ronin-exploits 1.0.0.beta2 → 1.0.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -0
- data/README.md +4 -0
- data/gemspec.yml +3 -1
- data/lib/ronin/exploits/cli/commands/run.rb +55 -5
- data/lib/ronin/exploits/version.rb +1 -1
- data/ronin-exploits.gemspec +2 -1
- metadata +10 -115
- data/spec/advisory_spec.rb +0 -71
- data/spec/cli/exploit_command_spec.rb +0 -68
- data/spec/cli/exploit_methods_spec.rb +0 -208
- data/spec/cli/ruby_shell_spec.rb +0 -14
- data/spec/client_side_web_vuln_spec.rb +0 -117
- data/spec/exploit_spec.rb +0 -538
- data/spec/exploits_spec.rb +0 -8
- data/spec/heap_overflow_spec.rb +0 -14
- data/spec/lfi_spec.rb +0 -162
- data/spec/loot/file_spec.rb +0 -131
- data/spec/loot_spec.rb +0 -138
- data/spec/memory_corruption_spec.rb +0 -22
- data/spec/metadata/arch_spec.rb +0 -82
- data/spec/metadata/cookie_param_spec.rb +0 -67
- data/spec/metadata/default_filename_spec.rb +0 -62
- data/spec/metadata/default_port_spec.rb +0 -62
- data/spec/metadata/header_name_spec.rb +0 -67
- data/spec/metadata/os_spec.rb +0 -164
- data/spec/metadata/shouts_spec.rb +0 -100
- data/spec/metadata/url_path_spec.rb +0 -67
- data/spec/metadata/url_query_param_spec.rb +0 -67
- data/spec/mixins/binary_spec.rb +0 -129
- data/spec/mixins/build_dir.rb +0 -66
- data/spec/mixins/file_builder_spec.rb +0 -67
- data/spec/mixins/format_string_spec.rb +0 -44
- data/spec/mixins/has_payload_spec.rb +0 -333
- data/spec/mixins/has_targets_spec.rb +0 -434
- data/spec/mixins/html_spec.rb +0 -772
- data/spec/mixins/http_spec.rb +0 -1227
- data/spec/mixins/loot_spec.rb +0 -20
- data/spec/mixins/nops_spec.rb +0 -165
- data/spec/mixins/remote_tcp_spec.rb +0 -217
- data/spec/mixins/remote_udp_spec.rb +0 -217
- data/spec/mixins/seh_spec.rb +0 -89
- data/spec/mixins/stack_overflow_spec.rb +0 -87
- data/spec/mixins/text_spec.rb +0 -43
- data/spec/open_redirect_spec.rb +0 -71
- data/spec/params/base_url_spec.rb +0 -71
- data/spec/params/bind_host_spec.rb +0 -34
- data/spec/params/bind_port_spec.rb +0 -35
- data/spec/params/filename_spec.rb +0 -77
- data/spec/params/host_spec.rb +0 -34
- data/spec/params/port_spec.rb +0 -77
- data/spec/rfi_spec.rb +0 -107
- data/spec/seh_overflow_spec.rb +0 -18
- data/spec/spec_helper.rb +0 -8
- data/spec/sqli_spec.rb +0 -306
- data/spec/ssti_spec.rb +0 -121
- data/spec/stack_overflow_spec.rb +0 -18
- data/spec/target_spec.rb +0 -92
- data/spec/test_result_spec.rb +0 -32
- data/spec/use_after_free_spec.rb +0 -14
- data/spec/web_spec.rb +0 -12
- data/spec/web_vuln_spec.rb +0 -854
- data/spec/xss_spec.rb +0 -69
@@ -1,87 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/stack_overflow'
|
3
|
-
|
4
|
-
require 'ronin/exploits/exploit'
|
5
|
-
require 'ronin/exploits/metadata/arch'
|
6
|
-
require 'ronin/exploits/metadata/os'
|
7
|
-
|
8
|
-
describe Ronin::Exploits::Mixins::StackOverflow do
|
9
|
-
module TestSEHMixin
|
10
|
-
class TestExploit < Ronin::Exploits::Exploit
|
11
|
-
include Ronin::Exploits::Metadata::Arch
|
12
|
-
include Ronin::Exploits::Metadata::OS
|
13
|
-
include Ronin::Exploits::Mixins::StackOverflow
|
14
|
-
|
15
|
-
arch :x86
|
16
|
-
os :windows
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
let(:exploit_class) { TestSEHMixin::TestExploit }
|
21
|
-
|
22
|
-
it "must include Ronin::Exploits::Mixins::Text" do
|
23
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::Text)
|
24
|
-
end
|
25
|
-
|
26
|
-
it "must include Ronin::Exploits::Mixins::Binary" do
|
27
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::Binary)
|
28
|
-
end
|
29
|
-
|
30
|
-
it "must include Ronin::Exploits::Mixins::NOPS" do
|
31
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::NOPS)
|
32
|
-
end
|
33
|
-
|
34
|
-
subject { exploit_class.new }
|
35
|
-
|
36
|
-
let(:bp) { 0x06eb9090 }
|
37
|
-
let(:ip) { 0x1001ae86 }
|
38
|
-
|
39
|
-
describe "#stack_frame" do
|
40
|
-
it "must pack the nseh and seh arguments as machine words" do
|
41
|
-
expect(subject.stack_frame(bp,ip)).to eq(
|
42
|
-
[bp, ip].pack('L<2')
|
43
|
-
)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
describe "#buffer_overflow" do
|
48
|
-
let(:length) { 1024 }
|
49
|
-
let(:payload) { 'shellcode here'.b }
|
50
|
-
|
51
|
-
it "must return a buffer of the given size, containing junk data, the payload, stack base pointer (bp), and stack instruction pointer (ip) addresses" do
|
52
|
-
buffer = subject.buffer_overflow(
|
53
|
-
length: length, payload: payload, bp: bp, ip: ip
|
54
|
-
)
|
55
|
-
|
56
|
-
expect(buffer.length).to eq(length)
|
57
|
-
|
58
|
-
junk = subject.junk(length - payload.bytesize - (subject.platform[:machine_word].size * 2))
|
59
|
-
|
60
|
-
packed_bp = subject.pack(:machine_word,bp)
|
61
|
-
packed_ip = subject.pack(:machine_word,ip)
|
62
|
-
|
63
|
-
expect(buffer).to eq(junk + payload + packed_bp + packed_ip)
|
64
|
-
end
|
65
|
-
|
66
|
-
context "when the nops: keyword argument is given" do
|
67
|
-
let(:nops) { 16 }
|
68
|
-
|
69
|
-
it "must add additional NOP padding to the beginning of the payload" do
|
70
|
-
buffer = subject.buffer_overflow(
|
71
|
-
length: length, nops: nops, payload: payload, bp: bp, ip: ip
|
72
|
-
)
|
73
|
-
|
74
|
-
expect(buffer.length).to eq(length)
|
75
|
-
|
76
|
-
junk = subject.junk(length - (subject.nop.bytesize * nops) - payload.bytesize - (subject.platform[:machine_word].size * 2))
|
77
|
-
|
78
|
-
nop_pad = subject.nops(nops)
|
79
|
-
|
80
|
-
packed_ip = subject.pack(:machine_word,ip)
|
81
|
-
packed_bp = subject.pack(:machine_word,bp)
|
82
|
-
|
83
|
-
expect(buffer).to eq(junk + nop_pad + payload + packed_bp + packed_ip)
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
data/spec/mixins/text_spec.rb
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/text'
|
3
|
-
|
4
|
-
require 'ronin/exploits/exploit'
|
5
|
-
|
6
|
-
describe Ronin::Exploits::Mixins::Text do
|
7
|
-
module TestTextMixin
|
8
|
-
class TestExploit < Ronin::Exploits::Exploit
|
9
|
-
include Ronin::Exploits::Mixins::Text
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
let(:exploit_class) { TestTextMixin::TestExploit }
|
14
|
-
subject { exploit_class.new }
|
15
|
-
|
16
|
-
it "must include Ronin::Support::Text::Random::Mixin" do
|
17
|
-
expect(exploit_class).to include(Ronin::Support::Text::Random::Mixin)
|
18
|
-
end
|
19
|
-
|
20
|
-
describe "#junk" do
|
21
|
-
let(:count) { 1024 }
|
22
|
-
|
23
|
-
it "must return a String of 'A' characters for the given count" do
|
24
|
-
expect(subject.junk(count)).to eq('A' * count)
|
25
|
-
end
|
26
|
-
|
27
|
-
context "when given a custom character" do
|
28
|
-
let(:char) { 'B' }
|
29
|
-
|
30
|
-
it "must return a String of the given characters for the given count" do
|
31
|
-
expect(subject.junk(char,count)).to eq(char * count)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
context "when given a custom String" do
|
36
|
-
let(:string) { 'AB' }
|
37
|
-
|
38
|
-
it "must return a String of the given String repeated for the given count" do
|
39
|
-
expect(subject.junk(string,count)).to eq(string * count)
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
data/spec/open_redirect_spec.rb
DELETED
@@ -1,71 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/open_redirect'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::OpenRedirect do
|
5
|
-
module TestOpenRedirect
|
6
|
-
class TestExploit < Ronin::Exploits::OpenRedirect
|
7
|
-
base_path '/showthread.asp'
|
8
|
-
query_param 'id'
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:exploit_class) { TestOpenRedirect::TestExploit }
|
13
|
-
let(:base_url) { 'http://testasp.vulnweb.com' }
|
14
|
-
let(:redirect_url) { 'http://evil.com/' }
|
15
|
-
|
16
|
-
subject do
|
17
|
-
exploit_class.new(
|
18
|
-
params: {
|
19
|
-
base_url: base_url,
|
20
|
-
redirect_url: redirect_url
|
21
|
-
}
|
22
|
-
)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "must inherite from Ronin::Exploits::ClientSideWebVuln" do
|
26
|
-
expect(described_class).to be < Ronin::Exploits::ClientSideWebVuln
|
27
|
-
end
|
28
|
-
|
29
|
-
describe ".exploit_type" do
|
30
|
-
subject { described_class }
|
31
|
-
|
32
|
-
it { expect(subject.exploit_type).to eq(:open_redirect) }
|
33
|
-
end
|
34
|
-
|
35
|
-
describe "#initialize" do
|
36
|
-
it "must default #payload to a Ronin::Payloads::Test::OpenRedirect payload" do
|
37
|
-
expect(subject.payload).to be_kind_of(Ronin::Payloads::Test::OpenRedirect)
|
38
|
-
end
|
39
|
-
|
40
|
-
context "when given the payload: keyword argument" do
|
41
|
-
let(:payload) { Ronin::Payloads::URLPayload.new }
|
42
|
-
|
43
|
-
subject do
|
44
|
-
exploit_class.new(
|
45
|
-
payload: payload,
|
46
|
-
params: {
|
47
|
-
base_url: base_url
|
48
|
-
}
|
49
|
-
)
|
50
|
-
end
|
51
|
-
|
52
|
-
it "must set #payload" do
|
53
|
-
expect(subject.payload).to be(payload)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
describe "#vuln" do
|
59
|
-
it "must return a Ronin::Vulns::OpenRedirect object" do
|
60
|
-
expect(subject.vuln).to be_kind_of(Ronin::Vulns::OpenRedirect)
|
61
|
-
end
|
62
|
-
|
63
|
-
it "must set the #url attribute of the OpenRedirect vuln object" do
|
64
|
-
expect(subject.vuln.url).to eq(subject.url)
|
65
|
-
end
|
66
|
-
|
67
|
-
it "must set the #test_url attribute of the OpenRedirect vuln object to the 'redirect_url' param" do
|
68
|
-
expect(subject.vuln.test_url).to eq(redirect_url)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
@@ -1,71 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/base_url'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::BaseURL do
|
6
|
-
module TestBaseURLParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::BaseURL
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestBaseURLParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add a required 'base_url' param to the exploit class" do
|
16
|
-
expect(subject.params[:base_url]).to_not be_nil
|
17
|
-
expect(subject.params[:base_url].type).to be_kind_of(Ronin::Core::Params::Types::URI)
|
18
|
-
expect(subject.params[:base_url].required?).to be(true)
|
19
|
-
expect(subject.params[:base_url].desc).to eq("The base URL of the target")
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
let(:base_url) { URI('https://example.com:8080/') }
|
24
|
-
subject { TestBaseURLParam::TestExploit.new(params: {base_url: base_url}) }
|
25
|
-
|
26
|
-
describe "#host" do
|
27
|
-
it "must return the host value of the base URL" do
|
28
|
-
expect(subject.host).to eq(base_url.host)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
describe "#port" do
|
33
|
-
it "must return the port value of the base URL" do
|
34
|
-
expect(subject.port).to eq(base_url.port)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
describe "#url_for" do
|
39
|
-
context "when given an absolute path" do
|
40
|
-
let(:path) { '/foo' }
|
41
|
-
|
42
|
-
it "must return a URI::HTTP object" do
|
43
|
-
expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
|
44
|
-
end
|
45
|
-
|
46
|
-
it "must override the path of the params[:base_url]" do
|
47
|
-
expect(subject.url_for(path).path).to eq(path)
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
context "when given a relative path" do
|
52
|
-
let(:path) { 'foo' }
|
53
|
-
|
54
|
-
it "must return a URI::HTTP object" do
|
55
|
-
expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
|
56
|
-
end
|
57
|
-
|
58
|
-
it "must convert the path into an absolute path" do
|
59
|
-
expect(subject.url_for(path).path).to eq("/#{path}")
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
context "when given a fully qualified URL" do
|
64
|
-
let(:url) { "https://www.other.com/foo" }
|
65
|
-
|
66
|
-
it "must return the URL" do
|
67
|
-
expect(subject.url_for(url).to_s).to eq(url)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/bind_host'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::BindHost do
|
6
|
-
module TestBindHostParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::BindHost
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestBindHostParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add an optional 'bind_host' param to the exploit class" do
|
16
|
-
expect(subject.params[:bind_host]).to_not be_nil
|
17
|
-
expect(subject.params[:bind_host].required?).to be(false)
|
18
|
-
expect(subject.params[:bind_host].desc).to eq("Local host to bind to")
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
let(:bind_host) { 'localhost' }
|
23
|
-
subject do
|
24
|
-
TestBindHostParam::TestExploit.new(
|
25
|
-
params: {bind_host: bind_host}
|
26
|
-
)
|
27
|
-
end
|
28
|
-
|
29
|
-
describe "#bind_host" do
|
30
|
-
it "must return the bind_host param value" do
|
31
|
-
expect(subject.bind_host).to eq(bind_host)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/bind_port'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::BindPort do
|
6
|
-
module TestBindPortParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::BindPort
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestBindPortParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add an optional 'bind_port' param to the exploit class" do
|
16
|
-
expect(subject.params[:bind_port]).to_not be_nil
|
17
|
-
expect(subject.params[:bind_port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
|
18
|
-
expect(subject.params[:bind_port].required?).to be(false)
|
19
|
-
expect(subject.params[:bind_port].desc).to eq("Local port to bind to")
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
let(:bind_port) { 9000 }
|
24
|
-
subject do
|
25
|
-
TestBindPortParam::TestExploit.new(
|
26
|
-
params: {bind_port: bind_port}
|
27
|
-
)
|
28
|
-
end
|
29
|
-
|
30
|
-
describe "#bind_port" do
|
31
|
-
it "must return the bind_port param value" do
|
32
|
-
expect(subject.bind_port).to eq(bind_port)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
@@ -1,77 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/filename'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::Filename do
|
6
|
-
module TestFilenameParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::Filename
|
9
|
-
end
|
10
|
-
|
11
|
-
class TextExploitWithDefaultFilename < Ronin::Exploits::Exploit
|
12
|
-
include Ronin::Exploits::Params::Filename
|
13
|
-
default_filename 'exploit.docx'
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
describe ".included" do
|
18
|
-
subject { TestFilenameParam::TestExploit }
|
19
|
-
|
20
|
-
it "must include Ronin::Exploits::Metadata::DefaultFilename" do
|
21
|
-
expect(subject).to include(Ronin::Exploits::Metadata::DefaultFilename)
|
22
|
-
end
|
23
|
-
|
24
|
-
it "must add a required 'filename' param to the exploit class" do
|
25
|
-
expect(subject.params[:filename]).to_not be_nil
|
26
|
-
expect(subject.params[:filename].type).to be_kind_of(Ronin::Core::Params::Types::String)
|
27
|
-
expect(subject.params[:filename].required?).to be(true)
|
28
|
-
expect(subject.params[:filename].default).to be_kind_of(Proc)
|
29
|
-
expect(subject.params[:filename].desc).to eq("The filename for the exploit")
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
let(:exploit_class) { TestFilenameParam::TestExploit }
|
34
|
-
|
35
|
-
let(:filename) { 'my-file.txt' }
|
36
|
-
|
37
|
-
subject do
|
38
|
-
exploit_class.new(
|
39
|
-
params: {filename: filename}
|
40
|
-
)
|
41
|
-
end
|
42
|
-
|
43
|
-
describe "#filename" do
|
44
|
-
it "must return the filename param value" do
|
45
|
-
expect(subject.filename).to eq(filename)
|
46
|
-
end
|
47
|
-
|
48
|
-
context "when no filename param value is set" do
|
49
|
-
subject do
|
50
|
-
exploit_class.new
|
51
|
-
end
|
52
|
-
|
53
|
-
it "must require a filename value" do
|
54
|
-
expect {
|
55
|
-
subject.validate_params
|
56
|
-
}.to raise_error(Ronin::Core::Params::RequiredParam,"param 'filename' requires a value")
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
context "when the exploit class defines a default_filename" do
|
61
|
-
context "and the filename param value is set" do
|
62
|
-
it "must override the default_filename value" do
|
63
|
-
expect(subject.filename).to eq(filename)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
context "but no filename param value has been set" do
|
68
|
-
let(:exploit_class) { TestFilenameParam::TextExploitWithDefaultFilename }
|
69
|
-
subject { exploit_class.new }
|
70
|
-
|
71
|
-
it "must default to the default_filename value" do
|
72
|
-
expect(subject.filename).to eq(exploit_class.default_filename)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
data/spec/params/host_spec.rb
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/host'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::Host do
|
6
|
-
module TestHostParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::Host
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestHostParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add a required 'host' param to the exploit class" do
|
16
|
-
expect(subject.params[:host]).to_not be_nil
|
17
|
-
expect(subject.params[:host].required?).to be(true)
|
18
|
-
expect(subject.params[:host].desc).to eq("Remote host to connect to")
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
let(:host) { 'example.com' }
|
23
|
-
subject do
|
24
|
-
TestHostParam::TestExploit.new(
|
25
|
-
params: {host: host}
|
26
|
-
)
|
27
|
-
end
|
28
|
-
|
29
|
-
describe "#host" do
|
30
|
-
it "must return the host param value" do
|
31
|
-
expect(subject.host).to eq(host)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
data/spec/params/port_spec.rb
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/port'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::Port do
|
6
|
-
module TestPortParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::Port
|
9
|
-
end
|
10
|
-
|
11
|
-
class TextExploitWithDefaultPort < Ronin::Exploits::Exploit
|
12
|
-
include Ronin::Exploits::Params::Port
|
13
|
-
default_port 123
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
describe ".included" do
|
18
|
-
subject { TestPortParam::TestExploit }
|
19
|
-
|
20
|
-
it "must include Ronin::Exploits::Metadata::DefaultPort" do
|
21
|
-
expect(subject).to include(Ronin::Exploits::Metadata::DefaultPort)
|
22
|
-
end
|
23
|
-
|
24
|
-
it "must add a required 'port' param to the exploit class" do
|
25
|
-
expect(subject.params[:port]).to_not be_nil
|
26
|
-
expect(subject.params[:port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
|
27
|
-
expect(subject.params[:port].required?).to be(true)
|
28
|
-
expect(subject.params[:port].default).to be_kind_of(Proc)
|
29
|
-
expect(subject.params[:port].desc).to eq("Remote port to connect to")
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
let(:exploit_class) { TestPortParam::TestExploit }
|
34
|
-
|
35
|
-
let(:port) { 1337 }
|
36
|
-
|
37
|
-
subject do
|
38
|
-
exploit_class.new(
|
39
|
-
params: {port: port}
|
40
|
-
)
|
41
|
-
end
|
42
|
-
|
43
|
-
describe "#port" do
|
44
|
-
it "must return the port param value" do
|
45
|
-
expect(subject.port).to eq(port)
|
46
|
-
end
|
47
|
-
|
48
|
-
context "when no port param value is set" do
|
49
|
-
subject do
|
50
|
-
exploit_class.new
|
51
|
-
end
|
52
|
-
|
53
|
-
it "must require a port value" do
|
54
|
-
expect {
|
55
|
-
subject.validate_params
|
56
|
-
}.to raise_error(Ronin::Core::Params::RequiredParam,"param 'port' requires a value")
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
context "when the exploit class defines a default_port" do
|
61
|
-
context "and the port param value is set" do
|
62
|
-
it "must override the default_port value" do
|
63
|
-
expect(subject.port).to eq(port)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
context "but no port param value has been set" do
|
68
|
-
let(:exploit_class) { TestPortParam::TextExploitWithDefaultPort }
|
69
|
-
subject { exploit_class.new }
|
70
|
-
|
71
|
-
it "must default to the default_port value" do
|
72
|
-
expect(subject.port).to eq(exploit_class.default_port)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
data/spec/rfi_spec.rb
DELETED
@@ -1,107 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/rfi'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::RFI do
|
5
|
-
module TestRFI
|
6
|
-
class TestExploit < Ronin::Exploits::RFI
|
7
|
-
base_path '/showimage.php'
|
8
|
-
query_param 'file'
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:exploit_class) { TestRFI::TestExploit }
|
13
|
-
|
14
|
-
let(:base_url) { 'http://testphp.vulnweb.com' }
|
15
|
-
|
16
|
-
subject do
|
17
|
-
exploit_class.new(
|
18
|
-
params: {
|
19
|
-
base_url: base_url
|
20
|
-
}
|
21
|
-
)
|
22
|
-
end
|
23
|
-
|
24
|
-
describe ".exploit_type" do
|
25
|
-
subject { described_class }
|
26
|
-
|
27
|
-
it { expect(subject.exploit_type).to eq(:rfi) }
|
28
|
-
end
|
29
|
-
|
30
|
-
describe "#vuln" do
|
31
|
-
it "must return a Ronin::Vulns::RFI object" do
|
32
|
-
expect(subject.vuln).to be_kind_of(Ronin::Vulns::RFI)
|
33
|
-
end
|
34
|
-
|
35
|
-
it "must set the #url attribute of the RFI vuln object" do
|
36
|
-
expect(subject.vuln.url).to eq(subject.url)
|
37
|
-
end
|
38
|
-
|
39
|
-
it "must infer the #test_scrript_url from the #url attribute" do
|
40
|
-
expect(subject.vuln.test_script_url).to eq(Ronin::Vulns::RFI.test_script_for(subject.vuln.url))
|
41
|
-
end
|
42
|
-
|
43
|
-
context "when the 'test_script_url' param is set" do
|
44
|
-
let(:test_script_url) { 'https://myhost.com/path/to/test_script.php' }
|
45
|
-
|
46
|
-
subject do
|
47
|
-
exploit_class.new(
|
48
|
-
params: {
|
49
|
-
base_url: base_url,
|
50
|
-
test_script_url: test_script_url
|
51
|
-
}
|
52
|
-
)
|
53
|
-
end
|
54
|
-
|
55
|
-
it "must set the #test_script_url for the RFI vuln object" do
|
56
|
-
expect(subject.vuln.test_script_url).to eq(test_script_url)
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
it "must not set the #filter_bypass attribute of the RFI vuln object by default" do
|
61
|
-
expect(subject.vuln.filter_bypass).to be(nil)
|
62
|
-
end
|
63
|
-
|
64
|
-
context "when the 'filter_bypass' param is set" do
|
65
|
-
let(:filter_bypass) { :double_encode }
|
66
|
-
|
67
|
-
subject do
|
68
|
-
exploit_class.new(
|
69
|
-
params: {
|
70
|
-
base_url: base_url,
|
71
|
-
filter_bypass: filter_bypass
|
72
|
-
}
|
73
|
-
)
|
74
|
-
end
|
75
|
-
|
76
|
-
it "must set the #filter_bypass attribute of the RFI vuln object to the 'filter_bypass' param" do
|
77
|
-
expect(subject.vuln.filter_bypass).to eq(filter_bypass)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
describe "#launch" do
|
83
|
-
module TestRFI
|
84
|
-
class RFIPayload < Ronin::Payloads::URLPayload
|
85
|
-
url 'https://example.com/path/to/payload.php'
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
let(:payload_class) { TestRFI::RFIPayload }
|
90
|
-
let(:payload) { payload_class.new }
|
91
|
-
|
92
|
-
subject do
|
93
|
-
exploit_class.new(
|
94
|
-
payload: payload,
|
95
|
-
params: {
|
96
|
-
base_url: base_url
|
97
|
-
}
|
98
|
-
)
|
99
|
-
end
|
100
|
-
|
101
|
-
it "must call #exploit on the #vuln object with the #payload" do
|
102
|
-
expect(subject.vuln).to receive(:exploit).with(payload)
|
103
|
-
|
104
|
-
subject.launch
|
105
|
-
end
|
106
|
-
end
|
107
|
-
end
|
data/spec/seh_overflow_spec.rb
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/seh_overflow'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::SEHOverflow do
|
5
|
-
it "must inherit from Ronin::Exploits::MemoryCorruption" do
|
6
|
-
expect(described_class).to be < Ronin::Exploits::MemoryCorruption
|
7
|
-
end
|
8
|
-
|
9
|
-
it "must include Ronin::Exploits::Mixins::SEH" do
|
10
|
-
expect(described_class).to include(Ronin::Exploits::Mixins::SEH)
|
11
|
-
end
|
12
|
-
|
13
|
-
describe ".exploit_type" do
|
14
|
-
subject { described_class }
|
15
|
-
|
16
|
-
it { expect(subject.exploit_type).to eq(:seh_overflow) }
|
17
|
-
end
|
18
|
-
end
|