ronin-exploits 0.1.1 → 0.2.0

data/lib/ronin/exploits/exploitable.rb

@@ -1,77 +0,0 @@
-#
-#--
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/extensions/meta'
-
-module Ronin
-  module Exploits
-    module Exploitable
-      def self.included(base)
-        base.metaclass_eval do
-          #
-          # Returns the Hash of the exploit names and the +Proc+
-          # objects used to generate various Exploit objects.
-          #
-          def exploit_generators
-            @ronin_exploit_generators ||= {}
-          end
-
-          def each_exploit_generator(&block)
-            self.class.ancestors.each do |super_class|
-              if super_class.include?(Ronin::Exploits::Exploitable)
-                super_class.exploit_generators.each(&block)
-              end
-            end
-          end
-
-          #
-          # Registers a new exploit generator with the specified _name_
-          # and the specified _block_ which will return an Array of
-          # exploits.
-          # 
-          #   has_exploits :lfi do |url|
-          #     ...
-          #   end
-          #
-          def has_exploits(name,&block)
-            self.exploit_generators[name.to_sym] = block
-
-            return self
-          end
-        end
-      end
-
-      def exploits
-        viable_exploits = []
-
-        self.class.each_exploit_generator do |name,block|
-          viable_exploits += block.call(self).select do |exp|
-            exp.vulnerable?
-          end
-        end
-
-        return viable_exploits
-      end
-    end
-  end
-end

data/lib/ronin/exploits/format_string.rb

@@ -1,88 +0,0 @@
-#
-#--
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/exploits/format_string_target'
-require 'ronin/exploits/binary_exploit'
-
-module Ronin
-  module Exploits
-    class FormatString < BinaryExploit
-
-      objectify :ronin_format_string
-
-      # Targets of the format string
-      has n, :targets, :class_name => 'FormatStringTarget'
-
-      #
-      # Adds a new FormatStringTarget with the given _attributes_. If a
-      # _block_ is given, it will be passed the new FormatStringTarget
-      # object.
-      #
-      def target(attributes={},&block)
-        self.targets << FormatStringTarget.new(
-          attributes.merge(:exploit => self),
-          &block
-        )
-      end
-
-      #
-      # Builds the format string with the given _options_.
-      #
-      def build_format_string(options={})
-        target = (options[:target] || selected_target)
-        payload = (options[:payload] || @payload).to_s
-
-        buffer = target.overwrite.pack(target.platform.arch)+(target.overwrite+(target.platform.arch.address_length/2)).pack(target.platform.arch)
-
-        low_mask = 0xff
-        (target.platform.arch.address_length/2).times do
-          low_mask <<= 8
-          low_mask |= 0xff
-        end
-
-        high_mask = low_mask << (target.platform.arch.address_length*4)
-        high = (target.address & high_mask) >> (target.platform.arch.address_length/2)
-        low = target.address & low_mask
-
-        if low<high
-          low -= (target.platform.arch.address_length*2)
-          buffer += format("%%.%ud%%%lu$hn%%.%ud%%%lu$hn",low,target.pop_length,high-low,target.pop_length+1)
-        else
-          high -= (target.platform.arch.address_length*2)
-          buffer += format("%%.%ud%%%lu$hn%%.%ud%%%lu$hn",high,target.pop_length+1,low-high,target.pop_length)
-        end
-        buffer += payload
-
-        return buffer
-      end
-
-      #
-      # The default builder method, simply calls build_format_string.
-      #
-      def builder
-        @exploit = build_format_string
-      end
-
-    end
-  end
-end

data/lib/ronin/models.rb

@@ -1,38 +0,0 @@
-#
-#--
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/vuln/behavior'
-require 'ronin/exploits/requirement'
-require 'ronin/exploits/impact'
-require 'ronin/exploits/exploit_author'
-require 'ronin/exploits/exploit_target'
-require 'ronin/exploits/exploit'
-require 'ronin/exploits/binary_exploit'
-require 'ronin/exploits/buffer_overflow_target'
-require 'ronin/exploits/buffer_overflow'
-require 'ronin/exploits/format_string_target'
-require 'ronin/exploits/format_string'
-require 'ronin/payloads/ability'
-require 'ronin/payloads/payload_author'
-require 'ronin/payloads/payload'
-require 'ronin/payloads/binary_payload'

data/lib/ronin/translators/xor.rb

@@ -1,96 +0,0 @@
-#
-#--
-# Ronin - A Ruby platform designed for information security and data
-# exploration tasks.
-#
-# Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/translators/translator'
-require 'ronin/chars'
-
-module Ronin
-  module Translators
-    class XOR < Translator
-
-      # Set of characters to allow in the encoded data
-      attr_accessor :allow
-
-      #
-      # Creates a new XOR Translator object using the given _options_.
-      # If a _block_ is given it will be passed the newly created
-      # Translator object.
-      #
-      # _options_ may include the following keys:
-      # <tt>:allow</tt>:: The set of characters allowed in the encoded
-      #                   result. Defaults to <tt>(1..255)</tt>.
-      # <tt>:disallow</tt>:: The set of characters that are not allowed
-      #                      in the encoded result.
-      #
-      def initialize(options={},&block)
-        @allow = Chars::CharSet.new(options[:allow] || (1..255))
-
-        if options[:disallow]
-          @allow -= options[:disallow]
-        end
-
-        super(&block)
-      end
-
-      #
-      # XOR encodes the specified _data_ prefixing the XOR key to the
-      # encoded data. If a _block_ is given, it will be passed the encoded
-      # data.
-      #
-      def encode(data,&block)
-        alphabet = Chars.all.select { |b| data.include?(b.chr) }
-        excluded = (Chars.all - alphabet)
-
-        key = excluded.select { |b|
-          @allow.include?(b) && alphabet.all? { |i|
-            @allow.include?(i ^ b)
-          }
-        }.last
-
-        text = ''
-
-        text << key.chr
-        data.each_byte { |b| text << (b ^ key).chr }
-
-        block.call(text) if block
-        return text
-      end
-
-      #
-      # XOR decodes the specified _text_. If a _block_ is given, it will be
-      # passed the decoded data.
-      #
-      def decode(text,&block)
-        data = ''
-        key = text[0]
-        
-        text[1..-1].each_byte do |b|
-          data << (b ^ key).chr
-        end
-
-        return data
-      end
-
-    end
-  end
-end

data/spec/exploits/exploitable_spec.rb

@@ -1,21 +0,0 @@
-require 'ronin/exploits/exploitable'
-
-require 'spec_helper'
-
-describe Exploits::Exploitable do
-  before(:all) do
-    class Vulnerable
-
-      include Exploits::Exploitable
-
-      has_exploits :test do |obj|
-        [Exploits::Exploit.new(:name => :first_generated)]
-      end
-
-      has_exploits :test_two do |obj|
-        [Exploits::BinaryExploit.new(:name => :second_generated)]
-      end
-
-    end
-  end
-end

data/spec/translators/xor_spec.rb

@@ -1,26 +0,0 @@
-require 'ronin/translators/xor'
-
-require 'spec_helper'
-
-describe Ronin do
-  describe Translators::XOR do
-    before(:all) do
-      @data = "\x00\x01\x90ABC123[]{}'"
-    end
-
-    it "should encode-out unwanted characters" do
-      disallow = [0x00, 0x01, 0x90]
-      xor = Translators::XOR.new(:disallow => disallow)
-
-      xor.encode(@data).each_byte do |b|
-        disallow.include?(b).should_not == true
-      end
-    end
-
-    it "should decode XOR encoded data" do
-      xor = Translators::XOR.new
-
-      xor.decode(xor.encode(@data)).should == @data
-    end
-  end
-end