ronin-exploits 0.2.1 → 0.3.0

data/lib/ronin/payloads/payload_author.rb

@@ -1,5 +1,4 @@
 #
-#--
 # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
 # payload crafting functionality.
 #
@@ -18,7 +17,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
 #
 
 require 'ronin/author'
@@ -27,7 +25,8 @@ module Ronin
   module Payloads
     class PayloadAuthor < Author
 
-      belongs_to :payload
+      # The payload the author wrote
+      belongs_to :payload, :nullable => true
 
     end
   end

data/lib/ronin/payloads/shellcode.rb

@@ -1,5 +1,4 @@
 #
-#--
 # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
 # payload crafting functionality.
 #
@@ -18,18 +17,22 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
 #
 
 require 'ronin/payloads/binary_payload'
-require 'ronin/payloads/helpers/shell'
 
 module Ronin
   module Payloads
     class Shellcode < ASMPayload
 
-      include Helpers::Shell
-
+      #
+      # Creates a new Ronin::Payloads::Shellcode object using the given
+      # _block_.
+      #
+      #   ronin_shellcode do
+      #     ...
+      #   end
+      #
       contextify :ronin_shellcode
 
     end

data/lib/ronin/payloads/web_payload.rb

@@ -1,5 +1,4 @@
 #
-#--
 # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
 # payload crafting functionality.
 #
@@ -18,7 +17,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
 #
 
 require 'ronin/payloads/payload'
@@ -28,6 +26,14 @@ module Ronin
   module Payloads
     class WebPayload < Payload
 
+      #
+      # Creates a new Ronin::Payloads::WebPayload object using the given
+      # _block_.
+      #
+      #   ronin_web_payload do
+      #     ...
+      #   end
+      #
       contextify :ronin_web_payload
 
     end

data/lib/ronin/ui/command_line/commands/exploit.rb

@@ -0,0 +1,193 @@
+#
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/ui/command_line/command'
+require 'ronin/exploits'
+require 'ronin/payloads'
+require 'ronin/database'
+
+require 'parameters/parser'
+
+module Ronin
+  module UI
+    module CommandLine
+      module Commands
+        class Exploit < Command
+
+          desc "exploit [options]", "Builds and deploys an exploit"
+          method_option :database, :type => :string, :default => Database.config, :aliases => '-D'
+
+          # exploit options
+          method_option :name, :type => :string, :aliases => '-n'
+          method_option :version, :type => :string, :aliases => '-V'
+          method_option :params, :type => :array, :default => [], :aliases => '-p'
+          method_option :host, :type => :string
+          method_option :port, :type => :numeric
+          method_option :local_host, :type => :string
+          method_option :local_port, :type => :numeric
+          method_option :dry_run, :type => :boolean, :default => false
+          method_option :raw_payload, :type => :string
+          method_option :file, :type => :string, :aliases => '-f'
+
+          # target options
+          method_option :target, :type => :numeric, :alias => '-t'
+          method_option :target_arch, :type => :string, :aliases => '-a'
+          method_option :target_os, :type => :string, :aliases => '-o'
+          method_option :target_product, :type => :string
+          method_option :target_version, :type => :string
+
+          # payload options
+          method_option :payload_name, :type => :string, :aliases => '--payload -P'
+          method_option :payload_version, :type => :string
+          method_option :payload_file, :type => :string
+
+          def default
+            Database.setup(options[:database])
+
+            # Load the exploit
+            if options[:file]
+              load_exploit!
+            else
+              find_exploit!
+            end
+
+            unless @exploit
+              print_error "Could not find the specified exploit"
+              exit -1
+            end
+
+            if options[:target]
+              unless exploit.use_target!(options[:target])
+                print_error "Invalid target index: #{options[:target]}"
+                exit -1
+              end
+            elsif (options[:target_arch] || options[:target_os] ||
+                   options[:target_product] || options[:target_version])
+              exploit.use_target! do |target|
+                if (options[:target_arch] && target.arch)
+                  next unless target.arch.name == options[:target_arch]
+                end
+
+                if (options[:target_os] && target.os)
+                  next unless target.os.name == options[:target_os]
+                end
+
+                if (options[:target_product] && target.product)
+                  next unless target.product.name.include?(options[:target_product])
+                end
+
+                if (options[:target_version] && target.product)
+                  next unless target.product.version == options[:target_version]
+                end
+
+                true
+              end
+            end
+
+            if options[:raw_payload]
+              exploit.raw_payload = options[:raw_payload]
+            elsif options[:payload_file]
+              load_payload!
+            elsif options[:payload_name]
+              find_payload!
+            end
+
+            params = Parameters::Parser.parse(options[:params])
+            params[:host] = options[:host] if options[:host]
+            params[:port] = options[:port] if options[:port]
+            params[:local_host] = options[:local_host] if options[:local_host]
+            params[:local_port] = options[:local_port] if options[:local_port]
+            params[:dry_run] = options.dry_run?
+
+            begin
+              @exploit.exploit!(params)
+            rescue Parameters::MissingParam,
+                   Exploits::Exception,
+                   Payloads::Exception => e
+              print_error(e.message)
+            end
+          end
+
+          protected
+
+          def load_exploit!
+            @exploit = Exploits::Exploit.load_from(options[:file])
+          end
+
+          def find_exploit!
+            @exploit = Exploits::Exploit.load_first do
+              if options[:name]
+                exploits = exploits.named(options[:name])
+              end
+
+              if options[:describing]
+                exploits = exploits.describing(options[:describing])
+              end
+
+              if options[:version]
+                exploits = exploits.revision(options[:version])
+              end
+
+              if options[:license]
+                exploits = exploits.licensed_under(options[:license])
+              end
+
+              if options[:arch]
+                exploits = exploits.targeting_arch(options[:arch])
+              end
+
+              if options[:os]
+                exploits = exploits.targeting_os(options[:os])
+              end
+
+              exploits
+            end
+          end
+
+          def load_payload!
+            unless @exploit.use_payload_from!(options[:payload_file])
+              print_error "Could not load a compatible payload for the exploit!"
+            end
+          end
+
+          def find_payload!
+            @exploit.use_payload! do |payloads|
+              if options[:payload_name]
+                payloads = payloads.named(options[:payload_name])
+              end
+
+              if options[:payload_version]
+                payloads = payloads.revision(options[:payload_version])
+              end
+
+              payloads
+            end
+
+            unless @exploit.payload
+              print_error "Could not find a compatible payload for the exploit!"
+              exit -1
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ronin/ui/command_line/commands/exploits.rb

@@ -1,5 +1,4 @@
 #
-#--
 # Ronin Exploits - A Ruby library for Ronin that provides exploitation and
 # payload crafting functionality.
 #
@@ -18,7 +17,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
 #
 
 require 'ronin/ui/command_line/command'
@@ -32,42 +30,121 @@ module Ronin
       module Commands
         class Exploits < Command
 
-          def defaults
-            @query = {}
+          desc "exploits [options]", "Lists available exploits"
+          method_option :database, :type => :string, :default => Database.config, :aliases => '-D'
+          method_option :name, :type => :string, :aliases => '-n'
+          method_option :version, :type => :string, :aliases => '-V'
+          method_option :describing, :stype => :string, :aliases => '-d'
+          method_option :status, :type => :string, :aliases => '-s'
+          method_option :license, :type => :string, :aliases => '-l'
+          method_option :arch, :type => :string, :aliases => '-a'
+          method_option :os, :type => :string, :aliases => '-o'
+          method_option :product, :type => :string, :aliases => '-p'
+          method_option :verbose, :type => :boolean, :aliases => '-v'
+
+          def default
+            Database.setup(options[:database])
+
+            exploits = Ronin::Exploits::Exploit.all
+
+            if options[:name]
+              exploits = exploits.named(options[:name])
+            end
+
+            if options[:version]
+              exploits = exploits.revision(options[:version])
+            end
+
+            if options[:describing]
+              exploits = exploits.describing(options[:describing])
+            end
+
+            if options[:license]
+              exploits = exploits.licensed_under(options[:license])
+            end
+
+            if options[:status]
+              exploits = exploits.all(:status => options[:status].to_sym)
+            end
+
+            if options[:arch]
+              exploits = exploits.targeting_arch(options[:arch])
+            end
+
+            if options[:os]
+              exploits = exploits.targeting_os(options[:os])
+            end
+
+            if options[:product]
+              exploits = exploits.targeting_product(options[:product])
+            end
+
+            if exploits.empty?
+              print_error "Could not find similar exploits"
+              exit -1
+            end
+
+            if options.verbose?
+              exploits.each { |exploit| print_exploit(exploit) }
+            else
+              exploits.each { |exploit| puts "  #{exploit}" }
+            end
           end
 
-          def define_options(opts)
-            opts.usage = '[options]'
+          protected
 
-            opts.options do
-              opts.on('-D','--database URI','The URI for the database') do |uri|
-                Database.config = uri.to_s
-              end
+          def print_exploit(exploit)
+            print_hash(
+              exploit.humanize_attributes(:exclude => [:description]),
+              :title => "Exploit: #{exploit}"
+            )
 
-              opts.on('-n','--name NAME','Search for exploits with the similar NAME') do |name|
-                @query[:name.like] = name.to_s
+            indent do
+              if exploit.description
+                puts "Description:\n\n"
+                indent do
+                  exploit.description.each_line { |line| puts line }
+                end
+                puts "\n"
               end
 
-              opts.on('-v','--version VERSION','Search for exploits with the similar VERSION') do |version|
-                @query[:version.like] = version.to_s
+              unless exploit.authors.empty?
+                exploit.authors.each do |author|
+                  print_hash(author.humanize_attributes, :title => 'Author')
+                end
               end
 
-              opts.on('-s','--status STATUS','Search for exploits with the STATUS (potential, proven or weaponized)') do |status|
-                @query[:status] = status.to_sym
+              unless exploit.behaviors.empty?
+                print_array(exploit.behaviors, :title => 'Controls')
               end
-            end
-          end
 
-          def arguments(*args)
-            Database.setup
+              unless exploit.targets.empty?
+                exploit.targets.each do |target|
+                  attributes = target.humanize_attributes(:exclude => [:data])
+                  attributes['Arch'] = target.arch if target.arch
+                  attributes['OS'] = target.os if target.os
+                  attributes['Product'] = target.product if target.product
 
-            exploits = Ronin::Exploits::Exploit.all(@query)
+                  print_hash(attributes, :title => 'Target')
 
-            if exploits.empty?
-              fail("could not find similar exploits")
-            end
+                  unless target.data.empty?
+                    print_title("Target Data")
+
+                    indent do
+                      target.data.each do |name,value|
+                        puts "#{name} [#{value.inspect}]"
+                      end
+                    end
+                  end
+                end
+              end
+
+              attempt { exploit.load_original! }
 
-            exploits.each { |exploit| puts "  #{exploit}" }
+              unless exploit.params.empty?
+                print_array(exploit.params.values, :title => 'Parameters')
+              end
+            end
           end
 
         end

data/lib/ronin/ui/command_line/commands/gen_binary_payload.rb

@@ -0,0 +1,34 @@
+#
+# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/generators/payloads/binary_payload'
+
+module Ronin
+  module UI
+    module CommandLine
+      module Commands
+        class GenBinaryPayload < Generators::Payloads::BinaryPayload
+
+        end
+      end
+    end
+  end
+end