2.19.3'
48
49
  gem 'msfrpc-client', '1.1.2'
49
50
  gem 'netaddr', '2.0.6'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.5.23]:001 >>> PWN.help
40
+ pwn[v0.5.25]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.5.23]:001 >>> PWN.help
55
+ pwn[v0.5.25]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.5.23]:001 >>> PWN.help
65
+ pwn[v0.5.25]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
  PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
data/lib/pwn/plugins/assembly.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'metasm'
3
4
  require 'tempfile'
4
5
 
5
6
  module PWN
@@ -9,50 +10,61 @@ module PWN
9
10
  # Supported Method Parameters::
10
11
  # PWN::Plugins::Assembly.opcodes_to_asm(
11
12
  # opcodes: 'required - hex escaped opcode(s) (e.g. "\x90\x90\x90")',
12
- # arch: 'optional - objdump -i architecture (defaults to i386)'
13
+ # arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
14
+ # endian: 'optional - endianess (defaults to :little)'
13
15
  # )
14
16
 
15
17
  public_class_method def self.opcodes_to_asm(opts = {})
16
18
  opcodes = opts[:opcodes]
17
- arch = opts[:arch] || 'i386'
19
+ arch = opts[:arch] ||= PWN::Plugins::DetectOS.arch
20
+ endian = opts[:endian] ||= :little
18
21
 
19
- opcodes_tmp = Tempfile.new('pwn_opcodes')
20
- File.binwrite(opcodes_tmp.path, opcodes)
21
- # TODO: Implement support for other architectures
22
- # for both 32bit and 64bit
23
- `objdump --disassemble-all --target binary --architecture #{arch} #{opcodes_tmp.path}`
22
+ case arch
23
+ when 'i386'
24
+ arch_obj = Metasm::Ia32.new(endian)
25
+ when 'amd64', 'x86_64'
26
+ arch_obj = Metasm::X86_64.new(endian)
27
+ when 'armv71'
28
+ arch_obj = Metasm::ARM.new(endian)
29
+ when 'aarch64'
30
+ arch_obj = Metasm::ARM64.new(endian)
31
+ else
32
+ raise "Unsupported architecture: #{arch}"
33
+ end
34
+
35
+ Metasm::Shellcode.disassemble(arch_obj, opcodes).to_s
24
36
  rescue StandardError => e
25
37
  raise e
26
- ensure
27
- opcodes_tmp.unlink if File.exist?(opcodes_tmp.path)
28
38
  end
29
39
 
30
40
  # Supported Method Parameters::
31
41
  # PWN::Plugins::Assembly.asm_to_opcodes(
32
42
  # asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)',
33
- # arch: 'optional - objdump -i architecture (defaults to i386)'
43
+ # arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
44
+ # endian: 'optional - endianess (defaults to :little)'
34
45
  # )
35
46
 
36
47
  public_class_method def self.asm_to_opcodes(opts = {})
37
48
  asm = opts[:asm]
38
- arch = opts[:arch] || 'i386'
39
-
40
- asm_code = ".global _start\n_start:\n#{asm}"
49
+ arch = opts[:arch] ||= PWN::Plugins::DetectOS.arch
50
+ endian = opts[:endian] ||= :little
41
51
 
42
- asm_tmp = Tempfile.new('pwn_asm')
43
- asm_tmp.write(asm_code)
44
- asm_tmp.close
52
+ case arch
53
+ when 'i386'
54
+ arch_obj = Metasm::Ia32.new(endian)
55
+ when 'amd64', 'x86_64'
56
+ arch_obj = Metasm::X86_64.new(endian)
57
+ when 'armv71'
58
+ arch_obj = Metasm::ARM.new(endian)
59
+ when 'aarch64'
60
+ arch_obj = Metasm::ARM64.new(endian)
61
+ else
62
+ raise "Unsupported architecture: #{arch}"
63
+ end
45
64
 
46
- asm_tmp_o = "#{asm_tmp.path}.o"
47
- # TODO: Implement support for other architectures
48
- # for both 32bit and 64bit
49
- system('as', '-o', asm_tmp_o, asm_tmp.path)
50
- `objdump --disassemble-all #{asm_tmp.path}.o`
65
+ Metasm::Shellcode.assemble(arch_obj, asm).encode_string
51
66
  rescue StandardError => e
52
67
  raise e
53
- ensure
54
- files = [asm_tmp.path, asm_tmp_o]
55
- FileUtils.rm_f(files) if File.exist?(asm_tmp.path)
56
68
  end
57
69
 
58
70
  # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
@@ -69,12 +81,14 @@ module PWN
69
81
  puts "USAGE:
70
82
  #{self}.opcodes_to_asm(
71
83
  opcodes: 'required - hex escaped opcode(s) (e.g. \"\\x90\\x90\\x90\")',
72
- arch: 'optional - objdump -i architecture (defaults to i386)'
84
+ arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
85
+ endian: 'optional - endianess (defaults to :little)'
73
86
  )
74
87
 
75
88
  #{self}.asm_to_opcodes(
76
- asm: 'required - assembly instruction(s) (e.g. 'jmp rsp')',
77
- arch: 'optional - objdump -i architecture (defaults to i386)'
89
+ asm: 'required - assembly instruction(s) (e.g. 'nop\nnop\nnop\njmp rsp\n)',
90
+ arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
91
+ endian: 'optional - endianess (defaults to :little)'
78
92
  )
79
93
 
80
94
  #{self}.authors
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.23'
4
+ VERSION = '0.5.25'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.23
4
+ version: 0.5.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
@@ -458,6 +458,20 @@ dependencies:
458
458
  - - '='
459
459
  - !ruby/object:Gem::Version
460
460
  version: 2.8.1
461
+ - !ruby/object:Gem::Dependency
462
+ name: metasm
463
+ requirement: !ruby/object:Gem::Requirement
464
+ requirements:
465
+ - - '='
466
+ - !ruby/object:Gem::Version
467
+ version: 1.0.5
468
+ type: :runtime
469
+ prerelease: false
470
+ version_requirements: !ruby/object:Gem::Requirement
471
+ requirements:
472
+ - - '='
473
+ - !ruby/object:Gem::Version
474
+ version: 1.0.5
461
475
  - !ruby/object:Gem::Dependency
462
476
  name: msfrpc-client
463
477
  requirement: !ruby/object:Gem::Requirement