ronin-exploits 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (89) hide show
  1. data/History.txt +80 -2
  2. data/Manifest.txt +63 -16
  3. data/README.txt +89 -2
  4. data/Rakefile +1 -1
  5. data/TODO.txt +1 -1
  6. data/bin/ronin-exploits +12 -0
  7. data/bin/ronin-payload +12 -0
  8. data/bin/ronin-payloads +12 -0
  9. data/lib/ronin/exploits.rb +13 -10
  10. data/lib/ronin/exploits/{impact.rb → allow.rb} +9 -4
  11. data/lib/ronin/exploits/exceptions.rb +3 -0
  12. data/lib/ronin/exploits/exceptions/target_data_missing.rb +29 -0
  13. data/lib/ronin/exploits/exceptions/target_unspecified.rb +29 -0
  14. data/lib/ronin/exploits/exceptions/unknown_helper.rb +29 -0
  15. data/lib/ronin/exploits/exploit.rb +330 -77
  16. data/lib/ronin/exploits/{format_string_target.rb → ftp.rb} +5 -11
  17. data/lib/ronin/exploits/helpers.rb +27 -0
  18. data/lib/ronin/exploits/helpers/binary.rb +44 -0
  19. data/lib/ronin/exploits/helpers/buffer_overflow.rb +102 -0
  20. data/lib/ronin/exploits/helpers/format_string.rb +107 -0
  21. data/lib/ronin/exploits/helpers/padding.rb +84 -0
  22. data/lib/ronin/exploits/http.rb +37 -0
  23. data/lib/ronin/exploits/{requirement.rb → local.rb} +2 -14
  24. data/lib/ronin/exploits/remote.rb +34 -0
  25. data/lib/ronin/exploits/remote_tcp.rb +70 -0
  26. data/lib/ronin/exploits/remote_udp.rb +70 -0
  27. data/lib/ronin/exploits/target.rb +134 -0
  28. data/lib/ronin/exploits/targets.rb +29 -0
  29. data/lib/ronin/exploits/{buffer_overflow_target.rb → targets/buffer_overflow.rb} +13 -11
  30. data/lib/ronin/exploits/{exploit_target.rb → targets/format_string.rb} +11 -14
  31. data/lib/ronin/exploits/version.rb +1 -1
  32. data/lib/ronin/exploits/{web_exploit.rb → web.rb} +3 -3
  33. data/lib/ronin/model/targets_arch.rb +59 -0
  34. data/lib/ronin/model/targets_os.rb +59 -0
  35. data/lib/ronin/payloads.rb +7 -3
  36. data/lib/ronin/payloads/binary_payload.rb +3 -7
  37. data/lib/ronin/payloads/{ability.rb → control.rb} +7 -2
  38. data/lib/ronin/payloads/encoder.rb +78 -0
  39. data/lib/ronin/payloads/encoders.rb +33 -0
  40. data/lib/ronin/payloads/encoders/xor.rb +81 -0
  41. data/lib/ronin/payloads/exceptions.rb +24 -0
  42. data/lib/ronin/payloads/exceptions/unknown_helper.rb +29 -0
  43. data/lib/ronin/payloads/helpers.rb +26 -0
  44. data/lib/ronin/payloads/helpers/exceptions.rb +24 -0
  45. data/lib/ronin/payloads/helpers/exceptions/program_not_found.rb +31 -0
  46. data/lib/ronin/payloads/helpers/exceptions/unimplemented.rb +31 -0
  47. data/lib/ronin/payloads/helpers/file_system.rb +187 -0
  48. data/lib/ronin/payloads/helpers/rpc.rb +83 -0
  49. data/lib/ronin/payloads/helpers/shell.rb +91 -0
  50. data/lib/ronin/payloads/nops.rb +32 -0
  51. data/lib/ronin/payloads/payload.rb +90 -53
  52. data/lib/ronin/payloads/shellcode.rb +1 -1
  53. data/lib/ronin/payloads/web_payload.rb +2 -1
  54. data/lib/ronin/targeted_arch.rb +38 -0
  55. data/lib/ronin/targeted_os.rb +38 -0
  56. data/lib/ronin/targeted_product.rb +34 -0
  57. data/lib/ronin/ui/command_line/commands/exploits.rb +77 -0
  58. data/lib/ronin/ui/command_line/commands/payload.rb +106 -0
  59. data/lib/ronin/ui/command_line/commands/payloads.rb +73 -0
  60. data/spec/exploits/binary_exploit_spec.rb +44 -0
  61. data/spec/exploits/buffer_overflow_exploit_spec.rb +70 -0
  62. data/spec/exploits/exploit_spec.rb +122 -25
  63. data/spec/exploits/format_string_exploit_spec.rb +32 -0
  64. data/spec/exploits/ftp_spec.rb +17 -0
  65. data/spec/exploits/http_spec.rb +17 -0
  66. data/spec/exploits/padding_exploit_spec.rb +44 -0
  67. data/spec/exploits/remote_tcp_spec.rb +24 -0
  68. data/spec/exploits/remote_udp_spec.rb +24 -0
  69. data/spec/exploits/target_spec.rb +91 -0
  70. data/spec/exploits/targets/buffer_overflow_spec.rb +18 -0
  71. data/spec/exploits/{web_exploit_spec.rb → web_spec.rb} +5 -5
  72. data/spec/helpers/database.rb +5 -0
  73. data/spec/helpers/objects.rb +22 -0
  74. data/spec/objects/exploits/test.rb +28 -0
  75. data/spec/objects/payloads/example.rb +19 -0
  76. data/spec/objects/payloads/test.rb +11 -0
  77. data/spec/payloads/encoder_spec.rb +26 -0
  78. data/spec/payloads/encoders/xor_spec.rb +20 -0
  79. data/spec/payloads/payload_spec.rb +48 -13
  80. data/spec/spec_helper.rb +3 -5
  81. metadata +71 -22
  82. data/lib/ronin/exploits/binary_exploit.rb +0 -139
  83. data/lib/ronin/exploits/buffer_overflow.rb +0 -80
  84. data/lib/ronin/exploits/exploitable.rb +0 -77
  85. data/lib/ronin/exploits/format_string.rb +0 -88
  86. data/lib/ronin/models.rb +0 -38
  87. data/lib/ronin/translators/xor.rb +0 -96
  88. data/spec/exploits/exploitable_spec.rb +0 -21
  89. data/spec/translators/xor_spec.rb +0 -26
@@ -0,0 +1,24 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/payloads/exceptions/unimplemented'
@@ -0,0 +1,31 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ module Ronin
25
+ module Payloads
26
+ module Helpers
27
+ class ProgramNotFound < RuntimeError
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,31 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ module Ronin
25
+ module Payloads
26
+ module Helpers
27
+ class Unimplemented < RuntimeError
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,187 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/payloads/helpers/exceptions/unimplemented'
25
+
26
+ module Ronin
27
+ module Payloads
28
+ module Helpers
29
+ module FileSystem
30
+ #
31
+ # Returns +true+ if the specified _path_ exists, returns +false+
32
+ # otherwise.
33
+ #
34
+ def exists?(path)
35
+ raise(Unimplemented,"the exists? method has not been implemented",caller)
36
+ end
37
+
38
+ #
39
+ # Returns +true+ if the specified _path_ is a file, returns +false+
40
+ # otherwise.
41
+ #
42
+ def file?(path)
43
+ raise(Unimplemented,"the file? method has not been implemented",caller)
44
+ end
45
+
46
+ #
47
+ # Returns +true+ if the specified _path_ is a directory, returns
48
+ # +false+ otherwise.
49
+ #
50
+ def dir?(path)
51
+ raise(Unimplemented,"the dir? method has not been implemented",caller)
52
+ end
53
+
54
+ #
55
+ # Returns the contents of the directory at the specified _path_.
56
+ #
57
+ def dir(path)
58
+ raise(Unimplemented,"the dir method has not been implemented",caller)
59
+ end
60
+
61
+ #
62
+ # Returns all the paths matching the specified globbed _pattern_.
63
+ #
64
+ def glob(pattern)
65
+ raise(Unimplemented,"the glob method has not been implemented",caller)
66
+ end
67
+
68
+ #
69
+ # Returns the current working directory.
70
+ #
71
+ def cwd
72
+ @cwd ||= ''
73
+ end
74
+
75
+ #
76
+ # Changes the current working directory to the specified _path_.
77
+ #
78
+ def chdir(path)
79
+ @cwd = path
80
+ end
81
+
82
+ #
83
+ # Goes up one directory.
84
+ #
85
+ def updir!
86
+ chdir(join_paths(cwd,'..'))
87
+ end
88
+
89
+ #
90
+ # Returns the contents of the file at the specified _path_.
91
+ #
92
+ def read_file(path)
93
+ raise(Unimplemented,"the read_file method has not been implemented",caller)
94
+ end
95
+
96
+ #
97
+ # Writes the specified _contents_ to the file at the specified
98
+ # _path_.
99
+ #
100
+ def write_file(path,contents)
101
+ raise(Unimplemented,"the write_file method has not been implemented",caller)
102
+ end
103
+
104
+ #
105
+ # Appends the specified _contents_ to the file at the specified
106
+ # _path_.
107
+ #
108
+ def append_file(path,contents)
109
+ raise(Unimplemented,"the append_file method has not been implemented",caller)
110
+ end
111
+
112
+ #
113
+ # Touches the file at the specified _path_.
114
+ #
115
+ def touch(path)
116
+ write_file(path,'')
117
+ end
118
+
119
+ #
120
+ # Removes the file at the specified _path_.
121
+ #
122
+ def rm(path)
123
+ raise(Unimplemented,"the rm method has not been implemented",caller)
124
+ end
125
+
126
+ #
127
+ # Removes the directory at the specified _path_.
128
+ #
129
+ def rmdir(path)
130
+ raise(Unimplemented,"the rmdir method has not been implemented",caller)
131
+ end
132
+
133
+ #
134
+ # Recursively removes the file or directory at the specified _path_.
135
+ #
136
+ def rm_r(path)
137
+ raise(Unimplemented,"the rm_r method has not been implemented",caller)
138
+ end
139
+
140
+ protected
141
+
142
+ #
143
+ # Returns the File name separator to use.
144
+ #
145
+ def path_separator
146
+ File::SEPARATOR
147
+ end
148
+
149
+ #
150
+ # Joins the given _paths_ with the path_separator.
151
+ #
152
+ def join_paths(*paths)
153
+ paths.join(path_separator)
154
+ end
155
+
156
+ #
157
+ # Expands the specified _path_ to it's absolute form.
158
+ #
159
+ def expand_path(path)
160
+ File.expand_path(path)
161
+ end
162
+
163
+ #
164
+ # Converts the specified _sub_path_ to an absolute path, only if it
165
+ # is a realitive path.
166
+ #
167
+ def absolute_path(sub_path)
168
+ if sub_path[0..0] == path_separator
169
+ return sub_path
170
+ else
171
+ return expand_path(join_paths(cwd,sub_path))
172
+ end
173
+ end
174
+
175
+ #
176
+ # Raises an <tt>Errno::ENOENT</tt> exception if the specified
177
+ # _path_ cannot be found.
178
+ #
179
+ def file_not_found!(path)
180
+ path = path.to_s
181
+
182
+ raise(Errno::ENOENT,"No such file or directory - #{path.dump}",caller)
183
+ end
184
+ end
185
+ end
186
+ end
187
+ end
@@ -0,0 +1,83 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/payloads/helpers/exceptions/unimplemented'
25
+
26
+ module Ronin
27
+ module Payloads
28
+ module Helpers
29
+ module RPC
30
+ def self.included(base)
31
+ base.module_eval do
32
+ #
33
+ # Exposes the method with the specified _name_.
34
+ #
35
+ def self.expose_method(name)
36
+ define_method(name) do |*arguments|
37
+ call(name,*arguments)
38
+ end
39
+ end
40
+ end
41
+ end
42
+
43
+ #
44
+ # Calls the specified _method_ with the given _arguments_.
45
+ # Returns the return-value of the method-call.
46
+ #
47
+ def call(method,*arguments)
48
+ raise(Unimplemented,"the call method is unimplemented",caller)
49
+ end
50
+
51
+ #
52
+ # Evaluates the specified _code_.
53
+ #
54
+ def eval(code)
55
+ call(:eval,code)
56
+ end
57
+
58
+ #
59
+ # Exits with the given _status_.
60
+ #
61
+ def exit(status=0)
62
+ call(:exit,status)
63
+ end
64
+
65
+ protected
66
+
67
+ #
68
+ # Provides transparent access to remote methods using the
69
+ # specified _name_ and given _arguments_.
70
+ #
71
+ def method_missing(name,*arguments,&block)
72
+ name = name.to_s
73
+
74
+ if (name[-1..-1] != '=' && block.nil?)
75
+ return call(name,*arguments)
76
+ end
77
+
78
+ return super(name,*arguments,&block)
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
@@ -0,0 +1,91 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/payloads/helpers/exceptions/unimplemented'
25
+ require 'ronin/payloads/helpers/exceptions/program_not_found'
26
+
27
+ module Ronin
28
+ module Payloads
29
+ module Helpers
30
+ module Shell
31
+ #
32
+ # Returns the +Hash+ of environment variables to use for the
33
+ # shell.
34
+ #
35
+ def env
36
+ @env ||= {}
37
+ end
38
+
39
+ #
40
+ # Executes the specified _command_ with the given _arguments_.
41
+ #
42
+ def exec(command,*arguments)
43
+ raise(Unimplemented,"the exec method has not been implemented",caller)
44
+ end
45
+
46
+ #
47
+ # Executes the specified _command_ with the given _arguments_,
48
+ # and prints the output of the command.
49
+ #
50
+ def sh(command,*args)
51
+ puts exec(command,*args)
52
+ end
53
+
54
+ #
55
+ # Changes the current working directory of the shell to the
56
+ # specified _path_.
57
+ #
58
+ def cd(path)
59
+ exec('cd',path)
60
+ return path
61
+ end
62
+
63
+ #
64
+ # Returns the current working directory of the shell.
65
+ #
66
+ def pwd
67
+ exec('pwd').chomp
68
+ end
69
+
70
+ #
71
+ # Returns the listed files or directories using the given _arguments_.
72
+ #
73
+ def ls(*arguments)
74
+ exec('dir',*arguments).split(/\n\r?/)
75
+ end
76
+
77
+ protected
78
+
79
+ #
80
+ # Raises a ProgramNotFound exception if the program with the
81
+ # specified _name_ was not found.
82
+ #
83
+ def program_not_found!(name)
84
+ name = name.to_s
85
+
86
+ raise(ProgramNotFound,"the program #{name.dump} was not found",caller)
87
+ end
88
+ end
89
+ end
90
+ end
91
+ end