ronin-exploits 0.3.1 → 1.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (338) hide show
  1. checksums.yaml +7 -0
  2. data/.document +4 -0
  3. data/.editorconfig +11 -0
  4. data/.github/workflows/ruby.yml +31 -0
  5. data/.gitignore +13 -0
  6. data/.mailmap +1 -0
  7. data/.rspec +1 -0
  8. data/.ruby-version +1 -0
  9. data/.yardopts +1 -0
  10. data/COPYING.txt +161 -335
  11. data/{History.txt → ChangeLog.md} +119 -16
  12. data/Gemfile +50 -0
  13. data/README.md +454 -0
  14. data/Rakefile +37 -23
  15. data/bin/ronin-exploits +13 -6
  16. data/data/new/exploit.rb.erb +158 -0
  17. data/gemspec.yml +37 -0
  18. data/lib/ronin/exploits/advisory.rb +84 -0
  19. data/lib/ronin/exploits/cli/command.rb +39 -0
  20. data/lib/ronin/exploits/cli/commands/irb.rb +57 -0
  21. data/lib/ronin/exploits/cli/commands/list.rb +80 -0
  22. data/lib/ronin/exploits/cli/commands/new.rb +332 -0
  23. data/lib/ronin/exploits/cli/commands/run.rb +396 -0
  24. data/lib/ronin/exploits/cli/commands/show.rb +264 -0
  25. data/lib/ronin/exploits/cli/exploit_command.rb +114 -0
  26. data/lib/ronin/exploits/cli/exploit_methods.rb +114 -0
  27. data/lib/ronin/exploits/cli/ruby_shell.rb +51 -0
  28. data/lib/ronin/exploits/cli.rb +46 -0
  29. data/lib/ronin/exploits/client_side_web_vuln.rb +69 -0
  30. data/lib/ronin/exploits/exceptions.rb +27 -17
  31. data/lib/ronin/exploits/exploit.rb +501 -582
  32. data/lib/ronin/exploits/heap_overflow.rb +50 -0
  33. data/lib/ronin/exploits/lfi.rb +141 -0
  34. data/lib/ronin/exploits/loot/file.rb +113 -0
  35. data/lib/ronin/exploits/loot.rb +119 -0
  36. data/lib/ronin/exploits/memory_corruption.rb +53 -0
  37. data/lib/ronin/exploits/metadata/arch.rb +83 -0
  38. data/lib/ronin/exploits/metadata/cookie_param.rb +80 -0
  39. data/lib/ronin/exploits/metadata/default_filename.rb +69 -0
  40. data/lib/ronin/exploits/metadata/default_port.rb +69 -0
  41. data/lib/ronin/exploits/metadata/header_name.rb +80 -0
  42. data/lib/ronin/exploits/metadata/os.rb +117 -0
  43. data/lib/ronin/exploits/metadata/shouts.rb +85 -0
  44. data/lib/ronin/exploits/metadata/url_path.rb +82 -0
  45. data/lib/ronin/exploits/metadata/url_query_param.rb +80 -0
  46. data/lib/ronin/exploits/mixins/binary.rb +106 -0
  47. data/lib/ronin/exploits/mixins/build_dir.rb +61 -0
  48. data/lib/ronin/exploits/mixins/file_builder.rb +102 -0
  49. data/lib/ronin/exploits/mixins/format_string.rb +87 -0
  50. data/lib/ronin/exploits/mixins/has_payload.rb +202 -0
  51. data/lib/ronin/exploits/mixins/has_targets.rb +297 -0
  52. data/lib/ronin/exploits/mixins/html.rb +213 -0
  53. data/lib/ronin/exploits/mixins/http.rb +866 -0
  54. data/lib/ronin/exploits/mixins/loot.rb +84 -0
  55. data/lib/ronin/exploits/mixins/nops.rb +121 -0
  56. data/lib/ronin/exploits/mixins/remote_tcp.rb +272 -0
  57. data/lib/ronin/exploits/mixins/remote_udp.rb +264 -0
  58. data/lib/ronin/exploits/mixins/seh.rb +136 -0
  59. data/lib/ronin/exploits/mixins/stack_overflow.rb +124 -0
  60. data/lib/ronin/exploits/mixins/text.rb +65 -0
  61. data/lib/ronin/exploits/mixins.rb +32 -0
  62. data/lib/ronin/exploits/open_redirect.rb +103 -0
  63. data/lib/ronin/exploits/params/base_url.rb +84 -0
  64. data/lib/ronin/exploits/params/bind_host.rb +53 -0
  65. data/lib/ronin/exploits/params/bind_port.rb +53 -0
  66. data/lib/ronin/exploits/params/filename.rb +71 -0
  67. data/lib/ronin/exploits/params/host.rb +56 -0
  68. data/lib/ronin/exploits/params/port.rb +71 -0
  69. data/lib/ronin/exploits/registry.rb +32 -0
  70. data/lib/ronin/exploits/rfi.rb +106 -0
  71. data/lib/ronin/exploits/root.rb +28 -0
  72. data/lib/ronin/exploits/seh_overflow.rb +90 -0
  73. data/lib/ronin/exploits/sqli.rb +172 -0
  74. data/lib/ronin/exploits/ssti.rb +108 -0
  75. data/lib/ronin/exploits/stack_overflow.rb +90 -0
  76. data/lib/ronin/exploits/target.rb +63 -103
  77. data/lib/ronin/exploits/test_result.rb +80 -0
  78. data/lib/ronin/exploits/use_after_free.rb +50 -0
  79. data/lib/ronin/exploits/version.rb +11 -12
  80. data/lib/ronin/exploits/web.rb +18 -89
  81. data/lib/ronin/exploits/web_vuln.rb +378 -0
  82. data/lib/ronin/exploits/xss.rb +102 -0
  83. data/lib/ronin/exploits.rb +19 -26
  84. data/man/ronin-exploits-irb.1 +31 -0
  85. data/man/ronin-exploits-irb.1.md +22 -0
  86. data/man/ronin-exploits-list.1 +37 -0
  87. data/man/ronin-exploits-list.1.md +27 -0
  88. data/man/ronin-exploits-new.1 +98 -0
  89. data/man/ronin-exploits-new.1.md +73 -0
  90. data/man/ronin-exploits-run.1 +117 -0
  91. data/man/ronin-exploits-run.1.md +87 -0
  92. data/man/ronin-exploits-show.1 +45 -0
  93. data/man/ronin-exploits-show.1.md +33 -0
  94. data/man/ronin-exploits.1 +55 -0
  95. data/man/ronin-exploits.1.md +41 -0
  96. data/ronin-exploits.gemspec +62 -0
  97. data/spec/advisory_spec.rb +71 -0
  98. data/spec/cli/exploit_command_spec.rb +68 -0
  99. data/spec/cli/exploit_methods_spec.rb +208 -0
  100. data/spec/cli/ruby_shell_spec.rb +14 -0
  101. data/spec/client_side_web_vuln_spec.rb +117 -0
  102. data/spec/exploit_spec.rb +538 -0
  103. data/spec/exploits_spec.rb +3 -4
  104. data/spec/heap_overflow_spec.rb +14 -0
  105. data/spec/lfi_spec.rb +162 -0
  106. data/spec/loot/file_spec.rb +131 -0
  107. data/spec/loot_spec.rb +138 -0
  108. data/spec/memory_corruption_spec.rb +22 -0
  109. data/spec/metadata/arch_spec.rb +82 -0
  110. data/spec/metadata/cookie_param_spec.rb +67 -0
  111. data/spec/metadata/default_filename_spec.rb +62 -0
  112. data/spec/metadata/default_port_spec.rb +62 -0
  113. data/spec/metadata/header_name_spec.rb +67 -0
  114. data/spec/metadata/os_spec.rb +164 -0
  115. data/spec/metadata/shouts_spec.rb +100 -0
  116. data/spec/metadata/url_path_spec.rb +67 -0
  117. data/spec/metadata/url_query_param_spec.rb +67 -0
  118. data/spec/mixins/binary_spec.rb +129 -0
  119. data/spec/mixins/build_dir.rb +66 -0
  120. data/spec/mixins/file_builder_spec.rb +67 -0
  121. data/spec/mixins/format_string_spec.rb +44 -0
  122. data/spec/mixins/has_payload_spec.rb +333 -0
  123. data/spec/mixins/has_targets_spec.rb +434 -0
  124. data/spec/mixins/html_spec.rb +772 -0
  125. data/spec/mixins/http_spec.rb +1227 -0
  126. data/spec/mixins/loot_spec.rb +20 -0
  127. data/spec/mixins/nops_spec.rb +165 -0
  128. data/spec/mixins/remote_tcp_spec.rb +217 -0
  129. data/spec/mixins/remote_udp_spec.rb +217 -0
  130. data/spec/mixins/seh_spec.rb +89 -0
  131. data/spec/mixins/stack_overflow_spec.rb +87 -0
  132. data/spec/mixins/text_spec.rb +43 -0
  133. data/spec/open_redirect_spec.rb +71 -0
  134. data/spec/params/base_url_spec.rb +71 -0
  135. data/spec/params/bind_host_spec.rb +34 -0
  136. data/spec/params/bind_port_spec.rb +35 -0
  137. data/spec/params/filename_spec.rb +77 -0
  138. data/spec/params/host_spec.rb +34 -0
  139. data/spec/params/port_spec.rb +77 -0
  140. data/spec/rfi_spec.rb +107 -0
  141. data/spec/seh_overflow_spec.rb +18 -0
  142. data/spec/spec_helper.rb +6 -10
  143. data/spec/sqli_spec.rb +306 -0
  144. data/spec/ssti_spec.rb +121 -0
  145. data/spec/stack_overflow_spec.rb +18 -0
  146. data/spec/target_spec.rb +92 -0
  147. data/spec/test_result_spec.rb +32 -0
  148. data/spec/use_after_free_spec.rb +14 -0
  149. data/spec/web_spec.rb +12 -0
  150. data/spec/web_vuln_spec.rb +854 -0
  151. data/spec/xss_spec.rb +69 -0
  152. metadata +356 -324
  153. data/Manifest.txt +0 -196
  154. data/README.txt +0 -274
  155. data/bin/ronin-exploit +0 -12
  156. data/bin/ronin-gen-binary-payload +0 -12
  157. data/bin/ronin-gen-exploit +0 -12
  158. data/bin/ronin-gen-ftp-exploit +0 -12
  159. data/bin/ronin-gen-http-exploit +0 -12
  160. data/bin/ronin-gen-local-exploit +0 -12
  161. data/bin/ronin-gen-nops +0 -12
  162. data/bin/ronin-gen-payload +0 -12
  163. data/bin/ronin-gen-remote-exploit +0 -12
  164. data/bin/ronin-gen-remote-tcp-exploit +0 -12
  165. data/bin/ronin-gen-remote-udp-exploit +0 -12
  166. data/bin/ronin-gen-shellcode +0 -12
  167. data/bin/ronin-gen-web-exploit +0 -12
  168. data/bin/ronin-payload +0 -12
  169. data/bin/ronin-payloads +0 -12
  170. data/lib/ronin/controls/behaviors.rb +0 -133
  171. data/lib/ronin/controls/exceptions/not_implemented.rb +0 -27
  172. data/lib/ronin/controls/exceptions/program_not_found.rb +0 -27
  173. data/lib/ronin/controls/exceptions.rb +0 -23
  174. data/lib/ronin/controls/file_system.rb +0 -145
  175. data/lib/ronin/controls/helpers/command_exec.rb +0 -143
  176. data/lib/ronin/controls/helpers/dir_create.rb +0 -42
  177. data/lib/ronin/controls/helpers/dir_listing.rb +0 -62
  178. data/lib/ronin/controls/helpers/dir_remove.rb +0 -42
  179. data/lib/ronin/controls/helpers/file_ctime.rb +0 -52
  180. data/lib/ronin/controls/helpers/file_mtime.rb +0 -53
  181. data/lib/ronin/controls/helpers/file_ownership.rb +0 -53
  182. data/lib/ronin/controls/helpers/file_read.rb +0 -62
  183. data/lib/ronin/controls/helpers/file_remove.rb +0 -51
  184. data/lib/ronin/controls/helpers/file_write.rb +0 -62
  185. data/lib/ronin/controls/helpers/memory_read.rb +0 -39
  186. data/lib/ronin/controls/helpers/memory_write.rb +0 -39
  187. data/lib/ronin/controls/helpers.rb +0 -33
  188. data/lib/ronin/controls.rb +0 -23
  189. data/lib/ronin/exploits/control.rb +0 -47
  190. data/lib/ronin/exploits/exceptions/exception.rb +0 -27
  191. data/lib/ronin/exploits/exceptions/exploit_not_built.rb +0 -29
  192. data/lib/ronin/exploits/exceptions/payload_size.rb +0 -29
  193. data/lib/ronin/exploits/exceptions/restricted_char.rb +0 -29
  194. data/lib/ronin/exploits/exceptions/target_data_missing.rb +0 -29
  195. data/lib/ronin/exploits/exceptions/target_unspecified.rb +0 -29
  196. data/lib/ronin/exploits/exceptions/unknown_helper.rb +0 -29
  197. data/lib/ronin/exploits/exploit_author.rb +0 -33
  198. data/lib/ronin/exploits/ftp.rb +0 -42
  199. data/lib/ronin/exploits/helpers/binary.rb +0 -50
  200. data/lib/ronin/exploits/helpers/buffer_overflow.rb +0 -115
  201. data/lib/ronin/exploits/helpers/file_based.rb +0 -112
  202. data/lib/ronin/exploits/helpers/format_string.rb +0 -117
  203. data/lib/ronin/exploits/helpers/padding.rb +0 -101
  204. data/lib/ronin/exploits/helpers.rb +0 -26
  205. data/lib/ronin/exploits/http.rb +0 -49
  206. data/lib/ronin/exploits/local.rb +0 -40
  207. data/lib/ronin/exploits/remote.rb +0 -40
  208. data/lib/ronin/exploits/remote_tcp.rb +0 -87
  209. data/lib/ronin/exploits/remote_udp.rb +0 -87
  210. data/lib/ronin/exploits/targets/buffer_overflow.rb +0 -46
  211. data/lib/ronin/exploits/targets/format_string.rb +0 -43
  212. data/lib/ronin/exploits/targets.rb +0 -27
  213. data/lib/ronin/exploits/verifiers.rb +0 -121
  214. data/lib/ronin/generators/exploits/exploit.rb +0 -70
  215. data/lib/ronin/generators/exploits/ftp.rb +0 -42
  216. data/lib/ronin/generators/exploits/http.rb +0 -42
  217. data/lib/ronin/generators/exploits/local.rb +0 -42
  218. data/lib/ronin/generators/exploits/remote.rb +0 -42
  219. data/lib/ronin/generators/exploits/remote_tcp.rb +0 -44
  220. data/lib/ronin/generators/exploits/remote_udp.rb +0 -44
  221. data/lib/ronin/generators/exploits/static.rb +0 -30
  222. data/lib/ronin/generators/exploits/web.rb +0 -45
  223. data/lib/ronin/generators/exploits.rb +0 -23
  224. data/lib/ronin/generators/payloads/binary_payload.rb +0 -42
  225. data/lib/ronin/generators/payloads/nops.rb +0 -42
  226. data/lib/ronin/generators/payloads/payload.rb +0 -66
  227. data/lib/ronin/generators/payloads/shellcode.rb +0 -42
  228. data/lib/ronin/generators/payloads/static.rb +0 -30
  229. data/lib/ronin/generators/payloads.rb +0 -23
  230. data/lib/ronin/model/has_default_port.rb +0 -54
  231. data/lib/ronin/model/targets_arch.rb +0 -68
  232. data/lib/ronin/model/targets_os.rb +0 -69
  233. data/lib/ronin/model/targets_product.rb +0 -68
  234. data/lib/ronin/payloads/asm_payload.rb +0 -40
  235. data/lib/ronin/payloads/binary_payload.rb +0 -42
  236. data/lib/ronin/payloads/control.rb +0 -47
  237. data/lib/ronin/payloads/encoders/encoder.rb +0 -92
  238. data/lib/ronin/payloads/encoders/xor.rb +0 -79
  239. data/lib/ronin/payloads/encoders.rb +0 -32
  240. data/lib/ronin/payloads/exceptions/exception.rb +0 -27
  241. data/lib/ronin/payloads/exceptions/not_implemented.rb +0 -29
  242. data/lib/ronin/payloads/exceptions/unknown_helper.rb +0 -29
  243. data/lib/ronin/payloads/exceptions.rb +0 -23
  244. data/lib/ronin/payloads/has_payload.rb +0 -111
  245. data/lib/ronin/payloads/helpers/chained.rb +0 -61
  246. data/lib/ronin/payloads/helpers/rpc.rb +0 -93
  247. data/lib/ronin/payloads/helpers.rb +0 -23
  248. data/lib/ronin/payloads/nops.rb +0 -39
  249. data/lib/ronin/payloads/payload.rb +0 -350
  250. data/lib/ronin/payloads/payload_author.rb +0 -33
  251. data/lib/ronin/payloads/shellcode.rb +0 -40
  252. data/lib/ronin/payloads/web_payload.rb +0 -41
  253. data/lib/ronin/payloads.rb +0 -36
  254. data/lib/ronin/ui/command_line/commands/exploit.rb +0 -193
  255. data/lib/ronin/ui/command_line/commands/exploits.rb +0 -154
  256. data/lib/ronin/ui/command_line/commands/gen_binary_payload.rb +0 -34
  257. data/lib/ronin/ui/command_line/commands/gen_exploit.rb +0 -34
  258. data/lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb +0 -34
  259. data/lib/ronin/ui/command_line/commands/gen_http_exploit.rb +0 -34
  260. data/lib/ronin/ui/command_line/commands/gen_local_exploit.rb +0 -34
  261. data/lib/ronin/ui/command_line/commands/gen_nops.rb +0 -34
  262. data/lib/ronin/ui/command_line/commands/gen_payload.rb +0 -34
  263. data/lib/ronin/ui/command_line/commands/gen_remote_exploit.rb +0 -34
  264. data/lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb +0 -34
  265. data/lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb +0 -34
  266. data/lib/ronin/ui/command_line/commands/gen_shellcode.rb +0 -34
  267. data/lib/ronin/ui/command_line/commands/gen_web_exploit.rb +0 -34
  268. data/lib/ronin/ui/command_line/commands/payload.rb +0 -129
  269. data/lib/ronin/ui/command_line/commands/payloads.rb +0 -128
  270. data/lib/ronin/vuln/behavior.rb +0 -165
  271. data/spec/controls/behaviors_examples.rb +0 -38
  272. data/spec/exploits/binary_exploit_spec.rb +0 -44
  273. data/spec/exploits/buffer_overflow_exploit_spec.rb +0 -70
  274. data/spec/exploits/exploit_spec.rb +0 -313
  275. data/spec/exploits/file_based_exploit_spec.rb +0 -48
  276. data/spec/exploits/format_string_exploit_spec.rb +0 -32
  277. data/spec/exploits/ftp_spec.rb +0 -13
  278. data/spec/exploits/http_spec.rb +0 -17
  279. data/spec/exploits/padding_exploit_spec.rb +0 -44
  280. data/spec/exploits/remote_tcp_spec.rb +0 -28
  281. data/spec/exploits/remote_udp_spec.rb +0 -28
  282. data/spec/exploits/target_spec.rb +0 -98
  283. data/spec/exploits/targets/buffer_overflow_spec.rb +0 -22
  284. data/spec/exploits/web_spec.rb +0 -35
  285. data/spec/generators/exploits/exploit_examples.rb +0 -24
  286. data/spec/generators/exploits/exploit_spec.rb +0 -42
  287. data/spec/generators/exploits/ftp_spec.rb +0 -42
  288. data/spec/generators/exploits/http_spec.rb +0 -42
  289. data/spec/generators/exploits/local_spec.rb +0 -42
  290. data/spec/generators/exploits/remote_spec.rb +0 -42
  291. data/spec/generators/exploits/remote_tcp_spec.rb +0 -47
  292. data/spec/generators/exploits/remote_udp_spec.rb +0 -47
  293. data/spec/generators/exploits/web_spec.rb +0 -52
  294. data/spec/generators/payloads/binary_payload_spec.rb +0 -31
  295. data/spec/generators/payloads/nops_spec.rb +0 -31
  296. data/spec/generators/payloads/payload_examples.rb +0 -16
  297. data/spec/generators/payloads/payload_spec.rb +0 -31
  298. data/spec/generators/payloads/shellcode_spec.rb +0 -31
  299. data/spec/helpers/database.rb +0 -5
  300. data/spec/helpers/objects.rb +0 -22
  301. data/spec/model/has_default_port_spec.rb +0 -27
  302. data/spec/model/models/default_port_model.rb +0 -13
  303. data/spec/model/models/non_default_port_model.rb +0 -11
  304. data/spec/model/models/targets_arch_model.rb +0 -11
  305. data/spec/model/models/targets_os_model.rb +0 -11
  306. data/spec/model/models/targets_product_model.rb +0 -11
  307. data/spec/model/targets_arch_spec.rb +0 -32
  308. data/spec/model/targets_os_spec.rb +0 -33
  309. data/spec/model/targets_product_spec.rb +0 -35
  310. data/spec/objects/exploits/example.rb +0 -25
  311. data/spec/objects/exploits/simple.rb +0 -24
  312. data/spec/objects/payloads/simple.rb +0 -19
  313. data/spec/payloads/encoders/encoder_spec.rb +0 -30
  314. data/spec/payloads/encoders/xor_spec.rb +0 -20
  315. data/spec/payloads/payload_spec.rb +0 -156
  316. data/spec/vuln/behavior_spec.rb +0 -15
  317. data/static/ronin/generators/exploits/_cache.erb +0 -14
  318. data/static/ronin/generators/exploits/_header.erb +0 -1
  319. data/static/ronin/generators/exploits/_helpers.erb +0 -4
  320. data/static/ronin/generators/exploits/exploit.erb +0 -24
  321. data/static/ronin/generators/exploits/ftp.erb +0 -24
  322. data/static/ronin/generators/exploits/http.erb +0 -26
  323. data/static/ronin/generators/exploits/local.erb +0 -24
  324. data/static/ronin/generators/exploits/remote.erb +0 -24
  325. data/static/ronin/generators/exploits/remote_tcp.erb +0 -26
  326. data/static/ronin/generators/exploits/remote_udp.erb +0 -26
  327. data/static/ronin/generators/exploits/web.erb +0 -28
  328. data/static/ronin/generators/payloads/_cache.erb +0 -10
  329. data/static/ronin/generators/payloads/_header.erb +0 -1
  330. data/static/ronin/generators/payloads/_helpers.erb +0 -2
  331. data/static/ronin/generators/payloads/binary_payload.erb +0 -25
  332. data/static/ronin/generators/payloads/nops.erb +0 -19
  333. data/static/ronin/generators/payloads/payload.erb +0 -25
  334. data/static/ronin/generators/payloads/shellcode.erb +0 -25
  335. data/tasks/spec.rb +0 -10
  336. data/tasks/yard.rb +0 -13
  337. data.tar.gz.sig +0 -0
  338. metadata.gz.sig +0 -0
data/spec/lfi_spec.rb ADDED
@@ -0,0 +1,162 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/lfi'
3
+
4
+ describe Ronin::Exploits::LFI do
5
+ module TestLFI
6
+ class TestExploit < Ronin::Exploits::LFI
7
+ base_path '/Templatize.asp'
8
+ query_param 'item'
9
+ end
10
+ end
11
+
12
+ let(:exploit_class) { TestLFI::TestExploit }
13
+ let(:base_url) { 'http://testasp.vulnweb.com/' }
14
+ let(:query) { 'item=html/about.html' }
15
+ let(:query_param) { 'item' }
16
+
17
+ subject do
18
+ exploit_class.new(
19
+ params: {
20
+ base_url: base_url
21
+ }
22
+ )
23
+ end
24
+
25
+ describe ".depth" do
26
+ subject { exploit_class }
27
+
28
+ context "and when depth is not set in the class" do
29
+ module TestLFI
30
+ class WithNoDepthSet < Ronin::Exploits::LFI
31
+ end
32
+ end
33
+
34
+ let(:exploit_class) { TestLFI::WithNoDepthSet }
35
+
36
+ it "must default to Ronin::Vulns::LFI::DEFAULT_DEPTH" do
37
+ expect(subject.depth).to be(Ronin::Vulns::LFI::DEFAULT_DEPTH)
38
+ end
39
+ end
40
+
41
+ context "and when depth is set in the class" do
42
+ module TestLFI
43
+ class WithDepthSet < Ronin::Exploits::LFI
44
+ depth 5
45
+ end
46
+ end
47
+
48
+ let(:exploit_class) { TestLFI::WithDepthSet }
49
+
50
+ it "must return the set depth" do
51
+ expect(subject.depth).to eq(5)
52
+ end
53
+ end
54
+
55
+ context "but when the depth was set in the superclass" do
56
+ module TestLFI
57
+ class InheritsItsDepth < WithDepthSet
58
+ end
59
+ end
60
+
61
+ let(:exploit_class) { TestLFI::InheritsItsDepth }
62
+
63
+ it "must return the depth set in the superclass" do
64
+ expect(subject.depth).to eq(5)
65
+ end
66
+
67
+ context "but the depth is overridden in the sub-class" do
68
+ module TestLFI
69
+ class OverridesItsInheritedDepth < WithDepthSet
70
+ depth 7
71
+ end
72
+ end
73
+
74
+ let(:exploit_class) do
75
+ TestLFI::OverridesItsInheritedDepth
76
+ end
77
+
78
+ it "must return the depth set in the sub-class" do
79
+ expect(subject.depth).to eq(7)
80
+ end
81
+ end
82
+ end
83
+ end
84
+
85
+ describe ".exploit_type" do
86
+ subject { described_class }
87
+
88
+ it { expect(subject.exploit_type).to eq(:lfi) }
89
+ end
90
+
91
+ describe "#vuln" do
92
+ it "must return a Ronin::Vulns::LFI object" do
93
+ expect(subject.vuln).to be_kind_of(Ronin::Vulns::LFI)
94
+ end
95
+
96
+ it "must set the #url attribute of the LFI vuln object" do
97
+ expect(subject.vuln.url).to eq(subject.url)
98
+ end
99
+
100
+ it "must default the #os attribute of the LFI vuln object to :unix" do
101
+ expect(subject.vuln.os).to be(:unix)
102
+ end
103
+
104
+ context "when the 'os' param is set" do
105
+ let(:os) { :windows }
106
+
107
+ subject do
108
+ exploit_class.new(
109
+ params: {
110
+ base_url: base_url,
111
+ os: os
112
+ }
113
+ )
114
+ end
115
+
116
+ it "must set the #os attribute of the LFI vuln object to the 'os' param" do
117
+ expect(subject.vuln.os).to eq(os)
118
+ end
119
+ end
120
+
121
+ it "must default the #depth attribute of the LFI vuln object to Ronin::Vulns::DEFAULT_DEPTH" do
122
+ expect(subject.vuln.depth).to be(Ronin::Vulns::LFI::DEFAULT_DEPTH)
123
+ end
124
+
125
+ context "when the exploit class defines a custom depth" do
126
+ module TestLFI
127
+ class TestExploitWithDepth < Ronin::Exploits::LFI
128
+ base_path '/Templatize.asp'
129
+ query_param 'item'
130
+ depth 10
131
+ end
132
+ end
133
+
134
+ let(:exploit_class) { TestLFI::TestExploitWithDepth }
135
+
136
+ it "must set the #depth attribute of the LFI vuln object to the exploit class'es depth" do
137
+ expect(subject.vuln.depth).to eq(exploit_class.depth)
138
+ end
139
+ end
140
+
141
+ it "must not set the #filter_bypass attribute of the LFI vuln object by default" do
142
+ expect(subject.vuln.filter_bypass).to be(nil)
143
+ end
144
+
145
+ context "when the 'filter_bypass' param is set" do
146
+ let(:filter_bypass) { :base64 }
147
+
148
+ subject do
149
+ exploit_class.new(
150
+ params: {
151
+ base_url: base_url,
152
+ filter_bypass: filter_bypass
153
+ }
154
+ )
155
+ end
156
+
157
+ it "must set the #filter_bypass attribute of the LFI vuln object to the 'filter_bypass' param" do
158
+ expect(subject.vuln.filter_bypass).to eq(filter_bypass)
159
+ end
160
+ end
161
+ end
162
+ end
@@ -0,0 +1,131 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/loot/file'
3
+
4
+ require 'tmpdir'
5
+
6
+ describe Ronin::Exploits::Loot::File do
7
+ let(:path) { 'test.txt' }
8
+ let(:contents) { 'this is a test' }
9
+
10
+ subject { described_class.new(path,contents) }
11
+
12
+ describe "#initialize" do
13
+ it "must set #path" do
14
+ expect(subject.path).to eq(path)
15
+ end
16
+
17
+ it "must set #contents" do
18
+ expect(subject.contents).to eq(contents)
19
+ end
20
+
21
+ it "must default #format to nil" do
22
+ expect(subject.format).to be(nil)
23
+ end
24
+
25
+ context "when given the format: keyword argument" do
26
+ let(:format) { :json }
27
+
28
+ subject { described_class.new(path,contents, format: format) }
29
+
30
+ it "must set #format" do
31
+ expect(subject.format).to be(format)
32
+ end
33
+ end
34
+ end
35
+
36
+ describe "#to_s" do
37
+ context "when #format is nil" do
38
+ it "must return the #contents" do
39
+ expect(subject.contents).to eq(contents)
40
+ end
41
+
42
+ context "when #contents is not a String" do
43
+ let(:contents) { 42 }
44
+
45
+ it "must call #to_s on #contents" do
46
+ expect(subject.to_s).to eq(contents.to_s)
47
+ end
48
+ end
49
+ end
50
+
51
+ context "when #format is :json" do
52
+ let(:contents) do
53
+ [true, 42, 1.0, [], {}]
54
+ end
55
+ let(:format) { :json }
56
+
57
+ subject { described_class.new(path,contents, format: format) }
58
+
59
+ it "must convert #contents to pretty JSON" do
60
+ expect(subject.to_s).to eq(JSON.pretty_generate(contents))
61
+ end
62
+ end
63
+
64
+ context "when #format is :yaml" do
65
+ let(:contents) do
66
+ {foo: true, bar: {baz: 42}}
67
+ end
68
+ let(:format) { :yaml }
69
+
70
+ subject { described_class.new(path,contents, format: format) }
71
+
72
+ it "must convert #contents to YAML" do
73
+ expect(subject.to_s).to eq(YAML.dump(contents))
74
+ end
75
+ end
76
+
77
+ context "when #format is :csv" do
78
+ let(:contents) do
79
+ [
80
+ %w[A B C ],
81
+ %w[foo bar baz]
82
+ ]
83
+ end
84
+ let(:format) { :csv }
85
+
86
+ subject { described_class.new(path,contents, format: format) }
87
+
88
+ it "must convert #contents to CSV" do
89
+ expect(subject.to_s).to eq(
90
+ contents.map(&:to_csv).join
91
+ )
92
+ end
93
+ end
94
+
95
+ context "when #format is an unknown value" do
96
+ let(:format) { :foo }
97
+
98
+ subject { described_class.new(path,contents, format: format) }
99
+
100
+ it do
101
+ expect {
102
+ subject.to_s
103
+ }.to raise_error(NotImplementedError,"unsupported loot format: #{format.inspect}")
104
+ end
105
+ end
106
+ end
107
+
108
+ describe "#save" do
109
+ let(:output_dir) { Dir.mktmpdir('ronin-exploits-loot') }
110
+
111
+ before { subject.save(output_dir) }
112
+
113
+ it "must write the #contents to the #path within the output directory" do
114
+ expect(File.read(File.join(output_dir,path))).to eq(contents)
115
+ end
116
+
117
+ context "when the path is a multi-directory relative path" do
118
+ let(:path) { 'path/to/test.txt' }
119
+
120
+ it "must create the parent directories" do
121
+ parent_dir = File.dirname(File.join(output_dir,path))
122
+
123
+ expect(File.directory?(parent_dir)).to be(true)
124
+ end
125
+
126
+ it "must write the #contents to the #path within the output directory" do
127
+ expect(File.read(File.join(output_dir,path))).to eq(contents)
128
+ end
129
+ end
130
+ end
131
+ end
data/spec/loot_spec.rb ADDED
@@ -0,0 +1,138 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/loot'
3
+
4
+ require 'tmpdir'
5
+
6
+ describe Ronin::Exploits::Loot do
7
+ describe "#initialize" do
8
+ it "must initialize the loot store to being empty" do
9
+ expect(subject).to be_empty
10
+ end
11
+ end
12
+
13
+ describe "#add" do
14
+ let(:path) { 'test.txt' }
15
+ let(:contents) { 'this is a set' }
16
+
17
+ it "must add a File to the loot store with the given path and contents" do
18
+ subject.add(path,contents)
19
+
20
+ expect(subject[path]).to be_kind_of(described_class::File)
21
+ expect(subject[path].contents).to eq(contents)
22
+ end
23
+
24
+ context "when the format: keyword argument is given" do
25
+ let(:format) { :json }
26
+
27
+ it "must set the #format of the loot file" do
28
+ subject.add(path,contents, format: format)
29
+
30
+ expect(subject[path]).to be_kind_of(described_class::File)
31
+ expect(subject[path].format).to be(format)
32
+ end
33
+ end
34
+ end
35
+
36
+ describe "#[]" do
37
+ context "when given a path of a previously added loot file" do
38
+ let(:path) { 'test.txt' }
39
+ let(:contents) { 'this is a set' }
40
+
41
+ before { subject.add(path,contents) }
42
+
43
+ it "must return the #{described_class}::File object for the given path" do
44
+ expect(subject[path]).to be_kind_of(described_class::File)
45
+ expect(subject[path].contents).to eq(contents)
46
+ end
47
+ end
48
+
49
+ context "when the given path does not map to a loot file in the loot store" do
50
+ let(:path) { 'foo' }
51
+
52
+ it "must return nil" do
53
+ expect(subject[path]).to be(nil)
54
+ end
55
+ end
56
+ end
57
+
58
+ describe "#each" do
59
+ let(:path1) { 'test1.txt' }
60
+ let(:contents1) { 'test 1' }
61
+
62
+ let(:path2) { 'test2.txt' }
63
+ let(:contents2) { 'test 2' }
64
+
65
+ before do
66
+ subject.add(path1,contents1)
67
+ subject.add(path2,contents2)
68
+ end
69
+
70
+ context "when given a block" do
71
+ it "must yield every #{described_class}::File in the loot store" do
72
+ expect { |b|
73
+ subject.each(&b)
74
+ }.to yield_successive_args(subject[path1], subject[path2])
75
+ end
76
+ end
77
+
78
+ context "when no block is given" do
79
+ it "must return an Enumerator for #each" do
80
+ expect(subject.each.to_a).to eq([subject[path1], subject[path2]])
81
+ end
82
+ end
83
+ end
84
+
85
+ describe "#empty?" do
86
+ context "when the loot store contains loot files" do
87
+ let(:path) { 'test.txt' }
88
+ let(:contents) { 'this is a set' }
89
+
90
+ before { subject.add(path,contents) }
91
+
92
+ it "must return false" do
93
+ expect(subject.empty?).to be(false)
94
+ end
95
+ end
96
+
97
+ context "when the loot store does not contain loot files" do
98
+ it "must return true" do
99
+ expect(subject.empty?).to be(true)
100
+ end
101
+ end
102
+ end
103
+
104
+ describe "#save" do
105
+ context "when the loot store contains loot files" do
106
+ let(:path1) { 'test1.txt' }
107
+ let(:contents1) { 'test 1' }
108
+
109
+ let(:path2) { 'test2.txt' }
110
+ let(:contents2) { 'test 2' }
111
+
112
+ let(:output_dir) { Dir.mktmpdir('ronin-exploits-loot') }
113
+
114
+ before do
115
+ subject.add(path1,contents1)
116
+ subject.add(path2,contents2)
117
+ subject.save(output_dir)
118
+ end
119
+
120
+ it "must save each loot file into the output directory" do
121
+ expect(File.read(File.join(output_dir,path1))).to eq(contents1)
122
+ expect(File.read(File.join(output_dir,path2))).to eq(contents2)
123
+ end
124
+ end
125
+
126
+ context "when the loot store is empty" do
127
+ let(:output_dir) do
128
+ File.join(Dir.mktmpdir('ronin-exploits-loot'),'new_dir')
129
+ end
130
+
131
+ before { subject.save(output_dir) }
132
+
133
+ it "must still create the output directory" do
134
+ expect(File.directory?(output_dir)).to be(true)
135
+ end
136
+ end
137
+ end
138
+ end
@@ -0,0 +1,22 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/memory_corruption'
3
+
4
+ describe Ronin::Exploits::MemoryCorruption do
5
+ it "must inherit from Ronin::Exploits::Exploit" do
6
+ expect(described_class).to be < Ronin::Exploits::Exploit
7
+ end
8
+
9
+ it "must include Ronin::Exploits::Metadata::Arch" do
10
+ expect(described_class).to include(Ronin::Exploits::Metadata::Arch)
11
+ end
12
+
13
+ it "must include Ronin::Exploits::Metadata::OS" do
14
+ expect(described_class).to include(Ronin::Exploits::Metadata::OS)
15
+ end
16
+
17
+ describe ".exploit_type" do
18
+ subject { described_class }
19
+
20
+ it { expect(subject.exploit_type).to eq(:memory_corruption) }
21
+ end
22
+ end
@@ -0,0 +1,82 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/metadata/arch'
3
+
4
+ describe Ronin::Exploits::Metadata::Arch do
5
+ module TestMetadataArch
6
+ class WithNoArchSet
7
+ include Ronin::Exploits::Metadata::Arch
8
+ end
9
+
10
+ class WithArchSet
11
+ include Ronin::Exploits::Metadata::Arch
12
+
13
+ arch :x86_64
14
+ end
15
+
16
+ class InheritsItsArch < WithArchSet
17
+ include Ronin::Exploits::Metadata::Arch
18
+ end
19
+
20
+ class OverridesItsInheritedArch < WithArchSet
21
+ include Ronin::Exploits::Metadata::Arch
22
+
23
+ arch :armbe
24
+ end
25
+ end
26
+
27
+ describe ".arch" do
28
+ subject { test_class }
29
+
30
+ context "and when arch is not set in the class" do
31
+ let(:test_class) { TestMetadataArch::WithNoArchSet }
32
+
33
+ it "must default to nil" do
34
+ expect(subject.arch).to be(nil)
35
+ end
36
+ end
37
+
38
+ context "and when arch is set in the class" do
39
+ let(:test_class) { TestMetadataArch::WithArchSet }
40
+
41
+ it "must return the set arch" do
42
+ expect(subject.arch).to eq(:x86_64)
43
+ end
44
+ end
45
+
46
+ context "but when the arch was set in the superclass" do
47
+ let(:test_class) { TestMetadataArch::InheritsItsArch }
48
+
49
+ it "must return the arch set in the superclass" do
50
+ expect(subject.arch).to eq(:x86_64)
51
+ end
52
+
53
+ context "but the arch is overridden in the sub-class" do
54
+ let(:test_class) { TestMetadataArch::OverridesItsInheritedArch }
55
+
56
+ it "must return the arch set in the sub-class" do
57
+ expect(subject.arch).to eq(:armbe)
58
+ end
59
+ end
60
+ end
61
+ end
62
+
63
+ describe "#arch" do
64
+ subject { test_class.new }
65
+
66
+ context "when the Exploit class has .arch set" do
67
+ let(:test_class) { TestMetadataArch::WithArchSet }
68
+
69
+ it "must return the Exploit class'es .arch" do
70
+ expect(subject.arch).to eq(test_class.arch)
71
+ end
72
+ end
73
+
74
+ context "when the Exploit class does not have .arch set" do
75
+ let(:test_class) { TestMetadataArch::WithNoArchSet }
76
+
77
+ it "must return nil" do
78
+ expect(subject.arch).to be(nil)
79
+ end
80
+ end
81
+ end
82
+ end
@@ -0,0 +1,67 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/metadata/cookie_param'
3
+
4
+ describe Ronin::Exploits::Metadata::CookieParam do
5
+ describe ".cookie_param" do
6
+ subject { test_class }
7
+
8
+ context "and when cookie_param is not set in the class" do
9
+ module TestMetadataCookieParam
10
+ class WithNoCookieParamSet
11
+ include Ronin::Exploits::Metadata::CookieParam
12
+ end
13
+ end
14
+
15
+ let(:test_class) { TestMetadataCookieParam::WithNoCookieParamSet }
16
+
17
+ it "must default to nil" do
18
+ expect(subject.cookie_param).to be(nil)
19
+ end
20
+ end
21
+
22
+ context "and when cookie_param is set in the class" do
23
+ module TestMetadataCookieParam
24
+ class WithCookieParamSet
25
+ include Ronin::Exploits::Metadata::CookieParam
26
+
27
+ cookie_param 'test'
28
+ end
29
+ end
30
+
31
+ let(:test_class) { TestMetadataCookieParam::WithCookieParamSet }
32
+
33
+ it "must return the set cookie_param" do
34
+ expect(subject.cookie_param).to eq("test")
35
+ end
36
+ end
37
+
38
+ context "but when the cookie_param was set in the superclass" do
39
+ module TestMetadataCookieParam
40
+ class InheritsItsCookieParam < WithCookieParamSet
41
+ end
42
+ end
43
+
44
+ let(:test_class) { TestMetadataCookieParam::InheritsItsCookieParam }
45
+
46
+ it "must return the cookie_param set in the superclass" do
47
+ expect(subject.cookie_param).to eq("test")
48
+ end
49
+
50
+ context "but the cookie_param is overridden in the sub-class" do
51
+ module TestMetadataCookieParam
52
+ class OverridesItsInheritedCookieParam < WithCookieParamSet
53
+ cookie_param "test2"
54
+ end
55
+ end
56
+
57
+ let(:test_class) do
58
+ TestMetadataCookieParam::OverridesItsInheritedCookieParam
59
+ end
60
+
61
+ it "must return the cookie_param set in the sub-class" do
62
+ expect(subject.cookie_param).to eq("test2")
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,62 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/metadata/default_filename'
3
+
4
+ describe Ronin::Exploits::Metadata::DefaultFilename do
5
+ module TestMetadataDefaultFilename
6
+ class WithNoDefaultFilenameSet
7
+ include Ronin::Exploits::Metadata::DefaultFilename
8
+ end
9
+
10
+ class WithDefaultFilenameSet
11
+ include Ronin::Exploits::Metadata::DefaultFilename
12
+
13
+ default_filename 'exploit.docx'
14
+ end
15
+
16
+ class InheritsItsDefaultFilename < WithDefaultFilenameSet
17
+ include Ronin::Exploits::Metadata::DefaultFilename
18
+ end
19
+
20
+ class OverridesItsInheritedDefaultFilename < WithDefaultFilenameSet
21
+ include Ronin::Exploits::Metadata::DefaultFilename
22
+
23
+ default_filename 'exploit2.docx'
24
+ end
25
+ end
26
+
27
+ describe ".default_filename" do
28
+ subject { test_class }
29
+
30
+ context "and when default filename is not set in the class" do
31
+ let(:test_class) { TestMetadataDefaultFilename::WithNoDefaultFilenameSet }
32
+
33
+ it "must default to nil" do
34
+ expect(subject.default_filename).to be(nil)
35
+ end
36
+ end
37
+
38
+ context "and when default filename is set in the class" do
39
+ let(:test_class) { TestMetadataDefaultFilename::WithDefaultFilenameSet }
40
+
41
+ it "must return the set default_filename" do
42
+ expect(subject.default_filename).to eq('exploit.docx')
43
+ end
44
+ end
45
+
46
+ context "but when the default filename was set in the superclass" do
47
+ let(:test_class) { TestMetadataDefaultFilename::InheritsItsDefaultFilename }
48
+
49
+ it "must return the default filename set in the superclass" do
50
+ expect(subject.default_filename).to eq('exploit.docx')
51
+ end
52
+
53
+ context "but the default filename is overridden in the sub-class" do
54
+ let(:test_class) { TestMetadataDefaultFilename::OverridesItsInheritedDefaultFilename }
55
+
56
+ it "must return the default filename set in the sub-class" do
57
+ expect(subject.default_filename).to eq('exploit2.docx')
58
+ end
59
+ end
60
+ end
61
+ end
62
+ end