ronin-exploits 1.0.0.beta2 → 1.0.0

data/spec/mixins/stack_overflow_spec.rb

@@ -1,87 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/mixins/stack_overflow'
-
-require 'ronin/exploits/exploit'
-require 'ronin/exploits/metadata/arch'
-require 'ronin/exploits/metadata/os'
-
-describe Ronin::Exploits::Mixins::StackOverflow do
-  module TestSEHMixin
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Metadata::Arch
-      include Ronin::Exploits::Metadata::OS
-      include Ronin::Exploits::Mixins::StackOverflow
-
-      arch :x86
-      os :windows
-    end
-  end
-
-  let(:exploit_class) { TestSEHMixin::TestExploit }
-
-  it "must include Ronin::Exploits::Mixins::Text" do
-    expect(exploit_class).to include(Ronin::Exploits::Mixins::Text)
-  end
-
-  it "must include Ronin::Exploits::Mixins::Binary" do
-    expect(exploit_class).to include(Ronin::Exploits::Mixins::Binary)
-  end
-
-  it "must include Ronin::Exploits::Mixins::NOPS" do
-    expect(exploit_class).to include(Ronin::Exploits::Mixins::NOPS)
-  end
-
-  subject { exploit_class.new }
-
-  let(:bp) { 0x06eb9090 }
-  let(:ip)  { 0x1001ae86 }
-
-  describe "#stack_frame" do
-    it "must pack the nseh and seh arguments as machine words" do
-      expect(subject.stack_frame(bp,ip)).to eq(
-        [bp, ip].pack('L<2')
-      )
-    end
-  end
-
-  describe "#buffer_overflow" do
-    let(:length)  { 1024 }
-    let(:payload) { 'shellcode here'.b }
-
-    it "must return a buffer of the given size, containing junk data, the payload, stack base pointer (bp), and stack instruction pointer (ip) addresses" do
-      buffer = subject.buffer_overflow(
-        length: length, payload: payload, bp: bp, ip: ip
-      )
-
-      expect(buffer.length).to eq(length)
-
-      junk = subject.junk(length - payload.bytesize - (subject.platform[:machine_word].size * 2))
-
-      packed_bp = subject.pack(:machine_word,bp)
-      packed_ip = subject.pack(:machine_word,ip)
-
-      expect(buffer).to eq(junk + payload + packed_bp + packed_ip)
-    end
-
-    context "when the nops: keyword argument is given" do
-      let(:nops) { 16 }
-
-      it "must add additional NOP padding to the beginning of the payload" do
-        buffer = subject.buffer_overflow(
-          length: length, nops: nops, payload: payload, bp: bp, ip: ip
-        )
-
-        expect(buffer.length).to eq(length)
-
-        junk = subject.junk(length - (subject.nop.bytesize * nops) - payload.bytesize - (subject.platform[:machine_word].size * 2))
-
-        nop_pad = subject.nops(nops)
-
-        packed_ip = subject.pack(:machine_word,ip)
-        packed_bp = subject.pack(:machine_word,bp)
-
-        expect(buffer).to eq(junk + nop_pad + payload + packed_bp + packed_ip)
-      end
-    end
-  end
-end

data/spec/mixins/text_spec.rb

@@ -1,43 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/mixins/text'
-
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Mixins::Text do
-  module TestTextMixin
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Mixins::Text
-    end
-  end
-
-  let(:exploit_class) { TestTextMixin::TestExploit }
-  subject { exploit_class.new }
-
-  it "must include Ronin::Support::Text::Random::Mixin" do
-    expect(exploit_class).to include(Ronin::Support::Text::Random::Mixin)
-  end
-
-  describe "#junk" do
-    let(:count) { 1024 }
-
-    it "must return a String of 'A' characters for the given count" do
-      expect(subject.junk(count)).to eq('A' * count)
-    end
-
-    context "when given a custom character" do
-      let(:char) { 'B' }
-
-      it "must return a String of the given characters for the given count" do
-        expect(subject.junk(char,count)).to eq(char * count)
-      end
-    end
-
-    context "when given a custom String" do
-      let(:string) { 'AB' }
-
-      it "must return a String of the given String repeated for the given count" do
-        expect(subject.junk(string,count)).to eq(string * count)
-      end
-    end
-  end
-end

data/spec/open_redirect_spec.rb

@@ -1,71 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/open_redirect'
-
-describe Ronin::Exploits::OpenRedirect do
-  module TestOpenRedirect
-    class TestExploit < Ronin::Exploits::OpenRedirect
-      base_path   '/showthread.asp'
-      query_param 'id'
-    end
-  end
-
-  let(:exploit_class) { TestOpenRedirect::TestExploit }
-  let(:base_url)      { 'http://testasp.vulnweb.com' }
-  let(:redirect_url)  { 'http://evil.com/' }
-
-  subject do
-    exploit_class.new(
-      params: {
-        base_url:     base_url,
-        redirect_url: redirect_url
-      }
-    )
-  end
-
-  it "must inherite from Ronin::Exploits::ClientSideWebVuln" do
-    expect(described_class).to be < Ronin::Exploits::ClientSideWebVuln
-  end
-
-  describe ".exploit_type" do
-    subject { described_class }
-
-    it { expect(subject.exploit_type).to eq(:open_redirect) }
-  end
-
-  describe "#initialize" do
-    it "must default #payload to a Ronin::Payloads::Test::OpenRedirect payload" do
-      expect(subject.payload).to be_kind_of(Ronin::Payloads::Test::OpenRedirect)
-    end
-
-    context "when given the payload: keyword argument" do
-      let(:payload) { Ronin::Payloads::URLPayload.new }
-
-      subject do
-        exploit_class.new(
-          payload: payload,
-          params: {
-            base_url: base_url
-          }
-        )
-      end
-
-      it "must set #payload" do
-        expect(subject.payload).to be(payload)
-      end
-    end
-  end
-
-  describe "#vuln" do
-    it "must return a Ronin::Vulns::OpenRedirect object" do
-      expect(subject.vuln).to be_kind_of(Ronin::Vulns::OpenRedirect)
-    end
-
-    it "must set the #url attribute of the OpenRedirect vuln object" do
-      expect(subject.vuln.url).to eq(subject.url)
-    end
-
-    it "must set the #test_url attribute of the OpenRedirect vuln object to the 'redirect_url' param" do
-      expect(subject.vuln.test_url).to eq(redirect_url)
-    end
-  end
-end

data/spec/params/base_url_spec.rb

@@ -1,71 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/params/base_url'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Params::BaseURL do
-  module TestBaseURLParam
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::BaseURL
-    end
-  end
-
-  describe ".included" do
-    subject { TestBaseURLParam::TestExploit }
-
-    it "must add a required 'base_url' param to the exploit class" do
-      expect(subject.params[:base_url]).to_not be_nil
-      expect(subject.params[:base_url].type).to be_kind_of(Ronin::Core::Params::Types::URI)
-      expect(subject.params[:base_url].required?).to be(true)
-      expect(subject.params[:base_url].desc).to eq("The base URL of the target")
-    end
-  end
-
-  let(:base_url) { URI('https://example.com:8080/') }
-  subject { TestBaseURLParam::TestExploit.new(params: {base_url: base_url}) }
-
-  describe "#host" do
-    it "must return the host value of the base URL" do
-      expect(subject.host).to eq(base_url.host)
-    end
-  end
-
-  describe "#port" do
-    it "must return the port value of the base URL" do
-      expect(subject.port).to eq(base_url.port)
-    end
-  end
-
-  describe "#url_for" do
-    context "when given an absolute path" do
-      let(:path) { '/foo' }
-
-      it "must return a URI::HTTP object" do
-        expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
-      end
-
-      it "must override the path of the params[:base_url]" do
-        expect(subject.url_for(path).path).to eq(path)
-      end
-    end
-
-    context "when given a relative path" do
-      let(:path) { 'foo' }
-
-      it "must return a URI::HTTP object" do
-        expect(subject.url_for(path)).to be_kind_of(URI::HTTP)
-      end
-
-      it "must convert the path into an absolute path" do
-        expect(subject.url_for(path).path).to eq("/#{path}")
-      end
-    end
-
-    context "when given a fully qualified URL" do
-      let(:url) { "https://www.other.com/foo" }
-
-      it "must return the URL" do
-        expect(subject.url_for(url).to_s).to eq(url)
-      end
-    end
-  end
-end

data/spec/params/bind_host_spec.rb

@@ -1,34 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/params/bind_host'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Params::BindHost do
-  module TestBindHostParam
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::BindHost
-    end
-  end
-
-  describe ".included" do
-    subject { TestBindHostParam::TestExploit }
-
-    it "must add an optional 'bind_host' param to the exploit class" do
-      expect(subject.params[:bind_host]).to_not be_nil
-      expect(subject.params[:bind_host].required?).to be(false)
-      expect(subject.params[:bind_host].desc).to eq("Local host to bind to")
-    end
-  end
-
-  let(:bind_host) { 'localhost' }
-  subject do
-    TestBindHostParam::TestExploit.new(
-      params: {bind_host: bind_host}
-    )
-  end
-
-  describe "#bind_host" do
-    it "must return the bind_host param value" do
-      expect(subject.bind_host).to eq(bind_host)
-    end
-  end
-end

data/spec/params/bind_port_spec.rb

@@ -1,35 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/params/bind_port'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Params::BindPort do
-  module TestBindPortParam
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::BindPort
-    end
-  end
-
-  describe ".included" do
-    subject { TestBindPortParam::TestExploit }
-
-    it "must add an optional 'bind_port' param to the exploit class" do
-      expect(subject.params[:bind_port]).to_not be_nil
-      expect(subject.params[:bind_port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
-      expect(subject.params[:bind_port].required?).to be(false)
-      expect(subject.params[:bind_port].desc).to eq("Local port to bind to")
-    end
-  end
-
-  let(:bind_port) { 9000 }
-  subject do
-    TestBindPortParam::TestExploit.new(
-      params: {bind_port: bind_port}
-    )
-  end
-
-  describe "#bind_port" do
-    it "must return the bind_port param value" do
-      expect(subject.bind_port).to eq(bind_port)
-    end
-  end
-end

data/spec/params/filename_spec.rb

@@ -1,77 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/params/filename'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Params::Filename do
-  module TestFilenameParam
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::Filename
-    end
-
-    class TextExploitWithDefaultFilename < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::Filename
-      default_filename 'exploit.docx'
-    end
-  end
-
-  describe ".included" do
-    subject { TestFilenameParam::TestExploit }
-
-    it "must include Ronin::Exploits::Metadata::DefaultFilename" do
-      expect(subject).to include(Ronin::Exploits::Metadata::DefaultFilename)
-    end
-
-    it "must add a required 'filename' param to the exploit class" do
-      expect(subject.params[:filename]).to_not be_nil
-      expect(subject.params[:filename].type).to be_kind_of(Ronin::Core::Params::Types::String)
-      expect(subject.params[:filename].required?).to be(true)
-      expect(subject.params[:filename].default).to be_kind_of(Proc)
-      expect(subject.params[:filename].desc).to eq("The filename for the exploit")
-    end
-  end
-
-  let(:exploit_class) { TestFilenameParam::TestExploit }
-
-  let(:filename) { 'my-file.txt' }
-
-  subject do
-    exploit_class.new(
-      params: {filename: filename}
-    )
-  end
-
-  describe "#filename" do
-    it "must return the filename param value" do
-      expect(subject.filename).to eq(filename)
-    end
-
-    context "when no filename param value is set" do
-      subject do
-        exploit_class.new
-      end
-
-      it "must require a filename value" do
-        expect {
-          subject.validate_params
-        }.to raise_error(Ronin::Core::Params::RequiredParam,"param 'filename' requires a value")
-      end
-    end
-
-    context "when the exploit class defines a default_filename" do
-      context "and the filename param value is set" do
-        it "must override the default_filename value" do
-          expect(subject.filename).to eq(filename)
-        end
-      end
-
-      context "but no filename param value has been set" do
-        let(:exploit_class) { TestFilenameParam::TextExploitWithDefaultFilename }
-        subject { exploit_class.new }
-
-        it "must default to the default_filename value" do
-          expect(subject.filename).to eq(exploit_class.default_filename)
-        end
-      end
-    end
-  end
-end

data/spec/params/host_spec.rb

@@ -1,34 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/params/host'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Params::Host do
-  module TestHostParam
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::Host
-    end
-  end
-
-  describe ".included" do
-    subject { TestHostParam::TestExploit }
-
-    it "must add a required 'host' param to the exploit class" do
-      expect(subject.params[:host]).to_not be_nil
-      expect(subject.params[:host].required?).to be(true)
-      expect(subject.params[:host].desc).to eq("Remote host to connect to")
-    end
-  end
-
-  let(:host) { 'example.com' }
-  subject do
-    TestHostParam::TestExploit.new(
-      params: {host: host}
-    )
-  end
-
-  describe "#host" do
-    it "must return the host param value" do
-      expect(subject.host).to eq(host)
-    end
-  end
-end

data/spec/params/port_spec.rb

@@ -1,77 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/params/port'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::Params::Port do
-  module TestPortParam
-    class TestExploit < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::Port
-    end
-
-    class TextExploitWithDefaultPort < Ronin::Exploits::Exploit
-      include Ronin::Exploits::Params::Port
-      default_port 123
-    end
-  end
-
-  describe ".included" do
-    subject { TestPortParam::TestExploit }
-
-    it "must include Ronin::Exploits::Metadata::DefaultPort" do
-      expect(subject).to include(Ronin::Exploits::Metadata::DefaultPort)
-    end
-
-    it "must add a required 'port' param to the exploit class" do
-      expect(subject.params[:port]).to_not be_nil
-      expect(subject.params[:port].type).to be_kind_of(Ronin::Core::Params::Types::Integer)
-      expect(subject.params[:port].required?).to be(true)
-      expect(subject.params[:port].default).to be_kind_of(Proc)
-      expect(subject.params[:port].desc).to eq("Remote port to connect to")
-    end
-  end
-
-  let(:exploit_class) { TestPortParam::TestExploit }
-
-  let(:port) { 1337 }
-
-  subject do
-    exploit_class.new(
-      params: {port: port}
-    )
-  end
-
-  describe "#port" do
-    it "must return the port param value" do
-      expect(subject.port).to eq(port)
-    end
-
-    context "when no port param value is set" do
-      subject do
-        exploit_class.new
-      end
-
-      it "must require a port value" do
-        expect {
-          subject.validate_params
-        }.to raise_error(Ronin::Core::Params::RequiredParam,"param 'port' requires a value")
-      end
-    end
-
-    context "when the exploit class defines a default_port" do
-      context "and the port param value is set" do
-        it "must override the default_port value" do
-          expect(subject.port).to eq(port)
-        end
-      end
-
-      context "but no port param value has been set" do
-        let(:exploit_class) { TestPortParam::TextExploitWithDefaultPort }
-        subject { exploit_class.new }
-
-        it "must default to the default_port value" do
-          expect(subject.port).to eq(exploit_class.default_port)
-        end
-      end
-    end
-  end
-end

data/spec/rfi_spec.rb

@@ -1,107 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/rfi'
-
-describe Ronin::Exploits::RFI do
-  module TestRFI
-    class TestExploit < Ronin::Exploits::RFI
-      base_path '/showimage.php'
-      query_param 'file'
-    end
-  end
-
-  let(:exploit_class) { TestRFI::TestExploit }
-
-  let(:base_url) { 'http://testphp.vulnweb.com' }
-
-  subject do
-    exploit_class.new(
-      params: {
-        base_url: base_url
-      }
-    )
-  end
-
-  describe ".exploit_type" do
-    subject { described_class }
-
-    it { expect(subject.exploit_type).to eq(:rfi) }
-  end
-
-  describe "#vuln" do
-    it "must return a Ronin::Vulns::RFI object" do
-      expect(subject.vuln).to be_kind_of(Ronin::Vulns::RFI)
-    end
-
-    it "must set the #url attribute of the RFI vuln object" do
-      expect(subject.vuln.url).to eq(subject.url)
-    end
-
-    it "must infer the #test_scrript_url from the #url attribute" do
-      expect(subject.vuln.test_script_url).to eq(Ronin::Vulns::RFI.test_script_for(subject.vuln.url))
-    end
-
-    context "when the 'test_script_url' param is set" do
-      let(:test_script_url) { 'https://myhost.com/path/to/test_script.php' }
-
-      subject do
-        exploit_class.new(
-          params: {
-            base_url:        base_url,
-            test_script_url: test_script_url
-          }
-        )
-      end
-
-      it "must set the #test_script_url for the RFI vuln object" do
-        expect(subject.vuln.test_script_url).to eq(test_script_url)
-      end
-    end
-
-    it "must not set the #filter_bypass attribute of the RFI vuln object by default" do
-      expect(subject.vuln.filter_bypass).to be(nil)
-    end
-
-    context "when the 'filter_bypass' param is set" do
-      let(:filter_bypass) { :double_encode }
-
-      subject do
-        exploit_class.new(
-          params: {
-            base_url:      base_url,
-            filter_bypass: filter_bypass
-          }
-        )
-      end
-
-      it "must set the #filter_bypass attribute of the RFI vuln object to the 'filter_bypass' param" do
-        expect(subject.vuln.filter_bypass).to eq(filter_bypass)
-      end
-    end
-  end
-
-  describe "#launch" do
-    module TestRFI
-      class RFIPayload < Ronin::Payloads::URLPayload
-        url 'https://example.com/path/to/payload.php'
-      end
-    end
-
-    let(:payload_class) { TestRFI::RFIPayload }
-    let(:payload)       { payload_class.new   }
-
-    subject do
-      exploit_class.new(
-        payload: payload,
-        params: {
-          base_url: base_url
-        }
-      )
-    end
-
-    it "must call #exploit on the #vuln object with the #payload" do
-      expect(subject.vuln).to receive(:exploit).with(payload)
-
-      subject.launch
-    end
-  end
-end

data/spec/seh_overflow_spec.rb

@@ -1,18 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/seh_overflow'
-
-describe Ronin::Exploits::SEHOverflow do
-  it "must inherit from Ronin::Exploits::MemoryCorruption" do
-    expect(described_class).to be < Ronin::Exploits::MemoryCorruption
-  end
-
-  it "must include Ronin::Exploits::Mixins::SEH" do
-    expect(described_class).to include(Ronin::Exploits::Mixins::SEH)
-  end
-
-  describe ".exploit_type" do
-    subject { described_class }
-
-    it { expect(subject.exploit_type).to eq(:seh_overflow) }
-  end
-end

data/spec/spec_helper.rb

@@ -1,8 +0,0 @@
-require 'rspec'
-require 'simplecov'
-
-SimpleCov.start
-
-RSpec.configure do |specs|
-  specs.filter_run_excluding :network
-end