ronin-exploits 0.3.1 → 1.0.0.beta1

data/spec/lfi_spec.rb

@@ -0,0 +1,162 @@
+require 'spec_helper'
+require 'ronin/exploits/lfi'
+
+describe Ronin::Exploits::LFI do
+  module TestLFI
+    class TestExploit < Ronin::Exploits::LFI
+      base_path   '/Templatize.asp'
+      query_param 'item'
+    end
+  end
+
+  let(:exploit_class) { TestLFI::TestExploit }
+  let(:base_url)      { 'http://testasp.vulnweb.com/' }
+  let(:query)         { 'item=html/about.html' }
+  let(:query_param)   { 'item' }
+
+  subject do
+    exploit_class.new(
+      params: {
+        base_url: base_url
+      }
+    )
+  end
+
+  describe ".depth" do
+    subject { exploit_class }
+
+    context "and when depth is not set in the class" do
+      module TestLFI
+        class WithNoDepthSet < Ronin::Exploits::LFI
+        end
+      end
+
+      let(:exploit_class) { TestLFI::WithNoDepthSet }
+
+      it "must default to Ronin::Vulns::LFI::DEFAULT_DEPTH" do
+        expect(subject.depth).to be(Ronin::Vulns::LFI::DEFAULT_DEPTH)
+      end
+    end
+
+    context "and when depth is set in the class" do
+      module TestLFI
+        class WithDepthSet < Ronin::Exploits::LFI
+          depth 5
+        end
+      end
+
+      let(:exploit_class) { TestLFI::WithDepthSet }
+
+      it "must return the set depth" do
+        expect(subject.depth).to eq(5)
+      end
+    end
+
+    context "but when the depth was set in the superclass" do
+      module TestLFI
+        class InheritsItsDepth < WithDepthSet
+        end
+      end
+
+      let(:exploit_class) { TestLFI::InheritsItsDepth }
+
+      it "must return the depth set in the superclass" do
+        expect(subject.depth).to eq(5)
+      end
+
+      context "but the depth is overridden in the sub-class" do
+        module TestLFI
+          class OverridesItsInheritedDepth < WithDepthSet
+            depth 7
+          end
+        end
+
+        let(:exploit_class) do
+          TestLFI::OverridesItsInheritedDepth
+        end
+
+        it "must return the depth set in the sub-class" do
+          expect(subject.depth).to eq(7)
+        end
+      end
+    end
+  end
+
+  describe ".exploit_type" do
+    subject { described_class }
+
+    it { expect(subject.exploit_type).to eq(:lfi) }
+  end
+
+  describe "#vuln" do
+    it "must return a Ronin::Vulns::LFI object" do
+      expect(subject.vuln).to be_kind_of(Ronin::Vulns::LFI)
+    end
+
+    it "must set the #url attribute of the LFI vuln object" do
+      expect(subject.vuln.url).to eq(subject.url)
+    end
+
+    it "must default the #os attribute of the LFI vuln object to :unix" do
+      expect(subject.vuln.os).to be(:unix)
+    end
+
+    context "when the 'os' param is set" do
+      let(:os) { :windows }
+
+      subject do
+        exploit_class.new(
+          params: {
+            base_url: base_url,
+            os:       os
+          }
+        )
+      end
+
+      it "must set the #os attribute of the LFI vuln object to the 'os' param" do
+        expect(subject.vuln.os).to eq(os)
+      end
+    end
+
+    it "must default the #depth attribute of the LFI vuln object to Ronin::Vulns::DEFAULT_DEPTH" do
+      expect(subject.vuln.depth).to be(Ronin::Vulns::LFI::DEFAULT_DEPTH)
+    end
+
+    context "when the exploit class defines a custom depth" do
+      module TestLFI
+        class TestExploitWithDepth < Ronin::Exploits::LFI
+          base_path   '/Templatize.asp'
+          query_param 'item'
+          depth       10
+        end
+      end
+
+      let(:exploit_class) { TestLFI::TestExploitWithDepth }
+
+      it "must set the #depth attribute of the LFI vuln object to the exploit class'es depth" do
+        expect(subject.vuln.depth).to eq(exploit_class.depth)
+      end
+    end
+
+    it "must not set the #filter_bypass attribute of the LFI vuln object by default" do
+      expect(subject.vuln.filter_bypass).to be(nil)
+    end
+
+    context "when the 'filter_bypass' param is set" do
+      let(:filter_bypass) { :base64 }
+
+      subject do
+        exploit_class.new(
+          params: {
+            base_url:      base_url,
+            filter_bypass: filter_bypass
+          }
+        )
+      end
+
+      it "must set the #filter_bypass attribute of the LFI vuln object to the 'filter_bypass' param" do
+        expect(subject.vuln.filter_bypass).to eq(filter_bypass)
+      end
+    end
+  end
+end

data/spec/loot/file_spec.rb

@@ -0,0 +1,131 @@
+require 'spec_helper'
+require 'ronin/exploits/loot/file'
+
+require 'tmpdir'
+
+describe Ronin::Exploits::Loot::File do
+  let(:path)     { 'test.txt' }
+  let(:contents) { 'this is a test' }
+
+  subject { described_class.new(path,contents) }
+
+  describe "#initialize" do
+    it "must set #path" do
+      expect(subject.path).to eq(path)
+    end
+
+    it "must set #contents" do
+      expect(subject.contents).to eq(contents)
+    end
+
+    it "must default #format to nil" do
+      expect(subject.format).to be(nil)
+    end
+
+    context "when given the format: keyword argument" do
+      let(:format) { :json }
+
+      subject { described_class.new(path,contents, format: format) }
+
+      it "must set #format" do
+        expect(subject.format).to be(format)
+      end
+    end
+  end
+
+  describe "#to_s" do
+    context "when #format is nil" do
+      it "must return the #contents" do
+        expect(subject.contents).to eq(contents)
+      end
+
+      context "when #contents is not a String" do
+        let(:contents) { 42 }
+
+        it "must call #to_s on #contents" do
+          expect(subject.to_s).to eq(contents.to_s)
+        end
+      end
+    end
+
+    context "when #format is :json" do
+      let(:contents) do
+        [true, 42, 1.0, [], {}]
+      end
+      let(:format) { :json }
+
+      subject { described_class.new(path,contents, format: format) }
+
+      it "must convert #contents to pretty JSON" do
+        expect(subject.to_s).to eq(JSON.pretty_generate(contents))
+      end
+    end
+
+    context "when #format is :yaml" do
+      let(:contents) do
+        {foo: true, bar: {baz: 42}}
+      end
+      let(:format) { :yaml }
+
+      subject { described_class.new(path,contents, format: format) }
+
+      it "must convert #contents to YAML" do
+        expect(subject.to_s).to eq(YAML.dump(contents))
+      end
+    end
+
+    context "when #format is :csv" do
+      let(:contents) do
+        [
+          %w[A   B   C  ],
+          %w[foo bar baz]
+        ]
+      end
+      let(:format) { :csv }
+
+      subject { described_class.new(path,contents, format: format) }
+
+      it "must convert #contents to CSV" do
+        expect(subject.to_s).to eq(
+          contents.map(&:to_csv).join
+        )
+      end
+    end
+
+    context "when #format is an unknown value" do
+      let(:format) { :foo }
+
+      subject { described_class.new(path,contents, format: format) }
+
+      it do
+        expect {
+          subject.to_s
+        }.to raise_error(NotImplementedError,"unsupported loot format: #{format.inspect}")
+      end
+    end
+  end
+
+  describe "#save" do
+    let(:output_dir) { Dir.mktmpdir('ronin-exploits-loot') }
+
+    before { subject.save(output_dir) }
+
+    it "must write the #contents to the #path within the output directory" do
+      expect(File.read(File.join(output_dir,path))).to eq(contents)
+    end
+
+    context "when the path is a multi-directory relative path" do
+      let(:path) { 'path/to/test.txt' }
+
+      it "must create the parent directories" do
+        parent_dir = File.dirname(File.join(output_dir,path))
+
+        expect(File.directory?(parent_dir)).to be(true)
+      end
+
+      it "must write the #contents to the #path within the output directory" do
+        expect(File.read(File.join(output_dir,path))).to eq(contents)
+      end
+    end
+  end
+end

data/spec/loot_spec.rb

@@ -0,0 +1,138 @@
+require 'spec_helper'
+require 'ronin/exploits/loot'
+
+require 'tmpdir'
+
+describe Ronin::Exploits::Loot do
+  describe "#initialize" do
+    it "must initialize the loot store to being empty" do
+      expect(subject).to be_empty
+    end
+  end
+
+  describe "#add" do
+    let(:path)     { 'test.txt' }
+    let(:contents) { 'this is a set' }
+
+    it "must add a File to the loot store with the given path and contents" do
+      subject.add(path,contents)
+
+      expect(subject[path]).to be_kind_of(described_class::File)
+      expect(subject[path].contents).to eq(contents)
+    end
+
+    context "when the format: keyword argument is given" do
+      let(:format) { :json }
+
+      it "must set the #format of the loot file" do
+        subject.add(path,contents, format: format)
+
+        expect(subject[path]).to be_kind_of(described_class::File)
+        expect(subject[path].format).to be(format)
+      end
+    end
+  end
+
+  describe "#[]" do
+    context "when given a path of a previously added loot file" do
+      let(:path)     { 'test.txt' }
+      let(:contents) { 'this is a set' }
+
+      before { subject.add(path,contents) }
+
+      it "must return the #{described_class}::File object for the given path" do
+        expect(subject[path]).to be_kind_of(described_class::File)
+        expect(subject[path].contents).to eq(contents)
+      end
+    end
+
+    context "when the given path does not map to a loot file in the loot store" do
+      let(:path) { 'foo' }
+
+      it "must return nil" do
+        expect(subject[path]).to be(nil)
+      end
+    end
+  end
+
+  describe "#each" do
+    let(:path1)     { 'test1.txt' }
+    let(:contents1) { 'test 1' }
+
+    let(:path2)     { 'test2.txt' }
+    let(:contents2) { 'test 2' }
+
+    before do
+      subject.add(path1,contents1)
+      subject.add(path2,contents2)
+    end
+
+    context "when given a block" do
+      it "must yield every #{described_class}::File in the loot store" do
+        expect { |b|
+          subject.each(&b)
+        }.to yield_successive_args(subject[path1], subject[path2])
+      end
+    end
+
+    context "when no block is given" do
+      it "must return an Enumerator for #each" do
+        expect(subject.each.to_a).to eq([subject[path1], subject[path2]])
+      end
+    end
+  end
+
+  describe "#empty?" do
+    context "when the loot store contains loot files" do
+      let(:path)     { 'test.txt' }
+      let(:contents) { 'this is a set' }
+
+      before { subject.add(path,contents) }
+
+      it "must return false" do
+        expect(subject.empty?).to be(false)
+      end
+    end
+
+    context "when the loot store does not contain loot files" do
+      it "must return true" do
+        expect(subject.empty?).to be(true)
+      end
+    end
+  end
+
+  describe "#save" do
+    context "when the loot store contains loot files" do
+      let(:path1)     { 'test1.txt' }
+      let(:contents1) { 'test 1' }
+
+      let(:path2)     { 'test2.txt' }
+      let(:contents2) { 'test 2' }
+
+      let(:output_dir) { Dir.mktmpdir('ronin-exploits-loot') }
+
+      before do
+        subject.add(path1,contents1)
+        subject.add(path2,contents2)
+        subject.save(output_dir)
+      end
+
+      it "must save each loot file into the output directory" do
+        expect(File.read(File.join(output_dir,path1))).to eq(contents1)
+        expect(File.read(File.join(output_dir,path2))).to eq(contents2)
+      end
+    end
+
+    context "when the loot store is empty" do
+      let(:output_dir) do
+        File.join(Dir.mktmpdir('ronin-exploits-loot'),'new_dir')
+      end
+
+      before { subject.save(output_dir) }
+
+      it "must still create the output directory" do
+        expect(File.directory?(output_dir)).to be(true)
+      end
+    end
+  end
+end

data/spec/memory_corruption_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'ronin/exploits/memory_corruption'
+
+describe Ronin::Exploits::MemoryCorruption do
+  it "must inherit from Ronin::Exploits::Exploit" do
+    expect(described_class).to be < Ronin::Exploits::Exploit
+  end
+
+  it "must include Ronin::Exploits::Metadata::Arch" do
+    expect(described_class).to include(Ronin::Exploits::Metadata::Arch)
+  end
+
+  it "must include Ronin::Exploits::Metadata::OS" do
+    expect(described_class).to include(Ronin::Exploits::Metadata::OS)
+  end
+
+  describe ".exploit_type" do
+    subject { described_class }
+
+    it { expect(subject.exploit_type).to eq(:memory_corruption) }
+  end
+end

data/spec/metadata/arch_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+require 'ronin/exploits/metadata/arch'
+
+describe Ronin::Exploits::Metadata::Arch do
+  module TestMetadataArch
+    class WithNoArchSet
+      include Ronin::Exploits::Metadata::Arch
+    end
+
+    class WithArchSet
+      include Ronin::Exploits::Metadata::Arch
+
+      arch :x86_64
+    end
+
+    class InheritsItsArch < WithArchSet
+      include Ronin::Exploits::Metadata::Arch
+    end
+
+    class OverridesItsInheritedArch < WithArchSet
+      include Ronin::Exploits::Metadata::Arch
+
+      arch :armbe
+    end
+  end
+
+  describe ".arch" do
+    subject { test_class }
+
+    context "and when arch is not set in the class" do
+      let(:test_class) { TestMetadataArch::WithNoArchSet }
+
+      it "must default to nil" do
+        expect(subject.arch).to be(nil)
+      end
+    end
+
+    context "and when arch is set in the class" do
+      let(:test_class) { TestMetadataArch::WithArchSet }
+
+      it "must return the set arch" do
+        expect(subject.arch).to eq(:x86_64)
+      end
+    end
+
+    context "but when the arch was set in the superclass" do
+      let(:test_class) { TestMetadataArch::InheritsItsArch }
+
+      it "must return the arch set in the superclass" do
+        expect(subject.arch).to eq(:x86_64)
+      end
+
+      context "but the arch is overridden in the sub-class" do
+        let(:test_class) { TestMetadataArch::OverridesItsInheritedArch }
+
+        it "must return the arch set in the sub-class" do
+          expect(subject.arch).to eq(:armbe)
+        end
+      end
+    end
+  end
+
+  describe "#arch" do
+    subject { test_class.new }
+
+    context "when the Exploit class has .arch set" do
+      let(:test_class) { TestMetadataArch::WithArchSet }
+
+      it "must return the Exploit class'es .arch" do
+        expect(subject.arch).to eq(test_class.arch)
+      end
+    end
+
+    context "when the Exploit class does not have .arch set" do
+      let(:test_class) { TestMetadataArch::WithNoArchSet }
+
+      it "must return nil" do
+        expect(subject.arch).to be(nil)
+      end
+    end
+  end
+end

data/spec/metadata/cookie_param_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+require 'ronin/exploits/metadata/cookie_param'
+
+describe Ronin::Exploits::Metadata::CookieParam do
+  describe ".cookie_param" do
+    subject { test_class }
+
+    context "and when cookie_param is not set in the class" do
+      module TestMetadataCookieParam
+        class WithNoCookieParamSet
+          include Ronin::Exploits::Metadata::CookieParam
+        end
+      end
+
+      let(:test_class) { TestMetadataCookieParam::WithNoCookieParamSet }
+
+      it "must default to nil" do
+        expect(subject.cookie_param).to be(nil)
+      end
+    end
+
+    context "and when cookie_param is set in the class" do
+      module TestMetadataCookieParam
+        class WithCookieParamSet
+          include Ronin::Exploits::Metadata::CookieParam
+
+          cookie_param 'test'
+        end
+      end
+
+      let(:test_class) { TestMetadataCookieParam::WithCookieParamSet }
+
+      it "must return the set cookie_param" do
+        expect(subject.cookie_param).to eq("test")
+      end
+    end
+
+    context "but when the cookie_param was set in the superclass" do
+      module TestMetadataCookieParam
+        class InheritsItsCookieParam < WithCookieParamSet
+        end
+      end
+
+      let(:test_class) { TestMetadataCookieParam::InheritsItsCookieParam }
+
+      it "must return the cookie_param set in the superclass" do
+        expect(subject.cookie_param).to eq("test")
+      end
+
+      context "but the cookie_param is overridden in the sub-class" do
+        module TestMetadataCookieParam
+          class OverridesItsInheritedCookieParam < WithCookieParamSet
+            cookie_param "test2"
+          end
+        end
+
+        let(:test_class) do
+          TestMetadataCookieParam::OverridesItsInheritedCookieParam
+        end
+
+        it "must return the cookie_param set in the sub-class" do
+          expect(subject.cookie_param).to eq("test2")
+        end
+      end
+    end
+  end
+end

data/spec/metadata/default_filename_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+require 'ronin/exploits/metadata/default_filename'
+
+describe Ronin::Exploits::Metadata::DefaultFilename do
+  module TestMetadataDefaultFilename
+    class WithNoDefaultFilenameSet
+      include Ronin::Exploits::Metadata::DefaultFilename
+    end
+
+    class WithDefaultFilenameSet
+      include Ronin::Exploits::Metadata::DefaultFilename
+
+      default_filename 'exploit.docx'
+    end
+
+    class InheritsItsDefaultFilename < WithDefaultFilenameSet
+      include Ronin::Exploits::Metadata::DefaultFilename
+    end
+
+    class OverridesItsInheritedDefaultFilename < WithDefaultFilenameSet
+      include Ronin::Exploits::Metadata::DefaultFilename
+
+      default_filename 'exploit2.docx'
+    end
+  end
+
+  describe ".default_filename" do
+    subject { test_class }
+
+    context "and when default filename is not set in the class" do
+      let(:test_class) { TestMetadataDefaultFilename::WithNoDefaultFilenameSet }
+
+      it "must default to nil" do
+        expect(subject.default_filename).to be(nil)
+      end
+    end
+
+    context "and when default filename is set in the class" do
+      let(:test_class) { TestMetadataDefaultFilename::WithDefaultFilenameSet }
+
+      it "must return the set default_filename" do
+        expect(subject.default_filename).to eq('exploit.docx')
+      end
+    end
+
+    context "but when the default filename was set in the superclass" do
+      let(:test_class) { TestMetadataDefaultFilename::InheritsItsDefaultFilename }
+
+      it "must return the default filename set in the superclass" do
+        expect(subject.default_filename).to eq('exploit.docx')
+      end
+
+      context "but the default filename is overridden in the sub-class" do
+        let(:test_class) { TestMetadataDefaultFilename::OverridesItsInheritedDefaultFilename }
+
+        it "must return the default filename set in the sub-class" do
+          expect(subject.default_filename).to eq('exploit2.docx')
+        end
+      end
+    end
+  end
+end