ronin-exploits 0.1.1 → 0.2.0

data/History.txt

@@ -1,4 +1,82 @@
-== 0.1.1 / 2009-01-22
+=== 0.2.0 / 2009-04-11
+
+* Added Ronin::TargetedArch.
+* Added Ronin::TargetedOS.
+* Added Ronin::TargetedProduct.
+* Added Ronin::Model::TargetsArch.
+* Added Ronin::Model::TargetsOS.
+* Refactored Ronin::Exploits:
+  * Added Ronin::Exploits::Target.
+  * Added Ronin::Exploits::Targets::BufferOverflow.
+  * Added Ronin::Exploits::Targets::FormatString.
+  * Added Ronin::Exploits::Helpers::Binary.
+  * Added Ronin::Exploits::Helpers::Padding.
+  * Added Ronin::Exploits::Helpers::BufferOverflow.
+  * Added Ronin::Exploits::Helpers::FormatString.
+  * Added Ronin::Exploits::Local.
+  * Added Ronin::Exploits::Remote.
+  * Added Ronin::Exploits::RemoteTCP.
+  * Added Ronin::Exploits::RemoteUDP.
+  * Added Ronin::Exploits::FTP.
+  * Added Ronin::Exploits::HTTP.
+  * Renamed Ronin::Exploits::Impact to Ronin::Exploits::Allow.
+  * Removed the Ronin::Exploits::Requirement.
+  * Rewrote Ronin::Exploits::Exploit:
+    * Use the new Ronin::Cacheable module.
+    * Added a status property, which may be either <tt>:potential</tt>,
+      <tt>:proven</tt>, <tt>:weaponized</tt>, but will default to
+      <tt>:potential</tt>.
+    * Added a disclosure property, which can be a combination of
+      <tt>:private</tt>, <tt>:in_wild</tt>, <tt>:vendor_aware</tt>
+      or <tt>:public</tt>.
+    * Added Exploit#helper, which will extend the Exploit object with the
+      Helper module with the similar name.
+    * Added the Exploit#build!, Exploit#verify!, Exploit#deploy!
+      methods, which will call the user-defined Exploit#build,
+      Exploit#verify, Exploit#deploy methods, respectively.
+    * Added Exploit#targeting.
+    * Added Exploit#behaviors.
+    * Added Exploit#targeted_archs, Exploit#targeted_oses,
+      Exploit#targeted_products.
+    * Added Exploit#select_target.
+    * Added the Exploit#target which will return the current selected
+      target, or the first target of the exploit.
+    * Added the Exploit#arch, Exploit#os and Exploit#product methods.
+    * Added the Exploit#verify_target!, Exploit#verify_arch!, 
+      Exploit#verify_os! and Exploit#verify_product! methods.
+    * Added Exploit#encoded_payload.
+    * Added Exploit#encode_payload!.
+    * Have Exploit#verify_restricted! raise an exception listing all
+      restricted characters found in the given text.
+    * Renamed Exploit#allows to Exploit#allowing.
+    * Renamed Exploit#verify_restricted to Exploit#verify_restricted!.
+    * Renamed Exploit#exploit to Exploit#exploit!.
+    * Removed Exploit#payloads.
+    * Removed Exploit#vulnerable?.
+* Refactored Ronin::Payloads:
+  * Added Ronin::Payloads::Helpers::FileSystem.
+  * Added Ronin::Payloads::Helpers::RPC.
+  * Added Ronin::Payloads::Helpers::Shell.
+  * Added Ronin::Payloads::Nops.
+  * Added Ronin::Payloads::Encoder.
+  * Added Ronin::Payloads::Encoders::XOR.
+  * Renamed Ronin::Payloads::Ability to Ronin::Payloads::Control.
+  * Rewrote Ronin::Payloads::Payload:
+    * Use the new Ronin::Cacheable module.
+    * Use Ronin::Model::TargetsArch.
+    * Use Ronin::Model::TargetsOS.
+    * Added Payload#helper, which will extend the Payload object with the
+      Helper module with the similar name.
+    * Added Payload#behaviors.
+    * Added Payload#build!, Payload#verify!, Payload#deploy!, which will
+      call the user-defined Payload#build, Payload#verify, Payload#deploy
+      methods, respectively.
+    * Rewrote Payload#to_s to return the name and version of the payload.
+    * Renamed Payload#controls to Payload#controlling.
+    * Removed encoders from the Payload class.
+* Added specs.
+
+=== 0.1.1 / 2009-01-22
 
 * Removed old references to the <tt>ronin/vulnerability</tt> directory.
 * Removed old references to the Ronin::Vulnerability namespace.
@@ -9,7 +87,7 @@
 * Reduce usage of first_or_create.
 * Updated target methods.
 
-== 0.1.0 / 2008-01-08
+=== 0.1.0 / 2008-01-08
 
 * Initial release.
   * Supports many basic exploit types:

data/Manifest.txt

@@ -4,40 +4,87 @@ Manifest.txt
 README.txt
 Rakefile
 TODO.txt
+bin/ronin-payload
+bin/ronin-payloads
+bin/ronin-exploits
+lib/ronin/targeted_arch.rb
+lib/ronin/targeted_os.rb
+lib/ronin/targeted_product.rb
+lib/ronin/model/targets_arch.rb
+lib/ronin/model/targets_os.rb
 lib/ronin/vuln/behavior.rb
 lib/ronin/exploits.rb
 lib/ronin/exploits/exceptions.rb
+lib/ronin/exploits/exceptions/unknown_helper.rb
+lib/ronin/exploits/exceptions/target_unspecified.rb
+lib/ronin/exploits/exceptions/target_data_missing.rb
 lib/ronin/exploits/exceptions/exploit_not_built.rb
 lib/ronin/exploits/exceptions/restricted_char.rb
 lib/ronin/exploits/exceptions/payload_size.rb
-lib/ronin/exploits/exploitable.rb
-lib/ronin/exploits/requirement.rb
-lib/ronin/exploits/impact.rb
+lib/ronin/exploits/helpers.rb
+lib/ronin/exploits/helpers/binary.rb
+lib/ronin/exploits/helpers/padding.rb
+lib/ronin/exploits/helpers/buffer_overflow.rb
+lib/ronin/exploits/helpers/format_string.rb
+lib/ronin/exploits/targets.rb
+lib/ronin/exploits/targets/buffer_overflow.rb
+lib/ronin/exploits/targets/format_string.rb
+lib/ronin/exploits/allow.rb
+lib/ronin/exploits/target.rb
 lib/ronin/exploits/exploit.rb
 lib/ronin/exploits/exploit_author.rb
-lib/ronin/exploits/exploit_target.rb
-lib/ronin/exploits/binary_exploit.rb
-lib/ronin/exploits/buffer_overflow.rb
-lib/ronin/exploits/buffer_overflow_target.rb
-lib/ronin/exploits/format_string.rb
-lib/ronin/exploits/format_string_target.rb
-lib/ronin/exploits/web_exploit.rb
+lib/ronin/exploits/remote.rb
+lib/ronin/exploits/local.rb
+lib/ronin/exploits/remote_tcp.rb
+lib/ronin/exploits/remote_udp.rb
+lib/ronin/exploits/ftp.rb
+lib/ronin/exploits/http.rb
+lib/ronin/exploits/web.rb
 lib/ronin/exploits/version.rb
-lib/ronin/models.rb
 lib/ronin/payloads.rb
-lib/ronin/payloads/ability.rb
+lib/ronin/payloads/exceptions.rb
+lib/ronin/payloads/exceptions/unknown_helper.rb
+lib/ronin/payloads/encoder.rb
+lib/ronin/payloads/encoders.rb
+lib/ronin/payloads/encoders/xor.rb
+lib/ronin/payloads/helpers.rb
+lib/ronin/payloads/helpers/exceptions.rb
+lib/ronin/payloads/helpers/exceptions/unimplemented.rb
+lib/ronin/payloads/helpers/exceptions/program_not_found.rb
+lib/ronin/payloads/helpers/file_system.rb
+lib/ronin/payloads/helpers/shell.rb
+lib/ronin/payloads/helpers/rpc.rb
+lib/ronin/payloads/control.rb
 lib/ronin/payloads/payload_author.rb
 lib/ronin/payloads/payload.rb
 lib/ronin/payloads/binary_payload.rb
+lib/ronin/payloads/nops.rb
 lib/ronin/payloads/shellcode.rb
 lib/ronin/payloads/web_payload.rb
-lib/ronin/translators/xor.rb
+lib/ronin/ui/command_line/commands/payload.rb
+lib/ronin/ui/command_line/commands/payloads.rb
+lib/ronin/ui/command_line/commands/exploits.rb
 tasks/spec.rb
 spec/spec_helper.rb
+spec/helpers/database.rb
+spec/helpers/objects.rb
+spec/objects/exploits/test.rb
+spec/objects/payloads/test.rb
+spec/objects/payloads/example.rb
 spec/exploits_spec.rb
 spec/vuln/behavior_spec.rb
-spec/exploits/exploitable_spec.rb
+spec/exploits/targets/buffer_overflow_spec.rb
+spec/exploits/target_spec.rb
 spec/exploits/exploit_spec.rb
-spec/exploits/web_exploit_spec.rb
+spec/exploits/remote_tcp_spec.rb
+spec/exploits/remote_udp_spec.rb
+spec/exploits/ftp_spec.rb
+spec/exploits/http_spec.rb
+spec/exploits/web_spec.rb
+spec/exploits/binary_exploit_spec.rb
+spec/exploits/padding_exploit_spec.rb
+spec/exploits/buffer_overflow_exploit_spec.rb
+spec/exploits/format_string_exploit_spec.rb
+spec/payloads/encoder_spec.rb
+spec/payloads/encoders/xor_spec.rb
 spec/payloads/payload_spec.rb
-spec/translators/xor_spec.rb

data/README.txt

@@ -1,4 +1,4 @@
-= Ronin
+= Ronin Exploits
 
 * http://ronin.rubyforge.org/exploits/
 * http://github.com/postmodern/ronin-exploits
@@ -39,14 +39,101 @@ of Ronin.
 
 == FEATURES:
 
+* Ability to define payloads based on:
+  * Contributing authors.
+  * Behaviors they control.
+  * Helpers they use.
+* Ability to define payload encoders:
+  * Architectures they target.
+  * OSes they target.
+* Ability to define exploits based on:
+  * Wether they are local or remote.
+  * Protocol they use.
+  * Contributing authors.
+  * Disclosure status.
+  * Level of weaponization.
+  * Behaviors the vulnerability allows.
+  * Architectures they target.
+  * OSes they target.
+  * Products they target.
+  * Helpers they use.
+
 == REQUIREMENTS:
 
-* ronin >= 0.1.3
+* {ronin}[http://ronin.rubyforge.org/] >= 0.2.3
 
 == INSTALL:
 
   $ sudo gem install ronin-exploits
 
+== EXAMPLES:
+
+* Define a shellcode payload:
+
+    ronin_shellcode do
+      cache do
+        self.name = 'test'
+        self.version = '0.5'
+
+        self.arch :i686
+        self.os :name => 'Linux'
+      end
+
+      parameter :exit_status,
+                :default => 0,
+                :description => 'Exit status of shellcode'
+
+      def build
+        @payload = "\x66\x31\xc0\xfe\xc0"
+
+	unless @exit_status == 0
+          @payload << "\xb3#{@exit_status.chr}\xcd\x80"
+        else
+          @payload << "\x66\x31\xdb\xcd\x80"
+        end
+      end
+    end
+
+* Define a payload encoder:
+
+    ronin_payload_encoder do
+      cache do
+        self.name = 'base64_encode'
+        self.description = %{Example base64 payload encoder}
+
+        self.arch :i686
+        self.os :name => 'Linux'
+      end
+
+      def call(data)
+        return data.to_s.base64_encode
+      end
+    end
+
+* Define a remote TCP exploit:
+
+    ronin_remote_tcp_exploit do
+      helper :buffer_overflow
+
+      cache do
+        self.name = 'test'
+
+        targeting do |target|
+          target.arch :i686
+          target.os :name => 'Linux'
+          target.product :name => 'ExampleWare', :version => '2.4.7b'
+        end
+      end
+
+      def build
+        @buffer = "USER #{build_buffer}\n"
+      end
+
+      def deploy
+        tcp_send @buffer
+      end
+    end
+
 == LICENSE:
 
 Ronin Exploits - A Ruby library for Ronin that provides exploitation and

data/Rakefile

@@ -9,7 +9,7 @@ Hoe.new('ronin-exploits', Ronin::Exploits::VERSION) do |p|
   p.rubyforge_name = 'ronin'
   p.developer('Postmodern', 'postmodern.mod3@gmail.com')
   p.remote_rdoc_dir = 'docs/ronin-exploits'
-  p.extra_deps = [['ronin', '>=0.1.3']]
+  p.extra_deps = [['ronin', '>=0.2.3']]
 end
 
 # vim: syntax=Ruby

data/TODO.txt

@@ -5,7 +5,7 @@
 * Add more dm-scope methods for finding exploits and payloads based:
   * Target attributes:
     * Arch (name).
-    * Platform (os, version).
+    * OS (name, version).
   * Authors
 * Spec exploit/payload relations and dm-scope methods.
 * Add methods for chaining exploits.

data/bin/ronin-exploits

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+
+lib_dir = File.expand_path(File.join(File.dirname(__FILE__),'..','lib'))
+unless $LOAD_PATH.include?(lib_dir)
+  $LOAD_PATH << lib_dir
+end
+
+require 'ronin/ui/command_line/commands/exploits'
+
+Ronin::UI::CommandLine::Commands::Exploits.run(*ARGV)

data/bin/ronin-payload

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+
+lib_dir = File.expand_path(File.join(File.dirname(__FILE__),'..','lib'))
+unless $LOAD_PATH.include?(lib_dir)
+  $LOAD_PATH << lib_dir
+end
+
+require 'ronin/ui/command_line/commands/payload'
+
+Ronin::UI::CommandLine::Commands::Payload.run(*ARGV)

data/bin/ronin-payloads

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+
+lib_dir = File.expand_path(File.join(File.dirname(__FILE__),'..','lib'))
+unless $LOAD_PATH.include?(lib_dir)
+  $LOAD_PATH << lib_dir
+end
+
+require 'ronin/ui/command_line/commands/payloads'
+
+Ronin::UI::CommandLine::Commands::Payloads.run(*ARGV)

data/lib/ronin/exploits.rb

@@ -21,19 +21,22 @@
 #++
 #
 
-require 'ronin/exploits/requirement'
-require 'ronin/exploits/impact'
-require 'ronin/exploits/exploit_author'
-require 'ronin/exploits/exploit_target'
+require 'ronin/exploits/targets'
 require 'ronin/exploits/exploit'
-require 'ronin/exploits/binary_exploit'
-require 'ronin/exploits/buffer_overflow_target'
-require 'ronin/exploits/buffer_overflow'
-require 'ronin/exploits/format_string_target'
-require 'ronin/exploits/format_string'
+require 'ronin/exploits/local'
+require 'ronin/exploits/remote'
+require 'ronin/exploits/remote_tcp'
+require 'ronin/exploits/remote_udp'
+require 'ronin/exploits/ftp'
+require 'ronin/exploits/http'
+require 'ronin/exploits/web'
+require 'ronin/exploits/version'
+require 'ronin/database'
 
 require 'reverse_require'
 
+require_for 'ronin-exploits', 'ronin/exploits'
+
 module Ronin
-  require_for 'ronin', 'ronin/exploits'
+  Database.update!
 end

data/lib/ronin/exploits/{impact.rb → allow.rb}

@@ -28,14 +28,19 @@ require 'ronin/model'
 
 module Ronin
   module Exploits
-    class Impact
+    class Allow
 
       include Model
 
-      # The behavior which the impact allows
-      belongs_to :behavior, :class_name => 'Vuln::Behavior'
+      # The primary key of the allowance
+      property :id, Serial
 
-      # The exploit which facilitates the impact
+      # The behavior which is allowed
+      belongs_to :behavior,
+                 :child_key => [:behavior_id],
+                 :class_name => '::Ronin::Vuln::Behavior'
+
+      # The exploit which facilitates the behavior
       belongs_to :exploit
 
       # Validates

data/lib/ronin/exploits/exceptions.rb

@@ -21,6 +21,9 @@
 #++
 #
 
+require 'ronin/exploits/exceptions/unknown_helper'
+require 'ronin/exploits/exceptions/target_unspecified'
+require 'ronin/exploits/exceptions/target_data_missing'
 require 'ronin/exploits/exceptions/exploit_not_built'
 require 'ronin/exploits/exceptions/restricted_char'
 require 'ronin/exploits/exceptions/payload_size'

data/lib/ronin/exploits/exceptions/target_data_missing.rb

@@ -0,0 +1,29 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+module Ronin
+  module Exploits
+    class TargetDataMissing < RuntimeError
+    end
+  end
+end