ronin-exploits 0.3.0 → 1.0.0.beta1

data/lib/ronin/exploits/cli/exploit_command.rb

@@ -0,0 +1,114 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/cli/command'
+require 'ronin/exploits/cli/exploit_methods'
+
+module Ronin
+  module Exploits
+    class CLI
+      class ExploitCommand < Command
+
+        include ExploitMethods
+
+        usage '[options] {NAME | -f FILE}'
+
+        option :file, short: '-f',
+                      value: {
+                        type: String,
+                        usage: 'FILE'
+                      },
+                      desc: 'The exploit file to load'
+
+        argument :name, required: false,
+                        desc:     'The exploit name to load'
+
+        # The loaded exploit class.
+        #
+        # @return [Class<Exploit>, nil]
+        attr_reader :exploit_class
+
+        # The initialized exploit object.
+        #
+        # @return [Exploit, nil]
+        attr_reader :exploit
+
+        #
+        # Loads the exploit.
+        #
+        # @param [String, nil] name
+        #   The optional exploit name to load.
+        #
+        def run(name=nil)
+          if    name           then load_exploit(name)
+          elsif options[:file] then load_exploit_from(options[:file])
+          else
+            print_error "must specify --file or a NAME"
+            exit(-1)
+          end
+        end
+
+        #
+        # Loads the exploit and sets {#exploit_class}.
+        #
+        # @param [String] id
+        #   The exploit name to load.
+        #
+        def load_exploit(id)
+          @exploit_class = super(id)
+        end
+
+        #
+        # Loads the exploit from the given file and sets {#exploit_class}.
+        #
+        # @param [String] file
+        #   The file to load the exploit from.
+        #
+        def load_exploit_from(file)
+          @exploit_class = super(file)
+        end
+
+        #
+        # Initializes the exploit and sets {#exploit}.
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for {Exploit#initialize}.
+        #
+        def initialize_exploit(**kwargs)
+          @exploit = super(@exploit_class,**kwargs)
+        end
+
+        #
+        # Validates the exploit.
+        #
+        # @raise [Ronin::Core::Params::RequiredParam]
+        #   One of the required params was not set.
+        #
+        # @raise [ValidationError]
+        #   Another exploit validation error occurred.
+        #
+        def validate_exploit
+          super(@exploit)
+        end
+
+      end
+    end
+  end
+end

data/lib/ronin/exploits/cli/exploit_methods.rb

@@ -0,0 +1,114 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/registry'
+require 'ronin/exploits/exceptions'
+require 'ronin/core/params/exceptions'
+
+module Ronin
+  module Exploits
+    class CLI
+      module ExploitMethods
+        #
+        # Loads a exploit class.
+        #
+        # @param [String] name
+        #   The exploit name to load.
+        #
+        # @return [Class<Exploit>]
+        #   The loaded exploit class.
+        #
+        def load_exploit(name)
+          Exploits.load_class(name)
+        rescue Exploits::ClassNotFound => error
+          print_error error.message
+          exit(1)
+        rescue => error
+          print_exception(error)
+          print_error "an unhandled exception occurred while loading exploit #{name}"
+          exit(-1)
+        end
+
+        #
+        # Loads the exploit from a given file.
+        #
+        # @param [String] file
+        #   The file to load the exploit class from.
+        #
+        # @return [Class<Exploit>]
+        #   The loaded exploit class.
+        #
+        def load_exploit_from(file)
+          Exploits.load_class_from_file(file)
+        rescue Exploits::ClassNotFound => error
+          print_error error.message
+          exit(1)
+        rescue => error
+          print_exception(error)
+          print_error "an unhandled exception occurred while loading exploit from file #{file}"
+          exit(-1)
+        end
+
+        #
+        # Initializes the exploit class.
+        #
+        # @param [Class<Exploit>] exploit_class
+        #   The encoder class.
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for {Exploit#initialize}.
+        #
+        def initialize_exploit(exploit_class,**kwargs)
+          exploit_class.new(**kwargs)
+        rescue Core::Params::ParamError => error
+          print_error error.message
+          exit(1)
+        rescue => error
+          print_exception(error)
+          print_error "an unhandled exception occurred while initializing exploit #{exploit_class.id}"
+          exit(-1)
+        end
+
+        #
+        # Validates the loaded exploit.
+        #
+        # @param [Exploit] exploit
+        #   The exploit to validate.
+        #
+        # @raise [Ronin::Core::Params::RequiredParam]
+        #   One of the required params was not set.
+        #
+        # @raise [ValidationError]
+        #   Another exploit validation error occurred.
+        #
+        def validate_exploit(exploit)
+          exploit.perform_validate
+        rescue Core::Params::ParamError, ValidationError => error
+          print_error "failed to validate the exploit #{exploit.class_id}: #{error.message}"
+          exit(1)
+        rescue => error
+          print_exception(error)
+          print_error "an unhandled exception occurred while validating the exploit #{exploit.class_id}"
+          exit(-1)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/cli/ruby_shell.rb

@@ -0,0 +1,51 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/core/cli/ruby_shell'
+
+module Ronin
+  module Exploits
+    class CLI
+      #
+      # The interactive Ruby shell for {Ronin::Exploits}.
+      #
+      class RubyShell < Core::CLI::RubyShell
+
+        #
+        # Initializes the `ronin-exploits` Ruby shell.
+        #
+        # @param [String] name
+        #   The name of the IRB shell.
+        #
+        # @param [Object] context
+        #   Custom context to launch IRB from within.
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for
+        #   `Ronin::Core::CLI::RubyShell#initialize`.
+        #
+        def initialize(name: 'ronin-exploits', context: Exploits, **kwargs)
+          super(name: name, context: context, **kwargs)
+        end
+
+      end
+    end
+  end
+end

data/lib/ronin/exploits/cli.rb

@@ -0,0 +1,46 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'command_kit/commands'
+require 'command_kit/commands/auto_load'
+
+module Ronin
+  module Exploits
+    #
+    # The `ronin-exploits` command-line interface (CLI).
+    #
+    # @api private
+    #
+    class CLI
+
+      include CommandKit::Commands
+      include CommandKit::Commands::AutoLoad.new(
+        dir:       "#{__dir__}/cli/commands",
+        namespace: "#{self}::Commands"
+      )
+
+      command_name 'ronin-exploits'
+
+      command_aliases['ls']   = 'list'
+      command_aliases['info'] = 'show'
+
+    end
+  end
+end

data/lib/ronin/exploits/client_side_web_vuln.rb

@@ -0,0 +1,69 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/web_vuln'
+
+module Ronin
+  module Exploits
+    #
+    # Represents a Client-Side web vulnerability.
+    #
+    # @api public
+    #
+    # @since 1.0.0
+    #
+    class ClientSideWebVuln < WebVuln
+
+      param :format, Enum[:http, :curl], default: :curl,
+                                         desc: 'Output format'
+
+      #
+      # Formats the exploit based on the `format` param.
+      #
+      # @return [String]
+      #   The formatted exploit.
+      #
+      # @raise [NotImplementedError]
+      #   The `format` format was not supported.
+      #
+      # @api private
+      #
+      def format_exploit
+        case params[:format]
+        when :http then vuln.to_http(payload)
+        when :curl then vuln.to_curl(payload)
+        else
+          raise(NotImplementedError,"output format not supported: #{params[:format].inspect}")
+        end
+      end
+
+      #
+      # Prints the client side exploit.
+      #
+      def launch
+        print_info "Copy and paste the following exploit:"
+        puts
+        puts(format_exploit)
+        puts
+      end
+
+    end
+  end
+end

data/lib/ronin/exploits/exceptions.rb

@@ -1,28 +1,38 @@
 #
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
-# This program is distributed in the hope that it will be useful,
+# ronin-exploits is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# GNU Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/exploits/exceptions/exception'
-require 'ronin/exploits/exceptions/unknown_helper'
-require 'ronin/exploits/exceptions/target_unspecified'
-require 'ronin/exploits/exceptions/target_data_missing'
-require 'ronin/exploits/exceptions/exploit_not_built'
-require 'ronin/exploits/exceptions/restricted_char'
-require 'ronin/exploits/exceptions/payload_size'
+module Ronin
+  module Exploits
+    class ExploitError < RuntimeError
+    end
+
+    class IncompatiblePayload < ExploitError
+    end
+
+    class ValidationError < ExploitError
+    end
+
+    class MissingPayload < ValidationError
+    end
+
+    class ExploitFailed < ExploitError
+    end
+  end
+end