ronin-exploits 0.1.1 → 0.2.0

data/lib/ronin/payloads/nops.rb

@@ -0,0 +1,32 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+module Ronin
+  module Payloads
+    class Nops < BinaryPayload
+
+      contextify :ronin_nops
+
+    end
+  end
+end

data/lib/ronin/payloads/payload.rb

@@ -21,19 +21,27 @@
 #++
 #
 
-require 'ronin/payloads/ability'
+require 'ronin/payloads/exceptions/unknown_helper'
 require 'ronin/payloads/payload_author'
-require 'ronin/objectify'
+require 'ronin/payloads/control'
+require 'ronin/model/targets_arch'
+require 'ronin/model/targets_os'
+require 'ronin/cacheable'
 require 'ronin/has_license'
 
+require 'parameters'
+
 module Ronin
   module Payloads
     class Payload
 
-      include Objectify
+      include Parameters
+      include Cacheable
+      include Model::TargetsArch
+      include Model::TargetsOS
       include HasLicense
 
-      objectify :ronin_payload
+      contextify :ronin_payload
 
       # Primary key of the payload
       property :id, Serial
@@ -48,18 +56,15 @@ module Ronin
       property :description, Text
 
       # Author(s) of the payload
-      has n, :authors, :class_name => 'PayloadAuthor'
+      has n, :authors, :class_name => 'Ronin::Payloads::PayloadAuthor'
 
-      # Abilities the payload provides
-      has n, :abilities
+      # Controls the payload provides
+      has n, :controls
 
       # Validations
       validates_present :name
       validates_is_unique :version, :scope => [:name]
 
-      # Encoders to apply to the payload
-      attr_reader :encoders
-
       # The built and encoded payload
       attr_accessor :payload
 
@@ -71,7 +76,6 @@ module Ronin
       def initialize(attributes={},&block)
         super(attributes)
 
-        @encoders = []
         @built = false
 
         instance_eval(&block) if block
@@ -99,40 +103,34 @@ module Ronin
         self.first(:order => [:version.desc])
       end
 
-      #
-      # Adds a new Ability to the payload that provides the specified
-      # _behavior_.
-      #
-      def provides(behavior)
-        self.abilities << Ability.new(
-          :behavior => behavior,
-          :payload => self
-        )
-      end
-
       #
       # Adds a new PayloadAuthor with the given _attributes_. If a _block_
       # is given, it will be passed to the newly created PayloadAuthor
       # object.
       #
+      #   author :name => 'Anonymous',
+      #          :email => 'anon@example.com',
+      #          :organization => 'Anonymous LLC'
+      #
       def author(attributes={},&block)
-        authors << PayloadAuthor.new(
-          attributes.merge(:payload => self),
-          &block
-        )
+        self.authors << PayloadAuthor.new(attributes,&block)
       end
 
       #
-      # Add the specified _encoder_object_ to the encoders.
+      # Adds a new Control to the payload that provides the specified
+      # _behavior_.
+      #
+      #   controlling :code_exec
       #
-      def encoder(encoder_object)
-        @encoders << encoder_object
+      def controlling(behavior)
+        self.controls << Control.new(:behavior => Vuln::Behavior[behavior])
       end
 
       #
-      # Default builder method.
+      # Returns the behaviors controlled by the payload.
       #
-      def builder
+      def behaviors
+        self.controls.map { |control| control.behavior }
       end
 
       #
@@ -147,58 +145,97 @@ module Ronin
       # If a _block_ is given, it will be passed the built and encoded
       # payload.
       #
-      def build(params={},&block)
-        self.params = params
+      def build!(options={},&block)
+        self.params = options
 
         @built = false
         @payload = ''
 
-        builder()
+        build()
 
         @built = true
 
-        @encoders.each do |encoder|
-          @payload = encoder.encode(@payload)
-        end
-
         block.call(@payload) if block
         return @payload
       end
 
       #
-      # Default payload verifier method.
+      # Verifies the payload is properly configured and ready to be
+      # deployed.
       #
-      def verifier
+      def verify!
+        verify
       end
 
       #
-      # Default verify method, calls verifier by default.
+      # Default method to call after the payload has been deployed.
       #
-      def verify
-        verifier
+      def deploy!(&block)
+        verify!
+        deploy()
+        
+        block.call(self) if block
+        return self
       end
 
       #
-      # Default payload deployer method.
+      # Returns the name and version of the payload.
       #
-      def deployer(&block)
-        block.call(self) if block
+      def to_s
+        "#{self.name} #{self.version}"
       end
 
+      protected
+
       #
-      # Default method to call after the payload has been deployed.
+      # Extends the payload with the helper module defined in
+      # Ronin::Payloads::Helpers that has the similar specified
+      # _name_. If no module can be found within
+      # Ronin::Payloads::Helpers with the similar _name_, an
+      # UnknownHelper exception will be raised.
       #
-      def deploy(&block)
-        verify
+      #   helper :shell
+      #
+      def helper(name)
+        name = name.to_s
+        module_name = name.to_const_string
+
+        begin
+          require File.join('ronin','payloads','helpers',name)
+        rescue LoadError
+          raise(UnknownHelper,"unknown helper #{name.dump}",caller)
+        end
+
+        unless Ronin::Payloads::Helpers.const_defined?(module_name)
+          raise(UnknownHelper,"unknown helper #{name.dump}",caller)
+        end
 
-        return deployer(&block)
+        helper_module = Ronin::Payloads::Helpers.const_get(module_name)
+
+        unless helper_module.kind_of?(Module)
+          raise(UnknownHelper,"unknown helper #{name.dump}",caller)
+        end
+
+        extend helper_module
+        return true
       end
 
       #
-      # Returns the built payload.
+      # Default builder method.
       #
-      def to_s
-        build
+      def build
+      end
+
+      #
+      # Default payload verifier method.
+      #
+      def verify
+      end
+
+      #
+      # Default payload deployer method.
+      #
+      def deploy(&block)
       end
 
     end

data/lib/ronin/payloads/shellcode.rb

@@ -27,7 +27,7 @@ module Ronin
   module Payloads
     class Shellcode < BinaryPayload
 
-      objectify :ronin_shellcode
+      contextify :ronin_shellcode
 
     end
   end

data/lib/ronin/payloads/web_payload.rb

@@ -22,12 +22,13 @@
 #
 
 require 'ronin/payloads/payload'
+require 'ronin/formatting/http'
 
 module Ronin
   module Payloads
     class WebPayload < Payload
 
-      objectify :ronin_web_payload
+      contextify :ronin_web_payload
 
     end
   end

data/lib/ronin/targeted_arch.rb

@@ -0,0 +1,38 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/arch'
+
+module Ronin
+  class TargetedArch < Arch
+
+    # The exploit targets for the Arch
+    has n, :targets,
+           :class_name => 'Ronin::Exploits::Target'
+
+    # The payloads which target the Arch
+    has n, :payloads,
+           :class_name => 'Ronin::Payloads::Payload'
+
+  end
+end

data/lib/ronin/targeted_os.rb

@@ -0,0 +1,38 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/os'
+
+module Ronin
+  class TargetedOS < OS
+
+    # The exploit targets for the OS
+    has n, :targets,
+           :class_name => 'Ronin::Exploits::Target'
+
+    # The payloads which target the OS
+    has n, :payloads,
+           :class_name => 'Ronin::Payloads::Payload'
+
+  end
+end

data/lib/ronin/targeted_product.rb

@@ -0,0 +1,34 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/product'
+
+module Ronin
+  class TargetedProduct < Product
+
+    # The exploit targets for the Product
+    has n, :targets,
+           :class_name => 'Ronin::Exploits::Target'
+
+  end
+end

data/lib/ronin/ui/command_line/commands/exploits.rb

@@ -0,0 +1,77 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/ui/command_line/command'
+
+require 'ronin/exploits'
+require 'ronin/database'
+
+module Ronin
+  module UI
+    module CommandLine
+      module Commands
+        class Exploits < Command
+
+          def defaults
+            @query = {}
+          end
+
+          def define_options(opts)
+            opts.usage = '[options]'
+
+            opts.options do
+              opts.on('-D','--database URI','The URI for the database') do |uri|
+                Database.config = uri.to_s
+              end
+
+              opts.on('-n','--name NAME','Search for exploits with the similar NAME') do |name|
+                @query[:name.like] = name.to_s
+              end
+
+              opts.on('-v','--version VERSION','Search for exploits with the similar VERSION') do |version|
+                @query[:version.like] = version.to_s
+              end
+
+              opts.on('-s','--status STATUS','Search for exploits with the STATUS (potential, proven or weaponized)') do |status|
+                @query[:status] = status.to_sym
+              end
+            end
+          end
+
+          def arguments(*args)
+            Database.setup!
+
+            exploits = Ronin::Exploits::Exploit.all(@query)
+
+            if exploits.empty?
+              fail("could not find similar exploits")
+            end
+
+            exploits.each { |exploit| puts "  #{exploit}" }
+          end
+
+        end
+      end
+    end
+  end
+end