ronin-exploits 1.0.0.beta2 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -0
- data/README.md +29 -13
- data/gemspec.yml +10 -8
- data/lib/ronin/exploits/cli/commands/new.rb +1 -1
- data/lib/ronin/exploits/cli/commands/run.rb +55 -5
- data/lib/ronin/exploits/exploit.rb +7 -5
- data/lib/ronin/exploits/lfi.rb +1 -1
- data/lib/ronin/exploits/metadata/arch.rb +1 -1
- data/lib/ronin/exploits/metadata/default_filename.rb +1 -1
- data/lib/ronin/exploits/metadata/default_port.rb +1 -1
- data/lib/ronin/exploits/mixins/file_builder.rb +2 -2
- data/lib/ronin/exploits/mixins/nops.rb +1 -1
- data/lib/ronin/exploits/params/base_url.rb +1 -1
- data/lib/ronin/exploits/version.rb +1 -1
- data/ronin-exploits.gemspec +2 -1
- metadata +24 -129
- data/spec/advisory_spec.rb +0 -71
- data/spec/cli/exploit_command_spec.rb +0 -68
- data/spec/cli/exploit_methods_spec.rb +0 -208
- data/spec/cli/ruby_shell_spec.rb +0 -14
- data/spec/client_side_web_vuln_spec.rb +0 -117
- data/spec/exploit_spec.rb +0 -538
- data/spec/exploits_spec.rb +0 -8
- data/spec/heap_overflow_spec.rb +0 -14
- data/spec/lfi_spec.rb +0 -162
- data/spec/loot/file_spec.rb +0 -131
- data/spec/loot_spec.rb +0 -138
- data/spec/memory_corruption_spec.rb +0 -22
- data/spec/metadata/arch_spec.rb +0 -82
- data/spec/metadata/cookie_param_spec.rb +0 -67
- data/spec/metadata/default_filename_spec.rb +0 -62
- data/spec/metadata/default_port_spec.rb +0 -62
- data/spec/metadata/header_name_spec.rb +0 -67
- data/spec/metadata/os_spec.rb +0 -164
- data/spec/metadata/shouts_spec.rb +0 -100
- data/spec/metadata/url_path_spec.rb +0 -67
- data/spec/metadata/url_query_param_spec.rb +0 -67
- data/spec/mixins/binary_spec.rb +0 -129
- data/spec/mixins/build_dir.rb +0 -66
- data/spec/mixins/file_builder_spec.rb +0 -67
- data/spec/mixins/format_string_spec.rb +0 -44
- data/spec/mixins/has_payload_spec.rb +0 -333
- data/spec/mixins/has_targets_spec.rb +0 -434
- data/spec/mixins/html_spec.rb +0 -772
- data/spec/mixins/http_spec.rb +0 -1227
- data/spec/mixins/loot_spec.rb +0 -20
- data/spec/mixins/nops_spec.rb +0 -165
- data/spec/mixins/remote_tcp_spec.rb +0 -217
- data/spec/mixins/remote_udp_spec.rb +0 -217
- data/spec/mixins/seh_spec.rb +0 -89
- data/spec/mixins/stack_overflow_spec.rb +0 -87
- data/spec/mixins/text_spec.rb +0 -43
- data/spec/open_redirect_spec.rb +0 -71
- data/spec/params/base_url_spec.rb +0 -71
- data/spec/params/bind_host_spec.rb +0 -34
- data/spec/params/bind_port_spec.rb +0 -35
- data/spec/params/filename_spec.rb +0 -77
- data/spec/params/host_spec.rb +0 -34
- data/spec/params/port_spec.rb +0 -77
- data/spec/rfi_spec.rb +0 -107
- data/spec/seh_overflow_spec.rb +0 -18
- data/spec/spec_helper.rb +0 -8
- data/spec/sqli_spec.rb +0 -306
- data/spec/ssti_spec.rb +0 -121
- data/spec/stack_overflow_spec.rb +0 -18
- data/spec/target_spec.rb +0 -92
- data/spec/test_result_spec.rb +0 -32
- data/spec/use_after_free_spec.rb +0 -14
- data/spec/web_spec.rb +0 -12
- data/spec/web_vuln_spec.rb +0 -854
- data/spec/xss_spec.rb +0 -69
@@ -1,87 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/stack_overflow'
|
3
|
-
|
4
|
-
require 'ronin/exploits/exploit'
|
5
|
-
require 'ronin/exploits/metadata/arch'
|
6
|
-
require 'ronin/exploits/metadata/os'
|
7
|
-
|
8
|
-
describe Ronin::Exploits::Mixins::StackOverflow do
|
9
|
-
module TestSEHMixin
|
10
|
-
class TestExploit < Ronin::Exploits::Exploit
|
11
|
-
include Ronin::Exploits::Metadata::Arch
|
12
|
-
include Ronin::Exploits::Metadata::OS
|
13
|
-
include Ronin::Exploits::Mixins::StackOverflow
|
14
|
-
|
15
|
-
arch :x86
|
16
|
-
os :windows
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
let(:exploit_class) { TestSEHMixin::TestExploit }
|
21
|
-
|
22
|
-
it "must include Ronin::Exploits::Mixins::Text" do
|
23
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::Text)
|
24
|
-
end
|
25
|
-
|
26
|
-
it "must include Ronin::Exploits::Mixins::Binary" do
|
27
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::Binary)
|
28
|
-
end
|
29
|
-
|
30
|
-
it "must include Ronin::Exploits::Mixins::NOPS" do
|
31
|
-
expect(exploit_class).to include(Ronin::Exploits::Mixins::NOPS)
|
32
|
-
end
|
33
|
-
|
34
|
-
subject { exploit_class.new }
|
35
|
-
|
36
|
-
let(:bp) { 0x06eb9090 }
|
37
|
-
let(:ip) { 0x1001ae86 }
|
38
|
-
|
39
|
-
describe "#stack_frame" do
|
40
|
-
it "must pack the nseh and seh arguments as machine words" do
|
41
|
-
expect(subject.stack_frame(bp,ip)).to eq(
|
42
|
-
[bp, ip].pack('L<2')
|
43
|
-
)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
describe "#buffer_overflow" do
|
48
|
-
let(:length) { 1024 }
|
49
|
-
let(:payload) { 'shellcode here'.b }
|
50
|
-
|
51
|
-
it "must return a buffer of the given size, containing junk data, the payload, stack base pointer (bp), and stack instruction pointer (ip) addresses" do
|
52
|
-
buffer = subject.buffer_overflow(
|
53
|
-
length: length, payload: payload, bp: bp, ip: ip
|
54
|
-
)
|
55
|
-
|
56
|
-
expect(buffer.length).to eq(length)
|
57
|
-
|
58
|
-
junk = subject.junk(length - payload.bytesize - (subject.platform[:machine_word].size * 2))
|
59
|
-
|
60
|
-
packed_bp = subject.pack(:machine_word,bp)
|
61
|
-
packed_ip = subject.pack(:machine_word,ip)
|
62
|
-
|
63
|
-
expect(buffer).to eq(junk + payload + packed_bp + packed_ip)
|
64
|
-
end
|
65
|
-
|
66
|
-
context "when the nops: keyword argument is given" do
|
67
|
-
let(:nops) { 16 }
|
68
|
-
|
69
|
-
it "must add additional NOP padding to the beginning of the payload" do
|
70
|
-
buffer = subject.buffer_overflow(
|
71
|
-
length: length, nops: nops, payload: payload, bp: bp, ip: ip
|
72
|
-
)
|
73
|
-
|
74
|
-
expect(buffer.length).to eq(length)
|
75
|
-
|
76
|
-
junk = subject.junk(length - (subject.nop.bytesize * nops) - payload.bytesize - (subject.platform[:machine_word].size * 2))
|
77
|
-
|
78
|
-
nop_pad = subject.nops(nops)
|
79
|
-
|
80
|
-
packed_ip = subject.pack(:machine_word,ip)
|
81
|
-
packed_bp = subject.pack(:machine_word,bp)
|
82
|
-
|
83
|
-
expect(buffer).to eq(junk + nop_pad + payload + packed_bp + packed_ip)
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
data/spec/mixins/text_spec.rb
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/mixins/text'
|
3
|
-
|
4
|
-
require 'ronin/exploits/exploit'
|
5
|
-
|
6
|
-
describe Ronin::Exploits::Mixins::Text do
|
7
|
-
module TestTextMixin
|
8
|
-
class TestExploit < Ronin::Exploits::Exploit
|
9
|
-
include Ronin::Exploits::Mixins::Text
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
let(:exploit_class) { TestTextMixin::TestExploit }
|
14
|
-
subject { exploit_class.new }
|
15
|
-
|
16
|
-
it "must include Ronin::Support::Text::Random::Mixin" do
|
17
|
-
expect(exploit_class).to include(Ronin::Support::Text::Random::Mixin)
|
18
|
-
end
|
19
|
-
|
20
|
-
describe "#junk" do
|
21
|
-
let(:count) { 1024 }
|
22
|
-
|
23
|
-
it "must return a String of 'A' characters for the given count" do
|
24
|
-
expect(subject.junk(count)).to eq('A' * count)
|
25
|
-
end
|
26
|
-
|
27
|
-
context "when given a custom character" do
|
28
|
-
let(:char) { 'B' }
|
29
|
-
|
30
|
-
it "must return a String of the given characters for the given count" do
|
31
|
-
expect(subject.junk(char,count)).to eq(char * count)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
context "when given a custom String" do
|
36
|
-
let(:string) { 'AB' }
|
37
|
-
|
38
|
-
it "must return a String of the given String repeated for the given count" do
|
39
|
-
expect(subject.junk(string,count)).to eq(string * count)
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
data/spec/open_redirect_spec.rb
DELETED
@@ -1,71 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/open_redirect'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::OpenRedirect do
|
5
|
-
module TestOpenRedirect
|
6
|
-
class TestExploit < Ronin::Exploits::OpenRedirect
|
7
|
-
base_path '/showthread.asp'
|
8
|
-
query_param 'id'
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:exploit_class) { TestOpenRedirect::TestExploit }
|
13
|
-
let(:base_url) { 'http://testasp.vulnweb.com' }
|
14
|
-
let(:redirect_url) { 'http://evil.com/' }
|
15
|
-
|
16
|
-
subject do
|
17
|
-
exploit_class.new(
|
18
|
-
params: {
|
19
|
-
base_url: base_url,
|
20
|
-
redirect_url: redirect_url
|
21
|
-
}
|
22
|
-
)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "must inherite from Ronin::Exploits::ClientSideWebVuln" do
|
26
|
-
expect(described_class).to be < Ronin::Exploits::ClientSideWebVuln
|
27
|
-
end
|
28
|
-
|
29
|
-
describe ".exploit_type" do
|
30
|
-
subject { described_class }
|
31
|
-
|
32
|
-
it { expect(subject.exploit_type).to eq(:open_redirect) }
|
33
|
-
end
|
34
|
-
|
35
|
-
describe "#initialize" do
|
36
|
-
it "must default #payload to a Ronin::Payloads::Test::OpenRedirect payload" do
|
37
|
-
expect(subject.payload).to be_kind_of(Ronin::Payloads::Test::OpenRedirect)
|
38
|
-
end
|
39
|
-
|
40
|
-
context "when given the payload: keyword argument" do
|
41
|
-
let(:payload) { Ronin::Payloads::URLPayload.new }
|
42
|
-
|
43
|
-
subject do
|
44
|
-
exploit_class.new(
|
45
|
-
payload: payload,
|
46
|
-
params: {
|
47
|
-
base_url: base_url
|
48
|
-
}
|
49
|
-
)
|
50
|
-
end
|
51
|
-
|
52
|
-
it "must set #payload" do
|
53
|
-
expect(subject.payload).to be(payload)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
describe "#vuln" do
|
59
|
-
it "must return a Ronin::Vulns::OpenRedirect object" do
|
60
|
-
expect(subject.vuln).to be_kind_of(Ronin::Vulns::OpenRedirect)
|
61
|
-
end
|
62
|
-
|
63
|
-
it "must set the #url attribute of the OpenRedirect vuln object" do
|
64
|
-
expect(subject.vuln.url).to eq(subject.url)
|
65
|
-
end
|
66
|
-
|
67
|
-
it "must set the #test_url attribute of the OpenRedirect vuln object to the 'redirect_url' param" do
|
68
|
-
expect(subject.vuln.test_url).to eq(redirect_url)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
@@ -1,71 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/base_url'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::BaseURL do
|
6
|
-
module TestBaseURLParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::BaseURL
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestBaseURLParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add a required 'base_url' param to the exploit class" do
|
16
|
-
expect(subject.params[:base_url]).to_not be_nil
|
17
|
-
expect(subject.params[:base_url].type).to be_kind_of(Ronin::Core::Params::Types::URI)
|
18
|
-
expect(subject.params[:base_url].required?).to be(true)
|
19
|
-
expect(subject.params[:base_url].desc).to eq("The base URL of the target")
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
let(:base_url) { URI('https://example.com:8080/') }
|
24
|
-
subject { TestBaseURLParam::TestExploit.new(params: {base_url: base_url}) }
|
25
|
-
|
26
|
-
describe "#host" do
|
27
|
-
it "must return the host value of the base URL" do
|
28
|
-
expect(subject.host).to eq(base_url.host)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
describe "#port" do
|
33
|
-
it "must return the port value of the base URL" do
|
34
|
-
expect(subject.port).to eq(base_url.port)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
describe "#url_for" do
|
39
|
-
context "when given an absolute path" do
|
40
|
-
let(:path) { '/foo' }
|
41
|
-
|
42
|
-
it "must return a URI::HTTP object" do
|
43
|
-
expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
|
44
|
-
end
|
45
|
-
|
46
|
-
it "must override the path of the params[:base_url]" do
|
47
|
-
expect(subject.url_for(path).path).to eq(path)
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
context "when given a relative path" do
|
52
|
-
let(:path) { 'foo' }
|
53
|
-
|
54
|
-
it "must return a URI::HTTP object" do
|
55
|
-
expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
|
56
|
-
end
|
57
|
-
|
58
|
-
it "must convert the path into an absolute path" do
|
59
|
-
expect(subject.url_for(path).path).to eq("/#{path}")
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
context "when given a fully qualified URL" do
|
64
|
-
let(:url) { "https://www.other.com/foo" }
|
65
|
-
|
66
|
-
it "must return the URL" do
|
67
|
-
expect(subject.url_for(url).to_s).to eq(url)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/bind_host'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::BindHost do
|
6
|
-
module TestBindHostParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::BindHost
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestBindHostParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add an optional 'bind_host' param to the exploit class" do
|
16
|
-
expect(subject.params[:bind_host]).to_not be_nil
|
17
|
-
expect(subject.params[:bind_host].required?).to be(false)
|
18
|
-
expect(subject.params[:bind_host].desc).to eq("Local host to bind to")
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
let(:bind_host) { 'localhost' }
|
23
|
-
subject do
|
24
|
-
TestBindHostParam::TestExploit.new(
|
25
|
-
params: {bind_host: bind_host}
|
26
|
-
)
|
27
|
-
end
|
28
|
-
|
29
|
-
describe "#bind_host" do
|
30
|
-
it "must return the bind_host param value" do
|
31
|
-
expect(subject.bind_host).to eq(bind_host)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/bind_port'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::BindPort do
|
6
|
-
module TestBindPortParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::BindPort
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestBindPortParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add an optional 'bind_port' param to the exploit class" do
|
16
|
-
expect(subject.params[:bind_port]).to_not be_nil
|
17
|
-
expect(subject.params[:bind_port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
|
18
|
-
expect(subject.params[:bind_port].required?).to be(false)
|
19
|
-
expect(subject.params[:bind_port].desc).to eq("Local port to bind to")
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
let(:bind_port) { 9000 }
|
24
|
-
subject do
|
25
|
-
TestBindPortParam::TestExploit.new(
|
26
|
-
params: {bind_port: bind_port}
|
27
|
-
)
|
28
|
-
end
|
29
|
-
|
30
|
-
describe "#bind_port" do
|
31
|
-
it "must return the bind_port param value" do
|
32
|
-
expect(subject.bind_port).to eq(bind_port)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
@@ -1,77 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/filename'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::Filename do
|
6
|
-
module TestFilenameParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::Filename
|
9
|
-
end
|
10
|
-
|
11
|
-
class TextExploitWithDefaultFilename < Ronin::Exploits::Exploit
|
12
|
-
include Ronin::Exploits::Params::Filename
|
13
|
-
default_filename 'exploit.docx'
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
describe ".included" do
|
18
|
-
subject { TestFilenameParam::TestExploit }
|
19
|
-
|
20
|
-
it "must include Ronin::Exploits::Metadata::DefaultFilename" do
|
21
|
-
expect(subject).to include(Ronin::Exploits::Metadata::DefaultFilename)
|
22
|
-
end
|
23
|
-
|
24
|
-
it "must add a required 'filename' param to the exploit class" do
|
25
|
-
expect(subject.params[:filename]).to_not be_nil
|
26
|
-
expect(subject.params[:filename].type).to be_kind_of(Ronin::Core::Params::Types::String)
|
27
|
-
expect(subject.params[:filename].required?).to be(true)
|
28
|
-
expect(subject.params[:filename].default).to be_kind_of(Proc)
|
29
|
-
expect(subject.params[:filename].desc).to eq("The filename for the exploit")
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
let(:exploit_class) { TestFilenameParam::TestExploit }
|
34
|
-
|
35
|
-
let(:filename) { 'my-file.txt' }
|
36
|
-
|
37
|
-
subject do
|
38
|
-
exploit_class.new(
|
39
|
-
params: {filename: filename}
|
40
|
-
)
|
41
|
-
end
|
42
|
-
|
43
|
-
describe "#filename" do
|
44
|
-
it "must return the filename param value" do
|
45
|
-
expect(subject.filename).to eq(filename)
|
46
|
-
end
|
47
|
-
|
48
|
-
context "when no filename param value is set" do
|
49
|
-
subject do
|
50
|
-
exploit_class.new
|
51
|
-
end
|
52
|
-
|
53
|
-
it "must require a filename value" do
|
54
|
-
expect {
|
55
|
-
subject.validate_params
|
56
|
-
}.to raise_error(Ronin::Core::Params::RequiredParam,"param 'filename' requires a value")
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
context "when the exploit class defines a default_filename" do
|
61
|
-
context "and the filename param value is set" do
|
62
|
-
it "must override the default_filename value" do
|
63
|
-
expect(subject.filename).to eq(filename)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
context "but no filename param value has been set" do
|
68
|
-
let(:exploit_class) { TestFilenameParam::TextExploitWithDefaultFilename }
|
69
|
-
subject { exploit_class.new }
|
70
|
-
|
71
|
-
it "must default to the default_filename value" do
|
72
|
-
expect(subject.filename).to eq(exploit_class.default_filename)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
data/spec/params/host_spec.rb
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/host'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::Host do
|
6
|
-
module TestHostParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::Host
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
describe ".included" do
|
13
|
-
subject { TestHostParam::TestExploit }
|
14
|
-
|
15
|
-
it "must add a required 'host' param to the exploit class" do
|
16
|
-
expect(subject.params[:host]).to_not be_nil
|
17
|
-
expect(subject.params[:host].required?).to be(true)
|
18
|
-
expect(subject.params[:host].desc).to eq("Remote host to connect to")
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
let(:host) { 'example.com' }
|
23
|
-
subject do
|
24
|
-
TestHostParam::TestExploit.new(
|
25
|
-
params: {host: host}
|
26
|
-
)
|
27
|
-
end
|
28
|
-
|
29
|
-
describe "#host" do
|
30
|
-
it "must return the host param value" do
|
31
|
-
expect(subject.host).to eq(host)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
data/spec/params/port_spec.rb
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/params/port'
|
3
|
-
require 'ronin/exploits/exploit'
|
4
|
-
|
5
|
-
describe Ronin::Exploits::Params::Port do
|
6
|
-
module TestPortParam
|
7
|
-
class TestExploit < Ronin::Exploits::Exploit
|
8
|
-
include Ronin::Exploits::Params::Port
|
9
|
-
end
|
10
|
-
|
11
|
-
class TextExploitWithDefaultPort < Ronin::Exploits::Exploit
|
12
|
-
include Ronin::Exploits::Params::Port
|
13
|
-
default_port 123
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
describe ".included" do
|
18
|
-
subject { TestPortParam::TestExploit }
|
19
|
-
|
20
|
-
it "must include Ronin::Exploits::Metadata::DefaultPort" do
|
21
|
-
expect(subject).to include(Ronin::Exploits::Metadata::DefaultPort)
|
22
|
-
end
|
23
|
-
|
24
|
-
it "must add a required 'port' param to the exploit class" do
|
25
|
-
expect(subject.params[:port]).to_not be_nil
|
26
|
-
expect(subject.params[:port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
|
27
|
-
expect(subject.params[:port].required?).to be(true)
|
28
|
-
expect(subject.params[:port].default).to be_kind_of(Proc)
|
29
|
-
expect(subject.params[:port].desc).to eq("Remote port to connect to")
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
let(:exploit_class) { TestPortParam::TestExploit }
|
34
|
-
|
35
|
-
let(:port) { 1337 }
|
36
|
-
|
37
|
-
subject do
|
38
|
-
exploit_class.new(
|
39
|
-
params: {port: port}
|
40
|
-
)
|
41
|
-
end
|
42
|
-
|
43
|
-
describe "#port" do
|
44
|
-
it "must return the port param value" do
|
45
|
-
expect(subject.port).to eq(port)
|
46
|
-
end
|
47
|
-
|
48
|
-
context "when no port param value is set" do
|
49
|
-
subject do
|
50
|
-
exploit_class.new
|
51
|
-
end
|
52
|
-
|
53
|
-
it "must require a port value" do
|
54
|
-
expect {
|
55
|
-
subject.validate_params
|
56
|
-
}.to raise_error(Ronin::Core::Params::RequiredParam,"param 'port' requires a value")
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
context "when the exploit class defines a default_port" do
|
61
|
-
context "and the port param value is set" do
|
62
|
-
it "must override the default_port value" do
|
63
|
-
expect(subject.port).to eq(port)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
context "but no port param value has been set" do
|
68
|
-
let(:exploit_class) { TestPortParam::TextExploitWithDefaultPort }
|
69
|
-
subject { exploit_class.new }
|
70
|
-
|
71
|
-
it "must default to the default_port value" do
|
72
|
-
expect(subject.port).to eq(exploit_class.default_port)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
data/spec/rfi_spec.rb
DELETED
@@ -1,107 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/rfi'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::RFI do
|
5
|
-
module TestRFI
|
6
|
-
class TestExploit < Ronin::Exploits::RFI
|
7
|
-
base_path '/showimage.php'
|
8
|
-
query_param 'file'
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
let(:exploit_class) { TestRFI::TestExploit }
|
13
|
-
|
14
|
-
let(:base_url) { 'http://testphp.vulnweb.com' }
|
15
|
-
|
16
|
-
subject do
|
17
|
-
exploit_class.new(
|
18
|
-
params: {
|
19
|
-
base_url: base_url
|
20
|
-
}
|
21
|
-
)
|
22
|
-
end
|
23
|
-
|
24
|
-
describe ".exploit_type" do
|
25
|
-
subject { described_class }
|
26
|
-
|
27
|
-
it { expect(subject.exploit_type).to eq(:rfi) }
|
28
|
-
end
|
29
|
-
|
30
|
-
describe "#vuln" do
|
31
|
-
it "must return a Ronin::Vulns::RFI object" do
|
32
|
-
expect(subject.vuln).to be_kind_of(Ronin::Vulns::RFI)
|
33
|
-
end
|
34
|
-
|
35
|
-
it "must set the #url attribute of the RFI vuln object" do
|
36
|
-
expect(subject.vuln.url).to eq(subject.url)
|
37
|
-
end
|
38
|
-
|
39
|
-
it "must infer the #test_scrript_url from the #url attribute" do
|
40
|
-
expect(subject.vuln.test_script_url).to eq(Ronin::Vulns::RFI.test_script_for(subject.vuln.url))
|
41
|
-
end
|
42
|
-
|
43
|
-
context "when the 'test_script_url' param is set" do
|
44
|
-
let(:test_script_url) { 'https://myhost.com/path/to/test_script.php' }
|
45
|
-
|
46
|
-
subject do
|
47
|
-
exploit_class.new(
|
48
|
-
params: {
|
49
|
-
base_url: base_url,
|
50
|
-
test_script_url: test_script_url
|
51
|
-
}
|
52
|
-
)
|
53
|
-
end
|
54
|
-
|
55
|
-
it "must set the #test_script_url for the RFI vuln object" do
|
56
|
-
expect(subject.vuln.test_script_url).to eq(test_script_url)
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
it "must not set the #filter_bypass attribute of the RFI vuln object by default" do
|
61
|
-
expect(subject.vuln.filter_bypass).to be(nil)
|
62
|
-
end
|
63
|
-
|
64
|
-
context "when the 'filter_bypass' param is set" do
|
65
|
-
let(:filter_bypass) { :double_encode }
|
66
|
-
|
67
|
-
subject do
|
68
|
-
exploit_class.new(
|
69
|
-
params: {
|
70
|
-
base_url: base_url,
|
71
|
-
filter_bypass: filter_bypass
|
72
|
-
}
|
73
|
-
)
|
74
|
-
end
|
75
|
-
|
76
|
-
it "must set the #filter_bypass attribute of the RFI vuln object to the 'filter_bypass' param" do
|
77
|
-
expect(subject.vuln.filter_bypass).to eq(filter_bypass)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
describe "#launch" do
|
83
|
-
module TestRFI
|
84
|
-
class RFIPayload < Ronin::Payloads::URLPayload
|
85
|
-
url 'https://example.com/path/to/payload.php'
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
let(:payload_class) { TestRFI::RFIPayload }
|
90
|
-
let(:payload) { payload_class.new }
|
91
|
-
|
92
|
-
subject do
|
93
|
-
exploit_class.new(
|
94
|
-
payload: payload,
|
95
|
-
params: {
|
96
|
-
base_url: base_url
|
97
|
-
}
|
98
|
-
)
|
99
|
-
end
|
100
|
-
|
101
|
-
it "must call #exploit on the #vuln object with the #payload" do
|
102
|
-
expect(subject.vuln).to receive(:exploit).with(payload)
|
103
|
-
|
104
|
-
subject.launch
|
105
|
-
end
|
106
|
-
end
|
107
|
-
end
|
data/spec/seh_overflow_spec.rb
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/seh_overflow'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::SEHOverflow do
|
5
|
-
it "must inherit from Ronin::Exploits::MemoryCorruption" do
|
6
|
-
expect(described_class).to be < Ronin::Exploits::MemoryCorruption
|
7
|
-
end
|
8
|
-
|
9
|
-
it "must include Ronin::Exploits::Mixins::SEH" do
|
10
|
-
expect(described_class).to include(Ronin::Exploits::Mixins::SEH)
|
11
|
-
end
|
12
|
-
|
13
|
-
describe ".exploit_type" do
|
14
|
-
subject { described_class }
|
15
|
-
|
16
|
-
it { expect(subject.exploit_type).to eq(:seh_overflow) }
|
17
|
-
end
|
18
|
-
end
|