pwn 0.5.40 → 0.5.42

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4327c8038770a06069be1c810f891bdcf49b50c12809c635a1c8f8d5c9a0c4c7
-  data.tar.gz: 3279e4cdb7e735fa2db943ec818b1237048186e4d53d03cd6d357dac119793ab
+  metadata.gz: 132c78ae9112e7c2da8c02d5b2d7d32370953c7bc05686026e097ad04d5c4ba0
+  data.tar.gz: 2d51b81f19297ba49e61288998df35b4bc3c88a2dff0ca05a0ba44b6db1c3f65
 SHA512:
-  metadata.gz: b639ee4e0187f0e178a4d8907aa35d2c8d6e2bc9307ae85a538f73ea8870b3330756214d004b4e208a33c3f7b1d7bcc158e2173f52c5a6e9c9e5b439069389a1
-  data.tar.gz: 7378d801b6d60c5395464404545b8fec47fb29b98adde522c7013ec9023be8e303459d245b1986775a5e51360388389d044df1a8f1bec86189d24774878cde92
+  metadata.gz: 23a021b1d27dc5fd2352c61e9c00afea1aa9ffe98e7a6040e5d0cb913c5261eebd9e429a2f416304f3177c9c726bc8ca0cfec1c2d8bcc2a7cf7025852758d44a
+  data.tar.gz: 7a71c1e70bb63993f113b4c5ee7d6ce4162b6252da72b4795c2d9e320b740b7f8ef871179c5a65c4c77d1e6590008480e16127f15be868a403cea8362e021c5c

data/Gemfile

@@ -96,4 +96,4 @@ gem 'waveform', '0.1.3'
 gem 'webrick', '1.8.1'
 gem 'whois', '5.1.1'
 gem 'whois-parser', '2.0.0'
-gem 'wicked_pdf', '2.7.0'
+gem 'wicked_pdf', '2.8.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.40]:001 >>> PWN.help
+pwn[v0.5.42]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.40]:001 >>> PWN.help
+pwn[v0.5.42]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.40]:001 >>> PWN.help
+pwn[v0.5.42]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn

@@ -49,8 +49,8 @@ begin
       if pi.config.pwn_asm
         pi.config.prompt_name = 'pwn.asm'
         name = "\001\e[1m\002\001\e[37m\002#{pi.config.prompt_name}\001\e[0m\002"
-        dchars = "\001\e[32m\002>>>\001\e[37m\002"
-        dchars = "\001\e[33m\002***\001\e[37m\002" if mode == :splat
+        dchars = "\001\e[32m\002>>>\001\e[33m\002"
+        dchars = "\001\e[33m\002***\001\e[33m\002" if mode == :splat
       end
 
       if pi.config.pwn_gpt
@@ -157,7 +157,11 @@ begin
           eval_string = @eval_string
           reset_eval_string
 
-          result = evaluate_ruby(eval_string)
+          result = evaluate_ruby(eval_string) unless config.pwn_gpt ||
+                                                     config.pwn_asm
+
+          result = eval_string if config.pwn_gpt ||
+                                  config.pwn_asm
         rescue RescuableException, *jruby_exceptions => e
           # Eliminate following warning:
           # warning: singleton on non-persistent Java type X
@@ -179,10 +183,10 @@ begin
 
     # Ensure the return value in pwn_gpt mode reflects the input
     def evaluate_ruby(code)
-      if config.pwn_gpt || config.pwn_asm
-        result = message = code.to_s
-        return
-      end
+      # if config.pwn_gpt || config.pwn_asm
+      #   result = message = code.to_s
+      #   return
+      # end
       inject_sticky_locals!
       exec_hook :before_eval, code, self
 
@@ -218,9 +222,6 @@ begin
     def process
       pi = pry_instance
       pi.config.pwn_asm ? pi.config.pwn_asm = false : pi.config.pwn_asm = true
-
-      pi.config.color = false if pi.config.pwn_asm
-      pi.config.color = true unless pi.config.pwn_asm
     end
   end
 
@@ -230,7 +231,6 @@ begin
     def process
       pi = pry_instance
       pi.config.pwn_gpt ? pi.config.pwn_gpt = false : pi.config.pwn_gpt = true
-
       pi.config.color = false if pi.config.pwn_gpt
       pi.config.color = true unless pi.config.pwn_gpt
     end
@@ -273,19 +273,34 @@ begin
   Pry.config.hooks.add_hook(:after_read, :pwn_asm_hook) do |request, pi|
     if pi.config.pwn_asm && !request.chomp.empty?
       request = pi.input.line_buffer
-      # Determine what request is and determine if it's asm or opcodes
-      if request =~ /^[a-fA-F0-9\s]+$/
-        response = PWN::Plugins::Assembly.opcodes_to_asm(opcodes: request)
+
+      # Analyze request to determine if it should be processed as opcodes or asm.
+      straight_hex = /^[a-fA-F0-9\s]+$/
+      hex_esc_strings = /\\x[\da-fA-F]{2}/
+      hex_comma_delim_w_dbl_qt = /"(?:[0-9a-fA-F]{2})",?/
+      hex_comma_delim_w_sng_qt = /'(?:[0-9a-fA-F]{2})',?/
+      hex_byte_array_as_str = /^\[\s*(?:"[0-9a-fA-F]{2}",\s*)*"[0-9a-fA-F]{2}"\s*\]$/
+
+      if request.match?(straight_hex) ||
+         request.match?(hex_esc_strings) ||
+         request.match?(hex_comma_delim_w_dbl_qt) ||
+         request.match?(hex_comma_delim_w_sng_qt) ||
+         request.match?(hex_byte_array_as_str)
+
+        response = PWN::Plugins::Assembly.opcodes_to_asm(
+          opcodes: request,
+          opcodes_always_strings_obj: true
+        )
       else
         response = PWN::Plugins::Assembly.asm_to_opcodes(asm: request)
       end
-      puts "\n\n\n\001\e[31m\002#{response}\001\e[0m\002\n\n\n"
+      puts "\001\e[31m\002#{response}\001\e[0m\002"
     end
   end
 
   Pry.config.hooks.add_hook(:after_read, :pwn_gpt_hook) do |request, pi|
     if pi.config.pwn_gpt && !request.chomp.empty?
-      request = pi.input.line_buffer
+      request = pi.input.line_buffer.to_s
       debug = pi.config.pwn_gpt_debug
       open_ai_key = pi.config.pwn_gpt_key
       open_ai_key ||= ''
@@ -305,7 +320,8 @@ begin
         response_history: response_history,
         speak_answer: speak_answer
       )
-      puts "\n\n\n\001\e[32m\002#{response[:choices].last[:content]}\001\e[31m\002\n\n\n"
+      last_response = response[:choices].last[:content]
+      puts "\n\001\e[32m\002#{last_response}\001\e[0m\002\n\n"
 
       response_history = {
         id: response[:id],

data/lib/pwn/plugins/assembly.rb

@@ -11,12 +11,14 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::Assembly.opcodes_to_asm(
       #   opcodes: 'required - hex escaped opcode(s) (e.g. "\x90\x90\x90")',
+      #   opcodes_always_string_obj: 'optional - always interpret opcodes passed in as a string object (defaults to false)',
       #   arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
       #   endian: 'optional - endianess (defaults to :little)'
       # )
 
       public_class_method def self.opcodes_to_asm(opts = {})
         opcodes = opts[:opcodes]
+        opcodes_always_string_obj = opts[:opcodes_always_string_obj] ||= false
         arch = opts[:arch] ||= PWN::Plugins::DetectOS.arch
         endian = opts[:endian] ||= :little
 
@@ -40,28 +42,43 @@ module PWN
         # '909090'
         opcodes_orig_len = opcodes.length
         opcodes = opcodes.join(',') if opcodes.is_a?(Array)
+        # puts opcodes.inspect
         opcodes = CGI.escape(opcodes)
         # puts opcodes.inspect
-        # Doesnt work with sommething like: "'ff', 'e4'"
-        # known to work with:
+        # known to work (when method is called directly) with:
         # 'ffe4'
         # 'ff,e4'
+        # 'ff e4'
         # "ff,e4"
+        # "ff e4"
         # ['ff', 'e4']
         # ["ff", "e4"]
         # '\xff\xe4'
         # "\xff\xe4"
-        opcodes.delete!('%5Cx') if opcodes.include?('%5Cx')
-        opcodes.delete!('%2C') if opcodes.include?('%2C')
-        opcodes.delete!('%22') if opcodes.include?('%22')
-        opcodes.delete!('%27') if opcodes.include?('%27')
-        opcodes.delete!('+') if opcodes.include?('+')
-        opcodes.delete!('%') if opcodes.include?('%')
+        # "'ff', 'e4'"
+        # '"ff", "e4"'
+        # only known to work in pwn REPL driver with:
+        # ffe4
+        # ff e4
+        # puts opcodes.inspect
+        #  More stripping if passed in via pwn REPL driver
+        # if opcodes_always_string_obj
+        # end
+
+        opcodes.delete!('%5B')
+        opcodes.delete!('%5D')
+        opcodes.delete!('%5Cx')
+        opcodes.delete!('%2C')
+        opcodes.delete!('%22')
+        opcodes.delete!('%27')
+        opcodes.delete!('+')
+        opcodes.delete!('%')
+
         # puts opcodes.inspect
         opcodes = [opcodes].pack('H*')
         # puts opcodes.inspect
 
-        Metasm::Shellcode.disassemble(arch_obj, opcodes).to_s
+        Metasm::Shellcode.disassemble(arch_obj, opcodes).to_s.squeeze("\n")
       rescue StandardError => e
         raise e
       end
@@ -95,7 +112,13 @@ module PWN
           raise "Unsupported architecture: #{arch}"
         end
 
-        Metasm::Shellcode.assemble(arch_obj, asm).encode_string.bytes.map { |b| format('\x%02x', b) }.join
+        opcodes = Metasm::Shellcode.assemble(arch_obj, asm).encode_string
+        hex_encoded_opcodes = opcodes.bytes.map { |b| format('\x%02x', b) }.join
+
+        "\n#{hex_encoded_opcodes}\n"
+      rescue Metasm::ParseError
+        puts "Invalid assembly instruction(s) provided:\n#{asm}"
+        # Should we try to call opcode_to_asm here or just raise the error?
       rescue StandardError => e
         raise e
       end
@@ -114,6 +137,7 @@ module PWN
         puts "USAGE:
           #{self}.opcodes_to_asm(
             opcodes: 'required - hex escaped opcode(s) (e.g. \"\\x90\\x90\\x90\")',
+            opcodes_always_string_obj: 'optional - always interpret opcodes passed in as a string object (defaults to false)',
             arch: 'optional - architecture returned from objdump --info (defaults to PWN::Plugins::DetectOS.arch)',
             endian: 'optional - endianess (defaults to :little)'
           )

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -47,6 +47,9 @@ module PWN
         spinner = TTY::Spinner.new
         spinner.auto_spin
 
+        max_request_attempts = 3
+        tot_request_attempts ||= 1
+
         case http_method
         when :delete, :get
           headers[:params] = params
@@ -90,6 +93,18 @@ module PWN
         end
 
         raise e
+      rescue IO::TimeoutError => e
+        raise e if tot_request_attempts == max_request_attempts
+
+        puts "\nTCP Connection Unavailable."
+        puts "Attempt (#{tot_request_attempts} of #{max_request_attempts}) in 60s"
+        60.downto(1) do
+          print '.'
+          sleep 1
+        end
+        tot_request_attempts += 1
+
+        retry
       rescue StandardError => e
         case e.message
         when '400 Bad Request', '404 Resource Not Found'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.40'
+  VERSION = '0.5.42'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.40
+  version: 0.5.42
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-27 00:00:00.000000000 Z
+date: 2024-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -1164,14 +1164,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.8.0
 description: https://github.com/0dayinc/pwn/README.md
 email:
 - request.pentest@0dayinc.com