ronin-exploits 0.3.0 → 1.0.0.beta1

data/lib/ronin/exploits/metadata/default_port.rb

@@ -0,0 +1,69 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Exploits
+    module Metadata
+      #
+      # Metadata mixin that allows an exploit to define a default port number.
+      #
+      module DefaultPort
+        #
+        # Adds an {ClassMethods#default_port default_port} metadata attribute
+        # to the exploit.
+        #
+        # @param [Class<Ronin::Exploits::Exploit>] exploit
+        #   The exploit class that is including {Metadata::DefaultPort}.
+        #
+        # @api private
+        #
+        def self.included(exploit)
+          exploit.extend ClassMethods
+        end
+
+        module ClassMethods
+          #
+          # Gets or sets the exploits's default port.
+          #
+          # @param [Integer, nil] new_default_port
+          #   The optional new default port number to set.
+          #
+          # @return [Integer, nil]
+          #   The exploit's default port number.
+          #
+          # @example
+          #   default_port 143
+          #
+          # @api public
+          #
+          def default_port(new_default_port=nil)
+            if new_default_port
+              @default_port = new_default_port
+            else
+              @default_port ||= if superclass.kind_of?(ClassMethods)
+                                  superclass.default_port
+                                end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/metadata/header_name.rb

@@ -0,0 +1,80 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Exploits
+    module Metadata
+      #
+      # Adds a {HeaderName::ClassMethods#header_name header_name} metadata
+      # attribute to an exploit class.
+      #
+      module HeaderName
+        #
+        # Adds {ClassMethods} to the exploit class.
+        #
+        # @param [Class<Exploit>] exploit
+        #   The exploit class including {URLQueryParam}.
+        #
+        # @api private
+        #
+        def self.included(exploit)
+          exploit.extend ClassMethods
+        end
+
+        module ClassMethods
+          #
+          # Get or sets the target HTTP Header name of the exploit.
+          #
+          # @param [String, nil] new_header_name
+          #   The optional new HTTP Header name to set.
+          #
+          # @return [String, nil]
+          #   The set HTTP Header name value.
+          #
+          # @api public
+          #
+          def header_name(new_header_name=nil)
+            if new_header_name
+              @header_name = new_header_name
+            else
+              @header_name ||= if superclass.kind_of?(ClassMethods)
+                                 superclass.header_name
+                               end
+            end
+          end
+        end
+
+        #
+        # The target HTTP Header name of the exploit.
+        #
+        # @return [String, nil]
+        #   The HTTP Header name to exploit.
+        #
+        # @api public
+        #
+        # @see ClassMethods#header_name
+        #
+        def header_name
+          self.class.header_name
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/metadata/os.rb

@@ -0,0 +1,117 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Exploits
+    module Metadata
+      #
+      # Metadata mixin that allows a exploit to define which
+      # Operating System (OS) it specifically targets.
+      #
+      module OS
+        #
+        # Adds an {ClassMethods#os os} and {ClassMethods#os_version os_version}
+        # metadata attributes to the exploit.
+        #
+        # @param [Class<Ronin::Exploits::Exploit>] exploit
+        #   The exploit class that is including {Metadata::OS}.
+        #
+        # @api private
+        #
+        def self.included(exploit)
+          exploit.extend ClassMethods
+        end
+
+        module ClassMethods
+          #
+          # Gets or sets the exploit's targeted Operating System (OS).
+          #
+          # @param [:unix, :bsd, :freebsd, :openbsd, :netbsd, :linux, :macos, :windows, nil] new_os
+          #   The optional new Operating System (OS) to set.
+          #
+          # @return [:unix, :bsd, :freebsd, :openbsd, :netbsd, :linux, :macos, :windows, nil]
+          #   The exploit's Operating System (OS).
+          #
+          # @example
+          #   os :linux
+          #
+          # @api public
+          #
+          def os(new_os=nil)
+            if new_os
+              @os = new_os
+            else
+              @os ||= if superclass.kind_of?(ClassMethods)
+                        superclass.os
+                      end
+            end
+          end
+
+          #
+          # Gets or sets the exploit's targeted Operating System (OS) version.
+          #
+          # @param [String, nil] new_os_version
+          #   The optional new Operating System (OS) version to set.
+          #
+          # @return [String, nil]
+          #   The exploit's Operating System (OS) version.
+          #
+          # @example
+          #   os :linux
+          #   os_version '5.x'
+          #
+          # @api public
+          #
+          def os_version(new_os_version=nil)
+            if new_os_version
+              @os_version = new_os_version
+            else
+              @os_version ||= if superclass.kind_of?(ClassMethods)
+                                superclass.os_version
+                              end
+            end
+          end
+        end
+
+        #
+        # The Operating System (OS) that the exploit targets.
+        #
+        # @return [:unix, :bsd, :freebsd, :openbsd, :netbsd, :linux, :macos, :windows, nil]
+        #
+        # @see ClassMethods#os
+        #
+        def os
+          self.class.os
+        end
+
+        #
+        # The Operating System (OS) version that the exploit targets.
+        #
+        # @return [String, nil]
+        #
+        # @see ClassMethods#os_version
+        #
+        def os_version
+          self.class.os_version
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/metadata/shouts.rb

@@ -0,0 +1,85 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Exploits
+    module Metadata
+      #
+      # Adds a {Shouts::ClassMethods#shouts shouts} metadata
+      # attribute to a class.
+      #
+      # ### Example
+      #
+      #     require 'ronin/exploits/metadata/shouts'
+      #     
+      #     class MyExploit < Exploit
+      #     
+      #       include Metadata::Shouts
+      #     
+      #       shouts ['Ultra Laser', 'Dr.Doom']
+      #     
+      #     end
+      #
+      module Shouts
+        #
+        # Adds {ClassMethods} to the class.
+        #
+        # @param [Class] base
+        #   The base class which is including {Shouts}.
+        #
+        # @api private
+        #
+        def self.included(base)
+          base.extend ClassMethods
+        end
+
+        module ClassMethods
+          #
+          # Gets or sets the exploit's shouts.
+          #
+          # @param [Array<String>, nil] new_shouts
+          #   The optional new shout list to set.
+          #
+          # @return [Array<String>]
+          #   The previously set shout list.
+          #
+          # @example Set the shouts:
+          #   shouts ['Ultra Laser', 'Dr.Doom']
+          #
+          # @example Get the shout links:
+          #   MyExploit.shouts
+          #   # => ["Ultra Laser", "Dr.Doom"]
+          #
+          def shouts(new_shouts=nil)
+            if new_shouts
+              @shouts = shouts() + new_shouts
+            else
+              @shouts || if superclass.kind_of?(ClassMethods)
+                               superclass.shouts
+                             else
+                               []
+                             end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/metadata/url_path.rb

@@ -0,0 +1,82 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Exploits
+    module Metadata
+      #
+      # Adds a {URLPath::ClassMethods#url_path url_path} metadata attribute
+      # to an exploit class.
+      #
+      module URLPath
+        #
+        # Adds {ClassMethods} to the exploit class.
+        #
+        # @param [Class<Exploit>] exploit
+        #   The exploit class including {URLQueryParam}.
+        #
+        # @api private
+        #
+        def self.included(exploit)
+          exploit.extend ClassMethods
+        end
+
+        module ClassMethods
+          #
+          # Get or sets the target URL path of the exploit.
+          #
+          # @param [String, nil] new_url_path
+          #   The optional new URL path value to set.
+          #
+          # @return [String]
+          #   The URL path value. Defaults to `"/"` if not set.
+          #
+          # @api public
+          #
+          def url_path(new_url_path=nil)
+            if new_url_path
+              @url_path = new_url_path
+            else
+              @url_path ||= if superclass.kind_of?(ClassMethods)
+                              superclass.url_path
+                            else
+                              '/'
+                            end
+            end
+          end
+        end
+
+        #
+        # The target URL path of the exploit.
+        #
+        # @return [String]
+        #   The URL path to exploit. Defaults to `"/"` if not set in the class.
+        #
+        # @api public
+        #
+        # @see ClassMethods#url_path
+        #
+        def url_path
+          self.class.url_path
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/metadata/url_query_param.rb

@@ -0,0 +1,80 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Exploits
+    module Metadata
+      #
+      # Adds a {URLQueryParam::ClassMethods#url_query_param url_query_param}
+      # metadata attribute to an exploit class.
+      #
+      module URLQueryParam
+        #
+        # Adds {ClassMethods} to the exploit class.
+        #
+        # @param [Class<Exploit>] exploit
+        #   The exploit class including {URLQueryParam}.
+        #
+        # @api private
+        #
+        def self.included(exploit)
+          exploit.extend ClassMethods
+        end
+
+        module ClassMethods
+          #
+          # Get or sets the target URL query param of the exploit.
+          #
+          # @param [String, nil] new_url_query_param
+          #   The optional new URL query param value to set.
+          #
+          # @return [String, nil]
+          #   The set URL query param value.
+          #
+          # @api public
+          #
+          def url_query_param(new_url_query_param=nil)
+            if new_url_query_param
+              @url_query_param = new_url_query_param
+            else
+              @url_query_param ||= if superclass.kind_of?(ClassMethods)
+                                     superclass.url_query_param
+                                   end
+            end
+          end
+        end
+
+        #
+        # The target URL query param of the exploit.
+        #
+        # @return [String, nil]
+        #   The URL query param name to exploit.
+        #
+        # @api public
+        #
+        # @see ClassMethods#url_query_param
+        #
+        def url_query_param
+          self.class.url_query_param
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/mixins/binary.rb

@@ -0,0 +1,106 @@
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/exceptions'
+require 'ronin/support/binary/ctypes'
+
+module Ronin
+  module Exploits
+    module Mixins
+      #
+      # Adds methods for packing binary data.
+      #
+      # @api public
+      #
+      # @since 1.0.0
+      #
+      module Binary
+        #
+        # Validates that the exploit defines an `arch` method and that all
+        # required params are set.
+        #
+        # @raise [ValidationError]
+        #   The exploit did not define an `arch` method, usually defined by
+        #   {Mixins::HasTargets} or {Metadata::Arch}.
+        #
+        # @raise [Ronin::Core::Params::RequiredParam]
+        #   One of the required params was not set.
+        #
+        # @api semipublic
+        #
+        def perform_validate
+          unless respond_to?(:arch)
+            raise(ValidationError,"exploit #{self.class} did not include Ronin::Exploits::Metadata::Arch or Ronin::Exploits::Mixins::HasTargets")
+          end
+
+          unless arch
+            raise(ValidationError,"exploit #{self.class} did not include define an architecture")
+          end
+
+          super()
+        end
+
+        #
+        # The target platform.
+        #
+        # @return [Ronin::Support::Binary::CTypes,
+        #          Ronin::Support::Binary::CTypes::LittleEndian,
+        #          Ronin::Support::Binary::CTypes::BigEndian,
+        #          Ronin::Support::Binary::CTypes::Network,
+        #          Ronin::Support::Binary::CTypes::Arch::ARM,
+        #          Ronin::Support::Binary::CTypes::Arch::ARM::BigEndian,
+        #          Ronin::Support::Binary::CTypes::Arch::ARM64,
+        #          Ronin::Support::Binary::CTypes::Arch::ARM64::BigEndian,
+        #          Ronin::Support::Binary::CTypes::Arch::MIPS,
+        #          Ronin::Support::Binary::CTypes::Arch::MIPS::LittleEndian,
+        #          Ronin::Support::Binary::CTypes::Arch::MIPS64,
+        #          Ronin::Support::Binary::CTypes::Arch::MIPS64::LittleEndian,
+        #          Ronin::Support::Binary::CTypes::Arch::PPC,
+        #          Ronin::Support::Binary::CTypes::Arch::PPC64,
+        #          Ronin::Support::Binary::CTypes::Arch::X86,
+        #          Ronin::Support::Binary::CTypes::Arch::X86_64,
+        #          Ronin::Support::Binary::CTypes::OS]
+        #
+        def platform
+          @platform ||= Support::Binary::CTypes.platform(
+                          arch: arch,
+                          os:   (os if respond_to?(:os))
+                        )
+        end
+
+        #
+        # Packs a binary value for the given type.
+        #
+        # @param [Symbol] type
+        #   The type name to pack for.
+        #
+        # @param [Integer, Float, String] value
+        #   The value to pack.
+        #
+        # @return [String]
+        #   The packed value.
+        #
+        def pack(type,value)
+          platform[type].pack(value)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/mixins/build_dir.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'tmpdir'
+require 'fileutils'
+
+module Ronin
+  module Exploits
+    module Mixins
+      #
+      # Sets up a temporary build directory for the exploit.
+      #
+      # @api public
+      #
+      module BuildDir
+        # The build directory for the exploit.
+        #
+        # @return [String, nil]
+        attr_reader :build_dir
+
+        #
+        # Sets {#build_dir} and then builds the exploit.
+        #
+        def perform_build
+          exploit_name = self.class.id.tr('/','-')
+          @build_dir   = Dir.mktmpdir("ronin-exploit-#{exploit_name}-")
+
+          super
+        end
+
+        #
+        # Cleans up the exploit and deletes the {#build_dir}.
+        #
+        def perform_cleanup
+          super
+
+          FileUtils.rm_r(@build_dir)
+          @build_dir = nil
+        end
+      end
+    end
+  end
+end