ronin-exploits 0.1.1 → 0.2.0

data/spec/exploits/format_string_exploit_spec.rb

@@ -0,0 +1,32 @@
+require 'ronin/exploits/local'
+require 'ronin/exploits/helpers/format_string'
+
+require 'spec_helper'
+
+describe Exploits::Helpers::FormatString do
+  before(:all) do
+    @exploit = Exploits::Local.new do
+      helper :format_string
+
+      self.name = 'example_fmtstring'
+
+      targeting do |target|
+        target.arch = Arch.i686
+        target.pop_length = 256
+        target.overwrite = 0xffffaaaa
+        target.address = 0xffffbbbb
+      end
+    end
+  end
+
+  it "should use Targets::FormatString for targets" do
+    @exploit.targets.all? { |target|
+      target.class == Exploits::Targets::FormatString
+    }.should == true
+  end
+
+  it "should build a format string" do
+    @exploit.target = @exploit.targets[0]
+    @exploit.build!
+  end
+end

data/spec/exploits/ftp_spec.rb

@@ -0,0 +1,17 @@
+require 'ronin/exploits/ftp'
+
+require 'spec_helper'
+
+describe Exploits::FTP do
+  before(:all) do
+    @exploit = Exploits::FTP.new do
+      self.name = 'example_ftp'
+    end
+
+    @exploit.save!
+  end
+
+  it "should have a default port of 21" do
+    @exploit.default_port.should == 21
+  end
+end

data/spec/exploits/http_spec.rb

@@ -0,0 +1,17 @@
+require 'ronin/exploits/http'
+
+require 'spec_helper'
+
+describe Exploits::HTTP do
+  before(:all) do
+    @exploit = Exploits::HTTP.new do
+      self.name = 'example_httpd'
+    end
+
+    @exploit.save!
+  end
+
+  it "should have a default port of 80" do
+    @exploit.default_port.should == 80
+  end
+end

data/spec/exploits/padding_exploit_spec.rb

@@ -0,0 +1,44 @@
+require 'ronin/exploits/local'
+require 'ronin/exploits/helpers/padding'
+
+require 'spec_helper'
+
+describe Exploits::Helpers::Padding do
+  before(:all) do
+    @exploit = Exploits::Local.new do
+      helper :padding
+
+      def pad_buffer
+        pad(1024)
+      end
+
+      def pad_data_left
+        pad_left('hello',1024)
+      end
+
+      def pad_data_right
+        pad_right('hello',1024)
+      end
+    end
+  end
+
+  it "should pad a buffer" do
+    buffer = @exploit.pad_buffer
+
+    buffer.length.should == 1024
+  end
+
+  it "should pad a buffer with data to the left" do
+    buffer = @exploit.pad_data_left
+
+    buffer.length.should == 1024
+    (buffer =~ /hello$/).should_not be_nil
+  end
+
+  it "should pad a buffer with data to the right" do
+    buffer = @exploit.pad_data_right
+
+    buffer.length.should == 1024
+    (buffer =~ /^hello/).should_not be_nil
+  end
+end

data/spec/exploits/remote_tcp_spec.rb

@@ -0,0 +1,24 @@
+require 'ronin/exploits/remote_tcp'
+
+require 'spec_helper'
+
+describe Exploits::RemoteTCP do
+  before(:all) do
+    @exp = Exploits::RemoteTCP.new(
+      :default_port => 22,
+      :host => '127.0.0.1'
+    )
+  end
+
+  it "should include the TCP Session module" do
+    Exploits::RemoteTCP.include?(Sessions::TCP).should == true
+  end
+
+  it "should default the port to the default_port before deploying" do
+    @exp.build!
+
+    @exp.deploy! do |exp|
+      exp.port.should == 22
+    end
+  end
+end

data/spec/exploits/remote_udp_spec.rb

@@ -0,0 +1,24 @@
+require 'ronin/exploits/remote_udp'
+
+require 'spec_helper'
+
+describe Exploits::RemoteUDP do
+  before(:all) do
+    @exp = Exploits::RemoteUDP.new(
+      :default_port => 22,
+      :host => '127.0.0.1'
+    )
+  end
+
+  it "should include the UDP Session module" do
+    Exploits::RemoteUDP.include?(Sessions::UDP).should == true
+  end
+
+  it "should default the port to the default_port before deploying" do
+    @exp.build!
+
+    @exp.deploy! do |exp|
+      exp.port.should == 22
+    end
+  end
+end

data/spec/exploits/target_spec.rb

@@ -0,0 +1,91 @@
+require 'ronin/exploits/target'
+
+require 'spec_helper'
+
+describe Exploits::Target do
+  before(:each) do
+    @target = Exploits::Target.new(
+      :data => {:var => 1, :test => 'hello'}
+    )
+  end
+
+  it "should not have an Arch by default" do
+    @target.arch.should be_nil
+  end
+
+  it "should set the Arch when called with a name" do
+    @target.arch :i686
+    @target.arch.name.should == 'i686'
+    @target.arch.endian == 'little'
+    @target.arch.address_length == 4
+  end
+
+  it "should not have an OS by default" do
+    @target.os.should be_nil
+  end
+
+  it "should set the OS when called with arguments" do
+    @target.os(:name => 'FreeBSD', :version => '7.1')
+    @target.os.name.should == 'FreeBSD'
+    @target.os.version.should == '7.1'
+  end
+
+  it "should not have a product by default" do
+    @target.product.should be_nil
+  end
+
+  it "should set the product when called with arguments" do
+    @target.product(:name => 'Apache', :version => '1.3.3.7')
+    @target.product.name.should == 'Apache'
+    @target.product.version.should == '1.3.3.7'
+  end
+
+  it "should contain target data" do
+    @target.data[:var].should == 1
+    @target.data[:test].should == 'hello'
+  end
+
+  it "should provide Hash like access to target data" do
+    @target[:var].should == 1
+    @target[:test].should == 'hello'
+  end
+
+  it "should be able to set data like a Hash" do
+    @target[:var] = 2
+
+    @target[:var].should == 2
+  end
+
+  it "should provide OStruct like access to target data" do
+    @target.var.should == 1
+    @target.test.should == 'hello'
+  end
+
+  it "should be able to set data like an OStruct" do
+    @target.var = 2
+
+    @target.var.should == 2
+  end
+
+  it "should be able to serialize and deserialize it's target data" do
+    @target.save!
+
+    target = Exploits::Target.get(@target.id)
+    target.data[:var].should == 1
+    target.data[:test].should == 'hello'
+  end
+
+  it "should not raise TargetDataMissing when setting new data" do
+    lambda {
+      @target.bla = 'yes'
+    }.should_not raise_error(Exploits::TargetDataMissing)
+
+    @target.bla.should == 'yes'
+  end
+
+  it "should raise TargetDataMissing when accessing non-existant data" do
+    lambda {
+      @target.bla
+    }.should raise_error(Exploits::TargetDataMissing)
+  end
+end

data/spec/exploits/targets/buffer_overflow_spec.rb

@@ -0,0 +1,18 @@
+require 'ronin/exploits/targets/buffer_overflow'
+
+require 'spec_helper'
+
+describe Exploits::Targets::BufferOverflow do
+  it "should require an ip to overwrite with" do
+    target = Exploits::Targets::BufferOverflow.new
+    target.should_not be_valid
+
+    target.ip = 0xffffeeee
+    target.should be_valid
+  end
+
+  it "should have a default frame_repeat of 1" do
+    target = Exploits::Targets::BufferOverflow.new
+    target.frame_repeat.should == 1
+  end
+end

data/spec/exploits/{web_exploit_spec.rb → web_spec.rb}

@@ -1,12 +1,12 @@
-require 'ronin/exploits/web_exploit'
+require 'ronin/exploits/web'
 
 require 'spec_helper'
 
-describe Exploits::WebExploit do
+describe Exploits::Web do
   describe "targeted_url" do
     it "should create a targeted URL using the host param" do
       host = 'www.example.com'
-      exploit = Exploits::WebExploit.new(:host => host)
+      exploit = Exploits::Web.new(:host => host)
 
       exploit.targeted_url.host.should == host
     end
@@ -14,14 +14,14 @@ describe Exploits::WebExploit do
     it "should create a targeted URL using the host param and the url_path property" do
       host = 'www.example.com'
       path = '/'
-      exploit = Exploits::WebExploit.new(:host => host, :url_path => path)
+      exploit = Exploits::Web.new(:host => host, :url_path => path)
 
       exploit.targeted_url.host.should == host
       exploit.targeted_url.path.should == path
     end
 
     it "should raise a MissingParam exception if host params is missing" do
-      exploit = Exploits::WebExploit.new(:url_path => '/')
+      exploit = Exploits::Web.new(:url_path => '/')
 
       lambda { exploit.targeted_url }.should raise_error(Parameters::MissingParam)
     end

data/spec/helpers/database.rb

@@ -0,0 +1,5 @@
+require 'ronin/database'
+require 'ronin/exploits'
+require 'ronin/payloads'
+
+Database.setup({ :adapter => 'sqlite3', :database => ':memory:' })

data/spec/helpers/objects.rb

@@ -0,0 +1,22 @@
+require 'ronin/exploits/exploit'
+require 'ronin/payloads/payload'
+
+require 'spec_helper'
+
+EXPLOITS_DIR = File.expand_path(File.join(File.dirname(__FILE__),'..','objects','exploits'))
+
+PAYLOADS_DIR = File.expand_path(File.join(File.dirname(__FILE__),'..','objects','payloads'))
+
+PAYLOAD_ENCODERS_DIR = File.join(PAYLOADS_DIR,'encoders')
+
+def load_exploit(name,base=Exploits::Exploit)
+  base.load_from(File.join(EXPLOITS_DIR,"#{name}.rb"))
+end
+
+def load_payload(name,base=Payloads::Payload)
+  base.load_from(File.join(PAYLOADS_DIR,"#{name}.rb"))
+end
+
+def load_payload_encoder(name,base=Payloads::Encoder)
+  base.load_from(File.join(PAYLOAD_ENCODERS_DIR,"#{name}.rb"))
+end

data/spec/objects/exploits/test.rb

@@ -0,0 +1,28 @@
+ronin_exploit do
+  parameter :var,
+            :default => 'value1',
+            :description => 'Parameter to be shared with the payload'
+
+  cache do
+    self.name = 'test'
+    self.version = '0.2'
+
+    author :name => 'Anonymous', :email => 'anonymous@example.com'
+
+    targeting do |target|
+      target.arch :i686
+      target.os :name => 'Linux', :version => '2.6.23'
+      target.product :name => 'ExampleWare', :version => '1.5'
+    end
+
+    targeting do |target|
+      target.arch :i386
+      target.os :name => 'Windows', :version => '7.1'
+      target.product :name => 'ExampleWare', :version => '1.5'
+    end
+  end
+
+  def build
+    'result'
+  end
+end

data/spec/objects/payloads/example.rb

@@ -0,0 +1,19 @@
+ronin_payload do
+  parameter :var,
+            :value => 'usual',
+            :description => 'Parameter set by an exploit'
+
+  cache do
+    self.name = 'example'
+    self.version = '0.2'
+
+    arch :i686
+    os :name => 'Linux'
+
+    author :name => 'Anonymous', :email => 'anonymous@example.com'
+  end
+
+  def build
+    @payload = "data/#{@var}"
+  end
+end

data/spec/objects/payloads/test.rb

@@ -0,0 +1,11 @@
+ronin_payload do
+  cache do
+    self.name = 'test'
+
+    author :name => 'Anonymous', :email => 'anonymous@example.com'
+  end
+
+  def build
+    @payload = 'code'
+  end
+end

data/spec/payloads/encoder_spec.rb

@@ -0,0 +1,26 @@
+require 'ronin/payloads/encoder'
+
+require 'spec_helper'
+
+describe Payloads::Encoder do
+  before(:all) do
+    @encoder = Payloads::Encoder.new
+    @data = 'some data'
+  end
+
+  it "should require a name" do
+    encoder = Payloads::Encoder.new
+    encoder.should_not be_valid
+
+    encoder = Payloads::Encoder.new(:name => 'encoder')
+    encoder.should be_valid
+  end
+
+  it "should provide a #call method" do
+    @encoder.respond_to?(:call).should == true
+  end
+
+  it "should return the data to be encoded by default" do
+    @encoder.call(@data).should == @data
+  end
+end

data/spec/payloads/encoders/xor_spec.rb

@@ -0,0 +1,20 @@
+require 'ronin/payloads/encoders/xor'
+
+require 'spec_helper'
+
+describe Ronin do
+  describe Payloads::Encoders::XOR do
+    before(:all) do
+      @data = "\x00\x01\x90ABC123[]{}'"
+    end
+
+    it "should encode-out unwanted characters" do
+      disallow = [0x00, 0x01, 0x90]
+      xor = Payloads::Encoders::XOR.new(:disallow => disallow)
+
+      xor.call(@data).each_byte do |b|
+        disallow.include?(b).should_not == true
+      end
+    end
+  end
+end