ronin-exploits 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (89) hide show
  1. data/History.txt +80 -2
  2. data/Manifest.txt +63 -16
  3. data/README.txt +89 -2
  4. data/Rakefile +1 -1
  5. data/TODO.txt +1 -1
  6. data/bin/ronin-exploits +12 -0
  7. data/bin/ronin-payload +12 -0
  8. data/bin/ronin-payloads +12 -0
  9. data/lib/ronin/exploits.rb +13 -10
  10. data/lib/ronin/exploits/{impact.rb → allow.rb} +9 -4
  11. data/lib/ronin/exploits/exceptions.rb +3 -0
  12. data/lib/ronin/exploits/exceptions/target_data_missing.rb +29 -0
  13. data/lib/ronin/exploits/exceptions/target_unspecified.rb +29 -0
  14. data/lib/ronin/exploits/exceptions/unknown_helper.rb +29 -0
  15. data/lib/ronin/exploits/exploit.rb +330 -77
  16. data/lib/ronin/exploits/{format_string_target.rb → ftp.rb} +5 -11
  17. data/lib/ronin/exploits/helpers.rb +27 -0
  18. data/lib/ronin/exploits/helpers/binary.rb +44 -0
  19. data/lib/ronin/exploits/helpers/buffer_overflow.rb +102 -0
  20. data/lib/ronin/exploits/helpers/format_string.rb +107 -0
  21. data/lib/ronin/exploits/helpers/padding.rb +84 -0
  22. data/lib/ronin/exploits/http.rb +37 -0
  23. data/lib/ronin/exploits/{requirement.rb → local.rb} +2 -14
  24. data/lib/ronin/exploits/remote.rb +34 -0
  25. data/lib/ronin/exploits/remote_tcp.rb +70 -0
  26. data/lib/ronin/exploits/remote_udp.rb +70 -0
  27. data/lib/ronin/exploits/target.rb +134 -0
  28. data/lib/ronin/exploits/targets.rb +29 -0
  29. data/lib/ronin/exploits/{buffer_overflow_target.rb → targets/buffer_overflow.rb} +13 -11
  30. data/lib/ronin/exploits/{exploit_target.rb → targets/format_string.rb} +11 -14
  31. data/lib/ronin/exploits/version.rb +1 -1
  32. data/lib/ronin/exploits/{web_exploit.rb → web.rb} +3 -3
  33. data/lib/ronin/model/targets_arch.rb +59 -0
  34. data/lib/ronin/model/targets_os.rb +59 -0
  35. data/lib/ronin/payloads.rb +7 -3
  36. data/lib/ronin/payloads/binary_payload.rb +3 -7
  37. data/lib/ronin/payloads/{ability.rb → control.rb} +7 -2
  38. data/lib/ronin/payloads/encoder.rb +78 -0
  39. data/lib/ronin/payloads/encoders.rb +33 -0
  40. data/lib/ronin/payloads/encoders/xor.rb +81 -0
  41. data/lib/ronin/payloads/exceptions.rb +24 -0
  42. data/lib/ronin/payloads/exceptions/unknown_helper.rb +29 -0
  43. data/lib/ronin/payloads/helpers.rb +26 -0
  44. data/lib/ronin/payloads/helpers/exceptions.rb +24 -0
  45. data/lib/ronin/payloads/helpers/exceptions/program_not_found.rb +31 -0
  46. data/lib/ronin/payloads/helpers/exceptions/unimplemented.rb +31 -0
  47. data/lib/ronin/payloads/helpers/file_system.rb +187 -0
  48. data/lib/ronin/payloads/helpers/rpc.rb +83 -0
  49. data/lib/ronin/payloads/helpers/shell.rb +91 -0
  50. data/lib/ronin/payloads/nops.rb +32 -0
  51. data/lib/ronin/payloads/payload.rb +90 -53
  52. data/lib/ronin/payloads/shellcode.rb +1 -1
  53. data/lib/ronin/payloads/web_payload.rb +2 -1
  54. data/lib/ronin/targeted_arch.rb +38 -0
  55. data/lib/ronin/targeted_os.rb +38 -0
  56. data/lib/ronin/targeted_product.rb +34 -0
  57. data/lib/ronin/ui/command_line/commands/exploits.rb +77 -0
  58. data/lib/ronin/ui/command_line/commands/payload.rb +106 -0
  59. data/lib/ronin/ui/command_line/commands/payloads.rb +73 -0
  60. data/spec/exploits/binary_exploit_spec.rb +44 -0
  61. data/spec/exploits/buffer_overflow_exploit_spec.rb +70 -0
  62. data/spec/exploits/exploit_spec.rb +122 -25
  63. data/spec/exploits/format_string_exploit_spec.rb +32 -0
  64. data/spec/exploits/ftp_spec.rb +17 -0
  65. data/spec/exploits/http_spec.rb +17 -0
  66. data/spec/exploits/padding_exploit_spec.rb +44 -0
  67. data/spec/exploits/remote_tcp_spec.rb +24 -0
  68. data/spec/exploits/remote_udp_spec.rb +24 -0
  69. data/spec/exploits/target_spec.rb +91 -0
  70. data/spec/exploits/targets/buffer_overflow_spec.rb +18 -0
  71. data/spec/exploits/{web_exploit_spec.rb → web_spec.rb} +5 -5
  72. data/spec/helpers/database.rb +5 -0
  73. data/spec/helpers/objects.rb +22 -0
  74. data/spec/objects/exploits/test.rb +28 -0
  75. data/spec/objects/payloads/example.rb +19 -0
  76. data/spec/objects/payloads/test.rb +11 -0
  77. data/spec/payloads/encoder_spec.rb +26 -0
  78. data/spec/payloads/encoders/xor_spec.rb +20 -0
  79. data/spec/payloads/payload_spec.rb +48 -13
  80. data/spec/spec_helper.rb +3 -5
  81. metadata +71 -22
  82. data/lib/ronin/exploits/binary_exploit.rb +0 -139
  83. data/lib/ronin/exploits/buffer_overflow.rb +0 -80
  84. data/lib/ronin/exploits/exploitable.rb +0 -77
  85. data/lib/ronin/exploits/format_string.rb +0 -88
  86. data/lib/ronin/models.rb +0 -38
  87. data/lib/ronin/translators/xor.rb +0 -96
  88. data/spec/exploits/exploitable_spec.rb +0 -21
  89. data/spec/translators/xor_spec.rb +0 -26
@@ -1,18 +1,15 @@
1
1
  require 'ronin/payloads/payload'
2
2
 
3
3
  require 'spec_helper'
4
+ require 'helpers/objects'
4
5
 
5
6
  describe Payloads::Payload do
6
7
  before(:each) do
7
- @payload = Payloads::Payload.new(:name => 'test') do
8
- def builder
9
- @payload = 'code'
10
- end
11
- end
8
+ @payload = load_payload('test')
12
9
  end
13
10
 
14
11
  it "should require a name attribute" do
15
- payload = Payloads::Payload.new(:object_path => 'test.rb')
12
+ payload = Payloads::Payload.new
16
13
  payload.should_not be_valid
17
14
 
18
15
  payload.name = 'test'
@@ -21,40 +18,78 @@ describe Payloads::Payload do
21
18
 
22
19
  it "should have a unique name and version" do
23
20
  first_payload = Payloads::Payload.create(
24
- :object_path => 'test.rb',
25
21
  :name => 'test',
26
22
  :version => '0.0.1'
27
23
  )
28
24
  first_payload.should be_valid
29
25
 
30
26
  second_payload = Payloads::Payload.new(
31
- :object_path => 'other.rb',
32
27
  :name => 'test',
33
28
  :version => '0.0.1'
34
29
  )
35
30
  second_payload.should_not be_valid
36
31
 
37
32
  third_payload = Payloads::Payload.new(
38
- :object_path => 'other.rb',
39
33
  :name => 'test',
40
34
  :version => '0.0.2'
41
35
  )
42
36
  third_payload.should be_valid
43
37
  end
44
38
 
39
+ it "should not have any controls by default" do
40
+ @payload.controls.should be_empty
41
+ end
42
+
43
+ it "should specify what behaviors the payload controls" do
44
+ @payload.controlling :memory_read
45
+
46
+ @payload.behaviors.first.should == Vuln::Behavior[:memory_read]
47
+ end
48
+
49
+ it "should allow for the extending of Helper modules" do
50
+ @payload.instance_eval { helper :shell }.should == true
51
+ end
52
+
53
+ it "should raise an UnknownHelper when extending an unknown helper" do
54
+ lambda {
55
+ @payload.instance_eval { helper :obvious_not_there }
56
+ }.should raise_error(Payloads::UnknownHelper)
57
+ end
58
+
59
+ it "should not have an Arch by default" do
60
+ @payload.arch.should be_nil
61
+ end
62
+
63
+ it "should set the Arch when called with a name" do
64
+ @payload.arch :i686
65
+ @payload.arch.name.should == 'i686'
66
+ @payload.arch.endian == 'little'
67
+ @payload.arch.address_length == 4
68
+ end
69
+
70
+ it "should not have an OS by default" do
71
+ @payload.os.should be_nil
72
+ end
73
+
74
+ it "should set the OS when called with arguments" do
75
+ @payload.os(:name => 'FreeBSD', :version => '7.1')
76
+ @payload.os.name.should == 'FreeBSD'
77
+ @payload.os.version.should == '7.1'
78
+ end
79
+
45
80
  it "should have 'built' and 'unbiult' states" do
46
81
  @payload.should_not be_built
47
- @payload.build
82
+ @payload.build!
48
83
  @payload.should be_built
49
84
  end
50
85
 
51
86
  it "should return the built payload when calling build" do
52
- @payload.build.should == 'code'
87
+ @payload.build!.should == 'code'
53
88
  end
54
89
 
55
90
  it "should have a default deployer method" do
56
- @payload.deploy do |payload|
57
- @payload.should == payload
91
+ @payload.deploy! do |payload|
92
+ payload.should == @payload
58
93
  end
59
94
  end
60
95
  end
@@ -1,11 +1,9 @@
1
1
  require 'rubygems'
2
- gem 'rspec', '>=1.1.3'
2
+ gem 'rspec', '>=1.1.12'
3
3
  require 'spec'
4
4
 
5
- require File.join(File.dirname(__FILE__),'..','lib','ronin','models.rb')
6
-
7
- require 'ronin/database'
5
+ require 'ronin/exploits/version'
8
6
 
9
7
  include Ronin
10
8
 
11
- Database.setup({ :adapter => 'sqlite3', :database => ':memory:' })
9
+ require 'helpers/database'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ronin-exploits
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Postmodern
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-01-22 00:00:00 -08:00
12
+ date: 2009-05-11 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 0.1.3
23
+ version: 0.2.3
24
24
  version:
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: hoe
@@ -30,13 +30,15 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 1.8.3
33
+ version: 1.12.2
34
34
  version:
35
35
  description: Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality. Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
36
36
  email:
37
37
  - postmodern.mod3@gmail.com
38
- executables: []
39
-
38
+ executables:
39
+ - ronin-payload
40
+ - ronin-payloads
41
+ - ronin-exploits
40
42
  extensions: []
41
43
 
42
44
  extra_rdoc_files:
@@ -52,43 +54,90 @@ files:
52
54
  - README.txt
53
55
  - Rakefile
54
56
  - TODO.txt
57
+ - bin/ronin-payload
58
+ - bin/ronin-payloads
59
+ - bin/ronin-exploits
60
+ - lib/ronin/targeted_arch.rb
61
+ - lib/ronin/targeted_os.rb
62
+ - lib/ronin/targeted_product.rb
63
+ - lib/ronin/model/targets_arch.rb
64
+ - lib/ronin/model/targets_os.rb
55
65
  - lib/ronin/vuln/behavior.rb
56
66
  - lib/ronin/exploits.rb
57
67
  - lib/ronin/exploits/exceptions.rb
68
+ - lib/ronin/exploits/exceptions/unknown_helper.rb
69
+ - lib/ronin/exploits/exceptions/target_unspecified.rb
70
+ - lib/ronin/exploits/exceptions/target_data_missing.rb
58
71
  - lib/ronin/exploits/exceptions/exploit_not_built.rb
59
72
  - lib/ronin/exploits/exceptions/restricted_char.rb
60
73
  - lib/ronin/exploits/exceptions/payload_size.rb
61
- - lib/ronin/exploits/exploitable.rb
62
- - lib/ronin/exploits/requirement.rb
63
- - lib/ronin/exploits/impact.rb
74
+ - lib/ronin/exploits/helpers.rb
75
+ - lib/ronin/exploits/helpers/binary.rb
76
+ - lib/ronin/exploits/helpers/padding.rb
77
+ - lib/ronin/exploits/helpers/buffer_overflow.rb
78
+ - lib/ronin/exploits/helpers/format_string.rb
79
+ - lib/ronin/exploits/targets.rb
80
+ - lib/ronin/exploits/targets/buffer_overflow.rb
81
+ - lib/ronin/exploits/targets/format_string.rb
82
+ - lib/ronin/exploits/allow.rb
83
+ - lib/ronin/exploits/target.rb
64
84
  - lib/ronin/exploits/exploit.rb
65
85
  - lib/ronin/exploits/exploit_author.rb
66
- - lib/ronin/exploits/exploit_target.rb
67
- - lib/ronin/exploits/binary_exploit.rb
68
- - lib/ronin/exploits/buffer_overflow.rb
69
- - lib/ronin/exploits/buffer_overflow_target.rb
70
- - lib/ronin/exploits/format_string.rb
71
- - lib/ronin/exploits/format_string_target.rb
72
- - lib/ronin/exploits/web_exploit.rb
86
+ - lib/ronin/exploits/remote.rb
87
+ - lib/ronin/exploits/local.rb
88
+ - lib/ronin/exploits/remote_tcp.rb
89
+ - lib/ronin/exploits/remote_udp.rb
90
+ - lib/ronin/exploits/ftp.rb
91
+ - lib/ronin/exploits/http.rb
92
+ - lib/ronin/exploits/web.rb
73
93
  - lib/ronin/exploits/version.rb
74
- - lib/ronin/models.rb
75
94
  - lib/ronin/payloads.rb
76
- - lib/ronin/payloads/ability.rb
95
+ - lib/ronin/payloads/exceptions.rb
96
+ - lib/ronin/payloads/exceptions/unknown_helper.rb
97
+ - lib/ronin/payloads/encoder.rb
98
+ - lib/ronin/payloads/encoders.rb
99
+ - lib/ronin/payloads/encoders/xor.rb
100
+ - lib/ronin/payloads/helpers.rb
101
+ - lib/ronin/payloads/helpers/exceptions.rb
102
+ - lib/ronin/payloads/helpers/exceptions/unimplemented.rb
103
+ - lib/ronin/payloads/helpers/exceptions/program_not_found.rb
104
+ - lib/ronin/payloads/helpers/file_system.rb
105
+ - lib/ronin/payloads/helpers/shell.rb
106
+ - lib/ronin/payloads/helpers/rpc.rb
107
+ - lib/ronin/payloads/control.rb
77
108
  - lib/ronin/payloads/payload_author.rb
78
109
  - lib/ronin/payloads/payload.rb
79
110
  - lib/ronin/payloads/binary_payload.rb
111
+ - lib/ronin/payloads/nops.rb
80
112
  - lib/ronin/payloads/shellcode.rb
81
113
  - lib/ronin/payloads/web_payload.rb
82
- - lib/ronin/translators/xor.rb
114
+ - lib/ronin/ui/command_line/commands/payload.rb
115
+ - lib/ronin/ui/command_line/commands/payloads.rb
116
+ - lib/ronin/ui/command_line/commands/exploits.rb
83
117
  - tasks/spec.rb
84
118
  - spec/spec_helper.rb
119
+ - spec/helpers/database.rb
120
+ - spec/helpers/objects.rb
121
+ - spec/objects/exploits/test.rb
122
+ - spec/objects/payloads/test.rb
123
+ - spec/objects/payloads/example.rb
85
124
  - spec/exploits_spec.rb
86
125
  - spec/vuln/behavior_spec.rb
87
- - spec/exploits/exploitable_spec.rb
126
+ - spec/exploits/targets/buffer_overflow_spec.rb
127
+ - spec/exploits/target_spec.rb
88
128
  - spec/exploits/exploit_spec.rb
89
- - spec/exploits/web_exploit_spec.rb
129
+ - spec/exploits/remote_tcp_spec.rb
130
+ - spec/exploits/remote_udp_spec.rb
131
+ - spec/exploits/ftp_spec.rb
132
+ - spec/exploits/http_spec.rb
133
+ - spec/exploits/web_spec.rb
134
+ - spec/exploits/binary_exploit_spec.rb
135
+ - spec/exploits/padding_exploit_spec.rb
136
+ - spec/exploits/buffer_overflow_exploit_spec.rb
137
+ - spec/exploits/format_string_exploit_spec.rb
138
+ - spec/payloads/encoder_spec.rb
139
+ - spec/payloads/encoders/xor_spec.rb
90
140
  - spec/payloads/payload_spec.rb
91
- - spec/translators/xor_spec.rb
92
141
  has_rdoc: true
93
142
  homepage: http://ronin.rubyforge.org/exploits/
94
143
  post_install_message:
@@ -1,139 +0,0 @@
1
- #
2
- #--
3
- # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
- # payload crafting functionality.
5
- #
6
- # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
- #
8
- # This program is free software; you can redistribute it and/or modify
9
- # it under the terms of the GNU General Public License as published by
10
- # the Free Software Foundation; either version 2 of the License, or
11
- # (at your option) any later version.
12
- #
13
- # This program is distributed in the hope that it will be useful,
14
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
- # GNU General Public License for more details.
17
- #
18
- # You should have received a copy of the GNU General Public License
19
- # along with this program; if not, write to the Free Software
20
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
- #++
22
- #
23
-
24
- require 'ronin/exploits/exceptions/exploit_not_built'
25
- require 'ronin/exploits/exceptions/restricted_char'
26
- require 'ronin/exploits/exploit_target'
27
- require 'ronin/exploits/exploit'
28
- require 'ronin/chars/char_set'
29
- require 'ronin/formatting/binary'
30
-
31
- module Ronin
32
- module Exploits
33
- class BinaryExploit < Exploit
34
-
35
- objectify :ronin_binary_exploit
36
-
37
- # Targets of the exploit
38
- has n, :targets, :class_name => 'ExploitTarget'
39
-
40
- # Target index to use
41
- parameter :target_index,
42
- :default => 0,
43
- :description => 'default target index'
44
-
45
- # Custom target to use
46
- parameter :custom_target, :description => 'custom target'
47
-
48
- # String to pad extra space with
49
- parameter :pad,
50
- :default => 'A',
51
- :description => 'padding string'
52
-
53
- # Restricted characters that may not occurr in the built exploit
54
- attr_accessor :restricted
55
-
56
- # The built exploit
57
- attr_accessor :exploit
58
-
59
- #
60
- # Creates a new BinaryExploit object with the given _attributes_.
61
- #
62
- def initialize(attributes={})
63
- super(attributes)
64
-
65
- @restricted = Chars::CharSet.new(attributes[:restricted] || [])
66
- end
67
-
68
- #
69
- # Adds an ExploitTarget with the given _attributes_. If a _block_ is
70
- # given, it will be passed to the newly created ExploitTarget
71
- # object.
72
- #
73
- def target(attributes={},&block)
74
- self.targets << ExploitTarget.new(
75
- attributes.merge(:exploit => self),
76
- &block
77
- )
78
- end
79
-
80
- #
81
- # Returns the selected target.
82
- #
83
- def selected_target
84
- (@custom_target || @targets[@target_index])
85
- end
86
-
87
- #
88
- # Creates a padded buffer of the specified _length_ using the
89
- # specified _padding_ data.
90
- #
91
- def pad_buffer(padding,length)
92
- padding = padding.to_s
93
-
94
- buffer = (padding * (length / padding.length))
95
- pad_remaining = (length % padding.length)
96
-
97
- unless pad_remaining==0
98
- buffer += padding[0,pad_remaining]
99
- end
100
-
101
- return buffer
102
- end
103
-
104
- #
105
- # Adds the given _chars_ to the restricted list of characters.
106
- #
107
- # restrict 0x00, "\n"
108
- # # => #<Ronin::Chars::CharSet: {"\0", "\n"}>
109
- #
110
- def restrict(*chars)
111
- @restricted += pattern
112
- end
113
-
114
- def build
115
- @exploit = ''
116
- return super
117
- end
118
-
119
- #
120
- # Verifies that the exploit is built and does not contain any
121
- # restricted characters.
122
- #
123
- def verify
124
- unless @exploit
125
- raise(ExploitNotBuilt,"cannot verify an unbuilt exploit",caller)
126
- end
127
-
128
- @restricted.each do |char|
129
- if @exploit.include?(char)
130
- raise(RestrictedChar,"Restricted character '#{char}' was found in the built exploit",caller)
131
- end
132
- end
133
-
134
- return super
135
- end
136
-
137
- end
138
- end
139
- end
@@ -1,80 +0,0 @@
1
- #
2
- #--
3
- # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
- # payload crafting functionality.
5
- #
6
- # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
- #
8
- # This program is free software; you can redistribute it and/or modify
9
- # it under the terms of the GNU General Public License as published by
10
- # the Free Software Foundation; either version 2 of the License, or
11
- # (at your option) any later version.
12
- #
13
- # This program is distributed in the hope that it will be useful,
14
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
- # GNU General Public License for more details.
17
- #
18
- # You should have received a copy of the GNU General Public License
19
- # along with this program; if not, write to the Free Software
20
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
- #++
22
- #
23
-
24
- require 'ronin/exploits/exceptions/payload_size'
25
- require 'ronin/exploits/buffer_overflow_target'
26
- require 'ronin/exploits/binary_exploit'
27
-
28
- module Ronin
29
- module Exploits
30
- class BufferOverflow < BinaryExploit
31
-
32
- objectify :ronin_buffer_overflow
33
-
34
- # Targets of the buffer overflow
35
- has n, :targets, :class_name => 'BufferOverflowTarget'
36
-
37
- #
38
- # Adds a new BufferOverflowTarget with the given _attributes_. If a
39
- # _block_ is given, it will be passed the BufferOverflowTarget object.
40
- #
41
- def target(attributes={},&block)
42
- self.targets << BufferOverflowTarget.new(
43
- attributes.merge(:exploit => self),
44
- &block
45
- )
46
- end
47
-
48
- #
49
- # Builds the exploit buffer with the given _options_.
50
- #
51
- def build_buffer(options={})
52
- target = (options[:target] || selected_target)
53
- payload = (options[:payload] || @payload).to_s
54
-
55
- unless payload.length<=target.buffer_length
56
- raise(PayloadSize,"the specified payload is too large for the target's buffer length",caller)
57
- end
58
-
59
- buffer = pad_buffer(@pad,(target.buffer_length-payload.length))+payload
60
-
61
- ip_packed = target.ip.pack(target.arch)
62
- unless target.bp==0
63
- buffer += (target.bp.pack(target.arch)+ip_packed)*target.return_length
64
- else
65
- buffer += ip_packed*(target.return_length*2)
66
- end
67
-
68
- return buffer
69
- end
70
-
71
- #
72
- # Default builder method which simply calls build_buffer.
73
- #
74
- def builder
75
- @exploit = build_buffer
76
- end
77
-
78
- end
79
- end
80
- end