ronin-exploits 1.0.0.beta2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +1 -0
  3. data/README.md +29 -13
  4. data/gemspec.yml +10 -8
  5. data/lib/ronin/exploits/cli/commands/new.rb +1 -1
  6. data/lib/ronin/exploits/cli/commands/run.rb +55 -5
  7. data/lib/ronin/exploits/exploit.rb +7 -5
  8. data/lib/ronin/exploits/lfi.rb +1 -1
  9. data/lib/ronin/exploits/metadata/arch.rb +1 -1
  10. data/lib/ronin/exploits/metadata/default_filename.rb +1 -1
  11. data/lib/ronin/exploits/metadata/default_port.rb +1 -1
  12. data/lib/ronin/exploits/mixins/file_builder.rb +2 -2
  13. data/lib/ronin/exploits/mixins/nops.rb +1 -1
  14. data/lib/ronin/exploits/params/base_url.rb +1 -1
  15. data/lib/ronin/exploits/version.rb +1 -1
  16. data/ronin-exploits.gemspec +2 -1
  17. metadata +24 -129
  18. data/spec/advisory_spec.rb +0 -71
  19. data/spec/cli/exploit_command_spec.rb +0 -68
  20. data/spec/cli/exploit_methods_spec.rb +0 -208
  21. data/spec/cli/ruby_shell_spec.rb +0 -14
  22. data/spec/client_side_web_vuln_spec.rb +0 -117
  23. data/spec/exploit_spec.rb +0 -538
  24. data/spec/exploits_spec.rb +0 -8
  25. data/spec/heap_overflow_spec.rb +0 -14
  26. data/spec/lfi_spec.rb +0 -162
  27. data/spec/loot/file_spec.rb +0 -131
  28. data/spec/loot_spec.rb +0 -138
  29. data/spec/memory_corruption_spec.rb +0 -22
  30. data/spec/metadata/arch_spec.rb +0 -82
  31. data/spec/metadata/cookie_param_spec.rb +0 -67
  32. data/spec/metadata/default_filename_spec.rb +0 -62
  33. data/spec/metadata/default_port_spec.rb +0 -62
  34. data/spec/metadata/header_name_spec.rb +0 -67
  35. data/spec/metadata/os_spec.rb +0 -164
  36. data/spec/metadata/shouts_spec.rb +0 -100
  37. data/spec/metadata/url_path_spec.rb +0 -67
  38. data/spec/metadata/url_query_param_spec.rb +0 -67
  39. data/spec/mixins/binary_spec.rb +0 -129
  40. data/spec/mixins/build_dir.rb +0 -66
  41. data/spec/mixins/file_builder_spec.rb +0 -67
  42. data/spec/mixins/format_string_spec.rb +0 -44
  43. data/spec/mixins/has_payload_spec.rb +0 -333
  44. data/spec/mixins/has_targets_spec.rb +0 -434
  45. data/spec/mixins/html_spec.rb +0 -772
  46. data/spec/mixins/http_spec.rb +0 -1227
  47. data/spec/mixins/loot_spec.rb +0 -20
  48. data/spec/mixins/nops_spec.rb +0 -165
  49. data/spec/mixins/remote_tcp_spec.rb +0 -217
  50. data/spec/mixins/remote_udp_spec.rb +0 -217
  51. data/spec/mixins/seh_spec.rb +0 -89
  52. data/spec/mixins/stack_overflow_spec.rb +0 -87
  53. data/spec/mixins/text_spec.rb +0 -43
  54. data/spec/open_redirect_spec.rb +0 -71
  55. data/spec/params/base_url_spec.rb +0 -71
  56. data/spec/params/bind_host_spec.rb +0 -34
  57. data/spec/params/bind_port_spec.rb +0 -35
  58. data/spec/params/filename_spec.rb +0 -77
  59. data/spec/params/host_spec.rb +0 -34
  60. data/spec/params/port_spec.rb +0 -77
  61. data/spec/rfi_spec.rb +0 -107
  62. data/spec/seh_overflow_spec.rb +0 -18
  63. data/spec/spec_helper.rb +0 -8
  64. data/spec/sqli_spec.rb +0 -306
  65. data/spec/ssti_spec.rb +0 -121
  66. data/spec/stack_overflow_spec.rb +0 -18
  67. data/spec/target_spec.rb +0 -92
  68. data/spec/test_result_spec.rb +0 -32
  69. data/spec/use_after_free_spec.rb +0 -14
  70. data/spec/web_spec.rb +0 -12
  71. data/spec/web_vuln_spec.rb +0 -854
  72. data/spec/xss_spec.rb +0 -69
@@ -1,87 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/mixins/stack_overflow'
3
-
4
- require 'ronin/exploits/exploit'
5
- require 'ronin/exploits/metadata/arch'
6
- require 'ronin/exploits/metadata/os'
7
-
8
- describe Ronin::Exploits::Mixins::StackOverflow do
9
- module TestSEHMixin
10
- class TestExploit < Ronin::Exploits::Exploit
11
- include Ronin::Exploits::Metadata::Arch
12
- include Ronin::Exploits::Metadata::OS
13
- include Ronin::Exploits::Mixins::StackOverflow
14
-
15
- arch :x86
16
- os :windows
17
- end
18
- end
19
-
20
- let(:exploit_class) { TestSEHMixin::TestExploit }
21
-
22
- it "must include Ronin::Exploits::Mixins::Text" do
23
- expect(exploit_class).to include(Ronin::Exploits::Mixins::Text)
24
- end
25
-
26
- it "must include Ronin::Exploits::Mixins::Binary" do
27
- expect(exploit_class).to include(Ronin::Exploits::Mixins::Binary)
28
- end
29
-
30
- it "must include Ronin::Exploits::Mixins::NOPS" do
31
- expect(exploit_class).to include(Ronin::Exploits::Mixins::NOPS)
32
- end
33
-
34
- subject { exploit_class.new }
35
-
36
- let(:bp) { 0x06eb9090 }
37
- let(:ip) { 0x1001ae86 }
38
-
39
- describe "#stack_frame" do
40
- it "must pack the nseh and seh arguments as machine words" do
41
- expect(subject.stack_frame(bp,ip)).to eq(
42
- [bp, ip].pack('L<2')
43
- )
44
- end
45
- end
46
-
47
- describe "#buffer_overflow" do
48
- let(:length) { 1024 }
49
- let(:payload) { 'shellcode here'.b }
50
-
51
- it "must return a buffer of the given size, containing junk data, the payload, stack base pointer (bp), and stack instruction pointer (ip) addresses" do
52
- buffer = subject.buffer_overflow(
53
- length: length, payload: payload, bp: bp, ip: ip
54
- )
55
-
56
- expect(buffer.length).to eq(length)
57
-
58
- junk = subject.junk(length - payload.bytesize - (subject.platform[:machine_word].size * 2))
59
-
60
- packed_bp = subject.pack(:machine_word,bp)
61
- packed_ip = subject.pack(:machine_word,ip)
62
-
63
- expect(buffer).to eq(junk + payload + packed_bp + packed_ip)
64
- end
65
-
66
- context "when the nops: keyword argument is given" do
67
- let(:nops) { 16 }
68
-
69
- it "must add additional NOP padding to the beginning of the payload" do
70
- buffer = subject.buffer_overflow(
71
- length: length, nops: nops, payload: payload, bp: bp, ip: ip
72
- )
73
-
74
- expect(buffer.length).to eq(length)
75
-
76
- junk = subject.junk(length - (subject.nop.bytesize * nops) - payload.bytesize - (subject.platform[:machine_word].size * 2))
77
-
78
- nop_pad = subject.nops(nops)
79
-
80
- packed_ip = subject.pack(:machine_word,ip)
81
- packed_bp = subject.pack(:machine_word,bp)
82
-
83
- expect(buffer).to eq(junk + nop_pad + payload + packed_bp + packed_ip)
84
- end
85
- end
86
- end
87
- end
@@ -1,43 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/mixins/text'
3
-
4
- require 'ronin/exploits/exploit'
5
-
6
- describe Ronin::Exploits::Mixins::Text do
7
- module TestTextMixin
8
- class TestExploit < Ronin::Exploits::Exploit
9
- include Ronin::Exploits::Mixins::Text
10
- end
11
- end
12
-
13
- let(:exploit_class) { TestTextMixin::TestExploit }
14
- subject { exploit_class.new }
15
-
16
- it "must include Ronin::Support::Text::Random::Mixin" do
17
- expect(exploit_class).to include(Ronin::Support::Text::Random::Mixin)
18
- end
19
-
20
- describe "#junk" do
21
- let(:count) { 1024 }
22
-
23
- it "must return a String of 'A' characters for the given count" do
24
- expect(subject.junk(count)).to eq('A' * count)
25
- end
26
-
27
- context "when given a custom character" do
28
- let(:char) { 'B' }
29
-
30
- it "must return a String of the given characters for the given count" do
31
- expect(subject.junk(char,count)).to eq(char * count)
32
- end
33
- end
34
-
35
- context "when given a custom String" do
36
- let(:string) { 'AB' }
37
-
38
- it "must return a String of the given String repeated for the given count" do
39
- expect(subject.junk(string,count)).to eq(string * count)
40
- end
41
- end
42
- end
43
- end
@@ -1,71 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/open_redirect'
3
-
4
- describe Ronin::Exploits::OpenRedirect do
5
- module TestOpenRedirect
6
- class TestExploit < Ronin::Exploits::OpenRedirect
7
- base_path '/showthread.asp'
8
- query_param 'id'
9
- end
10
- end
11
-
12
- let(:exploit_class) { TestOpenRedirect::TestExploit }
13
- let(:base_url) { 'http://testasp.vulnweb.com' }
14
- let(:redirect_url) { 'http://evil.com/' }
15
-
16
- subject do
17
- exploit_class.new(
18
- params: {
19
- base_url: base_url,
20
- redirect_url: redirect_url
21
- }
22
- )
23
- end
24
-
25
- it "must inherite from Ronin::Exploits::ClientSideWebVuln" do
26
- expect(described_class).to be < Ronin::Exploits::ClientSideWebVuln
27
- end
28
-
29
- describe ".exploit_type" do
30
- subject { described_class }
31
-
32
- it { expect(subject.exploit_type).to eq(:open_redirect) }
33
- end
34
-
35
- describe "#initialize" do
36
- it "must default #payload to a Ronin::Payloads::Test::OpenRedirect payload" do
37
- expect(subject.payload).to be_kind_of(Ronin::Payloads::Test::OpenRedirect)
38
- end
39
-
40
- context "when given the payload: keyword argument" do
41
- let(:payload) { Ronin::Payloads::URLPayload.new }
42
-
43
- subject do
44
- exploit_class.new(
45
- payload: payload,
46
- params: {
47
- base_url: base_url
48
- }
49
- )
50
- end
51
-
52
- it "must set #payload" do
53
- expect(subject.payload).to be(payload)
54
- end
55
- end
56
- end
57
-
58
- describe "#vuln" do
59
- it "must return a Ronin::Vulns::OpenRedirect object" do
60
- expect(subject.vuln).to be_kind_of(Ronin::Vulns::OpenRedirect)
61
- end
62
-
63
- it "must set the #url attribute of the OpenRedirect vuln object" do
64
- expect(subject.vuln.url).to eq(subject.url)
65
- end
66
-
67
- it "must set the #test_url attribute of the OpenRedirect vuln object to the 'redirect_url' param" do
68
- expect(subject.vuln.test_url).to eq(redirect_url)
69
- end
70
- end
71
- end
@@ -1,71 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/params/base_url'
3
- require 'ronin/exploits/exploit'
4
-
5
- describe Ronin::Exploits::Params::BaseURL do
6
- module TestBaseURLParam
7
- class TestExploit < Ronin::Exploits::Exploit
8
- include Ronin::Exploits::Params::BaseURL
9
- end
10
- end
11
-
12
- describe ".included" do
13
- subject { TestBaseURLParam::TestExploit }
14
-
15
- it "must add a required 'base_url' param to the exploit class" do
16
- expect(subject.params[:base_url]).to_not be_nil
17
- expect(subject.params[:base_url].type).to be_kind_of(Ronin::Core::Params::Types::URI)
18
- expect(subject.params[:base_url].required?).to be(true)
19
- expect(subject.params[:base_url].desc).to eq("The base URL of the target")
20
- end
21
- end
22
-
23
- let(:base_url) { URI('https://example.com:8080/') }
24
- subject { TestBaseURLParam::TestExploit.new(params: {base_url: base_url}) }
25
-
26
- describe "#host" do
27
- it "must return the host value of the base URL" do
28
- expect(subject.host).to eq(base_url.host)
29
- end
30
- end
31
-
32
- describe "#port" do
33
- it "must return the port value of the base URL" do
34
- expect(subject.port).to eq(base_url.port)
35
- end
36
- end
37
-
38
- describe "#url_for" do
39
- context "when given an absolute path" do
40
- let(:path) { '/foo' }
41
-
42
- it "must return a URI::HTTP object" do
43
- expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
44
- end
45
-
46
- it "must override the path of the params[:base_url]" do
47
- expect(subject.url_for(path).path).to eq(path)
48
- end
49
- end
50
-
51
- context "when given a relative path" do
52
- let(:path) { 'foo' }
53
-
54
- it "must return a URI::HTTP object" do
55
- expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
56
- end
57
-
58
- it "must convert the path into an absolute path" do
59
- expect(subject.url_for(path).path).to eq("/#{path}")
60
- end
61
- end
62
-
63
- context "when given a fully qualified URL" do
64
- let(:url) { "https://www.other.com/foo" }
65
-
66
- it "must return the URL" do
67
- expect(subject.url_for(url).to_s).to eq(url)
68
- end
69
- end
70
- end
71
- end
@@ -1,34 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/params/bind_host'
3
- require 'ronin/exploits/exploit'
4
-
5
- describe Ronin::Exploits::Params::BindHost do
6
- module TestBindHostParam
7
- class TestExploit < Ronin::Exploits::Exploit
8
- include Ronin::Exploits::Params::BindHost
9
- end
10
- end
11
-
12
- describe ".included" do
13
- subject { TestBindHostParam::TestExploit }
14
-
15
- it "must add an optional 'bind_host' param to the exploit class" do
16
- expect(subject.params[:bind_host]).to_not be_nil
17
- expect(subject.params[:bind_host].required?).to be(false)
18
- expect(subject.params[:bind_host].desc).to eq("Local host to bind to")
19
- end
20
- end
21
-
22
- let(:bind_host) { 'localhost' }
23
- subject do
24
- TestBindHostParam::TestExploit.new(
25
- params: {bind_host: bind_host}
26
- )
27
- end
28
-
29
- describe "#bind_host" do
30
- it "must return the bind_host param value" do
31
- expect(subject.bind_host).to eq(bind_host)
32
- end
33
- end
34
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/params/bind_port'
3
- require 'ronin/exploits/exploit'
4
-
5
- describe Ronin::Exploits::Params::BindPort do
6
- module TestBindPortParam
7
- class TestExploit < Ronin::Exploits::Exploit
8
- include Ronin::Exploits::Params::BindPort
9
- end
10
- end
11
-
12
- describe ".included" do
13
- subject { TestBindPortParam::TestExploit }
14
-
15
- it "must add an optional 'bind_port' param to the exploit class" do
16
- expect(subject.params[:bind_port]).to_not be_nil
17
- expect(subject.params[:bind_port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
18
- expect(subject.params[:bind_port].required?).to be(false)
19
- expect(subject.params[:bind_port].desc).to eq("Local port to bind to")
20
- end
21
- end
22
-
23
- let(:bind_port) { 9000 }
24
- subject do
25
- TestBindPortParam::TestExploit.new(
26
- params: {bind_port: bind_port}
27
- )
28
- end
29
-
30
- describe "#bind_port" do
31
- it "must return the bind_port param value" do
32
- expect(subject.bind_port).to eq(bind_port)
33
- end
34
- end
35
- end
@@ -1,77 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/params/filename'
3
- require 'ronin/exploits/exploit'
4
-
5
- describe Ronin::Exploits::Params::Filename do
6
- module TestFilenameParam
7
- class TestExploit < Ronin::Exploits::Exploit
8
- include Ronin::Exploits::Params::Filename
9
- end
10
-
11
- class TextExploitWithDefaultFilename < Ronin::Exploits::Exploit
12
- include Ronin::Exploits::Params::Filename
13
- default_filename 'exploit.docx'
14
- end
15
- end
16
-
17
- describe ".included" do
18
- subject { TestFilenameParam::TestExploit }
19
-
20
- it "must include Ronin::Exploits::Metadata::DefaultFilename" do
21
- expect(subject).to include(Ronin::Exploits::Metadata::DefaultFilename)
22
- end
23
-
24
- it "must add a required 'filename' param to the exploit class" do
25
- expect(subject.params[:filename]).to_not be_nil
26
- expect(subject.params[:filename].type).to be_kind_of(Ronin::Core::Params::Types::String)
27
- expect(subject.params[:filename].required?).to be(true)
28
- expect(subject.params[:filename].default).to be_kind_of(Proc)
29
- expect(subject.params[:filename].desc).to eq("The filename for the exploit")
30
- end
31
- end
32
-
33
- let(:exploit_class) { TestFilenameParam::TestExploit }
34
-
35
- let(:filename) { 'my-file.txt' }
36
-
37
- subject do
38
- exploit_class.new(
39
- params: {filename: filename}
40
- )
41
- end
42
-
43
- describe "#filename" do
44
- it "must return the filename param value" do
45
- expect(subject.filename).to eq(filename)
46
- end
47
-
48
- context "when no filename param value is set" do
49
- subject do
50
- exploit_class.new
51
- end
52
-
53
- it "must require a filename value" do
54
- expect {
55
- subject.validate_params
56
- }.to raise_error(Ronin::Core::Params::RequiredParam,"param 'filename' requires a value")
57
- end
58
- end
59
-
60
- context "when the exploit class defines a default_filename" do
61
- context "and the filename param value is set" do
62
- it "must override the default_filename value" do
63
- expect(subject.filename).to eq(filename)
64
- end
65
- end
66
-
67
- context "but no filename param value has been set" do
68
- let(:exploit_class) { TestFilenameParam::TextExploitWithDefaultFilename }
69
- subject { exploit_class.new }
70
-
71
- it "must default to the default_filename value" do
72
- expect(subject.filename).to eq(exploit_class.default_filename)
73
- end
74
- end
75
- end
76
- end
77
- end
@@ -1,34 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/params/host'
3
- require 'ronin/exploits/exploit'
4
-
5
- describe Ronin::Exploits::Params::Host do
6
- module TestHostParam
7
- class TestExploit < Ronin::Exploits::Exploit
8
- include Ronin::Exploits::Params::Host
9
- end
10
- end
11
-
12
- describe ".included" do
13
- subject { TestHostParam::TestExploit }
14
-
15
- it "must add a required 'host' param to the exploit class" do
16
- expect(subject.params[:host]).to_not be_nil
17
- expect(subject.params[:host].required?).to be(true)
18
- expect(subject.params[:host].desc).to eq("Remote host to connect to")
19
- end
20
- end
21
-
22
- let(:host) { 'example.com' }
23
- subject do
24
- TestHostParam::TestExploit.new(
25
- params: {host: host}
26
- )
27
- end
28
-
29
- describe "#host" do
30
- it "must return the host param value" do
31
- expect(subject.host).to eq(host)
32
- end
33
- end
34
- end
@@ -1,77 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/params/port'
3
- require 'ronin/exploits/exploit'
4
-
5
- describe Ronin::Exploits::Params::Port do
6
- module TestPortParam
7
- class TestExploit < Ronin::Exploits::Exploit
8
- include Ronin::Exploits::Params::Port
9
- end
10
-
11
- class TextExploitWithDefaultPort < Ronin::Exploits::Exploit
12
- include Ronin::Exploits::Params::Port
13
- default_port 123
14
- end
15
- end
16
-
17
- describe ".included" do
18
- subject { TestPortParam::TestExploit }
19
-
20
- it "must include Ronin::Exploits::Metadata::DefaultPort" do
21
- expect(subject).to include(Ronin::Exploits::Metadata::DefaultPort)
22
- end
23
-
24
- it "must add a required 'port' param to the exploit class" do
25
- expect(subject.params[:port]).to_not be_nil
26
- expect(subject.params[:port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
27
- expect(subject.params[:port].required?).to be(true)
28
- expect(subject.params[:port].default).to be_kind_of(Proc)
29
- expect(subject.params[:port].desc).to eq("Remote port to connect to")
30
- end
31
- end
32
-
33
- let(:exploit_class) { TestPortParam::TestExploit }
34
-
35
- let(:port) { 1337 }
36
-
37
- subject do
38
- exploit_class.new(
39
- params: {port: port}
40
- )
41
- end
42
-
43
- describe "#port" do
44
- it "must return the port param value" do
45
- expect(subject.port).to eq(port)
46
- end
47
-
48
- context "when no port param value is set" do
49
- subject do
50
- exploit_class.new
51
- end
52
-
53
- it "must require a port value" do
54
- expect {
55
- subject.validate_params
56
- }.to raise_error(Ronin::Core::Params::RequiredParam,"param 'port' requires a value")
57
- end
58
- end
59
-
60
- context "when the exploit class defines a default_port" do
61
- context "and the port param value is set" do
62
- it "must override the default_port value" do
63
- expect(subject.port).to eq(port)
64
- end
65
- end
66
-
67
- context "but no port param value has been set" do
68
- let(:exploit_class) { TestPortParam::TextExploitWithDefaultPort }
69
- subject { exploit_class.new }
70
-
71
- it "must default to the default_port value" do
72
- expect(subject.port).to eq(exploit_class.default_port)
73
- end
74
- end
75
- end
76
- end
77
- end
data/spec/rfi_spec.rb DELETED
@@ -1,107 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/rfi'
3
-
4
- describe Ronin::Exploits::RFI do
5
- module TestRFI
6
- class TestExploit < Ronin::Exploits::RFI
7
- base_path '/showimage.php'
8
- query_param 'file'
9
- end
10
- end
11
-
12
- let(:exploit_class) { TestRFI::TestExploit }
13
-
14
- let(:base_url) { 'http://testphp.vulnweb.com' }
15
-
16
- subject do
17
- exploit_class.new(
18
- params: {
19
- base_url: base_url
20
- }
21
- )
22
- end
23
-
24
- describe ".exploit_type" do
25
- subject { described_class }
26
-
27
- it { expect(subject.exploit_type).to eq(:rfi) }
28
- end
29
-
30
- describe "#vuln" do
31
- it "must return a Ronin::Vulns::RFI object" do
32
- expect(subject.vuln).to be_kind_of(Ronin::Vulns::RFI)
33
- end
34
-
35
- it "must set the #url attribute of the RFI vuln object" do
36
- expect(subject.vuln.url).to eq(subject.url)
37
- end
38
-
39
- it "must infer the #test_scrript_url from the #url attribute" do
40
- expect(subject.vuln.test_script_url).to eq(Ronin::Vulns::RFI.test_script_for(subject.vuln.url))
41
- end
42
-
43
- context "when the 'test_script_url' param is set" do
44
- let(:test_script_url) { 'https://myhost.com/path/to/test_script.php' }
45
-
46
- subject do
47
- exploit_class.new(
48
- params: {
49
- base_url: base_url,
50
- test_script_url: test_script_url
51
- }
52
- )
53
- end
54
-
55
- it "must set the #test_script_url for the RFI vuln object" do
56
- expect(subject.vuln.test_script_url).to eq(test_script_url)
57
- end
58
- end
59
-
60
- it "must not set the #filter_bypass attribute of the RFI vuln object by default" do
61
- expect(subject.vuln.filter_bypass).to be(nil)
62
- end
63
-
64
- context "when the 'filter_bypass' param is set" do
65
- let(:filter_bypass) { :double_encode }
66
-
67
- subject do
68
- exploit_class.new(
69
- params: {
70
- base_url: base_url,
71
- filter_bypass: filter_bypass
72
- }
73
- )
74
- end
75
-
76
- it "must set the #filter_bypass attribute of the RFI vuln object to the 'filter_bypass' param" do
77
- expect(subject.vuln.filter_bypass).to eq(filter_bypass)
78
- end
79
- end
80
- end
81
-
82
- describe "#launch" do
83
- module TestRFI
84
- class RFIPayload < Ronin::Payloads::URLPayload
85
- url 'https://example.com/path/to/payload.php'
86
- end
87
- end
88
-
89
- let(:payload_class) { TestRFI::RFIPayload }
90
- let(:payload) { payload_class.new }
91
-
92
- subject do
93
- exploit_class.new(
94
- payload: payload,
95
- params: {
96
- base_url: base_url
97
- }
98
- )
99
- end
100
-
101
- it "must call #exploit on the #vuln object with the #payload" do
102
- expect(subject.vuln).to receive(:exploit).with(payload)
103
-
104
- subject.launch
105
- end
106
- end
107
- end
@@ -1,18 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/seh_overflow'
3
-
4
- describe Ronin::Exploits::SEHOverflow do
5
- it "must inherit from Ronin::Exploits::MemoryCorruption" do
6
- expect(described_class).to be < Ronin::Exploits::MemoryCorruption
7
- end
8
-
9
- it "must include Ronin::Exploits::Mixins::SEH" do
10
- expect(described_class).to include(Ronin::Exploits::Mixins::SEH)
11
- end
12
-
13
- describe ".exploit_type" do
14
- subject { described_class }
15
-
16
- it { expect(subject.exploit_type).to eq(:seh_overflow) }
17
- end
18
- end
data/spec/spec_helper.rb DELETED
@@ -1,8 +0,0 @@
1
- require 'rspec'
2
- require 'simplecov'
3
-
4
- SimpleCov.start
5
-
6
- RSpec.configure do |specs|
7
- specs.filter_run_excluding :network
8
- end