ronin-exploits 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. data.tar.gz.sig +0 -0
  2. data/History.txt +27 -0
  3. data/Manifest.txt +21 -5
  4. data/README.txt +40 -3
  5. data/Rakefile +6 -6
  6. data/TODO.txt +12 -9
  7. data/lib/ronin/exploits/allow.rb +1 -1
  8. data/lib/ronin/{targeted_arch.rb → exploits/arch.rb} +1 -5
  9. data/lib/ronin/exploits/exploit.rb +59 -144
  10. data/lib/ronin/exploits/ftp.rb +4 -1
  11. data/lib/ronin/exploits/helpers.rb +1 -0
  12. data/lib/ronin/exploits/helpers/file_based.rb +113 -0
  13. data/lib/ronin/exploits/http.rb +10 -0
  14. data/lib/ronin/exploits/license.rb +34 -0
  15. data/lib/ronin/exploits/os.rb +34 -0
  16. data/lib/ronin/{targeted_product.rb → exploits/product.rb} +1 -1
  17. data/lib/ronin/exploits/remote_tcp.rb +2 -3
  18. data/lib/ronin/exploits/remote_udp.rb +2 -3
  19. data/lib/ronin/exploits/target.rb +8 -10
  20. data/lib/ronin/exploits/verifiers.rb +92 -0
  21. data/lib/ronin/exploits/version.rb +1 -1
  22. data/lib/ronin/exploits/web.rb +21 -1
  23. data/lib/ronin/model/has_default_port.rb +54 -0
  24. data/lib/ronin/model/targets_arch.rb +8 -10
  25. data/lib/ronin/model/targets_os.rb +9 -9
  26. data/lib/ronin/payloads.rb +1 -0
  27. data/lib/ronin/payloads/arch.rb +32 -0
  28. data/lib/ronin/payloads/asm_payload.rb +34 -0
  29. data/lib/ronin/payloads/encoder.rb +24 -18
  30. data/lib/ronin/payloads/helpers/exceptions.rb +2 -1
  31. data/lib/ronin/payloads/helpers/exceptions/{unimplemented.rb → not_implemented.rb} +1 -1
  32. data/lib/ronin/payloads/helpers/file_system.rb +12 -12
  33. data/lib/ronin/payloads/helpers/rpc.rb +7 -7
  34. data/lib/ronin/payloads/helpers/shell.rb +2 -2
  35. data/lib/ronin/payloads/license.rb +34 -0
  36. data/lib/ronin/payloads/nops.rb +3 -1
  37. data/lib/ronin/{targeted_os.rb → payloads/os.rb} +1 -5
  38. data/lib/ronin/payloads/payload.rb +89 -41
  39. data/lib/ronin/payloads/shellcode.rb +4 -1
  40. data/lib/ronin/ui/command_line/commands/exploits.rb +1 -1
  41. data/lib/ronin/ui/command_line/commands/payload.rb +2 -2
  42. data/lib/ronin/ui/command_line/commands/payloads.rb +1 -1
  43. data/spec/exploits/exploit_spec.rb +12 -30
  44. data/spec/exploits/file_based_exploit_spec.rb +39 -0
  45. data/spec/exploits/ftp_spec.rb +1 -5
  46. data/spec/exploits/http_spec.rb +4 -4
  47. data/spec/exploits/remote_tcp_spec.rb +7 -3
  48. data/spec/exploits/remote_udp_spec.rb +7 -3
  49. data/spec/exploits/target_spec.rb +9 -2
  50. data/spec/exploits/targets/buffer_overflow_spec.rb +6 -2
  51. data/spec/exploits/web_spec.rb +6 -0
  52. data/spec/model/has_default_port_spec.rb +27 -0
  53. data/spec/model/models/default_port_model.rb +13 -0
  54. data/spec/model/models/non_default_port_model.rb +11 -0
  55. data/spec/model/models/targets_arch_model.rb +11 -0
  56. data/spec/model/models/targets_os_model.rb +11 -0
  57. data/spec/model/targets_arch_spec.rb +22 -0
  58. data/spec/model/targets_os_spec.rb +23 -0
  59. data/spec/objects/exploits/example.rb +25 -0
  60. data/spec/objects/exploits/test.rb +0 -4
  61. data/spec/objects/payloads/test.rb +5 -1
  62. data/spec/payloads/encoder_spec.rb +5 -1
  63. data/spec/payloads/payload_spec.rb +77 -14
  64. metadata +58 -13
  65. metadata.gz.sig +0 -0
  66. data/spec/objects/payloads/example.rb +0 -19
@@ -27,10 +27,13 @@ module Ronin
27
27
  module Exploits
28
28
  class FTP < RemoteTCP
29
29
 
30
+ # Default port to connect to
31
+ DEFAULT_PORT = 21
32
+
30
33
  contextify :ronin_ftp_exploit
31
34
 
32
35
  # Default port to connect to
33
- property :default_port, Integer, :default => 21
36
+ property :default_port, Integer
34
37
 
35
38
  end
36
39
  end
@@ -21,6 +21,7 @@
21
21
  #++
22
22
  #
23
23
 
24
+ require 'ronin/exploits/helpers/file_based'
24
25
  require 'ronin/exploits/helpers/binary'
25
26
  require 'ronin/exploits/helpers/padding'
26
27
  require 'ronin/exploits/helpers/buffer_overflow'
@@ -0,0 +1,113 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/config'
25
+
26
+ require 'set'
27
+ require 'fileutils'
28
+
29
+ module Ronin
30
+ module Exploits
31
+ module Helpers
32
+ module FileBased
33
+ def self.included(base)
34
+ base.module_eval do
35
+ parameter :output_dir,
36
+ :default => Config::TMP_DIR,
37
+ :description => 'Directory to save built file in'
38
+
39
+ parameter :file_name,
40
+ :default => 'exploit',
41
+ :description => 'Name of the file'
42
+
43
+ parameter :clean_file,
44
+ :default => true,
45
+ :description => 'Delete the file on exit'
46
+ end
47
+ end
48
+
49
+ def self.extended(obj)
50
+ obj.instance_eval do
51
+ parameter :output_dir,
52
+ :default => Config::TMP_DIR,
53
+ :description => 'Directory to save built file in'
54
+
55
+ parameter :file_name,
56
+ :default => 'exploit',
57
+ :description => 'Name of the file'
58
+
59
+ parameter :clean_file,
60
+ :default => true,
61
+ :description => 'Delete the file on exit'
62
+ end
63
+ end
64
+
65
+ #
66
+ # List of files to delete later.
67
+ #
68
+ def FileBased.clean_files
69
+ @@ronin_exploits_file_based_clean_files ||= Set[]
70
+ end
71
+
72
+ #
73
+ # Will forcibly delete the files listed in FileBased.clean_files,
74
+ # as well as empty the contents of FileBased.clean_files.
75
+ #
76
+ def FileBased.clean!
77
+ FileBased.clean_files.each do |path|
78
+ FileUtils.rm(path, :force => true)
79
+ end
80
+
81
+ FileBased.clean_files.clear
82
+ return true
83
+ end
84
+
85
+ at_exit(&FileBased.method(:clean!))
86
+
87
+ #
88
+ # Returns the absolute path of the file to be built.
89
+ #
90
+ def file_path
91
+ File.expand_path(::File.join(@output_dir,@file_name))
92
+ end
93
+
94
+ protected
95
+
96
+ #
97
+ # Opens the file to be built, passing a new File object to the given
98
+ # _block_.
99
+ #
100
+ # file_open do |file|
101
+ # file << 'some data'
102
+ # end
103
+ #
104
+ def file_open(&block)
105
+ path = self.file_path
106
+
107
+ FileBased.clean_files << path if @clean_file
108
+ return File.open(path,'w',&block)
109
+ end
110
+ end
111
+ end
112
+ end
113
+ end
@@ -22,16 +22,26 @@
22
22
  #
23
23
 
24
24
  require 'ronin/exploits/remote_tcp'
25
+ require 'ronin/sessions/http'
25
26
 
26
27
  module Ronin
27
28
  module Exploits
28
29
  class HTTP < RemoteTCP
29
30
 
31
+ # Default port to connect to
32
+ DEFAULT_PORT = 80
33
+
34
+ include Sessions::HTTP
35
+
30
36
  contextify :ronin_http_exploit
31
37
 
32
38
  # Default port to connect to
33
39
  property :default_port, Integer, :default => 80
34
40
 
41
+ # The optional URL path prefix
42
+ parameter :url_prefix,
43
+ :description => 'Optional URL path prefix'
44
+
35
45
  end
36
46
  end
37
47
  end
@@ -0,0 +1,34 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/license'
25
+
26
+ module Ronin
27
+ class License
28
+
29
+ # The exploits under the license
30
+ has n, :exploits,
31
+ :class_name => 'Ronin::Exploits::Exploit'
32
+
33
+ end
34
+ end
@@ -0,0 +1,34 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/os'
25
+
26
+ module Ronin
27
+ class OS
28
+
29
+ # The exploit targets for the OS
30
+ has n, :targets,
31
+ :class_name => 'Ronin::Exploits::Target'
32
+
33
+ end
34
+ end
@@ -24,7 +24,7 @@
24
24
  require 'ronin/product'
25
25
 
26
26
  module Ronin
27
- class TargetedProduct < Product
27
+ class Product
28
28
 
29
29
  # The exploit targets for the Product
30
30
  has n, :targets,
@@ -22,19 +22,18 @@
22
22
  #
23
23
 
24
24
  require 'ronin/exploits/remote'
25
+ require 'ronin/model/has_default_port'
25
26
  require 'ronin/sessions/tcp'
26
27
 
27
28
  module Ronin
28
29
  module Exploits
29
30
  class RemoteTCP < Remote
30
31
 
32
+ include Model::HasDefaultPort
31
33
  include Sessions::TCP
32
34
 
33
35
  contextify :ronin_remote_tcp_exploit
34
36
 
35
- # Default port to connect to
36
- property :default_port, Integer
37
-
38
37
  # remote host to connect to
39
38
  parameter :host, :description => 'TCP remote host'
40
39
 
@@ -22,19 +22,18 @@
22
22
  #
23
23
 
24
24
  require 'ronin/exploits/remote'
25
+ require 'ronin/model/has_default_port'
25
26
  require 'ronin/sessions/udp'
26
27
 
27
28
  module Ronin
28
29
  module Exploits
29
30
  class RemoteUDP < Remote
30
31
 
32
+ include Model::HasDefaultPort
31
33
  include Sessions::UDP
32
34
 
33
35
  contextify :ronin_remote_udp_exploit
34
36
 
35
- # Default port to connect to
36
- property :default_port, Integer
37
-
38
37
  # remote host to connect to
39
38
  parameter :host, :description => 'UDP remote host'
40
39
 
@@ -22,10 +22,10 @@
22
22
  #
23
23
 
24
24
  require 'ronin/exploits/exceptions/target_data_missing'
25
+ require 'ronin/exploits/product'
25
26
  require 'ronin/model/targets_arch'
26
27
  require 'ronin/model/targets_os'
27
28
  require 'ronin/model'
28
- require 'ronin/targeted_product'
29
29
 
30
30
  require 'dm-types/yaml'
31
31
 
@@ -44,9 +44,7 @@ module Ronin
44
44
  property :description, String
45
45
 
46
46
  # Targeted product
47
- belongs_to :product,
48
- :child_key => [:product_id],
49
- :class_name => 'Ronin::TargetedProduct'
47
+ belongs_to :product
50
48
 
51
49
  # The exploit the target belongs to
52
50
  belongs_to :exploit
@@ -65,20 +63,20 @@ module Ronin
65
63
  end
66
64
 
67
65
  #
68
- # Returns the TargetedProduct if no _arguments_ are given. If
69
- # _arguments_ are given, a new TargetedProduct object will be created
70
- # from the given _arguments_ and associated with the target.
66
+ # Returns the Product if no _arguments_ are given. If _arguments_ are
67
+ # given, a new Product object will be created from the given
68
+ # _arguments_ and associated with the target.
71
69
  #
72
70
  # target.product
73
71
  # # => nil
74
72
  #
75
73
  # target.product(:name => 'Apache', :version => '1.3.3.7')
76
- # # => #<Ronin::TargetedProduct type=Ronin::TargetedProduct
77
- # # id=nil name="Apache" version="1.3.3.7" vendor="Apache">
74
+ # # => #<Ronin::Product type=Ronin::Product id=nil name="Apache"
75
+ # # version="1.3.3.7" vendor="Apache">
78
76
  #
79
77
  def product(*arguments)
80
78
  unless arguments.empty?
81
- return self.product = TargetedProduct.first_or_create(*arguments)
79
+ return self.product = Product.first_or_create(*arguments)
82
80
  else
83
81
  return product_association
84
82
  end
@@ -0,0 +1,92 @@
1
+ #
2
+ #--
3
+ # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
4
+ # payload crafting functionality.
5
+ #
6
+ # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+ module Ronin
24
+ module Exploits
25
+ module Verifiers
26
+ #
27
+ # Verifies that a target has been selected. If a target has not been
28
+ # selected, a TargetUnspecified exception will be raised, otherwise
29
+ # +true+ will be returned.
30
+ #
31
+ def verify_target!
32
+ if target.nil?
33
+ raise(TargetUnspecified,"no suitable target provided",caller)
34
+ end
35
+
36
+ return true
37
+ end
38
+
39
+ #
40
+ # Verifies that the selected target has an arch property.
41
+ # If the selected target does not have an arch property, a
42
+ # TargetDataMissing exception will be raised, otherwise
43
+ # +true+ will be return.
44
+ #
45
+ def verify_arch!
46
+ if arch.nil?
47
+ raise(TargetDataMissing,"no suitable arch was provided",caller)
48
+ end
49
+ end
50
+
51
+ #
52
+ # Verifies that the selected target has an os property.
53
+ # If the selected target does not have an os property, a
54
+ # TargetDataMissing exception will be raised, otherwise
55
+ # +true+ will be return.
56
+ #
57
+ def verify_os!
58
+ if os.nil?
59
+ raise(TargetDataMissing,"no suitable os was provided",caller)
60
+ end
61
+ end
62
+
63
+ #
64
+ # Verifies that the selected target has an product property.
65
+ # If the selected target does not have an product property, a
66
+ # TargetDataMissing exception will be raised, otherwise
67
+ # +true+ will be return.
68
+ #
69
+ def verify_product!
70
+ if product.nil?
71
+ raise(TargetDataMissing,"no suitable product was provided",caller)
72
+ end
73
+ end
74
+
75
+ #
76
+ # Raises a RestrictedChar exception if the specified _text_ contains
77
+ # any restricted characters, returns +true+ otherwise.
78
+ #
79
+ def verify_restricted!(text)
80
+ found = @restricted_chars.select { |char|
81
+ text.include?(char)
82
+ }.map { |char| char.dump }
83
+
84
+ unless found.empty?
85
+ raise(RestrictedChar,"restricted characters #{found.join(', ')} was detected in #{text.dump}",caller)
86
+ end
87
+
88
+ return true
89
+ end
90
+ end
91
+ end
92
+ end
@@ -24,6 +24,6 @@
24
24
  module Ronin
25
25
  module Exploits
26
26
  # Ronin Exploits version
27
- VERSION = '0.2.0'
27
+ VERSION = '0.2.1'
28
28
  end
29
29
  end
@@ -47,8 +47,28 @@ module Ronin
47
47
  # The targeted HTTP port
48
48
  parameter :port, :description => 'The targeted HTTP port'
49
49
 
50
+ # The HTTP Request method to use
51
+ parameter :http_method,
52
+ :default => :get,
53
+ :description => 'HTTP Request method to use'
54
+
50
55
  # The optional URL path prefix
51
- parameter :url_prefix, :description => 'The optional URL path prefix'
56
+ parameter :url_prefix, :description => 'Optional URL path prefix'
57
+
58
+ #
59
+ # Returns the targeted URL path based on the +url_prefix+ parameter
60
+ # as well as the +url_path+ and +url_query+ properties.
61
+ #
62
+ def targeted_url_path
63
+ url = self.url_path.to_s
64
+ url << "?#{self.url_query}" if self.url_query
65
+
66
+ if @url_prefix
67
+ url = @url_prefix.to_s + url
68
+ end
69
+
70
+ return url
71
+ end
52
72
 
53
73
  #
54
74
  # Returns the targeted URL based on the +http_host+, +http_port+