ronin-exploits 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +80 -2
- data/Manifest.txt +63 -16
- data/README.txt +89 -2
- data/Rakefile +1 -1
- data/TODO.txt +1 -1
- data/bin/ronin-exploits +12 -0
- data/bin/ronin-payload +12 -0
- data/bin/ronin-payloads +12 -0
- data/lib/ronin/exploits.rb +13 -10
- data/lib/ronin/exploits/{impact.rb → allow.rb} +9 -4
- data/lib/ronin/exploits/exceptions.rb +3 -0
- data/lib/ronin/exploits/exceptions/target_data_missing.rb +29 -0
- data/lib/ronin/exploits/exceptions/target_unspecified.rb +29 -0
- data/lib/ronin/exploits/exceptions/unknown_helper.rb +29 -0
- data/lib/ronin/exploits/exploit.rb +330 -77
- data/lib/ronin/exploits/{format_string_target.rb → ftp.rb} +5 -11
- data/lib/ronin/exploits/helpers.rb +27 -0
- data/lib/ronin/exploits/helpers/binary.rb +44 -0
- data/lib/ronin/exploits/helpers/buffer_overflow.rb +102 -0
- data/lib/ronin/exploits/helpers/format_string.rb +107 -0
- data/lib/ronin/exploits/helpers/padding.rb +84 -0
- data/lib/ronin/exploits/http.rb +37 -0
- data/lib/ronin/exploits/{requirement.rb → local.rb} +2 -14
- data/lib/ronin/exploits/remote.rb +34 -0
- data/lib/ronin/exploits/remote_tcp.rb +70 -0
- data/lib/ronin/exploits/remote_udp.rb +70 -0
- data/lib/ronin/exploits/target.rb +134 -0
- data/lib/ronin/exploits/targets.rb +29 -0
- data/lib/ronin/exploits/{buffer_overflow_target.rb → targets/buffer_overflow.rb} +13 -11
- data/lib/ronin/exploits/{exploit_target.rb → targets/format_string.rb} +11 -14
- data/lib/ronin/exploits/version.rb +1 -1
- data/lib/ronin/exploits/{web_exploit.rb → web.rb} +3 -3
- data/lib/ronin/model/targets_arch.rb +59 -0
- data/lib/ronin/model/targets_os.rb +59 -0
- data/lib/ronin/payloads.rb +7 -3
- data/lib/ronin/payloads/binary_payload.rb +3 -7
- data/lib/ronin/payloads/{ability.rb → control.rb} +7 -2
- data/lib/ronin/payloads/encoder.rb +78 -0
- data/lib/ronin/payloads/encoders.rb +33 -0
- data/lib/ronin/payloads/encoders/xor.rb +81 -0
- data/lib/ronin/payloads/exceptions.rb +24 -0
- data/lib/ronin/payloads/exceptions/unknown_helper.rb +29 -0
- data/lib/ronin/payloads/helpers.rb +26 -0
- data/lib/ronin/payloads/helpers/exceptions.rb +24 -0
- data/lib/ronin/payloads/helpers/exceptions/program_not_found.rb +31 -0
- data/lib/ronin/payloads/helpers/exceptions/unimplemented.rb +31 -0
- data/lib/ronin/payloads/helpers/file_system.rb +187 -0
- data/lib/ronin/payloads/helpers/rpc.rb +83 -0
- data/lib/ronin/payloads/helpers/shell.rb +91 -0
- data/lib/ronin/payloads/nops.rb +32 -0
- data/lib/ronin/payloads/payload.rb +90 -53
- data/lib/ronin/payloads/shellcode.rb +1 -1
- data/lib/ronin/payloads/web_payload.rb +2 -1
- data/lib/ronin/targeted_arch.rb +38 -0
- data/lib/ronin/targeted_os.rb +38 -0
- data/lib/ronin/targeted_product.rb +34 -0
- data/lib/ronin/ui/command_line/commands/exploits.rb +77 -0
- data/lib/ronin/ui/command_line/commands/payload.rb +106 -0
- data/lib/ronin/ui/command_line/commands/payloads.rb +73 -0
- data/spec/exploits/binary_exploit_spec.rb +44 -0
- data/spec/exploits/buffer_overflow_exploit_spec.rb +70 -0
- data/spec/exploits/exploit_spec.rb +122 -25
- data/spec/exploits/format_string_exploit_spec.rb +32 -0
- data/spec/exploits/ftp_spec.rb +17 -0
- data/spec/exploits/http_spec.rb +17 -0
- data/spec/exploits/padding_exploit_spec.rb +44 -0
- data/spec/exploits/remote_tcp_spec.rb +24 -0
- data/spec/exploits/remote_udp_spec.rb +24 -0
- data/spec/exploits/target_spec.rb +91 -0
- data/spec/exploits/targets/buffer_overflow_spec.rb +18 -0
- data/spec/exploits/{web_exploit_spec.rb → web_spec.rb} +5 -5
- data/spec/helpers/database.rb +5 -0
- data/spec/helpers/objects.rb +22 -0
- data/spec/objects/exploits/test.rb +28 -0
- data/spec/objects/payloads/example.rb +19 -0
- data/spec/objects/payloads/test.rb +11 -0
- data/spec/payloads/encoder_spec.rb +26 -0
- data/spec/payloads/encoders/xor_spec.rb +20 -0
- data/spec/payloads/payload_spec.rb +48 -13
- data/spec/spec_helper.rb +3 -5
- metadata +71 -22
- data/lib/ronin/exploits/binary_exploit.rb +0 -139
- data/lib/ronin/exploits/buffer_overflow.rb +0 -80
- data/lib/ronin/exploits/exploitable.rb +0 -77
- data/lib/ronin/exploits/format_string.rb +0 -88
- data/lib/ronin/models.rb +0 -38
- data/lib/ronin/translators/xor.rb +0 -96
- data/spec/exploits/exploitable_spec.rb +0 -21
- data/spec/translators/xor_spec.rb +0 -26
@@ -1,18 +1,15 @@
|
|
1
1
|
require 'ronin/payloads/payload'
|
2
2
|
|
3
3
|
require 'spec_helper'
|
4
|
+
require 'helpers/objects'
|
4
5
|
|
5
6
|
describe Payloads::Payload do
|
6
7
|
before(:each) do
|
7
|
-
@payload =
|
8
|
-
def builder
|
9
|
-
@payload = 'code'
|
10
|
-
end
|
11
|
-
end
|
8
|
+
@payload = load_payload('test')
|
12
9
|
end
|
13
10
|
|
14
11
|
it "should require a name attribute" do
|
15
|
-
payload = Payloads::Payload.new
|
12
|
+
payload = Payloads::Payload.new
|
16
13
|
payload.should_not be_valid
|
17
14
|
|
18
15
|
payload.name = 'test'
|
@@ -21,40 +18,78 @@ describe Payloads::Payload do
|
|
21
18
|
|
22
19
|
it "should have a unique name and version" do
|
23
20
|
first_payload = Payloads::Payload.create(
|
24
|
-
:object_path => 'test.rb',
|
25
21
|
:name => 'test',
|
26
22
|
:version => '0.0.1'
|
27
23
|
)
|
28
24
|
first_payload.should be_valid
|
29
25
|
|
30
26
|
second_payload = Payloads::Payload.new(
|
31
|
-
:object_path => 'other.rb',
|
32
27
|
:name => 'test',
|
33
28
|
:version => '0.0.1'
|
34
29
|
)
|
35
30
|
second_payload.should_not be_valid
|
36
31
|
|
37
32
|
third_payload = Payloads::Payload.new(
|
38
|
-
:object_path => 'other.rb',
|
39
33
|
:name => 'test',
|
40
34
|
:version => '0.0.2'
|
41
35
|
)
|
42
36
|
third_payload.should be_valid
|
43
37
|
end
|
44
38
|
|
39
|
+
it "should not have any controls by default" do
|
40
|
+
@payload.controls.should be_empty
|
41
|
+
end
|
42
|
+
|
43
|
+
it "should specify what behaviors the payload controls" do
|
44
|
+
@payload.controlling :memory_read
|
45
|
+
|
46
|
+
@payload.behaviors.first.should == Vuln::Behavior[:memory_read]
|
47
|
+
end
|
48
|
+
|
49
|
+
it "should allow for the extending of Helper modules" do
|
50
|
+
@payload.instance_eval { helper :shell }.should == true
|
51
|
+
end
|
52
|
+
|
53
|
+
it "should raise an UnknownHelper when extending an unknown helper" do
|
54
|
+
lambda {
|
55
|
+
@payload.instance_eval { helper :obvious_not_there }
|
56
|
+
}.should raise_error(Payloads::UnknownHelper)
|
57
|
+
end
|
58
|
+
|
59
|
+
it "should not have an Arch by default" do
|
60
|
+
@payload.arch.should be_nil
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should set the Arch when called with a name" do
|
64
|
+
@payload.arch :i686
|
65
|
+
@payload.arch.name.should == 'i686'
|
66
|
+
@payload.arch.endian == 'little'
|
67
|
+
@payload.arch.address_length == 4
|
68
|
+
end
|
69
|
+
|
70
|
+
it "should not have an OS by default" do
|
71
|
+
@payload.os.should be_nil
|
72
|
+
end
|
73
|
+
|
74
|
+
it "should set the OS when called with arguments" do
|
75
|
+
@payload.os(:name => 'FreeBSD', :version => '7.1')
|
76
|
+
@payload.os.name.should == 'FreeBSD'
|
77
|
+
@payload.os.version.should == '7.1'
|
78
|
+
end
|
79
|
+
|
45
80
|
it "should have 'built' and 'unbiult' states" do
|
46
81
|
@payload.should_not be_built
|
47
|
-
@payload.build
|
82
|
+
@payload.build!
|
48
83
|
@payload.should be_built
|
49
84
|
end
|
50
85
|
|
51
86
|
it "should return the built payload when calling build" do
|
52
|
-
@payload.build
|
87
|
+
@payload.build!.should == 'code'
|
53
88
|
end
|
54
89
|
|
55
90
|
it "should have a default deployer method" do
|
56
|
-
@payload.deploy do |payload|
|
57
|
-
|
91
|
+
@payload.deploy! do |payload|
|
92
|
+
payload.should == @payload
|
58
93
|
end
|
59
94
|
end
|
60
95
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,11 +1,9 @@
|
|
1
1
|
require 'rubygems'
|
2
|
-
gem 'rspec', '>=1.1.
|
2
|
+
gem 'rspec', '>=1.1.12'
|
3
3
|
require 'spec'
|
4
4
|
|
5
|
-
require
|
6
|
-
|
7
|
-
require 'ronin/database'
|
5
|
+
require 'ronin/exploits/version'
|
8
6
|
|
9
7
|
include Ronin
|
10
8
|
|
11
|
-
|
9
|
+
require 'helpers/database'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ronin-exploits
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-05-11 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -20,7 +20,7 @@ dependencies:
|
|
20
20
|
requirements:
|
21
21
|
- - ">="
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version: 0.
|
23
|
+
version: 0.2.3
|
24
24
|
version:
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: hoe
|
@@ -30,13 +30,15 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.
|
33
|
+
version: 1.12.2
|
34
34
|
version:
|
35
35
|
description: Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality. Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
|
36
36
|
email:
|
37
37
|
- postmodern.mod3@gmail.com
|
38
|
-
executables:
|
39
|
-
|
38
|
+
executables:
|
39
|
+
- ronin-payload
|
40
|
+
- ronin-payloads
|
41
|
+
- ronin-exploits
|
40
42
|
extensions: []
|
41
43
|
|
42
44
|
extra_rdoc_files:
|
@@ -52,43 +54,90 @@ files:
|
|
52
54
|
- README.txt
|
53
55
|
- Rakefile
|
54
56
|
- TODO.txt
|
57
|
+
- bin/ronin-payload
|
58
|
+
- bin/ronin-payloads
|
59
|
+
- bin/ronin-exploits
|
60
|
+
- lib/ronin/targeted_arch.rb
|
61
|
+
- lib/ronin/targeted_os.rb
|
62
|
+
- lib/ronin/targeted_product.rb
|
63
|
+
- lib/ronin/model/targets_arch.rb
|
64
|
+
- lib/ronin/model/targets_os.rb
|
55
65
|
- lib/ronin/vuln/behavior.rb
|
56
66
|
- lib/ronin/exploits.rb
|
57
67
|
- lib/ronin/exploits/exceptions.rb
|
68
|
+
- lib/ronin/exploits/exceptions/unknown_helper.rb
|
69
|
+
- lib/ronin/exploits/exceptions/target_unspecified.rb
|
70
|
+
- lib/ronin/exploits/exceptions/target_data_missing.rb
|
58
71
|
- lib/ronin/exploits/exceptions/exploit_not_built.rb
|
59
72
|
- lib/ronin/exploits/exceptions/restricted_char.rb
|
60
73
|
- lib/ronin/exploits/exceptions/payload_size.rb
|
61
|
-
- lib/ronin/exploits/
|
62
|
-
- lib/ronin/exploits/
|
63
|
-
- lib/ronin/exploits/
|
74
|
+
- lib/ronin/exploits/helpers.rb
|
75
|
+
- lib/ronin/exploits/helpers/binary.rb
|
76
|
+
- lib/ronin/exploits/helpers/padding.rb
|
77
|
+
- lib/ronin/exploits/helpers/buffer_overflow.rb
|
78
|
+
- lib/ronin/exploits/helpers/format_string.rb
|
79
|
+
- lib/ronin/exploits/targets.rb
|
80
|
+
- lib/ronin/exploits/targets/buffer_overflow.rb
|
81
|
+
- lib/ronin/exploits/targets/format_string.rb
|
82
|
+
- lib/ronin/exploits/allow.rb
|
83
|
+
- lib/ronin/exploits/target.rb
|
64
84
|
- lib/ronin/exploits/exploit.rb
|
65
85
|
- lib/ronin/exploits/exploit_author.rb
|
66
|
-
- lib/ronin/exploits/
|
67
|
-
- lib/ronin/exploits/
|
68
|
-
- lib/ronin/exploits/
|
69
|
-
- lib/ronin/exploits/
|
70
|
-
- lib/ronin/exploits/
|
71
|
-
- lib/ronin/exploits/
|
72
|
-
- lib/ronin/exploits/
|
86
|
+
- lib/ronin/exploits/remote.rb
|
87
|
+
- lib/ronin/exploits/local.rb
|
88
|
+
- lib/ronin/exploits/remote_tcp.rb
|
89
|
+
- lib/ronin/exploits/remote_udp.rb
|
90
|
+
- lib/ronin/exploits/ftp.rb
|
91
|
+
- lib/ronin/exploits/http.rb
|
92
|
+
- lib/ronin/exploits/web.rb
|
73
93
|
- lib/ronin/exploits/version.rb
|
74
|
-
- lib/ronin/models.rb
|
75
94
|
- lib/ronin/payloads.rb
|
76
|
-
- lib/ronin/payloads/
|
95
|
+
- lib/ronin/payloads/exceptions.rb
|
96
|
+
- lib/ronin/payloads/exceptions/unknown_helper.rb
|
97
|
+
- lib/ronin/payloads/encoder.rb
|
98
|
+
- lib/ronin/payloads/encoders.rb
|
99
|
+
- lib/ronin/payloads/encoders/xor.rb
|
100
|
+
- lib/ronin/payloads/helpers.rb
|
101
|
+
- lib/ronin/payloads/helpers/exceptions.rb
|
102
|
+
- lib/ronin/payloads/helpers/exceptions/unimplemented.rb
|
103
|
+
- lib/ronin/payloads/helpers/exceptions/program_not_found.rb
|
104
|
+
- lib/ronin/payloads/helpers/file_system.rb
|
105
|
+
- lib/ronin/payloads/helpers/shell.rb
|
106
|
+
- lib/ronin/payloads/helpers/rpc.rb
|
107
|
+
- lib/ronin/payloads/control.rb
|
77
108
|
- lib/ronin/payloads/payload_author.rb
|
78
109
|
- lib/ronin/payloads/payload.rb
|
79
110
|
- lib/ronin/payloads/binary_payload.rb
|
111
|
+
- lib/ronin/payloads/nops.rb
|
80
112
|
- lib/ronin/payloads/shellcode.rb
|
81
113
|
- lib/ronin/payloads/web_payload.rb
|
82
|
-
- lib/ronin/
|
114
|
+
- lib/ronin/ui/command_line/commands/payload.rb
|
115
|
+
- lib/ronin/ui/command_line/commands/payloads.rb
|
116
|
+
- lib/ronin/ui/command_line/commands/exploits.rb
|
83
117
|
- tasks/spec.rb
|
84
118
|
- spec/spec_helper.rb
|
119
|
+
- spec/helpers/database.rb
|
120
|
+
- spec/helpers/objects.rb
|
121
|
+
- spec/objects/exploits/test.rb
|
122
|
+
- spec/objects/payloads/test.rb
|
123
|
+
- spec/objects/payloads/example.rb
|
85
124
|
- spec/exploits_spec.rb
|
86
125
|
- spec/vuln/behavior_spec.rb
|
87
|
-
- spec/exploits/
|
126
|
+
- spec/exploits/targets/buffer_overflow_spec.rb
|
127
|
+
- spec/exploits/target_spec.rb
|
88
128
|
- spec/exploits/exploit_spec.rb
|
89
|
-
- spec/exploits/
|
129
|
+
- spec/exploits/remote_tcp_spec.rb
|
130
|
+
- spec/exploits/remote_udp_spec.rb
|
131
|
+
- spec/exploits/ftp_spec.rb
|
132
|
+
- spec/exploits/http_spec.rb
|
133
|
+
- spec/exploits/web_spec.rb
|
134
|
+
- spec/exploits/binary_exploit_spec.rb
|
135
|
+
- spec/exploits/padding_exploit_spec.rb
|
136
|
+
- spec/exploits/buffer_overflow_exploit_spec.rb
|
137
|
+
- spec/exploits/format_string_exploit_spec.rb
|
138
|
+
- spec/payloads/encoder_spec.rb
|
139
|
+
- spec/payloads/encoders/xor_spec.rb
|
90
140
|
- spec/payloads/payload_spec.rb
|
91
|
-
- spec/translators/xor_spec.rb
|
92
141
|
has_rdoc: true
|
93
142
|
homepage: http://ronin.rubyforge.org/exploits/
|
94
143
|
post_install_message:
|
@@ -1,139 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
-
# payload crafting functionality.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/exploits/exceptions/exploit_not_built'
|
25
|
-
require 'ronin/exploits/exceptions/restricted_char'
|
26
|
-
require 'ronin/exploits/exploit_target'
|
27
|
-
require 'ronin/exploits/exploit'
|
28
|
-
require 'ronin/chars/char_set'
|
29
|
-
require 'ronin/formatting/binary'
|
30
|
-
|
31
|
-
module Ronin
|
32
|
-
module Exploits
|
33
|
-
class BinaryExploit < Exploit
|
34
|
-
|
35
|
-
objectify :ronin_binary_exploit
|
36
|
-
|
37
|
-
# Targets of the exploit
|
38
|
-
has n, :targets, :class_name => 'ExploitTarget'
|
39
|
-
|
40
|
-
# Target index to use
|
41
|
-
parameter :target_index,
|
42
|
-
:default => 0,
|
43
|
-
:description => 'default target index'
|
44
|
-
|
45
|
-
# Custom target to use
|
46
|
-
parameter :custom_target, :description => 'custom target'
|
47
|
-
|
48
|
-
# String to pad extra space with
|
49
|
-
parameter :pad,
|
50
|
-
:default => 'A',
|
51
|
-
:description => 'padding string'
|
52
|
-
|
53
|
-
# Restricted characters that may not occurr in the built exploit
|
54
|
-
attr_accessor :restricted
|
55
|
-
|
56
|
-
# The built exploit
|
57
|
-
attr_accessor :exploit
|
58
|
-
|
59
|
-
#
|
60
|
-
# Creates a new BinaryExploit object with the given _attributes_.
|
61
|
-
#
|
62
|
-
def initialize(attributes={})
|
63
|
-
super(attributes)
|
64
|
-
|
65
|
-
@restricted = Chars::CharSet.new(attributes[:restricted] || [])
|
66
|
-
end
|
67
|
-
|
68
|
-
#
|
69
|
-
# Adds an ExploitTarget with the given _attributes_. If a _block_ is
|
70
|
-
# given, it will be passed to the newly created ExploitTarget
|
71
|
-
# object.
|
72
|
-
#
|
73
|
-
def target(attributes={},&block)
|
74
|
-
self.targets << ExploitTarget.new(
|
75
|
-
attributes.merge(:exploit => self),
|
76
|
-
&block
|
77
|
-
)
|
78
|
-
end
|
79
|
-
|
80
|
-
#
|
81
|
-
# Returns the selected target.
|
82
|
-
#
|
83
|
-
def selected_target
|
84
|
-
(@custom_target || @targets[@target_index])
|
85
|
-
end
|
86
|
-
|
87
|
-
#
|
88
|
-
# Creates a padded buffer of the specified _length_ using the
|
89
|
-
# specified _padding_ data.
|
90
|
-
#
|
91
|
-
def pad_buffer(padding,length)
|
92
|
-
padding = padding.to_s
|
93
|
-
|
94
|
-
buffer = (padding * (length / padding.length))
|
95
|
-
pad_remaining = (length % padding.length)
|
96
|
-
|
97
|
-
unless pad_remaining==0
|
98
|
-
buffer += padding[0,pad_remaining]
|
99
|
-
end
|
100
|
-
|
101
|
-
return buffer
|
102
|
-
end
|
103
|
-
|
104
|
-
#
|
105
|
-
# Adds the given _chars_ to the restricted list of characters.
|
106
|
-
#
|
107
|
-
# restrict 0x00, "\n"
|
108
|
-
# # => #<Ronin::Chars::CharSet: {"\0", "\n"}>
|
109
|
-
#
|
110
|
-
def restrict(*chars)
|
111
|
-
@restricted += pattern
|
112
|
-
end
|
113
|
-
|
114
|
-
def build
|
115
|
-
@exploit = ''
|
116
|
-
return super
|
117
|
-
end
|
118
|
-
|
119
|
-
#
|
120
|
-
# Verifies that the exploit is built and does not contain any
|
121
|
-
# restricted characters.
|
122
|
-
#
|
123
|
-
def verify
|
124
|
-
unless @exploit
|
125
|
-
raise(ExploitNotBuilt,"cannot verify an unbuilt exploit",caller)
|
126
|
-
end
|
127
|
-
|
128
|
-
@restricted.each do |char|
|
129
|
-
if @exploit.include?(char)
|
130
|
-
raise(RestrictedChar,"Restricted character '#{char}' was found in the built exploit",caller)
|
131
|
-
end
|
132
|
-
end
|
133
|
-
|
134
|
-
return super
|
135
|
-
end
|
136
|
-
|
137
|
-
end
|
138
|
-
end
|
139
|
-
end
|
@@ -1,80 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
-
# payload crafting functionality.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/exploits/exceptions/payload_size'
|
25
|
-
require 'ronin/exploits/buffer_overflow_target'
|
26
|
-
require 'ronin/exploits/binary_exploit'
|
27
|
-
|
28
|
-
module Ronin
|
29
|
-
module Exploits
|
30
|
-
class BufferOverflow < BinaryExploit
|
31
|
-
|
32
|
-
objectify :ronin_buffer_overflow
|
33
|
-
|
34
|
-
# Targets of the buffer overflow
|
35
|
-
has n, :targets, :class_name => 'BufferOverflowTarget'
|
36
|
-
|
37
|
-
#
|
38
|
-
# Adds a new BufferOverflowTarget with the given _attributes_. If a
|
39
|
-
# _block_ is given, it will be passed the BufferOverflowTarget object.
|
40
|
-
#
|
41
|
-
def target(attributes={},&block)
|
42
|
-
self.targets << BufferOverflowTarget.new(
|
43
|
-
attributes.merge(:exploit => self),
|
44
|
-
&block
|
45
|
-
)
|
46
|
-
end
|
47
|
-
|
48
|
-
#
|
49
|
-
# Builds the exploit buffer with the given _options_.
|
50
|
-
#
|
51
|
-
def build_buffer(options={})
|
52
|
-
target = (options[:target] || selected_target)
|
53
|
-
payload = (options[:payload] || @payload).to_s
|
54
|
-
|
55
|
-
unless payload.length<=target.buffer_length
|
56
|
-
raise(PayloadSize,"the specified payload is too large for the target's buffer length",caller)
|
57
|
-
end
|
58
|
-
|
59
|
-
buffer = pad_buffer(@pad,(target.buffer_length-payload.length))+payload
|
60
|
-
|
61
|
-
ip_packed = target.ip.pack(target.arch)
|
62
|
-
unless target.bp==0
|
63
|
-
buffer += (target.bp.pack(target.arch)+ip_packed)*target.return_length
|
64
|
-
else
|
65
|
-
buffer += ip_packed*(target.return_length*2)
|
66
|
-
end
|
67
|
-
|
68
|
-
return buffer
|
69
|
-
end
|
70
|
-
|
71
|
-
#
|
72
|
-
# Default builder method which simply calls build_buffer.
|
73
|
-
#
|
74
|
-
def builder
|
75
|
-
@exploit = build_buffer
|
76
|
-
end
|
77
|
-
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|