ronin-exploits 0.2.1 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (187) hide show
  1. data.tar.gz.sig +0 -0
  2. data/History.txt +122 -0
  3. data/Manifest.txt +110 -20
  4. data/README.txt +112 -31
  5. data/Rakefile +12 -1
  6. data/bin/ronin-exploit +12 -0
  7. data/bin/ronin-exploits +1 -1
  8. data/bin/ronin-gen-binary-payload +12 -0
  9. data/bin/ronin-gen-exploit +12 -0
  10. data/bin/ronin-gen-ftp-exploit +12 -0
  11. data/bin/ronin-gen-http-exploit +12 -0
  12. data/bin/ronin-gen-local-exploit +12 -0
  13. data/bin/ronin-gen-nops +12 -0
  14. data/bin/ronin-gen-payload +12 -0
  15. data/bin/ronin-gen-remote-exploit +12 -0
  16. data/bin/ronin-gen-remote-tcp-exploit +12 -0
  17. data/bin/ronin-gen-remote-udp-exploit +12 -0
  18. data/bin/ronin-gen-shellcode +12 -0
  19. data/bin/ronin-gen-web-exploit +12 -0
  20. data/bin/ronin-payload +1 -1
  21. data/bin/ronin-payloads +1 -1
  22. data/lib/ronin/controls.rb +23 -0
  23. data/lib/ronin/controls/behaviors.rb +133 -0
  24. data/lib/ronin/{payloads/helpers → controls}/exceptions.rb +2 -4
  25. data/lib/ronin/{payloads/arch.rb → controls/exceptions/not_implemented.rb} +3 -8
  26. data/lib/ronin/controls/exceptions/program_not_found.rb +27 -0
  27. data/lib/ronin/controls/file_system.rb +145 -0
  28. data/lib/ronin/{exploits/os.rb → controls/helpers.rb} +12 -13
  29. data/lib/ronin/controls/helpers/command_exec.rb +143 -0
  30. data/lib/ronin/controls/helpers/dir_create.rb +42 -0
  31. data/lib/ronin/controls/helpers/dir_listing.rb +62 -0
  32. data/lib/ronin/controls/helpers/dir_remove.rb +42 -0
  33. data/lib/ronin/controls/helpers/file_ctime.rb +52 -0
  34. data/lib/ronin/controls/helpers/file_mtime.rb +53 -0
  35. data/lib/ronin/controls/helpers/file_ownership.rb +53 -0
  36. data/lib/ronin/controls/helpers/file_read.rb +62 -0
  37. data/lib/ronin/controls/helpers/file_remove.rb +51 -0
  38. data/lib/ronin/controls/helpers/file_write.rb +62 -0
  39. data/lib/ronin/controls/helpers/memory_read.rb +39 -0
  40. data/lib/ronin/controls/helpers/memory_write.rb +39 -0
  41. data/lib/ronin/exploits.rb +0 -2
  42. data/lib/ronin/exploits/{allow.rb → control.rb} +5 -9
  43. data/lib/ronin/exploits/exceptions.rb +1 -2
  44. data/lib/ronin/exploits/exceptions/exception.rb +27 -0
  45. data/lib/ronin/exploits/exceptions/exploit_not_built.rb +3 -3
  46. data/lib/ronin/exploits/exceptions/payload_size.rb +3 -3
  47. data/lib/ronin/exploits/exceptions/restricted_char.rb +3 -3
  48. data/lib/ronin/exploits/exceptions/target_data_missing.rb +3 -3
  49. data/lib/ronin/exploits/exceptions/target_unspecified.rb +3 -3
  50. data/lib/ronin/exploits/exceptions/unknown_helper.rb +3 -3
  51. data/lib/ronin/exploits/exploit.rb +449 -92
  52. data/lib/ronin/exploits/exploit_author.rb +2 -3
  53. data/lib/ronin/exploits/ftp.rb +7 -2
  54. data/lib/ronin/exploits/helpers.rb +0 -2
  55. data/lib/ronin/exploits/helpers/binary.rb +11 -5
  56. data/lib/ronin/exploits/helpers/buffer_overflow.rb +38 -25
  57. data/lib/ronin/exploits/helpers/file_based.rb +29 -30
  58. data/lib/ronin/exploits/helpers/format_string.rb +34 -24
  59. data/lib/ronin/exploits/helpers/padding.rb +33 -16
  60. data/lib/ronin/exploits/http.rb +9 -4
  61. data/lib/ronin/exploits/local.rb +8 -2
  62. data/lib/ronin/exploits/remote.rb +8 -2
  63. data/lib/ronin/exploits/remote_tcp.rb +26 -8
  64. data/lib/ronin/exploits/remote_udp.rb +26 -8
  65. data/lib/ronin/exploits/target.rb +41 -30
  66. data/lib/ronin/exploits/targets.rb +0 -2
  67. data/lib/ronin/exploits/targets/buffer_overflow.rb +0 -2
  68. data/lib/ronin/exploits/targets/format_string.rb +0 -2
  69. data/lib/ronin/exploits/verifiers.rb +45 -16
  70. data/lib/ronin/exploits/version.rb +1 -3
  71. data/lib/ronin/exploits/web.rb +18 -6
  72. data/lib/ronin/generators/exploits.rb +23 -0
  73. data/lib/ronin/generators/exploits/exploit.rb +70 -0
  74. data/lib/ronin/generators/exploits/ftp.rb +42 -0
  75. data/lib/ronin/generators/exploits/http.rb +42 -0
  76. data/lib/ronin/generators/exploits/local.rb +42 -0
  77. data/lib/ronin/generators/exploits/remote.rb +42 -0
  78. data/lib/ronin/generators/exploits/remote_tcp.rb +44 -0
  79. data/lib/ronin/generators/exploits/remote_udp.rb +44 -0
  80. data/lib/ronin/{exploits/arch.rb → generators/exploits/static.rb} +5 -9
  81. data/lib/ronin/generators/exploits/web.rb +45 -0
  82. data/lib/ronin/generators/payloads.rb +23 -0
  83. data/lib/ronin/generators/payloads/binary_payload.rb +42 -0
  84. data/lib/ronin/generators/payloads/nops.rb +42 -0
  85. data/lib/ronin/generators/payloads/payload.rb +66 -0
  86. data/lib/ronin/generators/payloads/shellcode.rb +42 -0
  87. data/lib/ronin/generators/payloads/static.rb +30 -0
  88. data/lib/ronin/model/has_default_port.rb +6 -6
  89. data/lib/ronin/model/targets_arch.rb +18 -7
  90. data/lib/ronin/model/targets_os.rb +18 -8
  91. data/lib/ronin/model/targets_product.rb +68 -0
  92. data/lib/ronin/payloads.rb +0 -2
  93. data/lib/ronin/payloads/asm_payload.rb +8 -2
  94. data/lib/ronin/payloads/binary_payload.rb +8 -2
  95. data/lib/ronin/payloads/control.rb +1 -5
  96. data/lib/ronin/payloads/encoders.rb +1 -2
  97. data/lib/ronin/payloads/encoders/encoder.rb +92 -0
  98. data/lib/ronin/payloads/encoders/xor.rb +4 -6
  99. data/lib/ronin/payloads/exceptions.rb +1 -2
  100. data/lib/ronin/payloads/{helpers/exceptions/not_implemented.rb → exceptions/exception.rb} +1 -5
  101. data/lib/ronin/payloads/{helpers/exceptions/program_not_found.rb → exceptions/not_implemented.rb} +3 -5
  102. data/lib/ronin/payloads/exceptions/unknown_helper.rb +3 -3
  103. data/lib/ronin/payloads/has_payload.rb +111 -0
  104. data/lib/ronin/payloads/helpers.rb +1 -4
  105. data/lib/ronin/payloads/helpers/chained.rb +61 -0
  106. data/lib/ronin/payloads/helpers/rpc.rb +31 -21
  107. data/lib/ronin/payloads/nops.rb +7 -2
  108. data/lib/ronin/payloads/payload.rb +144 -85
  109. data/lib/ronin/payloads/payload_author.rb +2 -3
  110. data/lib/ronin/payloads/shellcode.rb +8 -5
  111. data/lib/ronin/payloads/web_payload.rb +8 -2
  112. data/lib/ronin/ui/command_line/commands/exploit.rb +193 -0
  113. data/lib/ronin/ui/command_line/commands/exploits.rb +102 -25
  114. data/lib/ronin/ui/command_line/commands/gen_binary_payload.rb +34 -0
  115. data/lib/ronin/ui/command_line/commands/gen_exploit.rb +34 -0
  116. data/lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb +34 -0
  117. data/lib/ronin/ui/command_line/commands/gen_http_exploit.rb +34 -0
  118. data/lib/ronin/ui/command_line/commands/gen_local_exploit.rb +34 -0
  119. data/lib/ronin/{exploits/license.rb → ui/command_line/commands/gen_nops.rb} +8 -8
  120. data/lib/ronin/ui/command_line/commands/gen_payload.rb +34 -0
  121. data/lib/ronin/ui/command_line/commands/gen_remote_exploit.rb +34 -0
  122. data/lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb +34 -0
  123. data/lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb +34 -0
  124. data/lib/ronin/ui/command_line/commands/gen_shellcode.rb +34 -0
  125. data/lib/ronin/ui/command_line/commands/gen_web_exploit.rb +34 -0
  126. data/lib/ronin/ui/command_line/commands/payload.rb +73 -50
  127. data/lib/ronin/ui/command_line/commands/payloads.rb +78 -23
  128. data/lib/ronin/vuln/behavior.rb +101 -28
  129. data/spec/controls/behaviors_examples.rb +38 -0
  130. data/spec/exploits/exploit_spec.rb +177 -23
  131. data/spec/exploits/file_based_exploit_spec.rb +16 -7
  132. data/spec/exploits/remote_tcp_spec.rb +1 -1
  133. data/spec/exploits/remote_udp_spec.rb +1 -1
  134. data/spec/generators/exploits/exploit_examples.rb +24 -0
  135. data/spec/generators/exploits/exploit_spec.rb +42 -0
  136. data/spec/generators/exploits/ftp_spec.rb +42 -0
  137. data/spec/generators/exploits/http_spec.rb +42 -0
  138. data/spec/generators/exploits/local_spec.rb +42 -0
  139. data/spec/generators/exploits/remote_spec.rb +42 -0
  140. data/spec/generators/exploits/remote_tcp_spec.rb +47 -0
  141. data/spec/generators/exploits/remote_udp_spec.rb +47 -0
  142. data/spec/generators/exploits/web_spec.rb +52 -0
  143. data/spec/generators/payloads/binary_payload_spec.rb +31 -0
  144. data/spec/generators/payloads/nops_spec.rb +31 -0
  145. data/spec/generators/payloads/payload_examples.rb +16 -0
  146. data/spec/generators/payloads/payload_spec.rb +31 -0
  147. data/spec/generators/payloads/shellcode_spec.rb +31 -0
  148. data/spec/model/models/targets_product_model.rb +11 -0
  149. data/spec/model/targets_arch_spec.rb +11 -1
  150. data/spec/model/targets_os_spec.rb +11 -1
  151. data/spec/model/targets_product_spec.rb +35 -0
  152. data/spec/objects/exploits/{test.rb → simple.rb} +1 -1
  153. data/spec/objects/payloads/{test.rb → simple.rb} +6 -2
  154. data/spec/payloads/encoders/encoder_spec.rb +30 -0
  155. data/spec/payloads/encoders/xor_spec.rb +1 -1
  156. data/spec/payloads/payload_spec.rb +41 -43
  157. data/spec/spec_helper.rb +4 -1
  158. data/static/ronin/generators/exploits/_cache.erb +14 -0
  159. data/static/ronin/generators/exploits/_header.erb +1 -0
  160. data/static/ronin/generators/exploits/_helpers.erb +4 -0
  161. data/static/ronin/generators/exploits/exploit.erb +24 -0
  162. data/static/ronin/generators/exploits/ftp.erb +24 -0
  163. data/static/ronin/generators/exploits/http.erb +26 -0
  164. data/static/ronin/generators/exploits/local.erb +24 -0
  165. data/static/ronin/generators/exploits/remote.erb +24 -0
  166. data/static/ronin/generators/exploits/remote_tcp.erb +26 -0
  167. data/static/ronin/generators/exploits/remote_udp.erb +26 -0
  168. data/static/ronin/generators/exploits/web.erb +28 -0
  169. data/static/ronin/generators/payloads/_cache.erb +10 -0
  170. data/static/ronin/generators/payloads/_header.erb +1 -0
  171. data/static/ronin/generators/payloads/_helpers.erb +2 -0
  172. data/static/ronin/generators/payloads/binary_payload.erb +25 -0
  173. data/static/ronin/generators/payloads/nops.erb +19 -0
  174. data/static/ronin/generators/payloads/payload.erb +25 -0
  175. data/static/ronin/generators/payloads/shellcode.erb +25 -0
  176. data/tasks/spec.rb +1 -0
  177. data/tasks/yard.rb +13 -0
  178. metadata +162 -30
  179. metadata.gz.sig +0 -0
  180. data/TODO.txt +0 -22
  181. data/lib/ronin/exploits/product.rb +0 -34
  182. data/lib/ronin/payloads/encoder.rb +0 -84
  183. data/lib/ronin/payloads/helpers/file_system.rb +0 -187
  184. data/lib/ronin/payloads/helpers/shell.rb +0 -91
  185. data/lib/ronin/payloads/license.rb +0 -34
  186. data/lib/ronin/payloads/os.rb +0 -34
  187. data/spec/payloads/encoder_spec.rb +0 -30
data.tar.gz.sig CHANGED
Binary file
data/History.txt CHANGED
@@ -1,3 +1,125 @@
1
+ === 0.3.0 / 2009-09-24
2
+
3
+ * Require ronin >= 0.3.0.
4
+ * Require ronin-gen >= 0.2.0.
5
+ * Require rspec >= 1.2.8.
6
+ * Require yard >= 0.2.3.5.
7
+ * Added Ronin::Vuln::Behavior.drop_privileges.
8
+ * Added Ronin::Vuln::Behavior.exit_program.
9
+ * Added Ronin::Vuln::Behavior.crash_program.
10
+ * Added Ronin::Controls.
11
+ * Added Ronin::Controls::Behaviors.
12
+ * Added Ronin::Controls::Helpers.
13
+ * Added Ronin::Controls::Helpers::CommandExec.
14
+ * Added Ronin::Controls::Helpers::DirCreate.
15
+ * Added Ronin::Controls::Helpers::DirListing.
16
+ * Added Ronin::Controls::Helpers::DirRemove.
17
+ * Added Ronin::Controls::Helpers::FileCtime.
18
+ * Added Ronin::Controls::Helpers::FileMtime.
19
+ * Added Ronin::Controls::Helpers::FileOwnership.
20
+ * Added Ronin::Controls::Helpers::FileRead.
21
+ * Added Ronin::Controls::Helpers::FileRemove.
22
+ * Added Ronin::Controls::Helpers::FileWrite.
23
+ * Added Ronin::Controls::Helpers::MemoryRead.
24
+ * Added Ronin::Controls::Helpers::MemoryWrite.
25
+ * Added Ronin::Model::TargetsProduct.
26
+ * Added Ronin::Exploits::Exploit#target=.
27
+ * Added Ronin::Exploits::Exploit#payload=.
28
+ * Added Ronin::Exploits::Exploit#raw_payload=.
29
+ * Added Ronin::Exploits::Exploit#build_payload!.
30
+ * Added Ronin::Payloads::HasPayload.
31
+ * Added Ronin::Payloads::Helpers::Chained
32
+ * Added Ronin::Generators::Exploits.
33
+ * Added Ronin::Generators::Exploits::Exploit.
34
+ * Added Ronin::Generators::Exploits::Local.
35
+ * Added Ronin::Generators::Exploits::Remote.
36
+ * Added Ronin::Generators::Exploits::RemoteTCP.
37
+ * Added Ronin::Generators::Exploits::RemoteUDP.
38
+ * Added Ronin::Generators::Exploits::FTP.
39
+ * Added Ronin::Generators::Exploits::HTTP.
40
+ * Added Ronin::Generators::Exploits::Web.
41
+ * Added Ronin::Generators::Payloads.
42
+ * Added Ronin::Generators::Payloads::Payload.
43
+ * Added Ronin::Generators::Payloads::BinaryPayload.
44
+ * Added Ronin::Generators::Payloads::Shellcode.
45
+ * Added Ronin::Generators::Payloads::Nops.
46
+ * Added Ronin::UI::CommandLine::Commands::Exploit.
47
+ * Added Ronin::UI::CommandLine::Commands::Exploits.
48
+ * Added Ronin::UI::CommandLine::Commands::Payload.
49
+ * Added Ronin::UI::CommandLine::Commands::Payloads.
50
+ * Added Ronin::UI::CommandLine::Commands::GenExploit.
51
+ * Added Ronin::UI::CommandLine::Commands::GenLocalExploit.
52
+ * Added Ronin::UI::CommandLine::Commands::GenRemoteExploit.
53
+ * Added Ronin::UI::CommandLine::Commands::GenRemoteTcpExploit.
54
+ * Added Ronin::UI::CommandLine::Commands::GenRemoteUdpExploit.
55
+ * Added Ronin::UI::CommandLine::Commands::GenFtpExploit.
56
+ * Added Ronin::UI::CommandLine::Commands::GenHttpExploit.
57
+ * Added Ronin::UI::CommandLine::Commands::GenWebExploit.
58
+ * Added Ronin::UI::CommandLine::Commands::GenPayload.
59
+ * Added Ronin::UI::CommandLine::Commands::GenBinaryPayload.
60
+ * Added Ronin::UI::CommandLine::Commands::GenShellcode.
61
+ * Added Ronin::UI::CommandLine::Commands::GenNops.
62
+ * Added the ronin-exploit script.
63
+ * Added the ronin-exploits script.
64
+ * Added the ronin-payload script.
65
+ * Added the ronin-payloads script.
66
+ * Added the ronin-gen-exploit script.
67
+ * Added the ronin-gen-local-exploit script.
68
+ * Added the ronin-gen-remote-exploit script.
69
+ * Added the ronin-gen-remote-tcp-exploit script.
70
+ * Added the ronin-gen-remote-udp-exploit script.
71
+ * Added the ronin-gen-ftp-exploit script.
72
+ * Added the ronin-gen-http-exploit script.
73
+ * Added the ronin-gen-payload script.
74
+ * Added the ronin-gen-binary-payload script.
75
+ * Added the ronin-gen-shellcode script.
76
+ * Added the ronin-gen-nops script.
77
+ * Renamed Ronin::Vuln::Behavior.priv_escalation to gain_privileges.
78
+ * Renamed Ronin::Exploits::Exploit#select_target to use_target!.
79
+ * Renamed Ronin::Exploits::Exploit#call to exploit!.
80
+ * Renamed Ronin::Exploits::Exploit#encode_with to encode_payload.
81
+ * Renamed Ronin::Payloads::Encoder to Ronin::Payloads::Encoders::Encoder.
82
+ * Renamed Ronin::Payloads::Encoders::Encoder#call to encode.
83
+ * Renamed Ronin::Exploits::Exploit#encoded_payload=.
84
+ * Removed Ronin::Payloads::Payload#payload to raw_payload.
85
+ * Removed Ronin::Payloads::Payload#call.
86
+ * Moved to YARD based documentation.
87
+ * Updated the project summary and 3-point description for Ronin Exploits.
88
+ * Ronin::Model::TargetsArch now auto-defines a relationship with Arch.
89
+ * Ronin::Model::TargetsOS now auto-defines a relationship with OS.
90
+ * Ronin::Model::TargetsProduct now auto-defines a relationship with Product.
91
+ * Refactored Ronin::Exploits::Exploit.
92
+ * Include Ronin::Controls::Behaviors into Ronin::Exploits::Exploit.
93
+ * Made Ronin::Exploits::Exploit#to_s more robust.
94
+ * Safely load exploit helpers using the new require_within method.
95
+ * Allow Ronin::Exploits::Exploit#encode_payload to accept a block, which
96
+ will be used to encode the payload.
97
+ * No longer allow the payload to be directly passed to
98
+ Ronin::Exploits::Exploit#build!.
99
+ * Allow an index or query to be passed to
100
+ Ronin::Exploits::Exploit#use_target!.
101
+ * Have Ronin::Exploits::Exploit#build_payload! only reset @raw_payload
102
+ if a payload is set.
103
+ * Make sure Ronin::Exploits::Exploit#encode_payload! cannot set the
104
+ encoded_payload to nil.
105
+ * Allow Ronin::Exploits::Exploit#encode_payload! to use either
106
+ Ronin::Payloads::Encoders::Encoder or Proc objects.
107
+ * Allow Ronin::Exploits::Exploit#build_payload! to pass options to
108
+ Ronin::Payloads::Payload#build!.
109
+ * Allow Ronin::Exploits::Exploit#build! to pass options to
110
+ Ronin::Exploits::Exploit#build_payload!.
111
+ * Ronin::Exploits::Exploit#deploy! no longer receives options.
112
+ * Allow Ronin::Exploits::Exploit#exploit! to accept a :dry_run option,
113
+ which will cause the exploit to be built but *not* deployed.
114
+ * Default the @buffer instance variable to an empty String, in
115
+ Ronin::Exploits::Helpers::BufferOverflow.
116
+ * Default the @format_string instance variable to an empty String, in
117
+ Ronin::Exploits::Helpers::FormatString.
118
+ * Refactored Ronin::Payloads::Payload.
119
+ * Include Ronin::Controls::Behaviors into Ronin::Payloads::Payload.
120
+ * Made Ronin::Payloads::Payload#to_s more robust.
121
+ * Safely load payload helpers using the new require_within method.
122
+
1
123
  === 0.2.1 / 2009-07-02
2
124
 
3
125
  * Use Hoe >= 2.0.0.
data/Manifest.txt CHANGED
@@ -3,26 +3,55 @@ COPYING.txt
3
3
  Manifest.txt
4
4
  README.txt
5
5
  Rakefile
6
- TODO.txt
7
6
  bin/ronin-payload
7
+ bin/ronin-exploit
8
8
  bin/ronin-payloads
9
9
  bin/ronin-exploits
10
+ bin/ronin-gen-exploit
11
+ bin/ronin-gen-local-exploit
12
+ bin/ronin-gen-remote-exploit
13
+ bin/ronin-gen-remote-tcp-exploit
14
+ bin/ronin-gen-remote-udp-exploit
15
+ bin/ronin-gen-http-exploit
16
+ bin/ronin-gen-ftp-exploit
17
+ bin/ronin-gen-web-exploit
18
+ bin/ronin-gen-payload
19
+ bin/ronin-gen-binary-payload
20
+ bin/ronin-gen-shellcode
21
+ bin/ronin-gen-nops
10
22
  lib/ronin/model/has_default_port.rb
11
23
  lib/ronin/model/targets_arch.rb
12
24
  lib/ronin/model/targets_os.rb
25
+ lib/ronin/model/targets_product.rb
13
26
  lib/ronin/vuln/behavior.rb
27
+ lib/ronin/controls.rb
28
+ lib/ronin/controls/exceptions.rb
29
+ lib/ronin/controls/exceptions/not_implemented.rb
30
+ lib/ronin/controls/exceptions/program_not_found.rb
31
+ lib/ronin/controls/behaviors.rb
32
+ lib/ronin/controls/file_system.rb
33
+ lib/ronin/controls/helpers.rb
34
+ lib/ronin/controls/helpers/memory_read.rb
35
+ lib/ronin/controls/helpers/memory_write.rb
36
+ lib/ronin/controls/helpers/file_read.rb
37
+ lib/ronin/controls/helpers/file_write.rb
38
+ lib/ronin/controls/helpers/file_remove.rb
39
+ lib/ronin/controls/helpers/file_ownership.rb
40
+ lib/ronin/controls/helpers/file_mtime.rb
41
+ lib/ronin/controls/helpers/file_ctime.rb
42
+ lib/ronin/controls/helpers/dir_listing.rb
43
+ lib/ronin/controls/helpers/dir_create.rb
44
+ lib/ronin/controls/helpers/dir_remove.rb
45
+ lib/ronin/controls/helpers/command_exec.rb
14
46
  lib/ronin/exploits.rb
15
47
  lib/ronin/exploits/exceptions.rb
48
+ lib/ronin/exploits/exceptions/exception.rb
16
49
  lib/ronin/exploits/exceptions/unknown_helper.rb
17
50
  lib/ronin/exploits/exceptions/target_unspecified.rb
18
51
  lib/ronin/exploits/exceptions/target_data_missing.rb
19
52
  lib/ronin/exploits/exceptions/exploit_not_built.rb
20
53
  lib/ronin/exploits/exceptions/restricted_char.rb
21
54
  lib/ronin/exploits/exceptions/payload_size.rb
22
- lib/ronin/exploits/arch.rb
23
- lib/ronin/exploits/os.rb
24
- lib/ronin/exploits/license.rb
25
- lib/ronin/exploits/product.rb
26
55
  lib/ronin/exploits/verifiers.rb
27
56
  lib/ronin/exploits/helpers.rb
28
57
  lib/ronin/exploits/helpers/file_based.rb
@@ -33,7 +62,7 @@ lib/ronin/exploits/helpers/format_string.rb
33
62
  lib/ronin/exploits/targets.rb
34
63
  lib/ronin/exploits/targets/buffer_overflow.rb
35
64
  lib/ronin/exploits/targets/format_string.rb
36
- lib/ronin/exploits/allow.rb
65
+ lib/ronin/exploits/control.rb
37
66
  lib/ronin/exploits/target.rb
38
67
  lib/ronin/exploits/exploit.rb
39
68
  lib/ronin/exploits/exploit_author.rb
@@ -47,20 +76,16 @@ lib/ronin/exploits/web.rb
47
76
  lib/ronin/exploits/version.rb
48
77
  lib/ronin/payloads.rb
49
78
  lib/ronin/payloads/exceptions.rb
79
+ lib/ronin/payloads/exceptions/exception.rb
50
80
  lib/ronin/payloads/exceptions/unknown_helper.rb
51
- lib/ronin/payloads/license.rb
52
- lib/ronin/payloads/arch.rb
53
- lib/ronin/payloads/os.rb
54
- lib/ronin/payloads/encoder.rb
55
- lib/ronin/payloads/encoders.rb
56
- lib/ronin/payloads/encoders/xor.rb
81
+ lib/ronin/payloads/exceptions/not_implemented.rb
57
82
  lib/ronin/payloads/helpers.rb
58
- lib/ronin/payloads/helpers/exceptions.rb
59
- lib/ronin/payloads/helpers/exceptions/not_implemented.rb
60
- lib/ronin/payloads/helpers/exceptions/program_not_found.rb
61
- lib/ronin/payloads/helpers/file_system.rb
62
- lib/ronin/payloads/helpers/shell.rb
83
+ lib/ronin/payloads/helpers/chained.rb
63
84
  lib/ronin/payloads/helpers/rpc.rb
85
+ lib/ronin/payloads/encoders.rb
86
+ lib/ronin/payloads/encoders/encoder.rb
87
+ lib/ronin/payloads/encoders/xor.rb
88
+ lib/ronin/payloads/has_payload.rb
64
89
  lib/ronin/payloads/control.rb
65
90
  lib/ronin/payloads/payload_author.rb
66
91
  lib/ronin/payloads/payload.rb
@@ -69,25 +94,76 @@ lib/ronin/payloads/asm_payload.rb
69
94
  lib/ronin/payloads/nops.rb
70
95
  lib/ronin/payloads/shellcode.rb
71
96
  lib/ronin/payloads/web_payload.rb
97
+ lib/ronin/generators/exploits.rb
98
+ lib/ronin/generators/exploits/exploit.rb
99
+ lib/ronin/generators/exploits/local.rb
100
+ lib/ronin/generators/exploits/remote.rb
101
+ lib/ronin/generators/exploits/remote_tcp.rb
102
+ lib/ronin/generators/exploits/remote_udp.rb
103
+ lib/ronin/generators/exploits/http.rb
104
+ lib/ronin/generators/exploits/ftp.rb
105
+ lib/ronin/generators/exploits/web.rb
106
+ lib/ronin/generators/exploits/static.rb
107
+ lib/ronin/generators/payloads.rb
108
+ lib/ronin/generators/payloads/payload.rb
109
+ lib/ronin/generators/payloads/binary_payload.rb
110
+ lib/ronin/generators/payloads/shellcode.rb
111
+ lib/ronin/generators/payloads/nops.rb
112
+ lib/ronin/generators/payloads/static.rb
72
113
  lib/ronin/ui/command_line/commands/payload.rb
114
+ lib/ronin/ui/command_line/commands/exploit.rb
73
115
  lib/ronin/ui/command_line/commands/payloads.rb
74
116
  lib/ronin/ui/command_line/commands/exploits.rb
117
+ lib/ronin/ui/command_line/commands/gen_exploit.rb
118
+ lib/ronin/ui/command_line/commands/gen_local_exploit.rb
119
+ lib/ronin/ui/command_line/commands/gen_remote_exploit.rb
120
+ lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb
121
+ lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb
122
+ lib/ronin/ui/command_line/commands/gen_http_exploit.rb
123
+ lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb
124
+ lib/ronin/ui/command_line/commands/gen_web_exploit.rb
125
+ lib/ronin/ui/command_line/commands/gen_payload.rb
126
+ lib/ronin/ui/command_line/commands/gen_binary_payload.rb
127
+ lib/ronin/ui/command_line/commands/gen_shellcode.rb
128
+ lib/ronin/ui/command_line/commands/gen_nops.rb
75
129
  tasks/spec.rb
130
+ tasks/yard.rb
131
+ static/ronin/generators/exploits/_header.erb
132
+ static/ronin/generators/exploits/_helpers.erb
133
+ static/ronin/generators/exploits/_cache.erb
134
+ static/ronin/generators/exploits/exploit.erb
135
+ static/ronin/generators/exploits/local.erb
136
+ static/ronin/generators/exploits/remote.erb
137
+ static/ronin/generators/exploits/remote_tcp.erb
138
+ static/ronin/generators/exploits/remote_udp.erb
139
+ static/ronin/generators/exploits/http.erb
140
+ static/ronin/generators/exploits/ftp.erb
141
+ static/ronin/generators/exploits/web.erb
142
+ static/ronin/generators/payloads/_header.erb
143
+ static/ronin/generators/payloads/_helpers.erb
144
+ static/ronin/generators/payloads/_cache.erb
145
+ static/ronin/generators/payloads/payload.erb
146
+ static/ronin/generators/payloads/binary_payload.erb
147
+ static/ronin/generators/payloads/shellcode.erb
148
+ static/ronin/generators/payloads/nops.erb
76
149
  spec/spec_helper.rb
77
150
  spec/helpers/database.rb
78
151
  spec/helpers/objects.rb
79
- spec/objects/exploits/test.rb
152
+ spec/objects/exploits/simple.rb
80
153
  spec/objects/exploits/example.rb
81
- spec/objects/payloads/test.rb
154
+ spec/objects/payloads/simple.rb
82
155
  spec/exploits_spec.rb
83
156
  spec/model/models/default_port_model.rb
84
157
  spec/model/models/non_default_port_model.rb
85
158
  spec/model/models/targets_arch_model.rb
86
159
  spec/model/models/targets_os_model.rb
160
+ spec/model/models/targets_product_model.rb
87
161
  spec/model/has_default_port_spec.rb
88
162
  spec/model/targets_arch_spec.rb
89
163
  spec/model/targets_os_spec.rb
164
+ spec/model/targets_product_spec.rb
90
165
  spec/vuln/behavior_spec.rb
166
+ spec/controls/behaviors_examples.rb
91
167
  spec/exploits/targets/buffer_overflow_spec.rb
92
168
  spec/exploits/target_spec.rb
93
169
  spec/exploits/exploit_spec.rb
@@ -101,6 +177,20 @@ spec/exploits/binary_exploit_spec.rb
101
177
  spec/exploits/padding_exploit_spec.rb
102
178
  spec/exploits/buffer_overflow_exploit_spec.rb
103
179
  spec/exploits/format_string_exploit_spec.rb
104
- spec/payloads/encoder_spec.rb
180
+ spec/payloads/encoders/encoder_spec.rb
105
181
  spec/payloads/encoders/xor_spec.rb
106
182
  spec/payloads/payload_spec.rb
183
+ spec/generators/exploits/exploit_examples.rb
184
+ spec/generators/exploits/exploit_spec.rb
185
+ spec/generators/exploits/local_spec.rb
186
+ spec/generators/exploits/remote_spec.rb
187
+ spec/generators/exploits/remote_tcp_spec.rb
188
+ spec/generators/exploits/remote_udp_spec.rb
189
+ spec/generators/exploits/http_spec.rb
190
+ spec/generators/exploits/ftp_spec.rb
191
+ spec/generators/exploits/web_spec.rb
192
+ spec/generators/payloads/payload_examples.rb
193
+ spec/generators/payloads/payload_spec.rb
194
+ spec/generators/payloads/binary_payload_spec.rb
195
+ spec/generators/payloads/shellcode_spec.rb
196
+ spec/generators/payloads/nops_spec.rb
data/README.txt CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  * http://ronin.rubyforge.org/exploits/
4
4
  * http://github.com/postmodern/ronin-exploits
5
- * irc.freenode.net ##ronin
5
+ * irc.freenode.net #ronin
6
6
  * Postmodern (postmodern.mod3 at gmail.com)
7
7
 
8
8
  == DESCRIPTION:
@@ -10,61 +10,131 @@
10
10
  Ronin Exploits is a Ruby library for Ronin that provides exploitation and
11
11
  payload crafting functionality.
12
12
 
13
- Ronin is a Ruby platform designed for information security and data
14
- exploration tasks. Ronin allows for the rapid development and distribution
15
- of code over many of the common Source-Code-Management (SCM) systems.
13
+ Ronin is a Ruby platform for exploit development and security research.
14
+ Ronin allows for the rapid development and distribution of code, exploits
15
+ or payloads over many common Source-Code-Management (SCM) systems.
16
16
 
17
- === Free
17
+ === Ruby
18
18
 
19
- All source code within Ronin is licensed under the GPL-2, therefore no user
20
- will ever have to pay for Ronin or updates to Ronin. Not only is the
21
- source code free, the Ronin project will not sell enterprise grade security
22
- snake-oil solutions, give private training classes or later turn Ronin into
23
- commercial software.
19
+ Ronin's Ruby environment allows security researchers to leverage Ruby with
20
+ ease. The Ruby environment contains a multitude of convenience methods
21
+ for working with data in Ruby, a Ruby Object Database, a customized Ruby
22
+ Console and an extendable command-line interface.
24
23
 
25
- === Modular
24
+ === Extend
26
25
 
27
- Ronin was not designed as one monolithic framework but instead as a
28
- collection of libraries which can be individually installed. This allows
29
- users to pick and choose what functionality they want in Ronin.
26
+ Ronin's more specialized features are provided by additional Ronin
27
+ libraries, which users can choose to install. These libraries can allow
28
+ one to write and run Exploits and Payloads, scan for PHP vulnerabilities,
29
+ perform Google Dorks or run 3rd party scanners.
30
30
 
31
- === Decentralized
31
+ === Publish
32
32
 
33
- Ronin does not have a central repository of exploits and payloads which
34
- all developers contribute to. Instead Ronin has Overlays, repositories of
35
- code that can be hosted on any CVS/SVN/Git/Rsync server. Users can then use
36
- Ronin to quickly install or update Overlays. This allows developers and
37
- users to form their own communities, independent of the main developers
38
- of Ronin.
33
+ Ronin allows users to publish and share code, exploits, payloads or other
34
+ data via Overlays. Overlays are directories of code and data that can be
35
+ hosted on any SVN, Hg, Git or Rsync server. Ronin makes it easy to create,
36
+ install or update Overlays.
39
37
 
40
38
  == FEATURES:
41
39
 
42
- * Ability to define payloads based on:
40
+ * Ability to define Payloads based on:
43
41
  * Contributing authors.
44
42
  * Behaviors they control.
45
43
  * Helpers they use.
46
- * Ability to define payload encoders:
44
+ * Ability to define Payload Encoders:
47
45
  * Architectures they target.
48
46
  * OSes they target.
49
- * Ability to define exploits based on:
50
- * Wether they are local or remote.
47
+ * Ability to define Exploits based on:
48
+ * Whether they are local or remote.
51
49
  * Protocol they use.
52
50
  * Contributing authors.
51
+ * Behaviors they control.
53
52
  * Disclosure status.
54
53
  * Level of weaponization.
55
- * Behaviors the vulnerability allows.
56
54
  * Architectures they target.
57
55
  * OSes they target.
58
56
  * Products they target.
59
57
  * Helpers they use.
58
+ * Provides a simple three phase process of building, verifying and
59
+ deploying Exploits and Payloads.
60
+ * Allows adding arbitrary target data to the targets of Exploits.
61
+ * Allows combining Payloads with Exploits.
62
+ * Allows using a raw-payload with an Exploit.
63
+ * Allows the addition of multiple Payload Encoders to an Exploit.
64
+ * Allows chaining multiple Payloads together.
65
+ * Provides a multitude of exploit and payload generators which can create
66
+ customized skeleton Ruby Exploits and Payloads.
60
67
 
61
- == REQUIREMENTS:
68
+ == SYNOPSIS:
62
69
 
63
- * {ronin}[http://ronin.rubyforge.org/] >= 0.2.3
70
+ * Generate a skeleton exploit, with some custom information:
64
71
 
65
- == INSTALL:
72
+ $ ronin-gen exploit exploit.rb --name Example \
73
+ --controls command_exec \
74
+ --status proven \
75
+ --authors Postmodern \
76
+ --description "This is an example."
66
77
 
67
- $ sudo gem install ronin-exploits
78
+ * To generate other types of exploits, you can specify +local_exploit+,
79
+ +remote_exploit+, +remote_tcp_exploit+, +remote_udp_exploit+,
80
+ +ftp_exploit+, +http_exploit+ or +web_exploit+, instead of simply
81
+ +exploit+.
82
+
83
+ * Generate a skeleton payload, with some custom information:
84
+
85
+ $ ronin-gen payload payload.rb --name Example \
86
+ --controls file_read file_write \
87
+ --authors Postmodern \
88
+ --description "This is an example."
89
+
90
+ * To generate other types of payloads, you can specify +binary_payload+,
91
+ +shellcode+ or +nops+, instead of simply +payload+.
92
+
93
+ * List available payloads:
94
+
95
+ $ ronin-payloads
96
+
97
+ * Print information about a payload:
98
+
99
+ $ ronin-payloads -n NAME -v
100
+
101
+ * Build and output a payload:
102
+
103
+ $ ronin-payload NAME
104
+
105
+ * Build and output a raw unescaped payload:
106
+
107
+ $ ronin-payload NAME --raw
108
+
109
+ * Load a payload from a file, then build and output it:
110
+
111
+ $ ronin-payload -f FILE
112
+
113
+ * List available exploits:
114
+
115
+ $ ronin-exploits
116
+
117
+ * Print information about an exploit:
118
+
119
+ $ ronin-exploits -n NAME -v
120
+
121
+ * Build and deploy an exploit:
122
+
123
+ $ ronin-exploit -n NAME --host example.com --port 9999
124
+
125
+ * Load an exploit from a file, then build and deploy it:
126
+
127
+ $ ronin-exploit -f FILE --host example.com --port 9999
128
+
129
+ * Build and deploy an exploit, with a payload:
130
+
131
+ $ ronin-exploit -n NAME --host example.com --port 9999 -P PAYLOAD_NAME
132
+
133
+ * Build and deploy an exploit, with a raw payload:
134
+
135
+ $ ronin-exploit -n NAME --host example.com --port 9999 \
136
+ --raw-payload \
137
+ `echo -en "\x66\x31\xc0\xfe\xc0\xb3\xff\xcd\x80"`
68
138
 
69
139
  == EXAMPLES:
70
140
 
@@ -127,7 +197,7 @@ of Ronin.
127
197
  #
128
198
  # Base64 encodes the specified _data_.
129
199
  #
130
- def call(data)
200
+ def encode(data)
131
201
  return data.to_s.base64_encode
132
202
  end
133
203
  end
@@ -149,6 +219,8 @@ of Ronin.
149
219
 
150
220
  author(:name => 'Postmodern', :organization => 'SophSec')
151
221
 
222
+ control :code_exec
223
+
152
224
  targeting do |target|
153
225
  target.arch :i686
154
226
  target.os :name => 'Linux'
@@ -171,6 +243,15 @@ of Ronin.
171
243
  end
172
244
  end
173
245
 
246
+ == REQUIREMENTS:
247
+
248
+ * {ronin}[http://ronin.rubyforge.org/] >= 0.3.0
249
+ * {ronin-gen}[http://ronin.rubyforge.org/gen/] >= 0.2.0
250
+
251
+ == INSTALL:
252
+
253
+ $ sudo gem install ronin-exploits
254
+
174
255
  == LICENSE:
175
256
 
176
257
  Ronin Exploits - A Ruby library for Ronin that provides exploitation and