ronin-exploits 0.3.1 → 1.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (338) hide show
  1. checksums.yaml +7 -0
  2. data/.document +4 -0
  3. data/.editorconfig +11 -0
  4. data/.github/workflows/ruby.yml +31 -0
  5. data/.gitignore +13 -0
  6. data/.mailmap +1 -0
  7. data/.rspec +1 -0
  8. data/.ruby-version +1 -0
  9. data/.yardopts +1 -0
  10. data/COPYING.txt +161 -335
  11. data/{History.txt → ChangeLog.md} +119 -16
  12. data/Gemfile +50 -0
  13. data/README.md +454 -0
  14. data/Rakefile +37 -23
  15. data/bin/ronin-exploits +13 -6
  16. data/data/new/exploit.rb.erb +158 -0
  17. data/gemspec.yml +37 -0
  18. data/lib/ronin/exploits/advisory.rb +84 -0
  19. data/lib/ronin/exploits/cli/command.rb +39 -0
  20. data/lib/ronin/exploits/cli/commands/irb.rb +57 -0
  21. data/lib/ronin/exploits/cli/commands/list.rb +80 -0
  22. data/lib/ronin/exploits/cli/commands/new.rb +332 -0
  23. data/lib/ronin/exploits/cli/commands/run.rb +396 -0
  24. data/lib/ronin/exploits/cli/commands/show.rb +264 -0
  25. data/lib/ronin/exploits/cli/exploit_command.rb +114 -0
  26. data/lib/ronin/exploits/cli/exploit_methods.rb +114 -0
  27. data/lib/ronin/exploits/cli/ruby_shell.rb +51 -0
  28. data/lib/ronin/exploits/cli.rb +46 -0
  29. data/lib/ronin/exploits/client_side_web_vuln.rb +69 -0
  30. data/lib/ronin/exploits/exceptions.rb +27 -17
  31. data/lib/ronin/exploits/exploit.rb +501 -582
  32. data/lib/ronin/exploits/heap_overflow.rb +50 -0
  33. data/lib/ronin/exploits/lfi.rb +141 -0
  34. data/lib/ronin/exploits/loot/file.rb +113 -0
  35. data/lib/ronin/exploits/loot.rb +119 -0
  36. data/lib/ronin/exploits/memory_corruption.rb +53 -0
  37. data/lib/ronin/exploits/metadata/arch.rb +83 -0
  38. data/lib/ronin/exploits/metadata/cookie_param.rb +80 -0
  39. data/lib/ronin/exploits/metadata/default_filename.rb +69 -0
  40. data/lib/ronin/exploits/metadata/default_port.rb +69 -0
  41. data/lib/ronin/exploits/metadata/header_name.rb +80 -0
  42. data/lib/ronin/exploits/metadata/os.rb +117 -0
  43. data/lib/ronin/exploits/metadata/shouts.rb +85 -0
  44. data/lib/ronin/exploits/metadata/url_path.rb +82 -0
  45. data/lib/ronin/exploits/metadata/url_query_param.rb +80 -0
  46. data/lib/ronin/exploits/mixins/binary.rb +106 -0
  47. data/lib/ronin/exploits/mixins/build_dir.rb +61 -0
  48. data/lib/ronin/exploits/mixins/file_builder.rb +102 -0
  49. data/lib/ronin/exploits/mixins/format_string.rb +87 -0
  50. data/lib/ronin/exploits/mixins/has_payload.rb +202 -0
  51. data/lib/ronin/exploits/mixins/has_targets.rb +297 -0
  52. data/lib/ronin/exploits/mixins/html.rb +213 -0
  53. data/lib/ronin/exploits/mixins/http.rb +866 -0
  54. data/lib/ronin/exploits/mixins/loot.rb +84 -0
  55. data/lib/ronin/exploits/mixins/nops.rb +121 -0
  56. data/lib/ronin/exploits/mixins/remote_tcp.rb +272 -0
  57. data/lib/ronin/exploits/mixins/remote_udp.rb +264 -0
  58. data/lib/ronin/exploits/mixins/seh.rb +136 -0
  59. data/lib/ronin/exploits/mixins/stack_overflow.rb +124 -0
  60. data/lib/ronin/exploits/mixins/text.rb +65 -0
  61. data/lib/ronin/exploits/mixins.rb +32 -0
  62. data/lib/ronin/exploits/open_redirect.rb +103 -0
  63. data/lib/ronin/exploits/params/base_url.rb +84 -0
  64. data/lib/ronin/exploits/params/bind_host.rb +53 -0
  65. data/lib/ronin/exploits/params/bind_port.rb +53 -0
  66. data/lib/ronin/exploits/params/filename.rb +71 -0
  67. data/lib/ronin/exploits/params/host.rb +56 -0
  68. data/lib/ronin/exploits/params/port.rb +71 -0
  69. data/lib/ronin/exploits/registry.rb +32 -0
  70. data/lib/ronin/exploits/rfi.rb +106 -0
  71. data/lib/ronin/exploits/root.rb +28 -0
  72. data/lib/ronin/exploits/seh_overflow.rb +90 -0
  73. data/lib/ronin/exploits/sqli.rb +172 -0
  74. data/lib/ronin/exploits/ssti.rb +108 -0
  75. data/lib/ronin/exploits/stack_overflow.rb +90 -0
  76. data/lib/ronin/exploits/target.rb +63 -103
  77. data/lib/ronin/exploits/test_result.rb +80 -0
  78. data/lib/ronin/exploits/use_after_free.rb +50 -0
  79. data/lib/ronin/exploits/version.rb +11 -12
  80. data/lib/ronin/exploits/web.rb +18 -89
  81. data/lib/ronin/exploits/web_vuln.rb +378 -0
  82. data/lib/ronin/exploits/xss.rb +102 -0
  83. data/lib/ronin/exploits.rb +19 -26
  84. data/man/ronin-exploits-irb.1 +31 -0
  85. data/man/ronin-exploits-irb.1.md +22 -0
  86. data/man/ronin-exploits-list.1 +37 -0
  87. data/man/ronin-exploits-list.1.md +27 -0
  88. data/man/ronin-exploits-new.1 +98 -0
  89. data/man/ronin-exploits-new.1.md +73 -0
  90. data/man/ronin-exploits-run.1 +117 -0
  91. data/man/ronin-exploits-run.1.md +87 -0
  92. data/man/ronin-exploits-show.1 +45 -0
  93. data/man/ronin-exploits-show.1.md +33 -0
  94. data/man/ronin-exploits.1 +55 -0
  95. data/man/ronin-exploits.1.md +41 -0
  96. data/ronin-exploits.gemspec +62 -0
  97. data/spec/advisory_spec.rb +71 -0
  98. data/spec/cli/exploit_command_spec.rb +68 -0
  99. data/spec/cli/exploit_methods_spec.rb +208 -0
  100. data/spec/cli/ruby_shell_spec.rb +14 -0
  101. data/spec/client_side_web_vuln_spec.rb +117 -0
  102. data/spec/exploit_spec.rb +538 -0
  103. data/spec/exploits_spec.rb +3 -4
  104. data/spec/heap_overflow_spec.rb +14 -0
  105. data/spec/lfi_spec.rb +162 -0
  106. data/spec/loot/file_spec.rb +131 -0
  107. data/spec/loot_spec.rb +138 -0
  108. data/spec/memory_corruption_spec.rb +22 -0
  109. data/spec/metadata/arch_spec.rb +82 -0
  110. data/spec/metadata/cookie_param_spec.rb +67 -0
  111. data/spec/metadata/default_filename_spec.rb +62 -0
  112. data/spec/metadata/default_port_spec.rb +62 -0
  113. data/spec/metadata/header_name_spec.rb +67 -0
  114. data/spec/metadata/os_spec.rb +164 -0
  115. data/spec/metadata/shouts_spec.rb +100 -0
  116. data/spec/metadata/url_path_spec.rb +67 -0
  117. data/spec/metadata/url_query_param_spec.rb +67 -0
  118. data/spec/mixins/binary_spec.rb +129 -0
  119. data/spec/mixins/build_dir.rb +66 -0
  120. data/spec/mixins/file_builder_spec.rb +67 -0
  121. data/spec/mixins/format_string_spec.rb +44 -0
  122. data/spec/mixins/has_payload_spec.rb +333 -0
  123. data/spec/mixins/has_targets_spec.rb +434 -0
  124. data/spec/mixins/html_spec.rb +772 -0
  125. data/spec/mixins/http_spec.rb +1227 -0
  126. data/spec/mixins/loot_spec.rb +20 -0
  127. data/spec/mixins/nops_spec.rb +165 -0
  128. data/spec/mixins/remote_tcp_spec.rb +217 -0
  129. data/spec/mixins/remote_udp_spec.rb +217 -0
  130. data/spec/mixins/seh_spec.rb +89 -0
  131. data/spec/mixins/stack_overflow_spec.rb +87 -0
  132. data/spec/mixins/text_spec.rb +43 -0
  133. data/spec/open_redirect_spec.rb +71 -0
  134. data/spec/params/base_url_spec.rb +71 -0
  135. data/spec/params/bind_host_spec.rb +34 -0
  136. data/spec/params/bind_port_spec.rb +35 -0
  137. data/spec/params/filename_spec.rb +77 -0
  138. data/spec/params/host_spec.rb +34 -0
  139. data/spec/params/port_spec.rb +77 -0
  140. data/spec/rfi_spec.rb +107 -0
  141. data/spec/seh_overflow_spec.rb +18 -0
  142. data/spec/spec_helper.rb +6 -10
  143. data/spec/sqli_spec.rb +306 -0
  144. data/spec/ssti_spec.rb +121 -0
  145. data/spec/stack_overflow_spec.rb +18 -0
  146. data/spec/target_spec.rb +92 -0
  147. data/spec/test_result_spec.rb +32 -0
  148. data/spec/use_after_free_spec.rb +14 -0
  149. data/spec/web_spec.rb +12 -0
  150. data/spec/web_vuln_spec.rb +854 -0
  151. data/spec/xss_spec.rb +69 -0
  152. metadata +356 -324
  153. data/Manifest.txt +0 -196
  154. data/README.txt +0 -274
  155. data/bin/ronin-exploit +0 -12
  156. data/bin/ronin-gen-binary-payload +0 -12
  157. data/bin/ronin-gen-exploit +0 -12
  158. data/bin/ronin-gen-ftp-exploit +0 -12
  159. data/bin/ronin-gen-http-exploit +0 -12
  160. data/bin/ronin-gen-local-exploit +0 -12
  161. data/bin/ronin-gen-nops +0 -12
  162. data/bin/ronin-gen-payload +0 -12
  163. data/bin/ronin-gen-remote-exploit +0 -12
  164. data/bin/ronin-gen-remote-tcp-exploit +0 -12
  165. data/bin/ronin-gen-remote-udp-exploit +0 -12
  166. data/bin/ronin-gen-shellcode +0 -12
  167. data/bin/ronin-gen-web-exploit +0 -12
  168. data/bin/ronin-payload +0 -12
  169. data/bin/ronin-payloads +0 -12
  170. data/lib/ronin/controls/behaviors.rb +0 -133
  171. data/lib/ronin/controls/exceptions/not_implemented.rb +0 -27
  172. data/lib/ronin/controls/exceptions/program_not_found.rb +0 -27
  173. data/lib/ronin/controls/exceptions.rb +0 -23
  174. data/lib/ronin/controls/file_system.rb +0 -145
  175. data/lib/ronin/controls/helpers/command_exec.rb +0 -143
  176. data/lib/ronin/controls/helpers/dir_create.rb +0 -42
  177. data/lib/ronin/controls/helpers/dir_listing.rb +0 -62
  178. data/lib/ronin/controls/helpers/dir_remove.rb +0 -42
  179. data/lib/ronin/controls/helpers/file_ctime.rb +0 -52
  180. data/lib/ronin/controls/helpers/file_mtime.rb +0 -53
  181. data/lib/ronin/controls/helpers/file_ownership.rb +0 -53
  182. data/lib/ronin/controls/helpers/file_read.rb +0 -62
  183. data/lib/ronin/controls/helpers/file_remove.rb +0 -51
  184. data/lib/ronin/controls/helpers/file_write.rb +0 -62
  185. data/lib/ronin/controls/helpers/memory_read.rb +0 -39
  186. data/lib/ronin/controls/helpers/memory_write.rb +0 -39
  187. data/lib/ronin/controls/helpers.rb +0 -33
  188. data/lib/ronin/controls.rb +0 -23
  189. data/lib/ronin/exploits/control.rb +0 -47
  190. data/lib/ronin/exploits/exceptions/exception.rb +0 -27
  191. data/lib/ronin/exploits/exceptions/exploit_not_built.rb +0 -29
  192. data/lib/ronin/exploits/exceptions/payload_size.rb +0 -29
  193. data/lib/ronin/exploits/exceptions/restricted_char.rb +0 -29
  194. data/lib/ronin/exploits/exceptions/target_data_missing.rb +0 -29
  195. data/lib/ronin/exploits/exceptions/target_unspecified.rb +0 -29
  196. data/lib/ronin/exploits/exceptions/unknown_helper.rb +0 -29
  197. data/lib/ronin/exploits/exploit_author.rb +0 -33
  198. data/lib/ronin/exploits/ftp.rb +0 -42
  199. data/lib/ronin/exploits/helpers/binary.rb +0 -50
  200. data/lib/ronin/exploits/helpers/buffer_overflow.rb +0 -115
  201. data/lib/ronin/exploits/helpers/file_based.rb +0 -112
  202. data/lib/ronin/exploits/helpers/format_string.rb +0 -117
  203. data/lib/ronin/exploits/helpers/padding.rb +0 -101
  204. data/lib/ronin/exploits/helpers.rb +0 -26
  205. data/lib/ronin/exploits/http.rb +0 -49
  206. data/lib/ronin/exploits/local.rb +0 -40
  207. data/lib/ronin/exploits/remote.rb +0 -40
  208. data/lib/ronin/exploits/remote_tcp.rb +0 -87
  209. data/lib/ronin/exploits/remote_udp.rb +0 -87
  210. data/lib/ronin/exploits/targets/buffer_overflow.rb +0 -46
  211. data/lib/ronin/exploits/targets/format_string.rb +0 -43
  212. data/lib/ronin/exploits/targets.rb +0 -27
  213. data/lib/ronin/exploits/verifiers.rb +0 -121
  214. data/lib/ronin/generators/exploits/exploit.rb +0 -70
  215. data/lib/ronin/generators/exploits/ftp.rb +0 -42
  216. data/lib/ronin/generators/exploits/http.rb +0 -42
  217. data/lib/ronin/generators/exploits/local.rb +0 -42
  218. data/lib/ronin/generators/exploits/remote.rb +0 -42
  219. data/lib/ronin/generators/exploits/remote_tcp.rb +0 -44
  220. data/lib/ronin/generators/exploits/remote_udp.rb +0 -44
  221. data/lib/ronin/generators/exploits/static.rb +0 -30
  222. data/lib/ronin/generators/exploits/web.rb +0 -45
  223. data/lib/ronin/generators/exploits.rb +0 -23
  224. data/lib/ronin/generators/payloads/binary_payload.rb +0 -42
  225. data/lib/ronin/generators/payloads/nops.rb +0 -42
  226. data/lib/ronin/generators/payloads/payload.rb +0 -66
  227. data/lib/ronin/generators/payloads/shellcode.rb +0 -42
  228. data/lib/ronin/generators/payloads/static.rb +0 -30
  229. data/lib/ronin/generators/payloads.rb +0 -23
  230. data/lib/ronin/model/has_default_port.rb +0 -54
  231. data/lib/ronin/model/targets_arch.rb +0 -68
  232. data/lib/ronin/model/targets_os.rb +0 -69
  233. data/lib/ronin/model/targets_product.rb +0 -68
  234. data/lib/ronin/payloads/asm_payload.rb +0 -40
  235. data/lib/ronin/payloads/binary_payload.rb +0 -42
  236. data/lib/ronin/payloads/control.rb +0 -47
  237. data/lib/ronin/payloads/encoders/encoder.rb +0 -92
  238. data/lib/ronin/payloads/encoders/xor.rb +0 -79
  239. data/lib/ronin/payloads/encoders.rb +0 -32
  240. data/lib/ronin/payloads/exceptions/exception.rb +0 -27
  241. data/lib/ronin/payloads/exceptions/not_implemented.rb +0 -29
  242. data/lib/ronin/payloads/exceptions/unknown_helper.rb +0 -29
  243. data/lib/ronin/payloads/exceptions.rb +0 -23
  244. data/lib/ronin/payloads/has_payload.rb +0 -111
  245. data/lib/ronin/payloads/helpers/chained.rb +0 -61
  246. data/lib/ronin/payloads/helpers/rpc.rb +0 -93
  247. data/lib/ronin/payloads/helpers.rb +0 -23
  248. data/lib/ronin/payloads/nops.rb +0 -39
  249. data/lib/ronin/payloads/payload.rb +0 -350
  250. data/lib/ronin/payloads/payload_author.rb +0 -33
  251. data/lib/ronin/payloads/shellcode.rb +0 -40
  252. data/lib/ronin/payloads/web_payload.rb +0 -41
  253. data/lib/ronin/payloads.rb +0 -36
  254. data/lib/ronin/ui/command_line/commands/exploit.rb +0 -193
  255. data/lib/ronin/ui/command_line/commands/exploits.rb +0 -154
  256. data/lib/ronin/ui/command_line/commands/gen_binary_payload.rb +0 -34
  257. data/lib/ronin/ui/command_line/commands/gen_exploit.rb +0 -34
  258. data/lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb +0 -34
  259. data/lib/ronin/ui/command_line/commands/gen_http_exploit.rb +0 -34
  260. data/lib/ronin/ui/command_line/commands/gen_local_exploit.rb +0 -34
  261. data/lib/ronin/ui/command_line/commands/gen_nops.rb +0 -34
  262. data/lib/ronin/ui/command_line/commands/gen_payload.rb +0 -34
  263. data/lib/ronin/ui/command_line/commands/gen_remote_exploit.rb +0 -34
  264. data/lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb +0 -34
  265. data/lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb +0 -34
  266. data/lib/ronin/ui/command_line/commands/gen_shellcode.rb +0 -34
  267. data/lib/ronin/ui/command_line/commands/gen_web_exploit.rb +0 -34
  268. data/lib/ronin/ui/command_line/commands/payload.rb +0 -129
  269. data/lib/ronin/ui/command_line/commands/payloads.rb +0 -128
  270. data/lib/ronin/vuln/behavior.rb +0 -165
  271. data/spec/controls/behaviors_examples.rb +0 -38
  272. data/spec/exploits/binary_exploit_spec.rb +0 -44
  273. data/spec/exploits/buffer_overflow_exploit_spec.rb +0 -70
  274. data/spec/exploits/exploit_spec.rb +0 -313
  275. data/spec/exploits/file_based_exploit_spec.rb +0 -48
  276. data/spec/exploits/format_string_exploit_spec.rb +0 -32
  277. data/spec/exploits/ftp_spec.rb +0 -13
  278. data/spec/exploits/http_spec.rb +0 -17
  279. data/spec/exploits/padding_exploit_spec.rb +0 -44
  280. data/spec/exploits/remote_tcp_spec.rb +0 -28
  281. data/spec/exploits/remote_udp_spec.rb +0 -28
  282. data/spec/exploits/target_spec.rb +0 -98
  283. data/spec/exploits/targets/buffer_overflow_spec.rb +0 -22
  284. data/spec/exploits/web_spec.rb +0 -35
  285. data/spec/generators/exploits/exploit_examples.rb +0 -24
  286. data/spec/generators/exploits/exploit_spec.rb +0 -42
  287. data/spec/generators/exploits/ftp_spec.rb +0 -42
  288. data/spec/generators/exploits/http_spec.rb +0 -42
  289. data/spec/generators/exploits/local_spec.rb +0 -42
  290. data/spec/generators/exploits/remote_spec.rb +0 -42
  291. data/spec/generators/exploits/remote_tcp_spec.rb +0 -47
  292. data/spec/generators/exploits/remote_udp_spec.rb +0 -47
  293. data/spec/generators/exploits/web_spec.rb +0 -52
  294. data/spec/generators/payloads/binary_payload_spec.rb +0 -31
  295. data/spec/generators/payloads/nops_spec.rb +0 -31
  296. data/spec/generators/payloads/payload_examples.rb +0 -16
  297. data/spec/generators/payloads/payload_spec.rb +0 -31
  298. data/spec/generators/payloads/shellcode_spec.rb +0 -31
  299. data/spec/helpers/database.rb +0 -5
  300. data/spec/helpers/objects.rb +0 -22
  301. data/spec/model/has_default_port_spec.rb +0 -27
  302. data/spec/model/models/default_port_model.rb +0 -13
  303. data/spec/model/models/non_default_port_model.rb +0 -11
  304. data/spec/model/models/targets_arch_model.rb +0 -11
  305. data/spec/model/models/targets_os_model.rb +0 -11
  306. data/spec/model/models/targets_product_model.rb +0 -11
  307. data/spec/model/targets_arch_spec.rb +0 -32
  308. data/spec/model/targets_os_spec.rb +0 -33
  309. data/spec/model/targets_product_spec.rb +0 -35
  310. data/spec/objects/exploits/example.rb +0 -25
  311. data/spec/objects/exploits/simple.rb +0 -24
  312. data/spec/objects/payloads/simple.rb +0 -19
  313. data/spec/payloads/encoders/encoder_spec.rb +0 -30
  314. data/spec/payloads/encoders/xor_spec.rb +0 -20
  315. data/spec/payloads/payload_spec.rb +0 -156
  316. data/spec/vuln/behavior_spec.rb +0 -15
  317. data/static/ronin/generators/exploits/_cache.erb +0 -14
  318. data/static/ronin/generators/exploits/_header.erb +0 -1
  319. data/static/ronin/generators/exploits/_helpers.erb +0 -4
  320. data/static/ronin/generators/exploits/exploit.erb +0 -24
  321. data/static/ronin/generators/exploits/ftp.erb +0 -24
  322. data/static/ronin/generators/exploits/http.erb +0 -26
  323. data/static/ronin/generators/exploits/local.erb +0 -24
  324. data/static/ronin/generators/exploits/remote.erb +0 -24
  325. data/static/ronin/generators/exploits/remote_tcp.erb +0 -26
  326. data/static/ronin/generators/exploits/remote_udp.erb +0 -26
  327. data/static/ronin/generators/exploits/web.erb +0 -28
  328. data/static/ronin/generators/payloads/_cache.erb +0 -10
  329. data/static/ronin/generators/payloads/_header.erb +0 -1
  330. data/static/ronin/generators/payloads/_helpers.erb +0 -2
  331. data/static/ronin/generators/payloads/binary_payload.erb +0 -25
  332. data/static/ronin/generators/payloads/nops.erb +0 -19
  333. data/static/ronin/generators/payloads/payload.erb +0 -25
  334. data/static/ronin/generators/payloads/shellcode.erb +0 -25
  335. data/tasks/spec.rb +0 -10
  336. data/tasks/yard.rb +0 -13
  337. data.tar.gz.sig +0 -0
  338. metadata.gz.sig +0 -0
@@ -1,313 +0,0 @@
1
- require 'ronin/exploits/exploit'
2
-
3
- require 'spec_helper'
4
- require 'helpers/objects'
5
- require 'controls/behaviors_examples'
6
-
7
- describe Exploits::Exploit do
8
- before(:each) do
9
- @exploit = load_exploit('simple')
10
- @payload = load_payload('simple')
11
- @controler = @exploit
12
- end
13
-
14
- it_should_behave_like "controls behaviors"
15
-
16
- it "should require a name attribute" do
17
- exp2 = Exploits::Exploit.new
18
- exp2.should_not be_valid
19
-
20
- exp2.name = 'test'
21
- exp2.should be_valid
22
- end
23
-
24
- it "should have a unique name and version" do
25
- first_exp = Exploits::Exploit.create(
26
- :name => 'test2',
27
- :version => '0.0.1'
28
- )
29
- first_exp.should be_valid
30
-
31
- second_exp = Exploits::Exploit.new(
32
- :name => 'test2',
33
- :version => '0.0.1'
34
- )
35
- second_exp.should_not be_valid
36
-
37
- third_exp = Exploits::Exploit.new(
38
- :name => 'test2',
39
- :version => '0.0.2'
40
- )
41
- third_exp.should be_valid
42
- end
43
-
44
- it "should allow for the extending of Helper modules" do
45
- @exploit.instance_eval { helper :padding }.should == true
46
- end
47
-
48
- it "should raise an UnknownHelper when extending an unknown helper" do
49
- lambda {
50
- @exploit.instance_eval { helper :obvious_not_there }
51
- }.should raise_error(Exploits::UnknownHelper)
52
- end
53
-
54
- it "should have targeted Archs" do
55
- @exploit.targeted_archs.should == [Arch.i686, Arch.i386]
56
- end
57
-
58
- it "should have targeted OSes" do
59
- @exploit.targeted_oses.should == [
60
- OS.linux('2.6.23'),
61
- OS.windows('7.1')
62
- ]
63
- end
64
-
65
- it "should have targeted products" do
66
- @exploit.targeted_products.all? { |product|
67
- product.name == 'ExampleWare' && product.version == '1.5'
68
- }.should == true
69
- end
70
-
71
- it "should allow the selection of a target by index" do
72
- @exploit.use_target!(1)
73
-
74
- @exploit.target.arch.should == Arch.i386
75
- end
76
-
77
- it "should allow the selection of a target that matches a block" do
78
- @exploit.use_target! { |target| target.arch == Arch.i386 }
79
-
80
- @exploit.target.arch.should == Arch.i386
81
- end
82
-
83
- it "should select the first target if nothing is passed to use_target!" do
84
- @exploit.use_target!()
85
-
86
- @exploit.target.arch.should == Arch.i686
87
- end
88
-
89
- it "should have a default target" do
90
- @exploit.target.should_not be_nil
91
-
92
- @exploit.target.arch.should == Arch.i686
93
-
94
- @exploit.target.os.name.should == 'Linux'
95
- @exploit.target.os.version.should == '2.6.23'
96
- end
97
-
98
- it "should have a default targeted Arch" do
99
- @exploit.arch.should == Arch.i686
100
- end
101
-
102
- it "should have a default targeted OS" do
103
- @exploit.os.should == OS.linux('2.6.23')
104
- end
105
-
106
- it "should have a default targeted Product" do
107
- @exploit.product.name.should == 'ExampleWare'
108
- @exploit.product.version.should == '1.5'
109
- end
110
-
111
- it "should set the payloads exploit when setting the payload" do
112
- @payload.exploit.should be_nil
113
-
114
- @exploit.payload = @payload
115
- @payload.exploit.should == @exploit
116
- end
117
-
118
- it "should be able to set the payload to nil" do
119
- @exploit.payload = @payload
120
- @exploit.payload = nil
121
-
122
- @exploit.payload.should be_nil
123
- end
124
-
125
- it "should set the payload and the exploit of the payload to nil" do
126
- @exploit.payload = @payload
127
- @exploit.payload = nil
128
-
129
- @payload.exploit.should be_nil
130
- end
131
-
132
- it "should specify the additional behaviors controlled by the payload" do
133
- @payload.control :code_exec
134
- @payload.control :command_exec
135
- @exploit.control :code_exec
136
-
137
- @exploit.payload = @payload
138
-
139
- @exploit.behaviors.should == [:code_exec, :command_exec]
140
- end
141
-
142
- it "should build a raw payload" do
143
- @exploit.payload = @payload
144
- @exploit.build_payload!
145
-
146
- @exploit.raw_payload.should == 'code.func'
147
- end
148
-
149
- it "should pass options to the payload when building the raw payload" do
150
- @exploit.payload = @payload
151
- @exploit.build_payload!(:custom => 'test')
152
-
153
- @exploit.raw_payload.should == 'code.test'
154
- end
155
-
156
- it "should default raw_payload to an empty String, if payload is nil" do
157
- @exploit.payload = nil
158
- @exploit.build_payload!
159
-
160
- @exploit.raw_payload.should == ''
161
- end
162
-
163
- it "should not reset raw_payload, if payload is nil" do
164
- @exploit.payload = nil
165
- @exploit.raw_payload = 'data'
166
-
167
- @exploit.build_payload!
168
- @exploit.raw_payload.should == 'data'
169
- end
170
-
171
- it "should have no payload encoders by default" do
172
- @exploit.encoders.should be_empty
173
- end
174
-
175
- it "should accept blocks as payload encoders" do
176
- @exploit.raw_payload = 'data'
177
-
178
- @exploit.encode_payload do |payload|
179
- payload.capitalize
180
- end
181
-
182
- @exploit.encode_payload!
183
- @exploit.encoded_payload.should == 'Data'
184
- end
185
-
186
- it "should accept an object with an #encode method" do
187
- @exploit.raw_payload = 'data'
188
- @exploit.encode_payload(Payloads::Encoders::Encoder.new)
189
-
190
- @exploit.encode_payload!
191
- @exploit.encoded_payload.should == 'data'
192
- end
193
-
194
- it "should not accept objects without an #encode method" do
195
- lambda {
196
- @exploit.encode_payload(Object.new)
197
- }.should raise_error(RuntimeError)
198
- end
199
-
200
- it "should accept either a payload encoder object or a block" do
201
- lambda {
202
- @exploit.encode_payload()
203
- }.should raise_error(ArgumentError)
204
- end
205
-
206
- it "should encode a String payload" do
207
- @exploit.raw_payload = 'data'
208
-
209
- @exploit.encode_payload!
210
- @exploit.encoded_payload.should == 'data'
211
- end
212
-
213
- it "should encode a String using encoders" do
214
- @exploit.raw_payload = 'data'
215
- @exploit.encoders << lambda { |payload| payload.upcase }
216
-
217
- @exploit.encode_payload!
218
- @exploit.encoded_payload.should == 'DATA'
219
- end
220
-
221
- it "should ignore payload encoders which return nil" do
222
- @exploit.raw_payload = 'data'
223
- @exploit.encoders << lambda { |payload| nil }
224
-
225
- @exploit.encode_payload!
226
- @exploit.encoded_payload.should == 'data'
227
- end
228
-
229
- it "should have 'unbuilt' and 'built' states" do
230
- @exploit.should_not be_built
231
- @exploit.build!
232
- @exploit.should be_built
233
- end
234
-
235
- it "should pass the built exploit to a given block" do
236
- @exploit.build! do |exploit|
237
- exploit.should be_built
238
- end
239
- end
240
-
241
- it "should respect the arity of blocks passed to build!" do
242
- @exploit.build! do
243
- @exploit.should be_built
244
- end
245
- end
246
-
247
- it "should return the built exploit" do
248
- @exploit.build!.should be_built
249
- end
250
-
251
- it "should require the exploit is built before being deployed" do
252
- lambda { @exploit.deploy! }.should raise_error(Exploits::ExploitNotBuilt)
253
- end
254
-
255
- it "should have a default deployer method" do
256
- @exploit.build!
257
-
258
- @exploit.deploy! do |exploit|
259
- @exploit.should == exploit
260
- end
261
- end
262
-
263
- it "should respect the arity of blocks passed to deploy!" do
264
- @exploit.build!
265
-
266
- @exploit.deploy! do
267
- @exploit.should be_deployed
268
- end
269
- end
270
-
271
- it "should deploy the payload after deploying the exploit" do
272
- @exploit.payload = @payload
273
- @payload.should_not be_deployed
274
-
275
- @exploit.build!
276
- @exploit.deploy! do |exploit|
277
- exploit.payload.should be_deployed
278
- end
279
- end
280
-
281
- it "should build and deploy the exploit when exploited" do
282
- @exploit.exploit!
283
-
284
- @exploit.should be_built
285
- @exploit.should be_deployed
286
- end
287
-
288
- it "should not deploy during a dry-run of the exploit" do
289
- @exploit.exploit!(:dry_run => true)
290
-
291
- @exploit.should be_built
292
- @exploit.should_not be_deployed
293
- end
294
-
295
- it "should return the name and the version when calling to_s" do
296
- @exploit.to_s.should == 'simple 0.2'
297
- end
298
-
299
- it "should have a custom inspect method" do
300
- @exploit.inspect.should == '#<Ronin::Exploits::Exploit: simple 0.2>'
301
- end
302
-
303
- it "should pass missing methods to the payload" do
304
- @exploit.payload = @payload
305
- @exploit.some_control.should == 'control data'
306
- end
307
-
308
- it "should not pass missing methods, if payload is nil" do
309
- lambda {
310
- @exploit.some_control
311
- }.should raise_error(NoMethodError)
312
- end
313
- end
@@ -1,48 +0,0 @@
1
- require 'ronin/exploits/local'
2
- require 'ronin/exploits/helpers/file_based'
3
-
4
- require 'spec_helper'
5
-
6
- describe Exploits::Helpers::FileBased do
7
- before(:each) do
8
- @exploit = Exploits::Local.new do
9
- helper :file_based
10
-
11
- self.name = 'file exploit'
12
- self.output_file_name = 'file_exploit.dat'
13
-
14
- def build
15
- build_file do |file|
16
- file << 'some data'
17
- end
18
- end
19
- end
20
- end
21
-
22
- it "should have an absolute path for the file to be built" do
23
- @exploit.output_file_path.should_not be_empty
24
- end
25
-
26
- it "should sanitize the output_file_name used in the absolute path" do
27
- @exploit.output_file_name = '../evil.txt'
28
-
29
- @exploit.output_file_path.should == File.join(
30
- @exploit.output_dir,
31
- 'evil.txt'
32
- )
33
- end
34
-
35
- it "should have a default output directory" do
36
- @exploit.output_dir.should == Ronin::Config::TMP_DIR
37
- end
38
-
39
- it "should have a default output_file_name, based on the exploit name" do
40
- @exploit.output_file_name.should == 'file_exploit.dat'
41
- end
42
-
43
- it "should build a file" do
44
- @exploit.build!
45
-
46
- File.read(@exploit.output_file_path).should == 'some data'
47
- end
48
- end
@@ -1,32 +0,0 @@
1
- require 'ronin/exploits/local'
2
- require 'ronin/exploits/helpers/format_string'
3
-
4
- require 'spec_helper'
5
-
6
- describe Exploits::Helpers::FormatString do
7
- before(:all) do
8
- @exploit = Exploits::Local.new do
9
- helper :format_string
10
-
11
- self.name = 'example_fmtstring'
12
-
13
- targeting do |target|
14
- target.arch = Arch.i686
15
- target.pop_length = 256
16
- target.overwrite = 0xffffaaaa
17
- target.address = 0xffffbbbb
18
- end
19
- end
20
- end
21
-
22
- it "should use Targets::FormatString for targets" do
23
- @exploit.targets.all? { |target|
24
- target.class == Exploits::Targets::FormatString
25
- }.should == true
26
- end
27
-
28
- it "should build a format string" do
29
- @exploit.target = @exploit.targets[0]
30
- @exploit.build!
31
- end
32
- end
@@ -1,13 +0,0 @@
1
- require 'ronin/exploits/ftp'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::FTP do
6
- before(:all) do
7
- @exploit = Exploits::FTP.create(:name => 'example_ftp')
8
- end
9
-
10
- it "should have a default port of 21" do
11
- @exploit.default_port.should == 21
12
- end
13
- end
@@ -1,17 +0,0 @@
1
- require 'ronin/exploits/http'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::HTTP do
6
- before(:all) do
7
- @exploit = Exploits::HTTP.create(:name => 'example_httpd')
8
- end
9
-
10
- it "should initialize all parameters by default" do
11
- @exploit.params.should_not be_empty
12
- end
13
-
14
- it "should have a default port of 80" do
15
- @exploit.default_port.should == 80
16
- end
17
- end
@@ -1,44 +0,0 @@
1
- require 'ronin/exploits/local'
2
- require 'ronin/exploits/helpers/padding'
3
-
4
- require 'spec_helper'
5
-
6
- describe Exploits::Helpers::Padding do
7
- before(:all) do
8
- @exploit = Exploits::Local.new do
9
- helper :padding
10
-
11
- def pad_buffer
12
- pad(1024)
13
- end
14
-
15
- def pad_data_left
16
- pad_left('hello',1024)
17
- end
18
-
19
- def pad_data_right
20
- pad_right('hello',1024)
21
- end
22
- end
23
- end
24
-
25
- it "should pad a buffer" do
26
- buffer = @exploit.pad_buffer
27
-
28
- buffer.length.should == 1024
29
- end
30
-
31
- it "should pad a buffer with data to the left" do
32
- buffer = @exploit.pad_data_left
33
-
34
- buffer.length.should == 1024
35
- (buffer =~ /hello$/).should_not be_nil
36
- end
37
-
38
- it "should pad a buffer with data to the right" do
39
- buffer = @exploit.pad_data_right
40
-
41
- buffer.length.should == 1024
42
- (buffer =~ /^hello/).should_not be_nil
43
- end
44
- end
@@ -1,28 +0,0 @@
1
- require 'ronin/exploits/remote_tcp'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::RemoteTCP do
6
- before(:all) do
7
- @exploit = Exploits::RemoteTCP.new(
8
- :default_port => 22,
9
- :host => '127.0.0.1'
10
- )
11
- end
12
-
13
- it "should include the TCP Session module" do
14
- Exploits::RemoteTCP.include?(Network::Helpers::TCP).should == true
15
- end
16
-
17
- it "should initialize all parameters by default" do
18
- @exploit.params.should_not be_empty
19
- end
20
-
21
- it "should default the port to the default_port before deploying" do
22
- @exploit.build!
23
-
24
- @exploit.deploy! do |exp|
25
- exp.port.should == 22
26
- end
27
- end
28
- end
@@ -1,28 +0,0 @@
1
- require 'ronin/exploits/remote_udp'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::RemoteUDP do
6
- before(:all) do
7
- @exploit = Exploits::RemoteUDP.new(
8
- :default_port => 22,
9
- :host => '127.0.0.1'
10
- )
11
- end
12
-
13
- it "should include the UDP Session module" do
14
- Exploits::RemoteUDP.include?(Network::Helpers::UDP).should == true
15
- end
16
-
17
- it "should initialize all parameters by default" do
18
- @exploit.params.should_not be_empty
19
- end
20
-
21
- it "should default the port to the default_port before deploying" do
22
- @exploit.build!
23
-
24
- @exploit.deploy! do |exp|
25
- exp.port.should == 22
26
- end
27
- end
28
- end
@@ -1,98 +0,0 @@
1
- require 'ronin/exploits/target'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::Target do
6
- before(:all) do
7
- @exploit = Exploits::Exploit.create(:name => 'exploit with targets')
8
- end
9
-
10
- before(:each) do
11
- @target = Exploits::Target.new(
12
- :data => {:var => 1, :test => 'hello'},
13
- :exploit => @exploit
14
- )
15
- end
16
-
17
- it "should not have an Arch by default" do
18
- @target.arch.should be_nil
19
- end
20
-
21
- it "should set the Arch when called with a name" do
22
- @target.arch :i686
23
- @target.arch.name.should == 'i686'
24
- @target.arch.endian == 'little'
25
- @target.arch.address_length == 4
26
- end
27
-
28
- it "should not have an OS by default" do
29
- @target.os.should be_nil
30
- end
31
-
32
- it "should set the OS when called with arguments" do
33
- @target.os(:name => 'FreeBSD', :version => '7.1')
34
- @target.os.name.should == 'FreeBSD'
35
- @target.os.version.should == '7.1'
36
- end
37
-
38
- it "should not have a product by default" do
39
- @target.product.should be_nil
40
- end
41
-
42
- it "should set the product when called with arguments" do
43
- @target.product(:name => 'Apache', :version => '1.3.3.7')
44
- @target.product.name.should == 'Apache'
45
- @target.product.version.should == '1.3.3.7'
46
- end
47
-
48
- it "should contain target data" do
49
- @target.data[:var].should == 1
50
- @target.data[:test].should == 'hello'
51
- end
52
-
53
- it "should provide Hash like access to target data" do
54
- @target[:var].should == 1
55
- @target[:test].should == 'hello'
56
- end
57
-
58
- it "should be able to set data like a Hash" do
59
- @target[:var] = 2
60
-
61
- @target[:var].should == 2
62
- end
63
-
64
- it "should provide OStruct like access to target data" do
65
- @target.var.should == 1
66
- @target.test.should == 'hello'
67
- end
68
-
69
- it "should be able to set data like an OStruct" do
70
- @target.var = 2
71
-
72
- @target.var.should == 2
73
- end
74
-
75
- it "should be able to serialize and deserialize it's target data" do
76
- @target.save
77
-
78
- target = Exploits::Target.get(@target.id)
79
- target.should_not be_nil
80
-
81
- target.data[:var].should == 1
82
- target.data[:test].should == 'hello'
83
- end
84
-
85
- it "should not raise TargetDataMissing when setting new data" do
86
- lambda {
87
- @target.bla = 'yes'
88
- }.should_not raise_error(Exploits::TargetDataMissing)
89
-
90
- @target.bla.should == 'yes'
91
- end
92
-
93
- it "should raise TargetDataMissing when accessing non-existant data" do
94
- lambda {
95
- @target.bla
96
- }.should raise_error(Exploits::TargetDataMissing)
97
- end
98
- end
@@ -1,22 +0,0 @@
1
- require 'ronin/exploits/targets/buffer_overflow'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::Targets::BufferOverflow do
6
- before(:all) do
7
- @exploit = Exploits::Exploit.create(:name => 'buffer overflow exploit')
8
- end
9
-
10
- it "should require an ip to overwrite with" do
11
- target = Exploits::Targets::BufferOverflow.new(:exploit => @exploit)
12
- target.should_not be_valid
13
-
14
- target.ip = 0xffffeeee
15
- target.should be_valid
16
- end
17
-
18
- it "should have a default frame_repeat of 1" do
19
- target = Exploits::Targets::BufferOverflow.new(:exploit => @exploit)
20
- target.frame_repeat.should == 1
21
- end
22
- end
@@ -1,35 +0,0 @@
1
- require 'ronin/exploits/web'
2
-
3
- require 'spec_helper'
4
-
5
- describe Exploits::Web do
6
- describe "targeted_url" do
7
- it "should initialize all parameters by default" do
8
- exploit = Exploits::Web.new
9
-
10
- exploit.params.should_not be_empty
11
- end
12
-
13
- it "should create a targeted URL using the host param" do
14
- host = 'www.example.com'
15
- exploit = Exploits::Web.new(:host => host)
16
-
17
- exploit.targeted_url.host.should == host
18
- end
19
-
20
- it "should create a targeted URL using the host param and the url_path property" do
21
- host = 'www.example.com'
22
- path = '/'
23
- exploit = Exploits::Web.new(:host => host, :url_path => path)
24
-
25
- exploit.targeted_url.host.should == host
26
- exploit.targeted_url.path.should == path
27
- end
28
-
29
- it "should raise a MissingParam exception if host params is missing" do
30
- exploit = Exploits::Web.new(:url_path => '/')
31
-
32
- lambda { exploit.targeted_url }.should raise_error(Parameters::MissingParam)
33
- end
34
- end
35
- end