ronin-exploits 0.2.0 → 0.2.1

data/lib/ronin/exploits/ftp.rb

@@ -27,10 +27,13 @@ module Ronin
   module Exploits
     class FTP < RemoteTCP
 
+      # Default port to connect to
+      DEFAULT_PORT = 21
+
       contextify :ronin_ftp_exploit
 
       # Default port to connect to
-      property :default_port, Integer, :default => 21
+      property :default_port, Integer
 
     end
   end

data/lib/ronin/exploits/helpers.rb

@@ -21,6 +21,7 @@
 #++
 #
 
+require 'ronin/exploits/helpers/file_based'
 require 'ronin/exploits/helpers/binary'
 require 'ronin/exploits/helpers/padding'
 require 'ronin/exploits/helpers/buffer_overflow'

data/lib/ronin/exploits/helpers/file_based.rb

@@ -0,0 +1,113 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/config'
+
+require 'set'
+require 'fileutils'
+
+module Ronin
+  module Exploits
+    module Helpers
+      module FileBased
+        def self.included(base)
+          base.module_eval do
+            parameter :output_dir,
+                      :default => Config::TMP_DIR,
+                      :description => 'Directory to save built file in'
+
+            parameter :file_name,
+                      :default => 'exploit',
+                      :description => 'Name of the file'
+
+            parameter :clean_file,
+                      :default => true,
+                      :description => 'Delete the file on exit'
+          end
+        end
+
+        def self.extended(obj)
+          obj.instance_eval do
+            parameter :output_dir,
+                      :default => Config::TMP_DIR,
+                      :description => 'Directory to save built file in'
+
+            parameter :file_name,
+                      :default => 'exploit',
+                      :description => 'Name of the file'
+
+            parameter :clean_file,
+                      :default => true,
+                      :description => 'Delete the file on exit'
+          end
+        end
+
+        #
+        # List of files to delete later.
+        #
+        def FileBased.clean_files
+          @@ronin_exploits_file_based_clean_files ||= Set[]
+        end
+
+        #
+        # Will forcibly delete the files listed in FileBased.clean_files,
+        # as well as empty the contents of FileBased.clean_files.
+        #
+        def FileBased.clean!
+          FileBased.clean_files.each do |path|
+            FileUtils.rm(path, :force => true)
+          end
+
+          FileBased.clean_files.clear
+          return true
+        end
+
+        at_exit(&FileBased.method(:clean!))
+
+        #
+        # Returns the absolute path of the file to be built.
+        #
+        def file_path
+          File.expand_path(::File.join(@output_dir,@file_name))
+        end
+
+        protected
+
+        #
+        # Opens the file to be built, passing a new File object to the given
+        # _block_.
+        #
+        #   file_open do |file|
+        #     file << 'some data'
+        #   end
+        #
+        def file_open(&block)
+          path = self.file_path
+
+          FileBased.clean_files << path if @clean_file
+          return File.open(path,'w',&block)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/http.rb

@@ -22,16 +22,26 @@
 #
 
 require 'ronin/exploits/remote_tcp'
+require 'ronin/sessions/http'
 
 module Ronin
   module Exploits
     class HTTP < RemoteTCP
 
+      # Default port to connect to
+      DEFAULT_PORT = 80
+
+      include Sessions::HTTP
+
       contextify :ronin_http_exploit
 
       # Default port to connect to
       property :default_port, Integer, :default => 80
 
+      # The optional URL path prefix
+      parameter :url_prefix,
+                :description => 'Optional URL path prefix'
+
     end
   end
 end

data/lib/ronin/exploits/license.rb

@@ -0,0 +1,34 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/license'
+
+module Ronin
+  class License
+
+    # The exploits under the license
+    has n, :exploits,
+           :class_name => 'Ronin::Exploits::Exploit'
+
+  end
+end

data/lib/ronin/exploits/os.rb

@@ -0,0 +1,34 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/os'
+
+module Ronin
+  class OS
+
+    # The exploit targets for the OS
+    has n, :targets,
+           :class_name => 'Ronin::Exploits::Target'
+
+  end
+end

data/lib/ronin/{targeted_product.rb → exploits/product.rb}

@@ -24,7 +24,7 @@
 require 'ronin/product'
 
 module Ronin
-  class TargetedProduct < Product
+  class Product
 
     # The exploit targets for the Product
     has n, :targets,

data/lib/ronin/exploits/remote_tcp.rb

@@ -22,19 +22,18 @@
 #
 
 require 'ronin/exploits/remote'
+require 'ronin/model/has_default_port'
 require 'ronin/sessions/tcp'
 
 module Ronin
   module Exploits
     class RemoteTCP < Remote
 
+      include Model::HasDefaultPort
       include Sessions::TCP
 
       contextify :ronin_remote_tcp_exploit
 
-      # Default port to connect to
-      property :default_port, Integer
-
       # remote host to connect to
       parameter :host, :description => 'TCP remote host'
 

data/lib/ronin/exploits/remote_udp.rb

@@ -22,19 +22,18 @@
 #
 
 require 'ronin/exploits/remote'
+require 'ronin/model/has_default_port'
 require 'ronin/sessions/udp'
 
 module Ronin
   module Exploits
     class RemoteUDP < Remote
 
+      include Model::HasDefaultPort
       include Sessions::UDP
 
       contextify :ronin_remote_udp_exploit
 
-      # Default port to connect to
-      property :default_port, Integer
-
       # remote host to connect to
       parameter :host, :description => 'UDP remote host'
 

data/lib/ronin/exploits/target.rb

@@ -22,10 +22,10 @@
 #
 
 require 'ronin/exploits/exceptions/target_data_missing'
+require 'ronin/exploits/product'
 require 'ronin/model/targets_arch'
 require 'ronin/model/targets_os'
 require 'ronin/model'
-require 'ronin/targeted_product'
 
 require 'dm-types/yaml'
 
@@ -44,9 +44,7 @@ module Ronin
       property :description, String
 
       # Targeted product
-      belongs_to :product,
-                 :child_key => [:product_id],
-                 :class_name => 'Ronin::TargetedProduct'
+      belongs_to :product
 
       # The exploit the target belongs to
       belongs_to :exploit
@@ -65,20 +63,20 @@ module Ronin
       end
 
       #
-      # Returns the TargetedProduct if no _arguments_ are given. If
-      # _arguments_ are given, a new TargetedProduct object will be created
-      # from the given _arguments_ and associated with the target.
+      # Returns the Product if no _arguments_ are given. If _arguments_ are
+      # given, a new Product object will be created from the given
+      # _arguments_ and associated with the target.
       #
       #   target.product
       #   # => nil
       #
       #   target.product(:name => 'Apache', :version => '1.3.3.7')
-      #   # => #<Ronin::TargetedProduct type=Ronin::TargetedProduct
-      #   # id=nil name="Apache" version="1.3.3.7" vendor="Apache">
+      #   # => #<Ronin::Product type=Ronin::Product id=nil name="Apache"
+      #   # version="1.3.3.7" vendor="Apache">
       #
       def product(*arguments)
         unless arguments.empty?
-          return self.product = TargetedProduct.first_or_create(*arguments)
+          return self.product = Product.first_or_create(*arguments)
         else
           return product_association
         end

data/lib/ronin/exploits/verifiers.rb

@@ -0,0 +1,92 @@
+#
+#--
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+module Ronin
+  module Exploits
+    module Verifiers
+      #
+      # Verifies that a target has been selected. If a target has not been
+      # selected, a TargetUnspecified exception will be raised, otherwise
+      # +true+ will be returned.
+      #
+      def verify_target!
+        if target.nil?
+          raise(TargetUnspecified,"no suitable target provided",caller)
+        end
+
+        return true
+      end
+
+      #
+      # Verifies that the selected target has an arch property.
+      # If the selected target does not have an arch property, a
+      # TargetDataMissing exception will be raised, otherwise
+      # +true+ will be return.
+      #
+      def verify_arch!
+        if arch.nil?
+          raise(TargetDataMissing,"no suitable arch was provided",caller)
+        end
+      end
+
+      #
+      # Verifies that the selected target has an os property.
+      # If the selected target does not have an os property, a
+      # TargetDataMissing exception will be raised, otherwise
+      # +true+ will be return.
+      #
+      def verify_os!
+        if os.nil?
+          raise(TargetDataMissing,"no suitable os was provided",caller)
+        end
+      end
+
+      #
+      # Verifies that the selected target has an product property.
+      # If the selected target does not have an product property, a
+      # TargetDataMissing exception will be raised, otherwise
+      # +true+ will be return.
+      #
+      def verify_product!
+        if product.nil?
+          raise(TargetDataMissing,"no suitable product was provided",caller)
+        end
+      end
+
+      #
+      # Raises a RestrictedChar exception if the specified _text_ contains
+      # any restricted characters, returns +true+ otherwise.
+      #
+      def verify_restricted!(text)
+        found = @restricted_chars.select { |char|
+          text.include?(char)
+        }.map { |char| char.dump }
+
+        unless found.empty?
+          raise(RestrictedChar,"restricted characters #{found.join(', ')} was detected in #{text.dump}",caller)
+        end
+
+        return true
+      end
+    end
+  end
+end

data/lib/ronin/exploits/version.rb

@@ -24,6 +24,6 @@
 module Ronin
   module Exploits
     # Ronin Exploits version
-    VERSION = '0.2.0'
+    VERSION = '0.2.1'
   end
 end

data/lib/ronin/exploits/web.rb

@@ -47,8 +47,28 @@ module Ronin
       # The targeted HTTP port
       parameter :port, :description => 'The targeted HTTP port'
 
+      # The HTTP Request method to use
+      parameter :http_method,
+                :default => :get,
+                :description => 'HTTP Request method to use'
+
       # The optional URL path prefix
-      parameter :url_prefix, :description => 'The optional URL path prefix'
+      parameter :url_prefix, :description => 'Optional URL path prefix'
+
+      #
+      # Returns the targeted URL path based on the +url_prefix+ parameter
+      # as well as the +url_path+ and +url_query+ properties.
+      #
+      def targeted_url_path
+        url = self.url_path.to_s
+        url << "?#{self.url_query}" if self.url_query
+
+        if @url_prefix
+          url = @url_prefix.to_s + url
+        end
+
+        return url
+      end
 
       #
       # Returns the targeted URL based on the +http_host+, +http_port+