ronin-exploits 0.1.1 → 0.2.0

data/spec/payloads/payload_spec.rb

@@ -1,18 +1,15 @@
 require 'ronin/payloads/payload'
 
 require 'spec_helper'
+require 'helpers/objects'
 
 describe Payloads::Payload do
   before(:each) do
-    @payload = Payloads::Payload.new(:name => 'test') do
-      def builder
-        @payload = 'code'
-      end
-    end
+    @payload = load_payload('test')
   end
 
   it "should require a name attribute" do
-    payload = Payloads::Payload.new(:object_path => 'test.rb')
+    payload = Payloads::Payload.new
     payload.should_not be_valid
 
     payload.name = 'test'
@@ -21,40 +18,78 @@ describe Payloads::Payload do
 
   it "should have a unique name and version" do
     first_payload = Payloads::Payload.create(
-      :object_path => 'test.rb',
       :name => 'test',
       :version => '0.0.1'
     )
     first_payload.should be_valid
 
     second_payload = Payloads::Payload.new(
-      :object_path => 'other.rb',
       :name => 'test',
       :version => '0.0.1'
     )
     second_payload.should_not be_valid
 
     third_payload = Payloads::Payload.new(
-      :object_path => 'other.rb',
       :name => 'test',
       :version => '0.0.2'
     )
     third_payload.should be_valid
   end
 
+  it "should not have any controls by default" do
+    @payload.controls.should be_empty
+  end
+
+  it "should specify what behaviors the payload controls" do
+    @payload.controlling :memory_read
+
+    @payload.behaviors.first.should == Vuln::Behavior[:memory_read]
+  end
+
+  it "should allow for the extending of Helper modules" do
+    @payload.instance_eval { helper :shell }.should == true
+  end
+
+  it "should raise an UnknownHelper when extending an unknown helper" do
+    lambda {
+      @payload.instance_eval { helper :obvious_not_there }
+    }.should raise_error(Payloads::UnknownHelper)
+  end
+
+  it "should not have an Arch by default" do
+    @payload.arch.should be_nil
+  end
+
+  it "should set the Arch when called with a name" do
+    @payload.arch :i686
+    @payload.arch.name.should == 'i686'
+    @payload.arch.endian == 'little'
+    @payload.arch.address_length == 4
+  end
+
+  it "should not have an OS by default" do
+    @payload.os.should be_nil
+  end
+
+  it "should set the OS when called with arguments" do
+    @payload.os(:name => 'FreeBSD', :version => '7.1')
+    @payload.os.name.should == 'FreeBSD'
+    @payload.os.version.should == '7.1'
+  end
+
   it "should have 'built' and 'unbiult' states" do
     @payload.should_not be_built
-    @payload.build
+    @payload.build!
     @payload.should be_built
   end
 
   it "should return the built payload when calling build" do
-    @payload.build.should == 'code'
+    @payload.build!.should == 'code'
   end
 
   it "should have a default deployer method" do
-    @payload.deploy do |payload|
-      @payload.should == payload
+    @payload.deploy! do |payload|
+      payload.should == @payload
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,11 +1,9 @@
 require 'rubygems'
-gem 'rspec', '>=1.1.3'
+gem 'rspec', '>=1.1.12'
 require 'spec'
 
-require File.join(File.dirname(__FILE__),'..','lib','ronin','models.rb')
-
-require 'ronin/database'
+require 'ronin/exploits/version'
 
 include Ronin
 
-Database.setup({ :adapter => 'sqlite3', :database => ':memory:' })
+require 'helpers/database'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: ronin-exploits
 version: !ruby/object:Gem::Version 
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors: 
 - Postmodern
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-01-22 00:00:00 -08:00
+date: 2009-05-11 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.1.3
+        version: 0.2.3
     version: 
 - !ruby/object:Gem::Dependency 
   name: hoe
@@ -30,13 +30,15 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.8.3
+        version: 1.12.2
     version: 
 description: Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.  Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
 email: 
 - postmodern.mod3@gmail.com
-executables: []
-
+executables: 
+- ronin-payload
+- ronin-payloads
+- ronin-exploits
 extensions: []
 
 extra_rdoc_files: 
@@ -52,43 +54,90 @@ files:
 - README.txt
 - Rakefile
 - TODO.txt
+- bin/ronin-payload
+- bin/ronin-payloads
+- bin/ronin-exploits
+- lib/ronin/targeted_arch.rb
+- lib/ronin/targeted_os.rb
+- lib/ronin/targeted_product.rb
+- lib/ronin/model/targets_arch.rb
+- lib/ronin/model/targets_os.rb
 - lib/ronin/vuln/behavior.rb
 - lib/ronin/exploits.rb
 - lib/ronin/exploits/exceptions.rb
+- lib/ronin/exploits/exceptions/unknown_helper.rb
+- lib/ronin/exploits/exceptions/target_unspecified.rb
+- lib/ronin/exploits/exceptions/target_data_missing.rb
 - lib/ronin/exploits/exceptions/exploit_not_built.rb
 - lib/ronin/exploits/exceptions/restricted_char.rb
 - lib/ronin/exploits/exceptions/payload_size.rb
-- lib/ronin/exploits/exploitable.rb
-- lib/ronin/exploits/requirement.rb
-- lib/ronin/exploits/impact.rb
+- lib/ronin/exploits/helpers.rb
+- lib/ronin/exploits/helpers/binary.rb
+- lib/ronin/exploits/helpers/padding.rb
+- lib/ronin/exploits/helpers/buffer_overflow.rb
+- lib/ronin/exploits/helpers/format_string.rb
+- lib/ronin/exploits/targets.rb
+- lib/ronin/exploits/targets/buffer_overflow.rb
+- lib/ronin/exploits/targets/format_string.rb
+- lib/ronin/exploits/allow.rb
+- lib/ronin/exploits/target.rb
 - lib/ronin/exploits/exploit.rb
 - lib/ronin/exploits/exploit_author.rb
-- lib/ronin/exploits/exploit_target.rb
-- lib/ronin/exploits/binary_exploit.rb
-- lib/ronin/exploits/buffer_overflow.rb
-- lib/ronin/exploits/buffer_overflow_target.rb
-- lib/ronin/exploits/format_string.rb
-- lib/ronin/exploits/format_string_target.rb
-- lib/ronin/exploits/web_exploit.rb
+- lib/ronin/exploits/remote.rb
+- lib/ronin/exploits/local.rb
+- lib/ronin/exploits/remote_tcp.rb
+- lib/ronin/exploits/remote_udp.rb
+- lib/ronin/exploits/ftp.rb
+- lib/ronin/exploits/http.rb
+- lib/ronin/exploits/web.rb
 - lib/ronin/exploits/version.rb
-- lib/ronin/models.rb
 - lib/ronin/payloads.rb
-- lib/ronin/payloads/ability.rb
+- lib/ronin/payloads/exceptions.rb
+- lib/ronin/payloads/exceptions/unknown_helper.rb
+- lib/ronin/payloads/encoder.rb
+- lib/ronin/payloads/encoders.rb
+- lib/ronin/payloads/encoders/xor.rb
+- lib/ronin/payloads/helpers.rb
+- lib/ronin/payloads/helpers/exceptions.rb
+- lib/ronin/payloads/helpers/exceptions/unimplemented.rb
+- lib/ronin/payloads/helpers/exceptions/program_not_found.rb
+- lib/ronin/payloads/helpers/file_system.rb
+- lib/ronin/payloads/helpers/shell.rb
+- lib/ronin/payloads/helpers/rpc.rb
+- lib/ronin/payloads/control.rb
 - lib/ronin/payloads/payload_author.rb
 - lib/ronin/payloads/payload.rb
 - lib/ronin/payloads/binary_payload.rb
+- lib/ronin/payloads/nops.rb
 - lib/ronin/payloads/shellcode.rb
 - lib/ronin/payloads/web_payload.rb
-- lib/ronin/translators/xor.rb
+- lib/ronin/ui/command_line/commands/payload.rb
+- lib/ronin/ui/command_line/commands/payloads.rb
+- lib/ronin/ui/command_line/commands/exploits.rb
 - tasks/spec.rb
 - spec/spec_helper.rb
+- spec/helpers/database.rb
+- spec/helpers/objects.rb
+- spec/objects/exploits/test.rb
+- spec/objects/payloads/test.rb
+- spec/objects/payloads/example.rb
 - spec/exploits_spec.rb
 - spec/vuln/behavior_spec.rb
-- spec/exploits/exploitable_spec.rb
+- spec/exploits/targets/buffer_overflow_spec.rb
+- spec/exploits/target_spec.rb
 - spec/exploits/exploit_spec.rb
-- spec/exploits/web_exploit_spec.rb
+- spec/exploits/remote_tcp_spec.rb
+- spec/exploits/remote_udp_spec.rb
+- spec/exploits/ftp_spec.rb
+- spec/exploits/http_spec.rb
+- spec/exploits/web_spec.rb
+- spec/exploits/binary_exploit_spec.rb
+- spec/exploits/padding_exploit_spec.rb
+- spec/exploits/buffer_overflow_exploit_spec.rb
+- spec/exploits/format_string_exploit_spec.rb
+- spec/payloads/encoder_spec.rb
+- spec/payloads/encoders/xor_spec.rb
 - spec/payloads/payload_spec.rb
-- spec/translators/xor_spec.rb
 has_rdoc: true
 homepage: http://ronin.rubyforge.org/exploits/
 post_install_message: 

data/lib/ronin/exploits/binary_exploit.rb

@@ -1,139 +0,0 @@
-#
-#--
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/exploits/exceptions/exploit_not_built'
-require 'ronin/exploits/exceptions/restricted_char'
-require 'ronin/exploits/exploit_target'
-require 'ronin/exploits/exploit'
-require 'ronin/chars/char_set'
-require 'ronin/formatting/binary'
-
-module Ronin
-  module Exploits
-    class BinaryExploit < Exploit
-
-      objectify :ronin_binary_exploit
-
-      # Targets of the exploit
-      has n, :targets, :class_name => 'ExploitTarget'
-
-      # Target index to use
-      parameter :target_index,
-                :default => 0,
-                :description => 'default target index'
-
-      # Custom target to use
-      parameter :custom_target, :description => 'custom target'
-
-      # String to pad extra space with
-      parameter :pad,
-                :default => 'A',
-                :description => 'padding string'
-
-      # Restricted characters that may not occurr in the built exploit
-      attr_accessor :restricted
-
-      # The built exploit
-      attr_accessor :exploit
-
-      #
-      # Creates a new BinaryExploit object with the given _attributes_.
-      #
-      def initialize(attributes={})
-        super(attributes)
-
-        @restricted = Chars::CharSet.new(attributes[:restricted] || [])
-      end
-
-      #
-      # Adds an ExploitTarget with the given _attributes_. If a _block_ is
-      # given, it will be passed to the newly created ExploitTarget
-      # object.
-      #
-      def target(attributes={},&block)
-        self.targets << ExploitTarget.new(
-          attributes.merge(:exploit => self),
-          &block
-        )
-      end
-
-      #
-      # Returns the selected target.
-      #
-      def selected_target
-        (@custom_target || @targets[@target_index])
-      end
-
-      #
-      # Creates a padded buffer of the specified _length_ using the
-      # specified _padding_ data.
-      #
-      def pad_buffer(padding,length)
-        padding = padding.to_s
-
-        buffer = (padding * (length / padding.length))
-        pad_remaining = (length % padding.length)
-
-        unless pad_remaining==0
-          buffer += padding[0,pad_remaining]
-        end
-
-        return buffer
-      end
-
-      #
-      # Adds the given _chars_ to the restricted list of characters.
-      #
-      #   restrict 0x00, "\n"
-      #   # => #<Ronin::Chars::CharSet: {"\0", "\n"}>
-      #
-      def restrict(*chars)
-        @restricted += pattern
-      end
-
-      def build
-        @exploit = ''
-        return super
-      end
-
-      #
-      # Verifies that the exploit is built and does not contain any
-      # restricted characters.
-      #
-      def verify
-        unless @exploit
-          raise(ExploitNotBuilt,"cannot verify an unbuilt exploit",caller)
-        end
-
-        @restricted.each do |char|
-          if @exploit.include?(char)
-            raise(RestrictedChar,"Restricted character '#{char}' was found in the built exploit",caller)
-          end
-        end
-
-        return super
-      end
-
-    end
-  end
-end

data/lib/ronin/exploits/buffer_overflow.rb

@@ -1,80 +0,0 @@
-#
-#--
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/exploits/exceptions/payload_size'
-require 'ronin/exploits/buffer_overflow_target'
-require 'ronin/exploits/binary_exploit'
-
-module Ronin
-  module Exploits
-    class BufferOverflow < BinaryExploit
-
-      objectify :ronin_buffer_overflow
-
-      # Targets of the buffer overflow
-      has n, :targets, :class_name => 'BufferOverflowTarget'
-
-      #
-      # Adds a new BufferOverflowTarget with the given _attributes_. If a
-      # _block_ is given, it will be passed the BufferOverflowTarget object.
-      #
-      def target(attributes={},&block)
-        self.targets << BufferOverflowTarget.new(
-          attributes.merge(:exploit => self),
-          &block
-        )
-      end
-
-      #
-      # Builds the exploit buffer with the given _options_.
-      #
-      def build_buffer(options={})
-        target = (options[:target] || selected_target)
-        payload = (options[:payload] || @payload).to_s
-
-        unless payload.length<=target.buffer_length
-          raise(PayloadSize,"the specified payload is too large for the target's buffer length",caller)
-        end
-
-        buffer = pad_buffer(@pad,(target.buffer_length-payload.length))+payload
-
-        ip_packed = target.ip.pack(target.arch)
-        unless target.bp==0
-          buffer += (target.bp.pack(target.arch)+ip_packed)*target.return_length
-        else
-          buffer += ip_packed*(target.return_length*2)
-        end
-
-        return buffer
-      end
-
-      #
-      # Default builder method which simply calls build_buffer.
-      #
-      def builder
-        @exploit = build_buffer
-      end
-
-    end
-  end
-end