ronin-exploits 0.3.1 → 1.0.0.beta2

data/spec/mixins/loot_spec.rb

@@ -0,0 +1,20 @@
+require 'ronin/exploits/mixins/loot'
+
+require 'ronin/exploits/exploit'
+
+describe Ronin::Exploits::Mixins::Loot do
+  module TestLootMixin
+    class TestExploit < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Mixins::Loot
+    end
+  end
+
+  let(:exploit_class) { TestLootMixin::TestExploit }
+  subject { exploit_class.new }
+
+  describe "#initialize" do
+    it "must initialize #loot to a Ronin::Exploits::Loot object" do
+      expect(subject.loot).to be_kind_of(Ronin::Exploits::Loot)
+    end
+  end
+end

data/spec/mixins/nops_spec.rb

@@ -0,0 +1,165 @@
+require 'spec_helper'
+require 'ronin/exploits/mixins/nops'
+
+require 'ronin/exploits/exploit'
+require 'ronin/exploits/metadata/arch'
+
+describe Ronin::Exploits::Mixins::NOPS do
+  describe "NOPS" do
+    subject { described_class::NOPS }
+
+    describe ":x86" do
+      subject { super()[:x86] }
+
+      it "must return \"\\x90\"" do
+        expect(subject).to eq("\x90".b)
+      end
+    end
+
+    describe ":x86_64" do
+      subject { super()[:x86_64] }
+
+      it "must return \"\\x90\"" do
+        expect(subject).to eq("\x90".b)
+      end
+    end
+
+    describe ":arm" do
+      subject { super()[:arm] }
+
+      it "must return \"\\x05P\\xa0\\xe1\"" do
+        expect(subject).to eq("\x05P\xa0\xe1".b)
+      end
+    end
+
+    describe ":arm64" do
+      subject { super()[:arm64] }
+
+      it "must return \"\\xe5\\x03\\x05\\xaa\"" do
+        expect(subject).to eq("\xe5\x03\x05\xaa".b)
+      end
+    end
+  end
+
+  module TestNOPSMixin
+    class ExploitWithArchSet < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Metadata::Arch
+      include Ronin::Exploits::Mixins::NOPS
+
+      arch :x86
+    end
+
+    class ExploitWithMultiByteNopArchSet < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Metadata::Arch
+      include Ronin::Exploits::Mixins::NOPS
+
+      arch :arm
+    end
+
+    class ExploitWithoutArch < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Mixins::NOPS
+    end
+
+    class ExploitWithoutArchSet < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Metadata::Arch
+      include Ronin::Exploits::Mixins::NOPS
+    end
+
+    class ExploitWithUnsupportedArch < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Metadata::Arch
+      include Ronin::Exploits::Mixins::NOPS
+
+      arch :mips
+    end
+  end
+
+  subject { exploit_class.new }
+
+  describe "#perform_validate" do
+    context "when the exploit class does not define an #arch method" do
+      let(:exploit_class) { TestNOPSMixin::ExploitWithoutArch }
+
+      it do
+        expect {
+          subject.perform_validate
+        }.to raise_error(Ronin::Exploits::ValidationError,"exploit #{exploit_class} did not include Ronin::Exploits::Metadata::Arch or Ronin::Exploits::Mixins::HasTargets")
+      end
+    end
+
+    context "when the exploit class's #arch method returns nil" do
+      let(:exploit_class) { TestNOPSMixin::ExploitWithoutArchSet }
+
+      it do
+        expect {
+          subject.perform_validate
+        }.to raise_error(Ronin::Exploits::ValidationError,"exploit #{exploit_class} did not include define an architecture")
+      end
+    end
+
+    context "when the exploit class defines an architecture" do
+      let(:exploit_class) { TestNOPSMixin::ExploitWithArchSet }
+
+      it do
+        expect {
+          subject.perform_validate
+        }.to_not raise_error
+      end
+    end
+  end
+
+  describe "#nop" do
+    context "when #arch returns an architecture name" do
+      context "and it's supported" do
+        let(:exploit_class) { TestNOPSMixin::ExploitWithArchSet }
+
+        it "must return the String from #{described_class}::NOPS for the #arch" do
+          expect(subject.nop).to eq(described_class::NOPS.fetch(subject.arch))
+        end
+      end
+
+      context "but it's not supported" do
+        let(:exploit_class) { TestNOPSMixin::ExploitWithUnsupportedArch }
+
+        it do
+          expect {
+            subject.nop
+          }.to raise_error(NotImplementedError,"no NOP string is currently defined for the architecture: #{subject.arch.inspect}")
+        end
+      end
+    end
+  end
+
+  describe "#nops" do
+    let(:size) { 100 }
+
+    context "when #arch returns an architecture name" do
+      context "and it's supported" do
+        let(:exploit_class) { TestNOPSMixin::ExploitWithArchSet }
+
+        let(:nop) { described_class::NOPS.fetch(subject.arch) }
+
+        it "must return a String of the NOP instruction for the #arch repeated size times" do
+          expect(subject.nops(size)).to eq(nop * size)
+        end
+
+        context "but the NOP instruction for the architecture is more than one byte" do
+          let(:exploit_class) { TestNOPSMixin::ExploitWithMultiByteNopArchSet }
+
+          it "must return a String of the desired length containing as many of the NOP instructions as possible" do
+            expect(subject.nops(size)).to eq(nop * (size / nop.bytesize))
+          end
+        end
+      end
+
+      context "but it's not supported" do
+        let(:exploit_class) { TestNOPSMixin::ExploitWithUnsupportedArch }
+
+        it do
+          expect {
+            subject.nops(size)
+          }.to raise_error(NotImplementedError,"no NOP string is currently defined for the architecture: #{subject.arch.inspect}")
+        end
+      end
+    end
+  end
+end

data/spec/mixins/remote_tcp_spec.rb

@@ -0,0 +1,217 @@
+require 'spec_helper'
+require 'ronin/exploits/mixins/remote_tcp'
+require 'ronin/exploits/exploit'
+
+describe Ronin::Exploits::Mixins::RemoteTCP do
+  module TestMixinsRemoteTCP
+    class TestExploit < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Mixins::RemoteTCP
+    end
+  end
+
+  let(:test_class) { TestMixinsRemoteTCP::TestExploit }
+
+  describe ".included" do
+    subject { test_class }
+
+    it "must include Ronin::Support::Network::TCP::Mixin" do
+      expect(subject).to include(Ronin::Support::Network::TCP::Mixin)
+    end
+
+    it "must include Ronin::Exploits::Params::Host" do
+      expect(subject).to include(Ronin::Exploits::Params::Host)
+    end
+
+    it "must include Ronin::Exploits::Params::Port" do
+      expect(subject).to include(Ronin::Exploits::Params::Port)
+    end
+
+    it "must include Ronin::Exploits::Params::BindHost" do
+      expect(subject).to include(Ronin::Exploits::Params::BindHost)
+    end
+
+    it "must include Ronin::Exploits::Params::BindPort" do
+      expect(subject).to include(Ronin::Exploits::Params::BindPort)
+    end
+  end
+
+  let(:host)      { 'example.com' }
+  let(:port)      { 1337 }
+  let(:bind_host) { 'localhost' }
+  let(:bind_port) { 9000 }
+
+  subject do
+    test_class.new(
+      params: {
+        host:      host,
+        port:      port,
+        bind_host: bind_host,
+        bind_port: bind_port
+      }
+    )
+  end
+
+  describe "#tcp_open?" do
+    context "when given no arguments" do
+      it "must call Ronin::Support::Network::TCP.open? with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::TCP).to receive(:open?).with(
+          subject.host, subject.port, bind_host: subject.bind_host,
+                                      bind_port: subject.bind_port
+        )
+
+        subject.tcp_open?
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::TCP).to receive(:open?).with(
+            subject.host, subject.port, bind_host: subject.bind_host,
+                                        bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Testing if #{subject.host}:#{subject.port} is open ..."
+          )
+
+          subject.tcp_open?
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#tcp_connect" do
+    context "when given no arguments" do
+      it "must call Ronin::Support::Network::TCP.connect with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::TCP).to receive(:connect).with(
+          subject.host, subject.port, bind_host: subject.bind_host,
+                                      bind_port: subject.bind_port
+        )
+
+        subject.tcp_connect
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::TCP).to receive(:connect).with(
+            subject.host, subject.port, bind_host: subject.bind_host,
+                                        bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Connecting to #{subject.host}:#{subject.port} ..."
+          )
+
+          subject.tcp_connect
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#tcp_connect_and_send" do
+    context "when given one argument" do
+      let(:data) { 'foo' }
+
+      it "must call Ronin::Support::Network::TCP.connect_and_send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::TCP).to receive(:connect_and_send).with(
+          data, subject.host, subject.port, bind_host: subject.bind_host,
+                                            bind_port: subject.bind_port
+        )
+
+        subject.tcp_connect_and_send(data)
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::TCP).to receive(:connect_and_send).with(
+            data, subject.host, subject.port, bind_host: subject.bind_host,
+                                              bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Connecting to #{subject.host}:#{subject.port} and sending #{data.inspect} ..."
+          )
+
+          subject.tcp_connect_and_send(data)
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#tcp_banner" do
+    context "when given no arguments" do
+      it "must call Ronin::Support::Network::TCP.banner with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::TCP).to receive(:banner).with(
+          subject.host, subject.port, bind_host: subject.bind_host,
+                                      bind_port: subject.bind_port
+        )
+
+        subject.tcp_banner
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::TCP).to receive(:banner).with(
+            subject.host, subject.port, bind_host: subject.bind_host,
+                                        bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Fetching the banner for #{subject.host}:#{subject.port} ..."
+          )
+
+          subject.tcp_banner
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#tcp_send" do
+    context "when given one argument" do
+      let(:data) { 'foo' }
+
+      it "must call Ronin::Support::Network::TCP.send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::TCP).to receive(:send).with(
+          data, subject.host, subject.port, bind_host: subject.bind_host,
+                                            bind_port: subject.bind_port
+        )
+
+        subject.tcp_send(data)
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::TCP).to receive(:send).with(
+            data, subject.host, subject.port, bind_host: subject.bind_host,
+                                              bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Sending #{data.inspect} to #{subject.host}:#{subject.port} ..."
+          )
+
+          subject.tcp_send(data)
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+end

data/spec/mixins/remote_udp_spec.rb

@@ -0,0 +1,217 @@
+require 'spec_helper'
+require 'ronin/exploits/mixins/remote_udp'
+require 'ronin/exploits/exploit'
+
+describe Ronin::Exploits::Mixins::RemoteUDP do
+  module TestMixinsRemoteUDP
+    class TestExploit < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Mixins::RemoteUDP
+    end
+  end
+
+  let(:test_class) { TestMixinsRemoteUDP::TestExploit }
+
+  describe ".included" do
+    subject { test_class }
+
+    it "must include Ronin::Support::Network::UDP::Mixin" do
+      expect(subject).to include(Ronin::Support::Network::UDP::Mixin)
+    end
+
+    it "must include Ronin::Exploits::Params::Host" do
+      expect(subject).to include(Ronin::Exploits::Params::Host)
+    end
+
+    it "must include Ronin::Exploits::Params::Port" do
+      expect(subject).to include(Ronin::Exploits::Params::Port)
+    end
+
+    it "must include Ronin::Exploits::Params::BindHost" do
+      expect(subject).to include(Ronin::Exploits::Params::BindHost)
+    end
+
+    it "must include Ronin::Exploits::Params::BindPort" do
+      expect(subject).to include(Ronin::Exploits::Params::BindPort)
+    end
+  end
+
+  let(:host)      { 'example.com' }
+  let(:port)      { 1337 }
+  let(:bind_host) { 'localhost' }
+  let(:bind_port) { 9000 }
+
+  subject do
+    test_class.new(
+      params: {
+        host:      host,
+        port:      port,
+        bind_host: bind_host,
+        bind_port: bind_port
+      }
+    )
+  end
+
+  describe "#udp_open?" do
+    context "when given no arguments" do
+      it "must call Ronin::Support::Network::UDP.open? with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::UDP).to receive(:open?).with(
+          subject.host, subject.port, bind_host: subject.bind_host,
+                                      bind_port: subject.bind_port
+        )
+
+        subject.udp_open?
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::UDP).to receive(:open?).with(
+            subject.host, subject.port, bind_host: subject.bind_host,
+                                        bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Testing if #{subject.host}:#{subject.port} is open ..."
+          )
+
+          subject.udp_open?
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#udp_connect" do
+    context "when given no arguments" do
+      it "must call Ronin::Support::Network::UDP.connect with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::UDP).to receive(:connect).with(
+          subject.host, subject.port, bind_host: subject.bind_host,
+                                      bind_port: subject.bind_port
+        )
+
+        subject.udp_connect
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::UDP).to receive(:connect).with(
+            subject.host, subject.port, bind_host: subject.bind_host,
+                                        bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Connecting to #{subject.host}:#{subject.port} ..."
+          )
+
+          subject.udp_connect
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#udp_connect_and_send" do
+    context "when given one argument" do
+      let(:data) { 'foo' }
+
+      it "must call Ronin::Support::Network::UDP.connect_and_send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::UDP).to receive(:connect_and_send).with(
+          data, subject.host, subject.port, bind_host: subject.bind_host,
+                                            bind_port: subject.bind_port
+        )
+
+        subject.udp_connect_and_send(data)
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::UDP).to receive(:connect_and_send).with(
+            data, subject.host, subject.port, bind_host: subject.bind_host,
+                                              bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Connecting to #{subject.host}:#{subject.port} and sending #{data.inspect} ..."
+          )
+
+          subject.udp_connect_and_send(data)
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#udp_banner" do
+    context "when given no arguments" do
+      it "must call Ronin::Support::Network::UDP.banner with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::UDP).to receive(:banner).with(
+          subject.host, subject.port, bind_host: subject.bind_host,
+                                      bind_port: subject.bind_port
+        )
+
+        subject.udp_banner
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::UDP).to receive(:banner).with(
+            subject.host, subject.port, bind_host: subject.bind_host,
+                                        bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Fetching the banner for #{subject.host}:#{subject.port} ..."
+          )
+
+          subject.udp_banner
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+
+  describe "#udp_send" do
+    context "when given one argument" do
+      let(:data) { 'foo' }
+
+      it "must call Ronin::Support::Network::UDP.send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
+        expect(Ronin::Support::Network::UDP).to receive(:send).with(
+          data, subject.host, subject.port, bind_host: subject.bind_host,
+                                            bind_port: subject.bind_port
+        )
+
+        subject.udp_send(data)
+      end
+
+      context "when debug messages are enabled" do
+        before { Ronin::Support::CLI::Printing.debug = true }
+
+        it "must print a debugging message" do
+          allow(Ronin::Support::Network::UDP).to receive(:send).with(
+            data, subject.host, subject.port, bind_host: subject.bind_host,
+                                              bind_port: subject.bind_port
+          )
+
+          expect(subject).to receive(:print_debug).with(
+            "Sending #{data.inspect} to #{subject.host}:#{subject.port} ..."
+          )
+
+          subject.udp_send(data)
+        end
+
+        after { Ronin::Support::CLI::Printing.debug = false }
+      end
+    end
+  end
+end

data/spec/mixins/seh_spec.rb

@@ -0,0 +1,89 @@
+require 'spec_helper'
+require 'ronin/exploits/mixins/seh'
+
+require 'ronin/exploits/exploit'
+require 'ronin/exploits/metadata/arch'
+require 'ronin/exploits/metadata/os'
+
+describe Ronin::Exploits::Mixins::SEH do
+  module TestSEHMixin
+    class TestExploit < Ronin::Exploits::Exploit
+      include Ronin::Exploits::Metadata::Arch
+      include Ronin::Exploits::Metadata::OS
+      include Ronin::Exploits::Mixins::SEH
+
+      arch :x86
+      os :windows
+    end
+  end
+
+  let(:exploit_class) { TestSEHMixin::TestExploit }
+
+  it "must include Ronin::Exploits::Mixins::Text" do
+    expect(exploit_class).to include(Ronin::Exploits::Mixins::Text)
+  end
+
+  it "must include Ronin::Exploits::Mixins::Binary" do
+    expect(exploit_class).to include(Ronin::Exploits::Mixins::Binary)
+  end
+
+  it "must include Ronin::Exploits::Mixins::NOPS" do
+    expect(exploit_class).to include(Ronin::Exploits::Mixins::NOPS)
+  end
+
+  subject { exploit_class.new }
+
+  let(:nseh) { 0x06eb9090 }
+  let(:seh)  { 0x1001ae86 }
+
+  describe "#seh_record" do
+    it "must pack the nseh and seh arguments as machine words" do
+      expect(subject.seh_record(nseh,seh)).to eq(
+        [nseh, seh].pack('L<2')
+      )
+    end
+  end
+
+  describe "#seh_buffer_overflow" do
+    let(:length)  { 1024 }
+    let(:payload) { 'shellcode here'.b }
+
+    it "must return a buffer of the given size, containing junk data, the payload, nseh, and seh addresses" do
+      buffer = subject.seh_buffer_overflow(
+        length: length, payload: payload, nseh: nseh, seh: seh
+      )
+
+      expect(buffer.length).to eq(length)
+
+      junk = subject.junk(length - payload.bytesize - (subject.platform[:machine_word].size * 2))
+
+      packed_nseh = subject.pack(:machine_word,nseh)
+      packed_seh  = subject.pack(:machine_word,seh)
+
+      expect(buffer).to eq(junk + payload + packed_nseh + packed_seh)
+    end
+
+    context "when the nops: keyword argument is given" do
+      let(:nops) { 16 }
+
+      it "must add additional NOP padding to the beginning of the payload" do
+        buffer = subject.seh_buffer_overflow(
+          length: length, nops: nops, payload: payload, nseh: nseh, seh: seh
+        )
+
+        expect(buffer.length).to eq(length)
+
+        junk = subject.junk(length - (subject.nop.bytesize * nops) - payload.bytesize - (subject.platform[:machine_word].size * 2))
+
+        nop_pad = subject.nops(nops)
+
+        packed_nseh = subject.pack(:machine_word,nseh)
+        packed_seh  = subject.pack(:machine_word,seh)
+
+        expect(buffer).to eq(
+          junk + nop_pad + payload + packed_nseh + packed_seh
+        )
+      end
+    end
+  end
+end