ronin-exploits 0.1.0

data/lib/ronin/translators/xor.rb

@@ -0,0 +1,96 @@
+#
+#--
+# Ronin - A Ruby platform designed for information security and data
+# exploration tasks.
+#
+# Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/translators/translator'
+require 'ronin/chars'
+
+module Ronin
+  module Translators
+    class XOR < Translator
+
+      # Set of characters to allow in the encoded data
+      attr_accessor :allow
+
+      #
+      # Creates a new XOR Translator object using the given _options_.
+      # If a _block_ is given it will be passed the newly created
+      # Translator object.
+      #
+      # _options_ may include the following keys:
+      # <tt>:allow</tt>:: The set of characters allowed in the encoded
+      #                   result. Defaults to <tt>(1..255)</tt>.
+      # <tt>:disallow</tt>:: The set of characters that are not allowed
+      #                      in the encoded result.
+      #
+      def initialize(options={},&block)
+        @allow = Chars::CharSet.new(options[:allow] || (1..255))
+
+        if options[:disallow]
+          @allow -= options[:disallow]
+        end
+
+        super(&block)
+      end
+
+      #
+      # XOR encodes the specified _data_ prefixing the XOR key to the
+      # encoded data. If a _block_ is given, it will be passed the encoded
+      # data.
+      #
+      def encode(data,&block)
+        alphabet = Chars.all.select { |b| data.include?(b.chr) }
+        excluded = (Chars.all - alphabet)
+
+        key = excluded.select { |b|
+          @allow.include?(b) && alphabet.all? { |i|
+            @allow.include?(i ^ b)
+          }
+        }.last
+
+        text = ''
+
+        text << key.chr
+        data.each_byte { |b| text << (b ^ key).chr }
+
+        block.call(text) if block
+        return text
+      end
+
+      #
+      # XOR decodes the specified _text_. If a _block_ is given, it will be
+      # passed the decoded data.
+      #
+      def decode(text,&block)
+        data = ''
+        key = text[0]
+        
+        text[1..-1].each_byte do |b|
+          data << (b ^ key).chr
+        end
+
+        return data
+      end
+
+    end
+  end
+end

data/lib/ronin/vuln/behavior.rb

@@ -0,0 +1,92 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/extensions/meta'
+require 'ronin/extensions/string'
+require 'ronin/model'
+
+require 'dm-predefined'
+
+module Ronin
+  module Vuln
+    class Behavior
+
+      include Model
+      include DataMapper::Predefined
+
+      # Primary key of the behavior
+      property :id, Serial
+
+      # Name of the behavior
+      property :name, String
+
+      # Description for the behavior
+      property :description, Text
+
+      # Validates
+      validates_present :name, :description
+      validates_is_unique :name
+
+      #
+      # Returns the name of the behavior.
+      #
+      def to_s
+        @name.to_s
+      end
+
+      protected
+
+      #
+      # Defines a new builtin Behavior with the specified _name_ and the
+      # given _description_.
+      #
+      def self.define(name,description=nil)
+        super(name,:name => name.to_s, :description => description)
+      end
+
+      define :memory_read, "The ability to read memory"
+      define :memory_write, "The ability to write to memory"
+      define :file_create, "Arbitrary file creation"
+      define :file_read, "The ability to read from a file"
+      define :file_write, "The ability to write to a file"
+      define :file_modify, "The ability to modify an existing file"
+      define :file_ownership, "The ability to change ownership of an existing file"
+      define :file_mtime, "The ability to change the modification timestamp of a file"
+      define :file_ctime, "The ability to change the creation timestamp of a file"
+      define :socket_redirect, "The ability to redirect a socket's connection"
+      define :socket_connect, "The ability to create a network socket"
+      define :socket_listen, "The ability to listen on a network socket"
+      define :socket_read, "The ability to read from a network socket"
+      define :socket_write, "The ability to write to a network socket"
+      define :code_exec, "Arbitrary code execution"
+      define :command_exec, "Arbitrary command execution"
+      define :auth_bypass, "Authentication by-pass"
+      define :priv_escalation, "Privilege escalation"
+      define :exhaust_memory, "Exhaust freely available memory"
+      define :exhaust_disk, "Exhaust freely available disk-space"
+      define :exhaust_bandwidth, "Exhaust available bandwidth"
+      define :exahust_cpu, "Exhaust CPU performance"
+
+    end
+  end
+end

data/spec/exploits/exploit_spec.rb

@@ -0,0 +1,80 @@
+require 'ronin/exploits/exploit'
+
+require 'spec_helper'
+
+describe Exploits::Exploit do
+  before(:each) do
+    @exp = Exploits::Exploit.new(:name => 'test') do
+      def builder
+        'result'
+      end
+    end
+  end
+
+  it "should require a name attribute" do
+    exp2 = Exploits::Exploit.new(:object_path => 'test.rb')
+    exp2.should_not be_valid
+
+    exp2.name = 'test'
+    exp2.should be_valid
+  end
+
+  it "should have a unique name and version" do
+    first_exp = Exploits::Exploit.create(
+      :object_path => 'test.rb',
+      :name => 'test',
+      :version => '0.0.1'
+    )
+    first_exp.should be_valid
+
+    second_exp = Exploits::Exploit.new(
+      :object_path => 'other.rb',
+      :name => 'test',
+      :version => '0.0.1'
+    )
+    second_exp.should_not be_valid
+
+    third_exp = Exploits::Exploit.new(
+      :object_path => 'other.rb',
+      :name => 'test',
+      :version => '0.0.2'
+    )
+    third_exp.should be_valid
+  end
+
+  it "should be able to switch between payloads" do
+    @exp.payload = 'payload1'
+
+    @exp.switch_payload('payload2') do
+      @exp.payload.should == 'payload2'
+    end
+
+    @exp.payload.should == 'payload1'
+  end
+
+  it "should have 'unbuilt' and 'built' states" do
+    @exp.should_not be_built
+    @exp.build
+    @exp.should be_built
+  end
+
+  it "should return the result of the builder" do
+    @exp.build.should == 'result'
+  end
+
+  it "should require the exploit is built before being deployed" do
+    lambda { @exp.deploy }.should raise_error(Exploits::ExploitNotBuilt)
+  end
+
+  it "should have a default deployer method" do
+    @exp.build
+
+    @exp.deploy do |exploit|
+      @exp.should == exploit
+    end
+  end
+
+  it "should return the name and the version when calling to_s" do
+    @exp.to_s.should == 'test 0.1'
+  end
+end

data/spec/exploits/exploitable_spec.rb

@@ -0,0 +1,21 @@
+require 'ronin/exploits/exploitable'
+
+require 'spec_helper'
+
+describe Exploits::Exploitable do
+  before(:all) do
+    class Vulnerable
+
+      include Exploits::Exploitable
+
+      has_exploits :test do |obj|
+        [Exploits::Exploit.new(:name => :first_generated)]
+      end
+
+      has_exploits :test_two do |obj|
+        [Exploits::BinaryExploit.new(:name => :second_generated)]
+      end
+
+    end
+  end
+end

data/spec/exploits/web_exploit_spec.rb

@@ -0,0 +1,29 @@
+require 'ronin/exploits/web_exploit'
+
+require 'spec_helper'
+
+describe Exploits::WebExploit do
+  describe "targeted_url" do
+    it "should create a targeted URL using the host param" do
+      host = 'www.example.com'
+      exploit = Exploits::WebExploit.new(:host => host)
+
+      exploit.targeted_url.host.should == host
+    end
+
+    it "should create a targeted URL using the host param and the url_path property" do
+      host = 'www.example.com'
+      path = '/'
+      exploit = Exploits::WebExploit.new(:host => host, :url_path => path)
+
+      exploit.targeted_url.host.should == host
+      exploit.targeted_url.path.should == path
+    end
+
+    it "should raise a MissingParam exception if host params is missing" do
+      exploit = Exploits::WebExploit.new(:url_path => '/')
+
+      lambda { exploit.targeted_url }.should raise_error(Parameters::MissingParam)
+    end
+  end
+end

data/spec/exploits_spec.rb

@@ -0,0 +1,9 @@
+require 'ronin/exploits/version'
+
+require 'spec_helper'
+
+describe Exploits do
+  it "should have a version" do
+    Exploits.const_defined?('VERSION').should == true
+  end
+end

data/spec/payloads/payload_spec.rb

@@ -0,0 +1,60 @@
+require 'ronin/payloads/payload'
+
+require 'spec_helper'
+
+describe Payloads::Payload do
+  before(:each) do
+    @payload = Payloads::Payload.new(:name => 'test') do
+      def builder
+        @payload = 'code'
+      end
+    end
+  end
+
+  it "should require a name attribute" do
+    payload = Payloads::Payload.new(:object_path => 'test.rb')
+    payload.should_not be_valid
+
+    payload.name = 'test'
+    payload.should be_valid
+  end
+
+  it "should have a unique name and version" do
+    first_payload = Payloads::Payload.create(
+      :object_path => 'test.rb',
+      :name => 'test',
+      :version => '0.0.1'
+    )
+    first_payload.should be_valid
+
+    second_payload = Payloads::Payload.new(
+      :object_path => 'other.rb',
+      :name => 'test',
+      :version => '0.0.1'
+    )
+    second_payload.should_not be_valid
+
+    third_payload = Payloads::Payload.new(
+      :object_path => 'other.rb',
+      :name => 'test',
+      :version => '0.0.2'
+    )
+    third_payload.should be_valid
+  end
+
+  it "should have 'built' and 'unbiult' states" do
+    @payload.should_not be_built
+    @payload.build
+    @payload.should be_built
+  end
+
+  it "should return the built payload when calling build" do
+    @payload.build.should == 'code'
+  end
+
+  it "should have a default deployer method" do
+    @payload.deploy do |payload|
+      @payload.should == payload
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'rubygems'
+gem 'rspec', '>=1.1.3'
+require 'spec'
+
+require File.join(File.dirname(__FILE__),'..','lib','ronin','models.rb')
+
+require 'ronin/database'
+
+include Ronin
+
+Database.setup({ :adapter => 'sqlite3', :database => ':memory:' })

data/spec/translators/xor_spec.rb

@@ -0,0 +1,26 @@
+require 'ronin/translators/xor'
+
+require 'spec_helper'
+
+describe Ronin do
+  describe Translators::XOR do
+    before(:all) do
+      @data = "\x00\x01\x90ABC123[]{}'"
+    end
+
+    it "should encode-out unwanted characters" do
+      disallow = [0x00, 0x01, 0x90]
+      xor = Translators::XOR.new(:disallow => disallow)
+
+      xor.encode(@data).each_byte do |b|
+        disallow.include?(b).should_not == true
+      end
+    end
+
+    it "should decode XOR encoded data" do
+      xor = Translators::XOR.new
+
+      xor.decode(xor.encode(@data)).should == @data
+    end
+  end
+end

data/spec/vuln/behavior_spec.rb

@@ -0,0 +1,15 @@
+require 'ronin/vuln/behavior'
+require 'spec_helper'
+
+describe Vuln::Behavior do
+  it "should require name and description attributes" do
+    behavior = Vuln::Behavior.new
+    behavior.should_not be_valid
+
+    behavior.name = 'arbitrary lol injection'
+    behavior.should_not be_valid
+
+    behavior.description = %{Allows for the arbitrary injection of lolz.}
+    behavior.should be_valid
+  end
+end