ronin-exploits 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data.tar.gz.sig +0 -0
- data/History.txt +27 -0
- data/Manifest.txt +21 -5
- data/README.txt +40 -3
- data/Rakefile +6 -6
- data/TODO.txt +12 -9
- data/lib/ronin/exploits/allow.rb +1 -1
- data/lib/ronin/{targeted_arch.rb → exploits/arch.rb} +1 -5
- data/lib/ronin/exploits/exploit.rb +59 -144
- data/lib/ronin/exploits/ftp.rb +4 -1
- data/lib/ronin/exploits/helpers.rb +1 -0
- data/lib/ronin/exploits/helpers/file_based.rb +113 -0
- data/lib/ronin/exploits/http.rb +10 -0
- data/lib/ronin/exploits/license.rb +34 -0
- data/lib/ronin/exploits/os.rb +34 -0
- data/lib/ronin/{targeted_product.rb → exploits/product.rb} +1 -1
- data/lib/ronin/exploits/remote_tcp.rb +2 -3
- data/lib/ronin/exploits/remote_udp.rb +2 -3
- data/lib/ronin/exploits/target.rb +8 -10
- data/lib/ronin/exploits/verifiers.rb +92 -0
- data/lib/ronin/exploits/version.rb +1 -1
- data/lib/ronin/exploits/web.rb +21 -1
- data/lib/ronin/model/has_default_port.rb +54 -0
- data/lib/ronin/model/targets_arch.rb +8 -10
- data/lib/ronin/model/targets_os.rb +9 -9
- data/lib/ronin/payloads.rb +1 -0
- data/lib/ronin/payloads/arch.rb +32 -0
- data/lib/ronin/payloads/asm_payload.rb +34 -0
- data/lib/ronin/payloads/encoder.rb +24 -18
- data/lib/ronin/payloads/helpers/exceptions.rb +2 -1
- data/lib/ronin/payloads/helpers/exceptions/{unimplemented.rb → not_implemented.rb} +1 -1
- data/lib/ronin/payloads/helpers/file_system.rb +12 -12
- data/lib/ronin/payloads/helpers/rpc.rb +7 -7
- data/lib/ronin/payloads/helpers/shell.rb +2 -2
- data/lib/ronin/payloads/license.rb +34 -0
- data/lib/ronin/payloads/nops.rb +3 -1
- data/lib/ronin/{targeted_os.rb → payloads/os.rb} +1 -5
- data/lib/ronin/payloads/payload.rb +89 -41
- data/lib/ronin/payloads/shellcode.rb +4 -1
- data/lib/ronin/ui/command_line/commands/exploits.rb +1 -1
- data/lib/ronin/ui/command_line/commands/payload.rb +2 -2
- data/lib/ronin/ui/command_line/commands/payloads.rb +1 -1
- data/spec/exploits/exploit_spec.rb +12 -30
- data/spec/exploits/file_based_exploit_spec.rb +39 -0
- data/spec/exploits/ftp_spec.rb +1 -5
- data/spec/exploits/http_spec.rb +4 -4
- data/spec/exploits/remote_tcp_spec.rb +7 -3
- data/spec/exploits/remote_udp_spec.rb +7 -3
- data/spec/exploits/target_spec.rb +9 -2
- data/spec/exploits/targets/buffer_overflow_spec.rb +6 -2
- data/spec/exploits/web_spec.rb +6 -0
- data/spec/model/has_default_port_spec.rb +27 -0
- data/spec/model/models/default_port_model.rb +13 -0
- data/spec/model/models/non_default_port_model.rb +11 -0
- data/spec/model/models/targets_arch_model.rb +11 -0
- data/spec/model/models/targets_os_model.rb +11 -0
- data/spec/model/targets_arch_spec.rb +22 -0
- data/spec/model/targets_os_spec.rb +23 -0
- data/spec/objects/exploits/example.rb +25 -0
- data/spec/objects/exploits/test.rb +0 -4
- data/spec/objects/payloads/test.rb +5 -1
- data/spec/payloads/encoder_spec.rb +5 -1
- data/spec/payloads/payload_spec.rb +77 -14
- metadata +58 -13
- metadata.gz.sig +0 -0
- data/spec/objects/payloads/example.rb +0 -19
@@ -0,0 +1,54 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'dm-core'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Model
|
28
|
+
module HasDefaultPort
|
29
|
+
def self.included(base)
|
30
|
+
base.module_eval do
|
31
|
+
# Default port to use
|
32
|
+
property :default_port, Integer
|
33
|
+
|
34
|
+
validates_present :default_port
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
#
|
39
|
+
# Creates a new Model with the given _attributes_ and given _block_.
|
40
|
+
#
|
41
|
+
# _attributes_ may contain the following keys:
|
42
|
+
# <tt>:default_port</tt>:: The default port to use, defaults to the
|
43
|
+
# +DEFAULT_PORT+ constant.
|
44
|
+
#
|
45
|
+
def initialize(attributes={},&block)
|
46
|
+
if self.class.const_defined?('DEFAULT_PORT')
|
47
|
+
attributes = {:default_port => self.class.const_get('DEFAULT_PORT')}.merge(attributes)
|
48
|
+
end
|
49
|
+
|
50
|
+
super(attributes,&block)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -21,33 +21,31 @@
|
|
21
21
|
#++
|
22
22
|
#
|
23
23
|
|
24
|
-
require 'ronin/
|
24
|
+
require 'ronin/arch'
|
25
25
|
|
26
26
|
module Ronin
|
27
27
|
module Model
|
28
28
|
module TargetsArch
|
29
29
|
def self.included(base)
|
30
30
|
base.module_eval do
|
31
|
-
# The
|
32
|
-
belongs_to :arch
|
33
|
-
:child_key => [:arch_id],
|
34
|
-
:class_name => 'Ronin::TargetedArch'
|
31
|
+
# The targeted architecture
|
32
|
+
belongs_to :arch
|
35
33
|
|
36
34
|
#
|
37
35
|
# Returns the current targeted arch if no _name_ is given. If a
|
38
|
-
# _name_ is given, a new
|
39
|
-
#
|
36
|
+
# _name_ is given, a new Arch object will be created with the
|
37
|
+
# given _name_ and associated with the target.
|
40
38
|
#
|
41
39
|
# target.arch
|
42
40
|
# # => nil
|
43
41
|
#
|
44
42
|
# target.arch :i686
|
45
|
-
# # => #<Ronin::
|
46
|
-
# #
|
43
|
+
# # => #<Ronin::Arch type=Ronin::Arch id=nil name="i686"
|
44
|
+
# # endian="little" address_length=4>
|
47
45
|
#
|
48
46
|
def arch(name=nil)
|
49
47
|
if name
|
50
|
-
return self.arch =
|
48
|
+
return self.arch = Arch[name]
|
51
49
|
else
|
52
50
|
return arch_association
|
53
51
|
end
|
@@ -21,33 +21,33 @@
|
|
21
21
|
#++
|
22
22
|
#
|
23
23
|
|
24
|
-
require 'ronin/
|
24
|
+
require 'ronin/os'
|
25
25
|
|
26
26
|
module Ronin
|
27
27
|
module Model
|
28
28
|
module TargetsOS
|
29
29
|
def self.included(base)
|
30
30
|
base.module_eval do
|
31
|
-
# The
|
31
|
+
# The targeted OS
|
32
32
|
belongs_to :os,
|
33
|
-
:child_key => [:
|
34
|
-
:class_name => 'Ronin::
|
33
|
+
:child_key => [:od_id],
|
34
|
+
:class_name => 'Ronin::OS'
|
35
35
|
|
36
36
|
#
|
37
37
|
# Returns the current targeted OS if no _arguments_ are given. If
|
38
|
-
# _arguments_ are given, a new
|
39
|
-
#
|
38
|
+
# _arguments_ are given, a new OS object will be created from the
|
39
|
+
# given _arguments_ and associated with the target.
|
40
40
|
#
|
41
41
|
# target.os
|
42
42
|
# # => nil
|
43
43
|
#
|
44
44
|
# target.os(:name => 'FreeBSD', :version => '7.1')
|
45
|
-
# # => #<Ronin::
|
46
|
-
# #
|
45
|
+
# # => #<Ronin::OS type=Ronin::OS id=nil name="FreeBSD"
|
46
|
+
# # version="7.1">
|
47
47
|
#
|
48
48
|
def os(*arguments)
|
49
49
|
unless arguments.empty?
|
50
|
-
return self.os =
|
50
|
+
return self.os = OS.first_or_create(*arguments)
|
51
51
|
else
|
52
52
|
return os_association
|
53
53
|
end
|
data/lib/ronin/payloads.rb
CHANGED
@@ -0,0 +1,32 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
module Ronin
|
25
|
+
class Arch
|
26
|
+
|
27
|
+
# The payloads which target the Arch
|
28
|
+
has n, :payloads,
|
29
|
+
:class_name => 'Ronin::Payloads::Payload'
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
|
4
|
+
# payload crafting functionality.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/payloads/binary_payload'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Payloads
|
28
|
+
class ASMPayload < BinaryPayload
|
29
|
+
|
30
|
+
contextify :ronin_asm_payload
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -21,6 +21,8 @@
|
|
21
21
|
#++
|
22
22
|
#
|
23
23
|
|
24
|
+
require 'ronin/model/has_name'
|
25
|
+
require 'ronin/model/has_description'
|
24
26
|
require 'ronin/model/targets_arch'
|
25
27
|
require 'ronin/model/targets_os'
|
26
28
|
require 'ronin/cacheable'
|
@@ -33,6 +35,8 @@ module Ronin
|
|
33
35
|
|
34
36
|
include Parameters
|
35
37
|
include Cacheable
|
38
|
+
include Model::HasName
|
39
|
+
include Model::HasDescription
|
36
40
|
include Model::TargetsArch
|
37
41
|
include Model::TargetsOS
|
38
42
|
|
@@ -41,36 +45,38 @@ module Ronin
|
|
41
45
|
# Primary key of the payload
|
42
46
|
property :id, Serial
|
43
47
|
|
44
|
-
#
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
48
|
+
#
|
49
|
+
# Creates a new Encoder object with the given _arguments_.
|
50
|
+
#
|
51
|
+
def initialize(*arguments)
|
52
|
+
super(*arguments)
|
49
53
|
|
50
|
-
|
51
|
-
|
54
|
+
initialize_params(*arguments)
|
55
|
+
end
|
52
56
|
|
53
57
|
#
|
54
|
-
#
|
58
|
+
# Default method which will encode the specified _data_.
|
59
|
+
# Returns the specified _data_ by default.
|
55
60
|
#
|
56
|
-
def
|
57
|
-
|
61
|
+
def call(data)
|
62
|
+
data
|
58
63
|
end
|
59
64
|
|
60
65
|
#
|
61
|
-
#
|
62
|
-
# _description_.
|
66
|
+
# Returns the name of the payload encoder.
|
63
67
|
#
|
64
|
-
def
|
65
|
-
self.
|
68
|
+
def to_s
|
69
|
+
self.name.to_s
|
66
70
|
end
|
67
71
|
|
68
72
|
#
|
69
|
-
#
|
70
|
-
# Returns the specified _data_ by default.
|
73
|
+
# Inspects the contents of the payload encoder.
|
71
74
|
#
|
72
|
-
def
|
73
|
-
|
75
|
+
def inspect
|
76
|
+
str = "#{self.class}: #{self}"
|
77
|
+
str << " #{self.params.inspect}" unless self.params.empty?
|
78
|
+
|
79
|
+
return "#<#{str}>"
|
74
80
|
end
|
75
81
|
|
76
82
|
end
|
@@ -21,7 +21,7 @@
|
|
21
21
|
#++
|
22
22
|
#
|
23
23
|
|
24
|
-
require 'ronin/payloads/helpers/exceptions/
|
24
|
+
require 'ronin/payloads/helpers/exceptions/not_implemented'
|
25
25
|
|
26
26
|
module Ronin
|
27
27
|
module Payloads
|
@@ -32,7 +32,7 @@ module Ronin
|
|
32
32
|
# otherwise.
|
33
33
|
#
|
34
34
|
def exists?(path)
|
35
|
-
raise(
|
35
|
+
raise(NotImplemented,"the exists? method has not been implemented",caller)
|
36
36
|
end
|
37
37
|
|
38
38
|
#
|
@@ -40,7 +40,7 @@ module Ronin
|
|
40
40
|
# otherwise.
|
41
41
|
#
|
42
42
|
def file?(path)
|
43
|
-
raise(
|
43
|
+
raise(NotImplemented,"the file? method has not been implemented",caller)
|
44
44
|
end
|
45
45
|
|
46
46
|
#
|
@@ -48,21 +48,21 @@ module Ronin
|
|
48
48
|
# +false+ otherwise.
|
49
49
|
#
|
50
50
|
def dir?(path)
|
51
|
-
raise(
|
51
|
+
raise(NotImplemented,"the dir? method has not been implemented",caller)
|
52
52
|
end
|
53
53
|
|
54
54
|
#
|
55
55
|
# Returns the contents of the directory at the specified _path_.
|
56
56
|
#
|
57
57
|
def dir(path)
|
58
|
-
raise(
|
58
|
+
raise(NotImplemented,"the dir method has not been implemented",caller)
|
59
59
|
end
|
60
60
|
|
61
61
|
#
|
62
62
|
# Returns all the paths matching the specified globbed _pattern_.
|
63
63
|
#
|
64
64
|
def glob(pattern)
|
65
|
-
raise(
|
65
|
+
raise(NotImplemented,"the glob method has not been implemented",caller)
|
66
66
|
end
|
67
67
|
|
68
68
|
#
|
@@ -90,7 +90,7 @@ module Ronin
|
|
90
90
|
# Returns the contents of the file at the specified _path_.
|
91
91
|
#
|
92
92
|
def read_file(path)
|
93
|
-
raise(
|
93
|
+
raise(NotImplemented,"the read_file method has not been implemented",caller)
|
94
94
|
end
|
95
95
|
|
96
96
|
#
|
@@ -98,7 +98,7 @@ module Ronin
|
|
98
98
|
# _path_.
|
99
99
|
#
|
100
100
|
def write_file(path,contents)
|
101
|
-
raise(
|
101
|
+
raise(NotImplemented,"the write_file method has not been implemented",caller)
|
102
102
|
end
|
103
103
|
|
104
104
|
#
|
@@ -106,7 +106,7 @@ module Ronin
|
|
106
106
|
# _path_.
|
107
107
|
#
|
108
108
|
def append_file(path,contents)
|
109
|
-
raise(
|
109
|
+
raise(NotImplemented,"the append_file method has not been implemented",caller)
|
110
110
|
end
|
111
111
|
|
112
112
|
#
|
@@ -120,21 +120,21 @@ module Ronin
|
|
120
120
|
# Removes the file at the specified _path_.
|
121
121
|
#
|
122
122
|
def rm(path)
|
123
|
-
raise(
|
123
|
+
raise(NotImplemented,"the rm method has not been implemented",caller)
|
124
124
|
end
|
125
125
|
|
126
126
|
#
|
127
127
|
# Removes the directory at the specified _path_.
|
128
128
|
#
|
129
129
|
def rmdir(path)
|
130
|
-
raise(
|
130
|
+
raise(NotImplemented,"the rmdir method has not been implemented",caller)
|
131
131
|
end
|
132
132
|
|
133
133
|
#
|
134
134
|
# Recursively removes the file or directory at the specified _path_.
|
135
135
|
#
|
136
136
|
def rm_r(path)
|
137
|
-
raise(
|
137
|
+
raise(NotImplemented,"the rm_r method has not been implemented",caller)
|
138
138
|
end
|
139
139
|
|
140
140
|
protected
|
@@ -21,7 +21,7 @@
|
|
21
21
|
#++
|
22
22
|
#
|
23
23
|
|
24
|
-
require 'ronin/payloads/helpers/exceptions/
|
24
|
+
require 'ronin/payloads/helpers/exceptions/not_implemented'
|
25
25
|
|
26
26
|
module Ronin
|
27
27
|
module Payloads
|
@@ -34,7 +34,7 @@ module Ronin
|
|
34
34
|
#
|
35
35
|
def self.expose_method(name)
|
36
36
|
define_method(name) do |*arguments|
|
37
|
-
|
37
|
+
call_method(name,*arguments)
|
38
38
|
end
|
39
39
|
end
|
40
40
|
end
|
@@ -44,22 +44,22 @@ module Ronin
|
|
44
44
|
# Calls the specified _method_ with the given _arguments_.
|
45
45
|
# Returns the return-value of the method-call.
|
46
46
|
#
|
47
|
-
def
|
48
|
-
raise(
|
47
|
+
def call_method(method,*arguments)
|
48
|
+
raise(NotImplemented,"the call method is unimplemented",caller)
|
49
49
|
end
|
50
50
|
|
51
51
|
#
|
52
52
|
# Evaluates the specified _code_.
|
53
53
|
#
|
54
54
|
def eval(code)
|
55
|
-
|
55
|
+
call_method(:eval,code)
|
56
56
|
end
|
57
57
|
|
58
58
|
#
|
59
59
|
# Exits with the given _status_.
|
60
60
|
#
|
61
61
|
def exit(status=0)
|
62
|
-
|
62
|
+
call_method(:exit,status)
|
63
63
|
end
|
64
64
|
|
65
65
|
protected
|
@@ -72,7 +72,7 @@ module Ronin
|
|
72
72
|
name = name.to_s
|
73
73
|
|
74
74
|
if (name[-1..-1] != '=' && block.nil?)
|
75
|
-
return
|
75
|
+
return call_method(name,*arguments)
|
76
76
|
end
|
77
77
|
|
78
78
|
return super(name,*arguments,&block)
|