pwn 0.5.269 → 0.5.270

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6189af027cd4758feaa3438992858ff3ccffaa6d09eeefdb573b7f71e755579c
-  data.tar.gz: 32c2c26a99dbf06e7999fe2bb1603a5dd3dd02098142bfeb41bab999f095a0ce
+  metadata.gz: 88edbebef74e0c39a05a6b6d1ff69f0dfef67ea0bd0cf14f533545d68b03bd63
+  data.tar.gz: 7dc86f9aaba9eeb528d8f13d939d6cad1ac20d224b8e412f57cb2b9bfc51322c
 SHA512:
-  metadata.gz: 3e7f6d5436200f963b24b786df9c81d21ba5a65b32e69918d4887fa57595f22bff308a7ac6e15e306cc22b4d522ac5dfce113a7ca2b66e120b9416b0f4d6cc33
-  data.tar.gz: 76704720030351e57c4173cc72c159f4896f25bab007d19859d87470485983f2f4c98187d54e336b3df574466101aa830b70b3dc1d2a46dcbf97db116eee98f5
+  metadata.gz: 6b420f167c5f182422dfa4610ebb77f230a58b1d2167ec6ad3c9d574a375b653dcabafda8e3987f9fc9bc94e5388576b052f25c50a45fd6ac286eabd8cb7b718
+  data.tar.gz: 0a839bd6eb480c14b4da0c6e56c75bb232563ffd7727bf5701971e3d0ead2b0cd60435b1fc2e71bd584919093708b8b8b9716cae0640e814848d56ba77b45872

data/.rubocop_todo.yml

@@ -1,12 +1,12 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-04-30 21:48:17 UTC using RuboCop version 1.75.4.
+# on 2025-05-01 15:57:20 UTC using RuboCop version 1.75.4.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 22
+# Offense count: 24
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
 # URISchemes: http, https
@@ -15,6 +15,7 @@ Layout/LineLength:
     - 'Vagrantfile'
     - 'bin/pwn_diff_csv_files_w_column_exclude'
     - 'lib/pwn/banner/jmp_esp.rb'
+    - 'lib/pwn/banner/radare2_ai.rb'
     - 'lib/pwn/plugins/mail_agent.rb'
     - 'lib/pwn/plugins/ollama.rb'
     - 'lib/pwn/plugins/open_ai.rb'
@@ -25,6 +26,13 @@ Layout/LineLength:
     - 'lib/pwn/sast/banned_function_calls_c.rb'
     - 'packer/provisioners/aliases.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowInHeredoc.
+Layout/TrailingWhitespace:
+  Exclude:
+    - 'lib/pwn/banner/radare2_ai.rb'
+
 # Offense count: 9
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Lint/NestedMethodDefinition:
@@ -42,7 +50,7 @@ Lint/RedundantTypeConversion:
     - 'lib/pwn/plugins/jenkins.rb'
     - 'lib/pwn/plugins/repl.rb'
 
-# Offense count: 303
+# Offense count: 304
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AutoCorrect.
 Lint/UselessAssignment:

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.269]:001 >>> PWN.help
+pwn[v0.5.270]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.269]:001 >>> PWN.help
+pwn[v0.5.270]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.269]:001 >>> PWN.help
+pwn[v0.5.270]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/banner/radare2.rb

@@ -12,7 +12,7 @@ module PWN
       public_class_method def self.get
         '
         $ target_arm_bin="/usr/bin/id";
-        $ alias r2="setarch $(uname -m) -R r2 -AA -c \"v /opt/pwn/third_party/r2-pwn-layout\""
+        $ alias r2="setarch $(uname -m) -R r2 -AA -c \"v r2-pwn-layout\""
         $ r2 -c "db (0x`readelf -S $target_arm_bin | grep text | awk "{print $NF}"`)+0x4+0x00000328" -c "ood" -c "dc" -c "v" $target_arm_bin
         '.yellow
       rescue StandardError => e

data/lib/pwn/banner/radare2_ai.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+require 'colorize'
+
+module PWN
+  module Banner
+    # This plugin processes images into readable text
+    module Radare2AI
+      # Supported Method Parameters::
+      # PWN::Banner::Radare2AI.get
+
+      public_class_method def self.get
+        '
+        $ target_bin="/usr/bin/id";
+        $ alias r2="setarch $(uname -m) -R r2 -AA -c \"v r2-pwn-layout\""
+        $ r2 $target_bin
+           -- Log On. Hack In. Go Anywhere. Get Everything.
+          [0x7ffff7fe35c0]> aaaa
+          INFO: Analyze all flags starting with sym. and entry0 (aa)
+          INFO: Analyze imports (af@@@i)
+          INFO: Analyze entrypoint (af@ entry0)
+          INFO: Analyze symbols (af@@@s)
+          INFO: Analyze all functions arguments/locals (afva@@@F)
+          INFO: Analyze function calls (aac)
+          INFO: Analyze len bytes of instructions for references (aar)
+          INFO: Finding and parsing C++ vtables (avrr)
+          INFO: Analyzing methods (af @@ method.*)
+          INFO: Recovering local variables (afva@@@F)
+          INFO: Skipping type matching analysis in debugger mode (aaft)
+          INFO: Propagate noreturn information (aanr)
+          INFO: Scanning for strings constructed in code (/azs)
+          INFO: Finding function preludes (aap)
+          INFO: Enable anal.types.constraint for experimental type propagation
+          [0x7ffff7fe35c0]> db main
+          [0x7ffff7fe35c0]> dc
+          INFO: hit breakpoint at: 0x555555556490
+          [0x555555556490]> decai -e lang=C++
+          [0x555555556490]> decai -e
+          decai -e pipeline=
+          decai -e model=Radare2:latest
+          decai -e deterministic=true
+          decai -e debug=false
+          decai -e api=ollama
+          decai -e lang=C++
+          decai -e hlang=English
+          decai -e cache=false
+          decai -e cmds=pdga
+          decai -e prompt=Transform this pseudocode and respond ONLY with plain code (NO explanations, comments or markdown), Change goto into if/else/for/while, Simplify as much as possible, use better variable names, take function arguments and strings from comments like string:, Reduce lines of code and fit everything in a single function, removing all dead code.  Most importantly, determine if this code is exploitable.
+          decai -e ctxfile=
+          decai -e host=http://localhost
+          decai -e port=11434
+          decai -e maxinputtokens=-1
+          [0x555555556490]> decai -d
+          // Function to get the effective user ID and group ID
+          // Returns the effective user ID and group ID as a string in the format "effective_uid:effective_gid"
+          // If an error occurs, returns an empty string
+
+          #include <stdio.h>
+          #include <stdlib.h>
+          #include <string.h>
+          #include <unistd.h>
+          #include <errno.h>
+          #include <sys/types.h>
+          #include <sys/stat.h>
+
+          char* get_effective_ids() {
+              gid_t effective_gid;
+              uid_t effective_uid;
+              
+              // Get effective GID
+              effective_gid = getegid();
+              if (effective_gid == -1) {
+                  perror("getegid");
+                  return "";
+              }
+
+              // Get effective UID
+              effective_uid = geteuid();
+              if (effective_uid == -1) {
+                  perror("geteuid");
+                  return "";
+              }
+
+              // Format and return the result
+              char result[32];
+              snprintf(result, sizeof(result), "effective_uid:%d effective_gid:%d", (int)effective_uid, (int)effective_gid);
+              return strdup(result);
+          }
+          ```
+
+          This code defines a new function `get_effective_ids()` that uses the standard library functions `geteuid()` and `getegid()` to get the effective user ID and group ID, respectively. It then formats the result as a string in the format "effective_uid:effective_gid" and returns it using `strdup()` to allocate memory for the result. If an error occurs while getting the effective IDs, the function returns an empty string.
+        '.yellow
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <support@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <support@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          #{self}.get
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/banner.rb

@@ -18,6 +18,7 @@ module PWN
     autoload :OffTheAir, 'pwn/banner/off_the_air'
     autoload :Pirate, 'pwn/banner/pirate'
     autoload :Radare2, 'pwn/banner/radare2'
+    autoload :Radare2AI, 'pwn/banner/radare2_ai'
     autoload :WhiteRabbit, 'pwn/banner/white_rabbit'
 
     # Supported Method Parameters::
@@ -27,7 +28,7 @@ module PWN
 
     public_class_method def self.get(opts = {})
       index = opts[:index].to_i
-      index = Random.rand(1..14) unless index.positive?
+      index = Random.rand(1..15) unless index.positive?
 
       banner = ''
       case index
@@ -58,6 +59,8 @@ module PWN
       when 13
         banner = PWN::Banner::Radare2.get
       when 14
+        banner = PWN::Banner::Radare2AI.get
+      when 15
         banner = PWN::Banner::WhiteRabbit.get
       else
         raise 'Invalid Index.'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.269'
+  VERSION = '0.5.270'
 end

data/spec/lib/pwn/banner/radare2_ai_spec.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Banner::Radare2AI do
+  it 'should cointain a method for banner retrieval' do
+    get_response = PWN::Banner::Radare2AI
+    expect(get_response).to respond_to :get
+  end
+
+  it 'should display information for authors' do
+    authors_response = PWN::Banner::Radare2AI
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Banner::Radare2AI
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.269
+  version: 0.5.270
 platform: ruby
 authors:
 - 0day Inc.
@@ -1805,6 +1805,7 @@ files:
 - lib/pwn/banner/off_the_air.rb
 - lib/pwn/banner/pirate.rb
 - lib/pwn/banner/radare2.rb
+- lib/pwn/banner/radare2_ai.rb
 - lib/pwn/banner/white_rabbit.rb
 - lib/pwn/ffi.rb
 - lib/pwn/ffi/stdio.rb
@@ -2140,6 +2141,7 @@ files:
 - spec/lib/pwn/banner/ninja_spec.rb
 - spec/lib/pwn/banner/off_the_air_spec.rb
 - spec/lib/pwn/banner/pirate_spec.rb
+- spec/lib/pwn/banner/radare2_ai_spec.rb
 - spec/lib/pwn/banner/radare2_spec.rb
 - spec/lib/pwn/banner/white_rabbit_spec.rb
 - spec/lib/pwn/banner_spec.rb