ronin-exploits 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/COPYING.txt +339 -0
- data/History.txt +18 -0
- data/Manifest.txt +42 -0
- data/README.txt +69 -0
- data/Rakefile +15 -0
- data/TODO.txt +25 -0
- data/lib/ronin/exploits.rb +39 -0
- data/lib/ronin/exploits/binary_exploit.rb +133 -0
- data/lib/ronin/exploits/buffer_overflow.rb +76 -0
- data/lib/ronin/exploits/buffer_overflow_target.rb +46 -0
- data/lib/ronin/exploits/exceptions.rb +25 -0
- data/lib/ronin/exploits/exceptions/exploit_not_built.rb +29 -0
- data/lib/ronin/exploits/exceptions/restricted_char.rb +29 -0
- data/lib/ronin/exploits/exploit.rb +263 -0
- data/lib/ronin/exploits/exploit_author.rb +34 -0
- data/lib/ronin/exploits/exploit_target.rb +48 -0
- data/lib/ronin/exploits/exploitable.rb +77 -0
- data/lib/ronin/exploits/format_string.rb +84 -0
- data/lib/ronin/exploits/format_string_target.rb +43 -0
- data/lib/ronin/exploits/impact.rb +46 -0
- data/lib/ronin/exploits/requirement.rb +46 -0
- data/lib/ronin/exploits/version.rb +29 -0
- data/lib/ronin/exploits/web_exploit.rb +77 -0
- data/lib/ronin/models.rb +38 -0
- data/lib/ronin/payloads.rb +33 -0
- data/lib/ronin/payloads/ability.rb +46 -0
- data/lib/ronin/payloads/binary_payload.rb +40 -0
- data/lib/ronin/payloads/payload.rb +203 -0
- data/lib/ronin/payloads/payload_author.rb +34 -0
- data/lib/ronin/payloads/shellcode.rb +34 -0
- data/lib/ronin/payloads/web_payload.rb +34 -0
- data/lib/ronin/translators/xor.rb +96 -0
- data/lib/ronin/vuln/behavior.rb +92 -0
- data/spec/exploits/exploit_spec.rb +80 -0
- data/spec/exploits/exploitable_spec.rb +21 -0
- data/spec/exploits/web_exploit_spec.rb +29 -0
- data/spec/exploits_spec.rb +9 -0
- data/spec/payloads/payload_spec.rb +60 -0
- data/spec/spec_helper.rb +11 -0
- data/spec/translators/xor_spec.rb +26 -0
- data/spec/vuln/behavior_spec.rb +15 -0
- data/tasks/spec.rb +9 -0
- metadata +119 -0
data/lib/ronin/models.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/vuln/behavior'
|
25
|
+
require 'ronin/exploits/requirement'
|
26
|
+
require 'ronin/exploits/impact'
|
27
|
+
require 'ronin/exploits/exploit_author'
|
28
|
+
require 'ronin/exploits/exploit_target'
|
29
|
+
require 'ronin/exploits/exploit'
|
30
|
+
require 'ronin/exploits/binary_exploit'
|
31
|
+
require 'ronin/exploits/buffer_overflow_target'
|
32
|
+
require 'ronin/exploits/buffer_overflow'
|
33
|
+
require 'ronin/exploits/format_string_target'
|
34
|
+
require 'ronin/exploits/format_string'
|
35
|
+
require 'ronin/payloads/ability'
|
36
|
+
require 'ronin/payloads/payload_author'
|
37
|
+
require 'ronin/payloads/payload'
|
38
|
+
require 'ronin/payloads/binary_payload'
|
@@ -0,0 +1,33 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/payloads/ability'
|
25
|
+
require 'ronin/payloads/payload_author'
|
26
|
+
require 'ronin/payloads/payload'
|
27
|
+
require 'ronin/payloads/binary_payload'
|
28
|
+
|
29
|
+
require 'reverse_require'
|
30
|
+
|
31
|
+
module Ronin
|
32
|
+
require_for 'ronin', 'ronin/payloads'
|
33
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/vulnerability/behavior'
|
25
|
+
require 'ronin/payloads/payload'
|
26
|
+
|
27
|
+
require 'ronin/model'
|
28
|
+
|
29
|
+
module Ronin
|
30
|
+
module Payloads
|
31
|
+
class Ability
|
32
|
+
|
33
|
+
include Model
|
34
|
+
|
35
|
+
# The behavior the ability provides
|
36
|
+
belongs_to :behavior, :class_name => 'Vulnerability::Behavior'
|
37
|
+
|
38
|
+
# The payload which has this ability
|
39
|
+
belongs_to :payload
|
40
|
+
|
41
|
+
# Feature validations
|
42
|
+
validates_present :behavior_id, :payload_id
|
43
|
+
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/payloads/payload'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Payloads
|
28
|
+
class BinaryPayload < Payload
|
29
|
+
|
30
|
+
objectify :ronin_binary_payload
|
31
|
+
|
32
|
+
# The payloads targeted architecture
|
33
|
+
belongs_to :arch
|
34
|
+
|
35
|
+
# The payloads targeted platform
|
36
|
+
belongs_to :platform
|
37
|
+
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,203 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/payloads/ability'
|
25
|
+
require 'ronin/payloads/payload_author'
|
26
|
+
require 'ronin/objectify'
|
27
|
+
require 'ronin/has_license'
|
28
|
+
|
29
|
+
module Ronin
|
30
|
+
module Payloads
|
31
|
+
class Payload
|
32
|
+
|
33
|
+
include Objectify
|
34
|
+
include HasLicense
|
35
|
+
|
36
|
+
objectify :ronin_payload
|
37
|
+
|
38
|
+
# Primary key of the payload
|
39
|
+
property :id, Serial
|
40
|
+
|
41
|
+
# Name of the specific payload
|
42
|
+
property :name, String, :index => true
|
43
|
+
|
44
|
+
# Version of the payload
|
45
|
+
property :version, String, :default => '0.1', :index => true
|
46
|
+
|
47
|
+
# Description of the payload
|
48
|
+
property :description, Text
|
49
|
+
|
50
|
+
# Author(s) of the payload
|
51
|
+
has n, :authors, :class_name => 'PayloadAuthor'
|
52
|
+
|
53
|
+
# Abilities the payload provides
|
54
|
+
has n, :abilities
|
55
|
+
|
56
|
+
# Validations
|
57
|
+
validates_present :name
|
58
|
+
validates_is_unique :version, :scope => [:name]
|
59
|
+
|
60
|
+
# Encoders to apply to the payload
|
61
|
+
attr_reader :encoders
|
62
|
+
|
63
|
+
# The built and encoded payload
|
64
|
+
attr_accessor :payload
|
65
|
+
|
66
|
+
#
|
67
|
+
# Creates a new Payload object with the given _attributes_. If a
|
68
|
+
# _block_ is given, it will be passed the newly created Payload
|
69
|
+
# object.
|
70
|
+
#
|
71
|
+
def initialize(attributes={},&block)
|
72
|
+
super(attributes)
|
73
|
+
|
74
|
+
@encoders = []
|
75
|
+
@built = false
|
76
|
+
|
77
|
+
instance_eval(&block) if block
|
78
|
+
end
|
79
|
+
|
80
|
+
#
|
81
|
+
# Finds all payloads with names like the specified _name_.
|
82
|
+
#
|
83
|
+
def self.named(name)
|
84
|
+
self.all(:name.like => "%#{name}%")
|
85
|
+
end
|
86
|
+
|
87
|
+
#
|
88
|
+
# Finds all payloads with descriptions like the specified
|
89
|
+
# _description_.
|
90
|
+
#
|
91
|
+
def self.describing(description)
|
92
|
+
self.all(:description.like => "%#{description}%")
|
93
|
+
end
|
94
|
+
|
95
|
+
#
|
96
|
+
# Finds the payload with the most recent vesion.
|
97
|
+
#
|
98
|
+
def self.latest
|
99
|
+
self.first(:order => [:version.desc])
|
100
|
+
end
|
101
|
+
|
102
|
+
#
|
103
|
+
# Adds a new Ability to the payload that provides the behavior
|
104
|
+
# with the specified _name_.
|
105
|
+
#
|
106
|
+
def provides(name)
|
107
|
+
self.abilities << Ability.new(
|
108
|
+
:behavior => Vulnerability::Behavior.first_or_create(
|
109
|
+
:name => name.to_s
|
110
|
+
),
|
111
|
+
:payload => self
|
112
|
+
)
|
113
|
+
end
|
114
|
+
|
115
|
+
#
|
116
|
+
# Adds a new PayloadAuthor with the given _attributes_ and _block_.
|
117
|
+
#
|
118
|
+
def author(attributes={},&block)
|
119
|
+
authors << PayloadAuthor.first_or_create(attributes,&block)
|
120
|
+
end
|
121
|
+
|
122
|
+
#
|
123
|
+
# Add the specified _encoder_object_ to the encoders.
|
124
|
+
#
|
125
|
+
def encoder(encoder_object)
|
126
|
+
@encoders << encoder_object
|
127
|
+
end
|
128
|
+
|
129
|
+
#
|
130
|
+
# Default builder method.
|
131
|
+
#
|
132
|
+
def builder
|
133
|
+
end
|
134
|
+
|
135
|
+
#
|
136
|
+
# Returns +true+ if the payload is built, returns +false+ otherwise.
|
137
|
+
#
|
138
|
+
def built?
|
139
|
+
@built == true
|
140
|
+
end
|
141
|
+
|
142
|
+
#
|
143
|
+
# Performs a clean build of the payload with the given _params_.
|
144
|
+
# If a _block_ is given, it will be passed the built and encoded
|
145
|
+
# payload.
|
146
|
+
#
|
147
|
+
def build(params={},&block)
|
148
|
+
self.params = params
|
149
|
+
|
150
|
+
@built = false
|
151
|
+
@payload = ''
|
152
|
+
|
153
|
+
builder()
|
154
|
+
|
155
|
+
@built = true
|
156
|
+
|
157
|
+
@encoders.each do |encoder|
|
158
|
+
@payload = encoder.encode(@payload)
|
159
|
+
end
|
160
|
+
|
161
|
+
block.call(@payload) if block
|
162
|
+
return @payload
|
163
|
+
end
|
164
|
+
|
165
|
+
#
|
166
|
+
# Default payload verifier method.
|
167
|
+
#
|
168
|
+
def verifier
|
169
|
+
end
|
170
|
+
|
171
|
+
#
|
172
|
+
# Default verify method, calls verifier by default.
|
173
|
+
#
|
174
|
+
def verify
|
175
|
+
verifier
|
176
|
+
end
|
177
|
+
|
178
|
+
#
|
179
|
+
# Default payload deployer method.
|
180
|
+
#
|
181
|
+
def deployer(&block)
|
182
|
+
block.call(self) if block
|
183
|
+
end
|
184
|
+
|
185
|
+
#
|
186
|
+
# Default method to call after the payload has been deployed.
|
187
|
+
#
|
188
|
+
def deploy(&block)
|
189
|
+
verify
|
190
|
+
|
191
|
+
return deployer(&block)
|
192
|
+
end
|
193
|
+
|
194
|
+
#
|
195
|
+
# Returns the built payload.
|
196
|
+
#
|
197
|
+
def to_s
|
198
|
+
build
|
199
|
+
end
|
200
|
+
|
201
|
+
end
|
202
|
+
end
|
203
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/author'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Payloads
|
28
|
+
class PayloadAuthor < Author
|
29
|
+
|
30
|
+
belongs_to :payload
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/payloads/binary_payload'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Payloads
|
28
|
+
class Shellcode < BinaryPayload
|
29
|
+
|
30
|
+
objectify :ronin_shellcode
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/payloads/payload'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Payloads
|
28
|
+
class WebPayload < Payload
|
29
|
+
|
30
|
+
objectify :ronin_web_payload
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|