ronin-exploits 0.1.1 → 0.2.0

data/lib/ronin/exploits/remote.rb

@@ -0,0 +1,34 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/exploits/exploit'
+
+module Ronin
+  module Exploits
+    class Remote < Exploit
+
+      contextify :ronin_remote_exploit
+
+    end
+  end
+end

data/lib/ronin/exploits/remote_tcp.rb

@@ -0,0 +1,70 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/exploits/remote'
+require 'ronin/sessions/tcp'
+
+module Ronin
+  module Exploits
+    class RemoteTCP < Remote
+
+      include Sessions::TCP
+
+      contextify :ronin_remote_tcp_exploit
+
+      # Default port to connect to
+      property :default_port, Integer
+
+      # remote host to connect to
+      parameter :host, :description => 'TCP remote host'
+
+      # remote port to connect to
+      parameter :port, :description => 'TCP remote port'
+
+      # local host to bind to
+      parameter :local_host, :description => 'TCP local host'
+
+      # local port to bind to
+      parameter :local_port, :description => 'TCP local port'
+
+      #
+      # Verifies the TCP remote exploit is ready to be deployed.
+      #
+      def verify!
+        require_params :host, :port
+
+        return super
+      end
+
+      #
+      # Verifies and deploys the TCP remote exploit.
+      #
+      def deploy!(&block)
+        @port ||= self.default_port
+
+        super(&block)
+      end
+
+    end
+  end
+end

data/lib/ronin/exploits/remote_udp.rb

@@ -0,0 +1,70 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/exploits/remote'
+require 'ronin/sessions/udp'
+
+module Ronin
+  module Exploits
+    class RemoteUDP < Remote
+
+      include Sessions::UDP
+
+      contextify :ronin_remote_udp_exploit
+
+      # Default port to connect to
+      property :default_port, Integer
+
+      # remote host to connect to
+      parameter :host, :description => 'UDP remote host'
+
+      # remote port to connect to
+      parameter :port, :description => 'UDP remote port'
+
+      # local host to bind to
+      parameter :local_host, :description => 'UDP local host'
+
+      # local port to bind to
+      parameter :local_port, :description => 'UDP local port'
+
+      #
+      # Verifies the UDP remote exploit is ready to be deployed.
+      #
+      def verify!
+        require_params :host, :port
+
+        return super
+      end
+
+      #
+      # Verifies and deploys the UDP remote exploit.
+      #
+      def deploy!(&block)
+        @port ||= self.default_port
+
+        super(&block)
+      end
+
+    end
+  end
+end

data/lib/ronin/exploits/target.rb

@@ -0,0 +1,134 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/exploits/exceptions/target_data_missing'
+require 'ronin/model/targets_arch'
+require 'ronin/model/targets_os'
+require 'ronin/model'
+require 'ronin/targeted_product'
+
+require 'dm-types/yaml'
+
+module Ronin
+  module Exploits
+    class Target
+
+      include Model
+      include Model::TargetsArch
+      include Model::TargetsOS
+
+      # Primary key
+      property :id, Serial
+
+      # Target comments
+      property :description, String
+
+      # Targeted product
+      belongs_to :product,
+                 :child_key => [:product_id],
+                 :class_name => 'Ronin::TargetedProduct'
+
+      # The exploit the target belongs to
+      belongs_to :exploit
+
+      # The extra target data to use for the exploit
+      property :data, Yaml, :default => {}
+
+      #
+      # Creates a new ExploitTarget object with the given _attributes_
+      # and the given _block_.
+      #
+      def initialize(attributes={},&block)
+        super(attributes)
+
+        block.call(self) if block
+      end
+
+      #
+      # Returns the TargetedProduct if no _arguments_ are given. If
+      # _arguments_ are given, a new TargetedProduct object will be created
+      # from the given _arguments_ and associated with the target.
+      #
+      #   target.product
+      #   # => nil
+      #
+      #   target.product(:name => 'Apache', :version => '1.3.3.7')
+      #   # => #<Ronin::TargetedProduct type=Ronin::TargetedProduct
+      #   # id=nil name="Apache" version="1.3.3.7" vendor="Apache">
+      #
+      def product(*arguments)
+        unless arguments.empty?
+          return self.product = TargetedProduct.first_or_create(*arguments)
+        else
+          return product_association
+        end
+      end
+
+      #
+      # Returns +true+ if the target contains data with the specified
+      # _name_, returns +false+ otherwise.
+      #
+      def has?(name)
+        self.data.has_key?(name.to_sym)
+      end
+
+      #
+      # Returns the target data with the specified _name_.
+      #
+      def [](name)
+        self.data[name.to_sym]
+      end
+
+      #
+      # Sets the target data with the specified _name_ and _value_.
+      #
+      def []=(name,value)
+        self.data[name.to_sym] = value
+      end
+
+      protected
+
+      #
+      # Provides transparent access to the target data Hash.
+      #
+      def method_missing(name,*arguments,&block)
+        unless block
+          name = name.to_s
+
+          if (name[-1..-1] == '=' && arguments.length == 1)
+            return self[name.chop] = arguments.first
+          elsif arguments.length == 0
+            unless has?(name)
+              raise(TargetDataMissing,"the target is missing data for #{name.dump}",caller)
+            end
+
+            return self[name]
+          end
+        end
+
+        super(name,*arguments,&block)
+      end
+
+    end
+  end
+end

data/lib/ronin/exploits/targets.rb

@@ -0,0 +1,29 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/exploits/targets/buffer_overflow'
+require 'ronin/exploits/targets/format_string'
+
+require 'reverse_require'
+
+require_for 'ronin-exploits', 'ronin/exploits/targets'

data/lib/ronin/exploits/{buffer_overflow_target.rb → targets/buffer_overflow.rb}

@@ -21,26 +21,28 @@
 #++
 #
 
-require 'ronin/exploits/exploit_target'
+require 'ronin/exploits/target'
 
 module Ronin
   module Exploits
-    class BufferOverflowTarget < ExploitTarget
+    module Targets
+      class BufferOverflow < Target
 
-      # Buffer length
-      property :buffer_length, Integer, :default => 0
+        # Buffer Length
+        property :buffer_length, Integer, :default => 0
 
-      # Return length
-      property :return_length, Integer, :default => 1
+        # Stack Base Pointer
+        property :bp, Integer
 
-      # Instruction Pointer
-      property :ip, Integer, :default => 0x0
+        # Instruction Pointer
+        property :ip, Integer
 
-      # Stack base pointer
-      property :bp, Integer
+        # Repeat stack frames n times
+        property :frame_repeat, Integer, :default => 1
 
-      belongs_to :buffer_overflow
+        validates_present :ip
 
+      end
     end
   end
 end

data/lib/ronin/exploits/{exploit_target.rb → targets/format_string.rb}

@@ -21,28 +21,25 @@
 #++
 #
 
-require 'ronin/target'
-require 'ronin/product'
+require 'ronin/exploits/target'
 
 module Ronin
   module Exploits
-    class ExploitTarget < Target
+    module Targets
+      class FormatString < Target
 
-      # Target comments
-      property :description, String
+        # Overwrite
+        property :overwrite, Integer
 
-      # Targeted architecture
-      belongs_to :arch
+        # Address
+        property :address, Integer
 
-      # Targeted platform
-      belongs_to :platform
+        # Length in bytes to pop
+        property :pop_length, Integer
 
-      # Targeted product
-      belongs_to :product
-
-      # The exploit the target belongs to
-      belongs_to :exploit, :class_name => 'BinaryExploit'
+        validates_present :arch_id, :overwrite, :address, :pop_length
 
+      end
     end
   end
 end

data/lib/ronin/exploits/version.rb

@@ -24,6 +24,6 @@
 module Ronin
   module Exploits
     # Ronin Exploits version
-    VERSION = '0.1.1'
+    VERSION = '0.2.0'
   end
 end

data/lib/ronin/exploits/{web_exploit.rb → web.rb}

@@ -21,7 +21,7 @@
 #++
 #
 
-require 'ronin/exploits/exploit'
+require 'ronin/exploits/remote'
 require 'ronin/sessions/http'
 require 'ronin/extensions/uri/http'
 
@@ -29,11 +29,11 @@ require 'uri'
 
 module Ronin
   module Exploits
-    class WebExploit < Exploit
+    class Web < Remote
 
       include Sessions::HTTP
 
-      objectify :ronin_web_exploit
+      contextify :ronin_web_exploit
 
       # The targeted URL path
       property :url_path, String