ronin-exploits 0.3.1 → 1.0.0.beta1

data/lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb

@@ -1,34 +0,0 @@
-#
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/generators/exploits/remote_udp'
-
-module Ronin
-  module UI
-    module CommandLine
-      module Commands
-        class GenRemoteUdpExploit < Generators::Exploits::RemoteUDP
-
-        end
-      end
-    end
-  end
-end

data/lib/ronin/ui/command_line/commands/gen_shellcode.rb

@@ -1,34 +0,0 @@
-#
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/generators/payloads/shellcode'
-
-module Ronin
-  module UI
-    module CommandLine
-      module Commands
-        class GenShellcode < Generators::Payloads::Shellcode
-
-        end
-      end
-    end
-  end
-end

data/lib/ronin/ui/command_line/commands/gen_web_exploit.rb

@@ -1,34 +0,0 @@
-#
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/generators/exploits/web'
-
-module Ronin
-  module UI
-    module CommandLine
-      module Commands
-        class GenWebExploit < Generators::Exploits::Web
-
-        end
-      end
-    end
-  end
-end

data/lib/ronin/ui/command_line/commands/payload.rb

@@ -1,129 +0,0 @@
-#
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/payloads'
-require 'ronin/ui/command_line/command'
-require 'ronin/database'
-
-require 'parameters/parser'
-
-module Ronin
-  module UI
-    module CommandLine
-      module Commands
-        class Payload < Command
-
-          desc "payload [NAME] [options]", "Builds the specified Payload"
-          method_option :database, :type => :string, :default => Database.config, :aliases => '-D'
-          method_option :params, :type => :array, :default => [], :aliases => '-p'
-          method_option :host, :type => :string
-          method_option :port, :type => :numeric
-          method_option :local_host, :type => :string
-          method_option :local_port, :type => :numeric
-          method_option :file, :type => :string, :aliases => '-f'
-          method_option :describing, :type => :string, :aliases => '-d'
-          method_option :version, :type => :string, :aliases => '-V'
-          method_option :license, :type => :string, :aliases => '-l'
-          method_option :arch, :type => :string, :aliases => '-a'
-          method_option :os, :type => :string, :aliases => '-o'
-          method_option :raw, :type => :boolean, :aliases => '-r'
-
-          def default(name=nil)
-            UI::Output.silent = true if options.raw?
-            Database.setup(options[:database])
-
-            # Load the payload
-            if options[:file]
-              load_payload!
-            else
-              find_payload!(name)
-            end
-
-            unless @payload
-              print_error "Could not find the specified payload"
-              exit -1
-            end
-
-            params = Parameters::Parser.parse(options[:params])
-            params[:host] = options[:host] if options[:host]
-            params[:port] = options[:port] if options[:port]
-            params[:local_host] = options[:local_host] if options[:local_host]
-            params[:local_port] = options[:local_port] if options[:local_port]
-
-            begin
-              # Build the payload
-              @payload.build!(params)
-            rescue Parameters::MissingParam, Payloads::Exception => e
-              print_error(e.message)
-            end
-
-            raw_payload = @payload.raw_payload
-
-            if options.raw?
-              # Write the raw payload
-              STDOUT.write(raw_payload)
-            else
-              # Dump the built payload
-              puts raw_payload.dump
-            end
-          end
-
-          protected
-
-          def load_payload!
-            @payload = Payloads::Payload.load_from(options[:file])
-          end
-
-          def find_payload!(name=nil)
-            @payload = Payloads::Payload.load_first do |payloads|
-              if name
-                payloads = payloads.named(name)
-              end
-
-              if options[:describing]
-                payloads = payloads.describing(options[:describing])
-              end
-
-              if options[:version]
-                payloads = payloads.revision(options[:version])
-              end
-
-              if options[:license]
-                payloads = payloads.licensed_under(options[:license])
-              end
-
-              if options[:arch]
-                payloads = payloads.targeting_arch(options[:arch])
-              end
-
-              if options[:os]
-                payloads = payloads.targeting_os(options[:os])
-              end
-
-              payloads
-            end
-          end
-
-        end
-      end
-    end
-  end
-end

data/lib/ronin/ui/command_line/commands/payloads.rb

@@ -1,128 +0,0 @@
-#
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/ui/command_line/command'
-
-require 'ronin/payloads'
-require 'ronin/database'
-
-module Ronin
-  module UI
-    module CommandLine
-      module Commands
-        class Payloads < Command
-
-          desc "payloads [options]", "Lists the available Payloads"
-          method_option :database, :type => :string, :default => Database.config, :aliases => '-D'
-          method_option :name, :type => :string, :aliases => '-n'
-          method_option :version, :type => :string, :aliases => '-v'
-          method_option :describing, :stype => :string, :aliases => '-d'
-          method_option :license, :type => :string, :aliases => '-l'
-          method_option :arch, :type => :string, :aliases => '-a'
-          method_option :os, :type => :string, :aliases => '-o'
-          method_option :verbose, :type => :boolean, :aliases => '-v'
-
-          def default
-            Database.setup(options[:database])
-
-            payloads = Ronin::Payloads::Payload.all
-
-            if options[:name]
-              payloads = payloads.named(options[:name])
-            end
-
-            if options[:version]
-              payloads = payloads.revision(options[:version])
-            end
-
-            if options[:describing]
-              payloads = payloads.describing(options[:describing])
-            end
-
-            if options[:license]
-              payloads = payloads.licensed_under(options[:license])
-            end
-
-            if options[:arch]
-              payloads = payloads.targeting_arch(options[:arch])
-            end
-
-            if options[:os]
-              payloads = payloads.targeting_os(options[:os])
-            end
-
-            if payloads.empty?
-              print_error "Could not find similar payloads"
-              exit -1
-            end
-
-            if options.verbose?
-              payloads.each { |payload| print_payload(payload) }
-            else
-              indent do
-                payloads.each { |payload| puts payload }
-              end
-            end
-          end
-
-          protected
-
-          def print_payload(payload)
-            attributes = payload.humanize_attributes(
-              :exclude => [:description]
-            )
-            attributes['Arch'] = payload.arch if payload.arch
-            attributes['OS'] = payload.os if payload.os
-
-            print_hash(attributes, :title => "Payload: #{payload}")
-
-            indent do
-              if payload.description
-                puts "Description:\n\n"
-                indent do
-                  payload.description.each_line { |line| puts line }
-                end
-                puts "\n"
-              end
-
-              unless payload.authors.empty?
-                payload.authors.each do |author|
-                  print_hash(author.humanize_attributes, :title => 'Author')
-                end
-              end
-
-              unless payload.behaviors.empty?
-                print_array(payload.behaviors, :title => 'Controls')
-              end
-
-              attempt { payload.load_original! }
-
-              unless payload.params.empty?
-                print_array(payload.params.values, :title => 'Parameters')
-              end
-            end
-          end
-
-        end
-      end
-    end
-  end
-end

data/lib/ronin/vuln/behavior.rb

@@ -1,165 +0,0 @@
-#
-# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
-# payload crafting functionality.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/extensions/meta'
-require 'ronin/extensions/string'
-require 'ronin/model'
-
-require 'dm-predefined'
-
-module Ronin
-  module Vuln
-    class Behavior
-
-      include Model
-      include DataMapper::Predefined
-
-      # Primary key of the behavior
-      property :id, Serial
-
-      # Name of the behavior
-      property :name, String
-
-      # Description for the behavior
-      property :description, Text
-
-      # Validates
-      validates_present :name, :description
-      validates_is_unique :name
-
-      #
-      # Converts the behavior to a String.
-      #
-      # @return [String]
-      #   The name of the behavior.
-      #
-      def to_s
-        @name.to_s
-      end
-
-      protected
-
-      #
-      # Defines a new builtin Behavior.
-      #
-      # @param [Symbol, String] name
-      #   The name of the behavior to predefine.
-      #
-      # @param [String] description
-      #   The description of the behavior.
-      #
-      # @example Defining a builtin Behavior
-      #   Behavior.predefine :command_exec, "Arbitrary command execution"
-      #
-      # @example Retrieving a predefined behavior
-      #   Behavior.command_exec
-      #
-      def self.predefine(name,description=nil)
-        super(name,:name => name.to_s, :description => description)
-      end
-
-      # The ability to read memory
-      predefine :memory_read, "The ability to read memory"
-
-      # The ability to write to memory
-      predefine :memory_write, "The ability to write to memory"
-
-      # The ability to execute from memory
-      predefine :memory_exec, "The ability to execute memory"
-
-      # The ability to create files
-      predefine :file_create, "Arbitrary file creation"
-
-      # The ability to read files
-      predefine :file_read, "The ability to read from a file"
-
-      # The ability to write to a file
-      predefine :file_write, "The ability to write to a file"
-
-      # The ability to modify existing files
-      predefine :file_modify, "The ability to modify an existing file"
-
-      # The ability to change ownership on files
-      predefine :file_ownership, "The ability to change ownership of an existing file"
-
-      # The ability to change the modification time on files
-      predefine :file_mtime, "The ability to change the modification timestamp of a file"
-
-      # The ability to change the creation time on files
-      predefine :file_ctime, "The ability to change the creation timestamp of a file"
-
-      # The ability to create directories
-      predefine :dir_create, "The ability to create a directory"
-
-      # The ability to list the contents of directories
-      predefine :dir_listing, "The ability to list the contents of a directory"
-
-      # The ability to redirect socket connections
-      predefine :socket_redirect, "The ability to redirect a socket's connection"
-
-      # The ability to create socket connections
-      predefine :socket_connect, "The ability to create a network socket"
-
-      # The ability to listen on a socket
-      predefine :socket_listen, "The ability to listen on a network socket"
-
-      # The ability to read from a socket
-      predefine :socket_read, "The ability to read from a network socket"
-
-      # The ability to write to a socket
-      predefine :socket_write, "The ability to write to a network socket"
-
-      # The ability to execute code
-      predefine :code_exec, "Arbitrary code execution"
-
-      # The ability to execute commands
-      predefine :command_exec, "Arbitrary command execution"
-
-      # The ability to bypass authentication
-      predefine :auth_bypass, "Authentication by-pass"
-
-      # The ability to gain privileges
-      predefine :gain_privileges, "Gain privileges"
-
-      # The ability to drop privileges
-      predefine :drop_privileges, "Drop privileges"
-
-      # The ability to safely exit a running program
-      predefine :exit_program, "Exit program"
-
-      # The ability to crash a running program
-      predefine :crash_program, "Crash program"
-
-      # The ability to exhaust available memory
-      predefine :exhaust_memory, "Exhaust freely available memory"
-
-      # The ability to exhaust available disk space
-      predefine :exhaust_disk, "Exhaust freely available disk-space"
-
-      # The ability to exhaust available network bandwidth
-      predefine :exhaust_bandwidth, "Exhaust available bandwidth"
-
-      # The ability to exhaust CPU access
-      predefine :exhaust_cpu, "Exhaust CPU performance"
-
-    end
-  end
-end

data/spec/controls/behaviors_examples.rb

@@ -1,38 +0,0 @@
-require 'spec_helper'
-
-shared_examples_for "controls behaviors" do
-  it "should have a model to represent the controled behaviors" do
-    @controler.control_model.include?(Ronin::Model).should == true
-  end
-
-  it "should not have any controled behaviors by default" do
-    @controler.controls.should be_empty
-  end
-
-  it "should specify what behaviors to be controled" do
-    @controler.control :memory_read, :memory_write
-
-    @controler.behaviors.should == [:memory_read, :memory_write]
-  end
-
-  it "should extend a control module if on exists for the behavior" do
-    @controler.control :command_exec
-
-    @controler.behaviors.should == [:command_exec]
-    @controler.kind_of?(Ronin::Controls::Helpers::CommandExec).should == true
-  end
-
-  it "should not extend a control module if none exist for the behavior" do
-    @controler.control :exhaust_memory
-
-    @controler.behaviors.should == [:exhaust_memory]
-  end
-
-  it "should load the control modules for the behaviors" do
-    @controler.control :command_exec
-    @controler.cache!
-
-    cached = @controler.class.load_first(:name => @controler.name)
-    cached.kind_of?(Ronin::Controls::Helpers::CommandExec).should == true
-  end
-end

data/spec/exploits/binary_exploit_spec.rb

@@ -1,44 +0,0 @@
-require 'ronin/exploits/local'
-require 'ronin/exploits/helpers/binary'
-
-require 'spec_helper'
-
-describe Exploits::Helpers::Binary do
-  before(:all) do
-    @exploit = Exploits::Local.new do
-      helper :binary
-
-      targeting(:arch => Arch.i686)
-      targeting(:arch => nil)
-
-      def pack_integer
-        pack(0xffffaaaa)
-      end
-
-      def pack_integer_with_address_length
-        pack(0xffffaaaa,2)
-      end
-    end
-  end
-
-  it "should require a targeted arch" do
-    @exploit.target = @exploit.targets.last
-    @exploit.target.arch.should be_nil
-
-    lambda {
-      @exploit.pack_integer
-    }.should raise_error(Exploits::TargetDataMissing)
-  end
-
-  it "should be able to pack an integer" do
-    @exploit.target = @exploit.targets.first
-
-    @exploit.pack_integer.should == "\xaa\xaa\xff\xff"
-  end
-
-  it "should be able to pack an integer with an address length" do
-    @exploit.target = @exploit.targets.first
-
-    @exploit.pack_integer_with_address_length.should == "\xaa\xaa"
-  end
-end

data/spec/exploits/buffer_overflow_exploit_spec.rb

@@ -1,70 +0,0 @@
-require 'ronin/exploits/local'
-require 'ronin/exploits/helpers/buffer_overflow'
-
-require 'spec_helper'
-
-describe Exploits::Helpers::BufferOverflow do
-  before(:all) do
-    @exploit = Exploits::Local.new do
-      helper :buffer_overflow
-
-      self.name = 'example_bof'
-
-      targeting do |target|
-        target.arch = Arch.i686
-        target.buffer_length = 256
-        target.ip = 0xffffaaaa
-      end
-
-      targeting do |target|
-        target.arch = Arch.i686
-        target.buffer_length = 256
-        target.bp = 0xffffbbbb
-        target.ip = 0xffffaaaa
-      end
-
-      targeting do |target|
-        target.arch = Arch.i686
-        target.buffer_length = 256
-        target.bp = 0xffffbbbb
-        target.ip = 0xffffaabb
-        target.frame_repeat = 2
-      end
-    end
-  end
-
-  it "should use Targets::BufferOverflow for targets" do
-    @exploit.targets.all? { |target|
-      target.class == Exploits::Targets::BufferOverflow
-    }.should == true
-  end
-
-  it "should build a buffer overflow" do
-    @exploit.target = @exploit.targets[0]
-    @exploit.build!
-
-    @exploit.buffer.length.should == (256 + 4*2)
-    @exploit.buffer[256,4].should == "\xaa\xaa\xff\xff"
-    @exploit.buffer[260,4].should == "\xaa\xaa\xff\xff"
-  end
-
-  it "should build a buffer overflow that includes the BP" do
-    @exploit.target = @exploit.targets[1]
-    @exploit.build!
-
-    @exploit.buffer.length.should == (256 + 4*2)
-    @exploit.buffer[256,4].should == "\xbb\xbb\xff\xff"
-    @exploit.buffer[260,4].should == "\xaa\xaa\xff\xff"
-  end
-
-  it "should build a buffer overflow that has repeating stack frames" do
-    @exploit.target = @exploit.targets[2]
-    @exploit.build!
-
-    @exploit.buffer.length.should == (256 + 4*4)
-    @exploit.buffer[256,4].should == "\xbb\xbb\xff\xff"
-    @exploit.buffer[260,4].should == "\xbb\xaa\xff\xff"
-    @exploit.buffer[264,4].should == "\xbb\xbb\xff\xff"
-    @exploit.buffer[268,4].should == "\xbb\xaa\xff\xff"
-  end
-end