ronin-exploits 1.0.0.beta2 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -0
- data/README.md +29 -13
- data/gemspec.yml +10 -8
- data/lib/ronin/exploits/cli/commands/new.rb +1 -1
- data/lib/ronin/exploits/cli/commands/run.rb +55 -5
- data/lib/ronin/exploits/exploit.rb +7 -5
- data/lib/ronin/exploits/lfi.rb +1 -1
- data/lib/ronin/exploits/metadata/arch.rb +1 -1
- data/lib/ronin/exploits/metadata/default_filename.rb +1 -1
- data/lib/ronin/exploits/metadata/default_port.rb +1 -1
- data/lib/ronin/exploits/mixins/file_builder.rb +2 -2
- data/lib/ronin/exploits/mixins/nops.rb +1 -1
- data/lib/ronin/exploits/params/base_url.rb +1 -1
- data/lib/ronin/exploits/version.rb +1 -1
- data/ronin-exploits.gemspec +2 -1
- metadata +24 -129
- data/spec/advisory_spec.rb +0 -71
- data/spec/cli/exploit_command_spec.rb +0 -68
- data/spec/cli/exploit_methods_spec.rb +0 -208
- data/spec/cli/ruby_shell_spec.rb +0 -14
- data/spec/client_side_web_vuln_spec.rb +0 -117
- data/spec/exploit_spec.rb +0 -538
- data/spec/exploits_spec.rb +0 -8
- data/spec/heap_overflow_spec.rb +0 -14
- data/spec/lfi_spec.rb +0 -162
- data/spec/loot/file_spec.rb +0 -131
- data/spec/loot_spec.rb +0 -138
- data/spec/memory_corruption_spec.rb +0 -22
- data/spec/metadata/arch_spec.rb +0 -82
- data/spec/metadata/cookie_param_spec.rb +0 -67
- data/spec/metadata/default_filename_spec.rb +0 -62
- data/spec/metadata/default_port_spec.rb +0 -62
- data/spec/metadata/header_name_spec.rb +0 -67
- data/spec/metadata/os_spec.rb +0 -164
- data/spec/metadata/shouts_spec.rb +0 -100
- data/spec/metadata/url_path_spec.rb +0 -67
- data/spec/metadata/url_query_param_spec.rb +0 -67
- data/spec/mixins/binary_spec.rb +0 -129
- data/spec/mixins/build_dir.rb +0 -66
- data/spec/mixins/file_builder_spec.rb +0 -67
- data/spec/mixins/format_string_spec.rb +0 -44
- data/spec/mixins/has_payload_spec.rb +0 -333
- data/spec/mixins/has_targets_spec.rb +0 -434
- data/spec/mixins/html_spec.rb +0 -772
- data/spec/mixins/http_spec.rb +0 -1227
- data/spec/mixins/loot_spec.rb +0 -20
- data/spec/mixins/nops_spec.rb +0 -165
- data/spec/mixins/remote_tcp_spec.rb +0 -217
- data/spec/mixins/remote_udp_spec.rb +0 -217
- data/spec/mixins/seh_spec.rb +0 -89
- data/spec/mixins/stack_overflow_spec.rb +0 -87
- data/spec/mixins/text_spec.rb +0 -43
- data/spec/open_redirect_spec.rb +0 -71
- data/spec/params/base_url_spec.rb +0 -71
- data/spec/params/bind_host_spec.rb +0 -34
- data/spec/params/bind_port_spec.rb +0 -35
- data/spec/params/filename_spec.rb +0 -77
- data/spec/params/host_spec.rb +0 -34
- data/spec/params/port_spec.rb +0 -77
- data/spec/rfi_spec.rb +0 -107
- data/spec/seh_overflow_spec.rb +0 -18
- data/spec/spec_helper.rb +0 -8
- data/spec/sqli_spec.rb +0 -306
- data/spec/ssti_spec.rb +0 -121
- data/spec/stack_overflow_spec.rb +0 -18
- data/spec/target_spec.rb +0 -92
- data/spec/test_result_spec.rb +0 -32
- data/spec/use_after_free_spec.rb +0 -14
- data/spec/web_spec.rb +0 -12
- data/spec/web_vuln_spec.rb +0 -854
- data/spec/xss_spec.rb +0 -69
data/spec/mixins/loot_spec.rb
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
require 'ronin/exploits/mixins/loot'
|
2
|
-
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Mixins::Loot do
|
6
|
-
module TestLootMixin
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Mixins::Loot
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:exploit_class) { TestLootMixin::TestExploit }
|
13
|
-
subject { exploit_class.new }
|
14
|
-
|
15
|
-
describe "#initialize" do
|
16
|
-
it "must initialize #loot to a Ronin::Exploits::Loot object" do
|
17
|
-
expect(subject.loot).to be_kind_of(Ronin::Exploits::Loot)
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
data/spec/mixins/nops_spec.rb
DELETED
@@ -1,165 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/nops'
|
3
|
-
|
4
|
-
require 'ronin/exploits/exploit'
|
5
|
-
require 'ronin/exploits/metadata/arch'
|
6
|
-
|
7
|
-
describe Ronin::Exploits::Mixins::NOPS do
|
8
|
-
describe "NOPS" do
|
9
|
-
subject { described_class::NOPS }
|
10
|
-
|
11
|
-
describe ":x86" do
|
12
|
-
subject { super()[:x86] }
|
13
|
-
|
14
|
-
it "must return \"\\x90\"" do
|
15
|
-
expect(subject).to eq("\x90".b)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
describe ":x86_64" do
|
20
|
-
subject { super()[:x86_64] }
|
21
|
-
|
22
|
-
it "must return \"\\x90\"" do
|
23
|
-
expect(subject).to eq("\x90".b)
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
describe ":arm" do
|
28
|
-
subject { super()[:arm] }
|
29
|
-
|
30
|
-
it "must return \"\\x05P\\xa0\\xe1\"" do
|
31
|
-
expect(subject).to eq("\x05P\xa0\xe1".b)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
describe ":arm64" do
|
36
|
-
subject { super()[:arm64] }
|
37
|
-
|
38
|
-
it "must return \"\\xe5\\x03\\x05\\xaa\"" do
|
39
|
-
expect(subject).to eq("\xe5\x03\x05\xaa".b)
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
module TestNOPSMixin
|
45
|
-
class ExploitWithArchSet < Ronin::Exploits::Exploit
|
46
|
-
include Ronin::Exploits::Metadata::Arch
|
47
|
-
include Ronin::Exploits::Mixins::NOPS
|
48
|
-
|
49
|
-
arch :x86
|
50
|
-
end
|
51
|
-
|
52
|
-
class ExploitWithMultiByteNopArchSet < Ronin::Exploits::Exploit
|
53
|
-
include Ronin::Exploits::Metadata::Arch
|
54
|
-
include Ronin::Exploits::Mixins::NOPS
|
55
|
-
|
56
|
-
arch :arm
|
57
|
-
end
|
58
|
-
|
59
|
-
class ExploitWithoutArch < Ronin::Exploits::Exploit
|
60
|
-
include Ronin::Exploits::Mixins::NOPS
|
61
|
-
end
|
62
|
-
|
63
|
-
class ExploitWithoutArchSet < Ronin::Exploits::Exploit
|
64
|
-
include Ronin::Exploits::Metadata::Arch
|
65
|
-
include Ronin::Exploits::Mixins::NOPS
|
66
|
-
end
|
67
|
-
|
68
|
-
class ExploitWithUnsupportedArch < Ronin::Exploits::Exploit
|
69
|
-
include Ronin::Exploits::Metadata::Arch
|
70
|
-
include Ronin::Exploits::Mixins::NOPS
|
71
|
-
|
72
|
-
arch :mips
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
subject { exploit_class.new }
|
77
|
-
|
78
|
-
describe "#perform_validate" do
|
79
|
-
context "when the exploit class does not define an #arch method" do
|
80
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithoutArch }
|
81
|
-
|
82
|
-
it do
|
83
|
-
expect {
|
84
|
-
subject.perform_validate
|
85
|
-
}.to raise_error(Ronin::Exploits::ValidationError,"exploit #{exploit_class} did not include Ronin::Exploits::Metadata::Arch or Ronin::Exploits::Mixins::HasTargets")
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
context "when the exploit class's #arch method returns nil" do
|
90
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithoutArchSet }
|
91
|
-
|
92
|
-
it do
|
93
|
-
expect {
|
94
|
-
subject.perform_validate
|
95
|
-
}.to raise_error(Ronin::Exploits::ValidationError,"exploit #{exploit_class} did not include define an architecture")
|
96
|
-
end
|
97
|
-
end
|
98
|
-
|
99
|
-
context "when the exploit class defines an architecture" do
|
100
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithArchSet }
|
101
|
-
|
102
|
-
it do
|
103
|
-
expect {
|
104
|
-
subject.perform_validate
|
105
|
-
}.to_not raise_error
|
106
|
-
end
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
|
-
describe "#nop" do
|
111
|
-
context "when #arch returns an architecture name" do
|
112
|
-
context "and it's supported" do
|
113
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithArchSet }
|
114
|
-
|
115
|
-
it "must return the String from #{described_class}::NOPS for the #arch" do
|
116
|
-
expect(subject.nop).to eq(described_class::NOPS.fetch(subject.arch))
|
117
|
-
end
|
118
|
-
end
|
119
|
-
|
120
|
-
context "but it's not supported" do
|
121
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithUnsupportedArch }
|
122
|
-
|
123
|
-
it do
|
124
|
-
expect {
|
125
|
-
subject.nop
|
126
|
-
}.to raise_error(NotImplementedError,"no NOP string is currently defined for the architecture: #{subject.arch.inspect}")
|
127
|
-
end
|
128
|
-
end
|
129
|
-
end
|
130
|
-
end
|
131
|
-
|
132
|
-
describe "#nops" do
|
133
|
-
let(:size) { 100 }
|
134
|
-
|
135
|
-
context "when #arch returns an architecture name" do
|
136
|
-
context "and it's supported" do
|
137
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithArchSet }
|
138
|
-
|
139
|
-
let(:nop) { described_class::NOPS.fetch(subject.arch) }
|
140
|
-
|
141
|
-
it "must return a String of the NOP instruction for the #arch repeated size times" do
|
142
|
-
expect(subject.nops(size)).to eq(nop * size)
|
143
|
-
end
|
144
|
-
|
145
|
-
context "but the NOP instruction for the architecture is more than one byte" do
|
146
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithMultiByteNopArchSet }
|
147
|
-
|
148
|
-
it "must return a String of the desired length containing as many of the NOP instructions as possible" do
|
149
|
-
expect(subject.nops(size)).to eq(nop * (size / nop.bytesize))
|
150
|
-
end
|
151
|
-
end
|
152
|
-
end
|
153
|
-
|
154
|
-
context "but it's not supported" do
|
155
|
-
let(:exploit_class) { TestNOPSMixin::ExploitWithUnsupportedArch }
|
156
|
-
|
157
|
-
it do
|
158
|
-
expect {
|
159
|
-
subject.nops(size)
|
160
|
-
}.to raise_error(NotImplementedError,"no NOP string is currently defined for the architecture: #{subject.arch.inspect}")
|
161
|
-
end
|
162
|
-
end
|
163
|
-
end
|
164
|
-
end
|
165
|
-
end
|
@@ -1,217 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/remote_tcp'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Mixins::RemoteTCP do
|
6
|
-
module TestMixinsRemoteTCP
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Mixins::RemoteTCP
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:test_class) { TestMixinsRemoteTCP::TestExploit }
|
13
|
-
|
14
|
-
describe ".included" do
|
15
|
-
subject { test_class }
|
16
|
-
|
17
|
-
it "must include Ronin::Support::Network::TCP::Mixin" do
|
18
|
-
expect(subject).to include(Ronin::Support::Network::TCP::Mixin)
|
19
|
-
end
|
20
|
-
|
21
|
-
it "must include Ronin::Exploits::Params::Host" do
|
22
|
-
expect(subject).to include(Ronin::Exploits::Params::Host)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "must include Ronin::Exploits::Params::Port" do
|
26
|
-
expect(subject).to include(Ronin::Exploits::Params::Port)
|
27
|
-
end
|
28
|
-
|
29
|
-
it "must include Ronin::Exploits::Params::BindHost" do
|
30
|
-
expect(subject).to include(Ronin::Exploits::Params::BindHost)
|
31
|
-
end
|
32
|
-
|
33
|
-
it "must include Ronin::Exploits::Params::BindPort" do
|
34
|
-
expect(subject).to include(Ronin::Exploits::Params::BindPort)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
let(:host) { 'example.com' }
|
39
|
-
let(:port) { 1337 }
|
40
|
-
let(:bind_host) { 'localhost' }
|
41
|
-
let(:bind_port) { 9000 }
|
42
|
-
|
43
|
-
subject do
|
44
|
-
test_class.new(
|
45
|
-
params: {
|
46
|
-
host: host,
|
47
|
-
port: port,
|
48
|
-
bind_host: bind_host,
|
49
|
-
bind_port: bind_port
|
50
|
-
}
|
51
|
-
)
|
52
|
-
end
|
53
|
-
|
54
|
-
describe "#tcp_open?" do
|
55
|
-
context "when given no arguments" do
|
56
|
-
it "must call Ronin::Support::Network::TCP.open? with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
57
|
-
expect(Ronin::Support::Network::TCP).to receive(:open?).with(
|
58
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
59
|
-
bind_port: subject.bind_port
|
60
|
-
)
|
61
|
-
|
62
|
-
subject.tcp_open?
|
63
|
-
end
|
64
|
-
|
65
|
-
context "when debug messages are enabled" do
|
66
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
67
|
-
|
68
|
-
it "must print a debugging message" do
|
69
|
-
allow(Ronin::Support::Network::TCP).to receive(:open?).with(
|
70
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
71
|
-
bind_port: subject.bind_port
|
72
|
-
)
|
73
|
-
|
74
|
-
expect(subject).to receive(:print_debug).with(
|
75
|
-
"Testing if #{subject.host}:#{subject.port} is open ..."
|
76
|
-
)
|
77
|
-
|
78
|
-
subject.tcp_open?
|
79
|
-
end
|
80
|
-
|
81
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
describe "#tcp_connect" do
|
87
|
-
context "when given no arguments" do
|
88
|
-
it "must call Ronin::Support::Network::TCP.connect with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
89
|
-
expect(Ronin::Support::Network::TCP).to receive(:connect).with(
|
90
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
91
|
-
bind_port: subject.bind_port
|
92
|
-
)
|
93
|
-
|
94
|
-
subject.tcp_connect
|
95
|
-
end
|
96
|
-
|
97
|
-
context "when debug messages are enabled" do
|
98
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
99
|
-
|
100
|
-
it "must print a debugging message" do
|
101
|
-
allow(Ronin::Support::Network::TCP).to receive(:connect).with(
|
102
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
103
|
-
bind_port: subject.bind_port
|
104
|
-
)
|
105
|
-
|
106
|
-
expect(subject).to receive(:print_debug).with(
|
107
|
-
"Connecting to #{subject.host}:#{subject.port} ..."
|
108
|
-
)
|
109
|
-
|
110
|
-
subject.tcp_connect
|
111
|
-
end
|
112
|
-
|
113
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
describe "#tcp_connect_and_send" do
|
119
|
-
context "when given one argument" do
|
120
|
-
let(:data) { 'foo' }
|
121
|
-
|
122
|
-
it "must call Ronin::Support::Network::TCP.connect_and_send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
123
|
-
expect(Ronin::Support::Network::TCP).to receive(:connect_and_send).with(
|
124
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
125
|
-
bind_port: subject.bind_port
|
126
|
-
)
|
127
|
-
|
128
|
-
subject.tcp_connect_and_send(data)
|
129
|
-
end
|
130
|
-
|
131
|
-
context "when debug messages are enabled" do
|
132
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
133
|
-
|
134
|
-
it "must print a debugging message" do
|
135
|
-
allow(Ronin::Support::Network::TCP).to receive(:connect_and_send).with(
|
136
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
137
|
-
bind_port: subject.bind_port
|
138
|
-
)
|
139
|
-
|
140
|
-
expect(subject).to receive(:print_debug).with(
|
141
|
-
"Connecting to #{subject.host}:#{subject.port} and sending #{data.inspect} ..."
|
142
|
-
)
|
143
|
-
|
144
|
-
subject.tcp_connect_and_send(data)
|
145
|
-
end
|
146
|
-
|
147
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
148
|
-
end
|
149
|
-
end
|
150
|
-
end
|
151
|
-
|
152
|
-
describe "#tcp_banner" do
|
153
|
-
context "when given no arguments" do
|
154
|
-
it "must call Ronin::Support::Network::TCP.banner with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
155
|
-
expect(Ronin::Support::Network::TCP).to receive(:banner).with(
|
156
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
157
|
-
bind_port: subject.bind_port
|
158
|
-
)
|
159
|
-
|
160
|
-
subject.tcp_banner
|
161
|
-
end
|
162
|
-
|
163
|
-
context "when debug messages are enabled" do
|
164
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
165
|
-
|
166
|
-
it "must print a debugging message" do
|
167
|
-
allow(Ronin::Support::Network::TCP).to receive(:banner).with(
|
168
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
169
|
-
bind_port: subject.bind_port
|
170
|
-
)
|
171
|
-
|
172
|
-
expect(subject).to receive(:print_debug).with(
|
173
|
-
"Fetching the banner for #{subject.host}:#{subject.port} ..."
|
174
|
-
)
|
175
|
-
|
176
|
-
subject.tcp_banner
|
177
|
-
end
|
178
|
-
|
179
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
180
|
-
end
|
181
|
-
end
|
182
|
-
end
|
183
|
-
|
184
|
-
describe "#tcp_send" do
|
185
|
-
context "when given one argument" do
|
186
|
-
let(:data) { 'foo' }
|
187
|
-
|
188
|
-
it "must call Ronin::Support::Network::TCP.send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
189
|
-
expect(Ronin::Support::Network::TCP).to receive(:send).with(
|
190
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
191
|
-
bind_port: subject.bind_port
|
192
|
-
)
|
193
|
-
|
194
|
-
subject.tcp_send(data)
|
195
|
-
end
|
196
|
-
|
197
|
-
context "when debug messages are enabled" do
|
198
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
199
|
-
|
200
|
-
it "must print a debugging message" do
|
201
|
-
allow(Ronin::Support::Network::TCP).to receive(:send).with(
|
202
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
203
|
-
bind_port: subject.bind_port
|
204
|
-
)
|
205
|
-
|
206
|
-
expect(subject).to receive(:print_debug).with(
|
207
|
-
"Sending #{data.inspect} to #{subject.host}:#{subject.port} ..."
|
208
|
-
)
|
209
|
-
|
210
|
-
subject.tcp_send(data)
|
211
|
-
end
|
212
|
-
|
213
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
214
|
-
end
|
215
|
-
end
|
216
|
-
end
|
217
|
-
end
|
@@ -1,217 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/remote_udp'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Mixins::RemoteUDP do
|
6
|
-
module TestMixinsRemoteUDP
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Mixins::RemoteUDP
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:test_class) { TestMixinsRemoteUDP::TestExploit }
|
13
|
-
|
14
|
-
describe ".included" do
|
15
|
-
subject { test_class }
|
16
|
-
|
17
|
-
it "must include Ronin::Support::Network::UDP::Mixin" do
|
18
|
-
expect(subject).to include(Ronin::Support::Network::UDP::Mixin)
|
19
|
-
end
|
20
|
-
|
21
|
-
it "must include Ronin::Exploits::Params::Host" do
|
22
|
-
expect(subject).to include(Ronin::Exploits::Params::Host)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "must include Ronin::Exploits::Params::Port" do
|
26
|
-
expect(subject).to include(Ronin::Exploits::Params::Port)
|
27
|
-
end
|
28
|
-
|
29
|
-
it "must include Ronin::Exploits::Params::BindHost" do
|
30
|
-
expect(subject).to include(Ronin::Exploits::Params::BindHost)
|
31
|
-
end
|
32
|
-
|
33
|
-
it "must include Ronin::Exploits::Params::BindPort" do
|
34
|
-
expect(subject).to include(Ronin::Exploits::Params::BindPort)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
let(:host) { 'example.com' }
|
39
|
-
let(:port) { 1337 }
|
40
|
-
let(:bind_host) { 'localhost' }
|
41
|
-
let(:bind_port) { 9000 }
|
42
|
-
|
43
|
-
subject do
|
44
|
-
test_class.new(
|
45
|
-
params: {
|
46
|
-
host: host,
|
47
|
-
port: port,
|
48
|
-
bind_host: bind_host,
|
49
|
-
bind_port: bind_port
|
50
|
-
}
|
51
|
-
)
|
52
|
-
end
|
53
|
-
|
54
|
-
describe "#udp_open?" do
|
55
|
-
context "when given no arguments" do
|
56
|
-
it "must call Ronin::Support::Network::UDP.open? with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
57
|
-
expect(Ronin::Support::Network::UDP).to receive(:open?).with(
|
58
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
59
|
-
bind_port: subject.bind_port
|
60
|
-
)
|
61
|
-
|
62
|
-
subject.udp_open?
|
63
|
-
end
|
64
|
-
|
65
|
-
context "when debug messages are enabled" do
|
66
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
67
|
-
|
68
|
-
it "must print a debugging message" do
|
69
|
-
allow(Ronin::Support::Network::UDP).to receive(:open?).with(
|
70
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
71
|
-
bind_port: subject.bind_port
|
72
|
-
)
|
73
|
-
|
74
|
-
expect(subject).to receive(:print_debug).with(
|
75
|
-
"Testing if #{subject.host}:#{subject.port} is open ..."
|
76
|
-
)
|
77
|
-
|
78
|
-
subject.udp_open?
|
79
|
-
end
|
80
|
-
|
81
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
describe "#udp_connect" do
|
87
|
-
context "when given no arguments" do
|
88
|
-
it "must call Ronin::Support::Network::UDP.connect with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
89
|
-
expect(Ronin::Support::Network::UDP).to receive(:connect).with(
|
90
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
91
|
-
bind_port: subject.bind_port
|
92
|
-
)
|
93
|
-
|
94
|
-
subject.udp_connect
|
95
|
-
end
|
96
|
-
|
97
|
-
context "when debug messages are enabled" do
|
98
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
99
|
-
|
100
|
-
it "must print a debugging message" do
|
101
|
-
allow(Ronin::Support::Network::UDP).to receive(:connect).with(
|
102
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
103
|
-
bind_port: subject.bind_port
|
104
|
-
)
|
105
|
-
|
106
|
-
expect(subject).to receive(:print_debug).with(
|
107
|
-
"Connecting to #{subject.host}:#{subject.port} ..."
|
108
|
-
)
|
109
|
-
|
110
|
-
subject.udp_connect
|
111
|
-
end
|
112
|
-
|
113
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
describe "#udp_connect_and_send" do
|
119
|
-
context "when given one argument" do
|
120
|
-
let(:data) { 'foo' }
|
121
|
-
|
122
|
-
it "must call Ronin::Support::Network::UDP.connect_and_send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
123
|
-
expect(Ronin::Support::Network::UDP).to receive(:connect_and_send).with(
|
124
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
125
|
-
bind_port: subject.bind_port
|
126
|
-
)
|
127
|
-
|
128
|
-
subject.udp_connect_and_send(data)
|
129
|
-
end
|
130
|
-
|
131
|
-
context "when debug messages are enabled" do
|
132
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
133
|
-
|
134
|
-
it "must print a debugging message" do
|
135
|
-
allow(Ronin::Support::Network::UDP).to receive(:connect_and_send).with(
|
136
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
137
|
-
bind_port: subject.bind_port
|
138
|
-
)
|
139
|
-
|
140
|
-
expect(subject).to receive(:print_debug).with(
|
141
|
-
"Connecting to #{subject.host}:#{subject.port} and sending #{data.inspect} ..."
|
142
|
-
)
|
143
|
-
|
144
|
-
subject.udp_connect_and_send(data)
|
145
|
-
end
|
146
|
-
|
147
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
148
|
-
end
|
149
|
-
end
|
150
|
-
end
|
151
|
-
|
152
|
-
describe "#udp_banner" do
|
153
|
-
context "when given no arguments" do
|
154
|
-
it "must call Ronin::Support::Network::UDP.banner with #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
155
|
-
expect(Ronin::Support::Network::UDP).to receive(:banner).with(
|
156
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
157
|
-
bind_port: subject.bind_port
|
158
|
-
)
|
159
|
-
|
160
|
-
subject.udp_banner
|
161
|
-
end
|
162
|
-
|
163
|
-
context "when debug messages are enabled" do
|
164
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
165
|
-
|
166
|
-
it "must print a debugging message" do
|
167
|
-
allow(Ronin::Support::Network::UDP).to receive(:banner).with(
|
168
|
-
subject.host, subject.port, bind_host: subject.bind_host,
|
169
|
-
bind_port: subject.bind_port
|
170
|
-
)
|
171
|
-
|
172
|
-
expect(subject).to receive(:print_debug).with(
|
173
|
-
"Fetching the banner for #{subject.host}:#{subject.port} ..."
|
174
|
-
)
|
175
|
-
|
176
|
-
subject.udp_banner
|
177
|
-
end
|
178
|
-
|
179
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
180
|
-
end
|
181
|
-
end
|
182
|
-
end
|
183
|
-
|
184
|
-
describe "#udp_send" do
|
185
|
-
context "when given one argument" do
|
186
|
-
let(:data) { 'foo' }
|
187
|
-
|
188
|
-
it "must call Ronin::Support::Network::UDP.send with data, #host, #port, bind_host: #bind_host, bind_port: #bind_port" do
|
189
|
-
expect(Ronin::Support::Network::UDP).to receive(:send).with(
|
190
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
191
|
-
bind_port: subject.bind_port
|
192
|
-
)
|
193
|
-
|
194
|
-
subject.udp_send(data)
|
195
|
-
end
|
196
|
-
|
197
|
-
context "when debug messages are enabled" do
|
198
|
-
before { Ronin::Support::CLI::Printing.debug = true }
|
199
|
-
|
200
|
-
it "must print a debugging message" do
|
201
|
-
allow(Ronin::Support::Network::UDP).to receive(:send).with(
|
202
|
-
data, subject.host, subject.port, bind_host: subject.bind_host,
|
203
|
-
bind_port: subject.bind_port
|
204
|
-
)
|
205
|
-
|
206
|
-
expect(subject).to receive(:print_debug).with(
|
207
|
-
"Sending #{data.inspect} to #{subject.host}:#{subject.port} ..."
|
208
|
-
)
|
209
|
-
|
210
|
-
subject.udp_send(data)
|
211
|
-
end
|
212
|
-
|
213
|
-
after { Ronin::Support::CLI::Printing.debug = false }
|
214
|
-
end
|
215
|
-
end
|
216
|
-
end
|
217
|
-
end
|
data/spec/mixins/seh_spec.rb
DELETED
@@ -1,89 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/seh'
|
3
|
-
|
4
|
-
require 'ronin/exploits/exploit'
|
5
|
-
require 'ronin/exploits/metadata/arch'
|
6
|
-
require 'ronin/exploits/metadata/os'
|
7
|
-
|
8
|
-
describe Ronin::Exploits::Mixins::SEH do
|
9
|
-
module TestSEHMixin
|
10
|
-
class TestExploit < Ronin::Exploits::Exploit
|
11
|
-
include Ronin::Exploits::Metadata::Arch
|
12
|
-
include Ronin::Exploits::Metadata::OS
|
13
|
-
include Ronin::Exploits::Mixins::SEH
|
14
|
-
|
15
|
-
arch :x86
|
16
|
-
os :windows
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
let(:exploit_class) { TestSEHMixin::TestExploit }
|
21
|
-
|
22
|
-
it "must include Ronin::Exploits::Mixins::Text" do
|
23
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::Text)
|
24
|
-
end
|
25
|
-
|
26
|
-
it "must include Ronin::Exploits::Mixins::Binary" do
|
27
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::Binary)
|
28
|
-
end
|
29
|
-
|
30
|
-
it "must include Ronin::Exploits::Mixins::NOPS" do
|
31
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::NOPS)
|
32
|
-
end
|
33
|
-
|
34
|
-
subject { exploit_class.new }
|
35
|
-
|
36
|
-
let(:nseh) { 0x06eb9090 }
|
37
|
-
let(:seh) { 0x1001ae86 }
|
38
|
-
|
39
|
-
describe "#seh_record" do
|
40
|
-
it "must pack the nseh and seh arguments as machine words" do
|
41
|
-
expect(subject.seh_record(nseh,seh)).to eq(
|
42
|
-
[nseh, seh].pack('L<2')
|
43
|
-
)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
describe "#seh_buffer_overflow" do
|
48
|
-
let(:length) { 1024 }
|
49
|
-
let(:payload) { 'shellcode here'.b }
|
50
|
-
|
51
|
-
it "must return a buffer of the given size, containing junk data, the payload, nseh, and seh addresses" do
|
52
|
-
buffer = subject.seh_buffer_overflow(
|
53
|
-
length: length, payload: payload, nseh: nseh, seh: seh
|
54
|
-
)
|
55
|
-
|
56
|
-
expect(buffer.length).to eq(length)
|
57
|
-
|
58
|
-
junk = subject.junk(length - payload.bytesize - (subject.platform[:machine_word].size * 2))
|
59
|
-
|
60
|
-
packed_nseh = subject.pack(:machine_word,nseh)
|
61
|
-
packed_seh = subject.pack(:machine_word,seh)
|
62
|
-
|
63
|
-
expect(buffer).to eq(junk + payload + packed_nseh + packed_seh)
|
64
|
-
end
|
65
|
-
|
66
|
-
context "when the nops: keyword argument is given" do
|
67
|
-
let(:nops) { 16 }
|
68
|
-
|
69
|
-
it "must add additional NOP padding to the beginning of the payload" do
|
70
|
-
buffer = subject.seh_buffer_overflow(
|
71
|
-
length: length, nops: nops, payload: payload, nseh: nseh, seh: seh
|
72
|
-
)
|
73
|
-
|
74
|
-
expect(buffer.length).to eq(length)
|
75
|
-
|
76
|
-
junk = subject.junk(length - (subject.nop.bytesize * nops) - payload.bytesize - (subject.platform[:machine_word].size * 2))
|
77
|
-
|
78
|
-
nop_pad = subject.nops(nops)
|
79
|
-
|
80
|
-
packed_nseh = subject.pack(:machine_word,nseh)
|
81
|
-
packed_seh = subject.pack(:machine_word,seh)
|
82
|
-
|
83
|
-
expect(buffer).to eq(
|
84
|
-
junk + nop_pad + payload + packed_nseh + packed_seh
|
85
|
-
)
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|