ronin-exploits 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4fb437a6634a2eef3dae27f5d940718e94d1e5d7839113e9b02d849daeb2f81
-  data.tar.gz: 661bbae01973ba0ec2e367abef7fd137534dff1597b8486dde94e64afcc6e780
+  metadata.gz: 7c482725859543f95754cb4e3fd61e31326eec9a63c2f8d5f5f1e7a64e2bb29e
+  data.tar.gz: e35da617d9f8301d4fb5a3fff6eb77a17615c0477cdbbaa2e26e4b152a05af6b
 SHA512:
-  metadata.gz: 9c40d3ba6b13842ddb66b762cac6aaa26a22f3feb03a8f68abf1fdc7d90696fb4cc03da0fd4472ea77af9e861eb92cf4a7165a5fc023b4ecb4e59f0ef13fa234
-  data.tar.gz: 8b81f266e3b256f028a01b1d10a85d0d1d09cfbcdfecab07e5bf25ebae0f96adee5b7881515eb4cfaccae5ae0e4807377315f50db9213ab5268b179db3e87640
+  metadata.gz: 7a1b389e0283581e586a65729bb5994f1f8c0ccddee570117bf1746638a09d07b30eed9c13f777d064b436bec418df0697c9e86f39fbf7db1c86bb5e25b5755c
+  data.tar.gz: 857e56f993e8c55580ef358c8021ae526431607f3ed6188f1813e81dee6a91308dfe95cd2d32b1bf5284e5945f64abddd93893bc3e6211b5d0d350d6d99e31a7

data/.github/workflows/ruby.yml

@@ -30,3 +30,17 @@ jobs:
         run: bundle install --jobs 4 --retry 3
       - name: Run tests
         run: bundle exec rake test
+
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.rubocop.yml

@@ -0,0 +1,61 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+
+#
+# ronin-exploits specific exceptions
+#
+
+# Exploit#initialize exists for documentation purposes
+Lint/UselessMethodDefinition:
+  Exclude:
+    - 'lib/ronin/exploits/exploit.rb'
+
+# make an exception for the Vulnerable, NotVulnerable, and Unknown methods.
+Naming/MethodName:
+  AllowedPatterns:
+    - Vulnerable
+    - NotVulnerable
+    - Unknown
+
+# robucop mistakes :x86_64 for a "symbol number"
+Naming/VariableNumber:
+  AllowedIdentifiers:
+    - x86_64
+
+# we actually want to use OpenStruct for Ronin::Exploits::Target
+Style/OpenStructUse:
+  Exclude:
+    - 'lib/ronin/exploits/target.rb'
+    - 'spec/target_spec.rb'
+
+# aligning rows of columns vertically actually helps with readability
+Layout/SpaceInsideArrayPercentLiteral:
+  Exclude:
+    - 'spec/loot/file_spec.rb'
+
+# aligning rows of columns vertically actually helps with readability
+Layout/SpaceInsidePercentLiteralDelimiters:
+  Exclude:
+    - 'spec/loot/file_spec.rb'
+
+# I cannot think of good format string annotation names for the format-string
+Style/FormatStringToken:
+  Exclude:
+    - 'lib/ronin/exploits/mixins/format_string.rb'
+
+# `bp:` and `ip:` are OK keyword argument names
+Naming/MethodParameterName:
+  Exclude:
+    - 'lib/ronin/exploits/mixins/stack_overflow.rb'
+
+# `if !value.nil? ... else ...` and `if !value.empty?` ... else ...` are
+# acceptable. Otherwise prefer `unless ... else ...`.
+Style/NegatedIfElseCondition:
+  Exclude:
+    - 'lib/ronin/exploits/sqli.rb'
+    - 'lib/ronin/exploits/mixins/html.rb'

data/ChangeLog.md

@@ -1,4 +1,15 @@
-### 1.0.0 / 2023-XX-XX
+### 1.0.1 / 2023-03-01
+
+* Require [ronin-support] ~> 1.0, >= 1.0.1.
+* Require [ronin-payloads] ~> 0.1, >= 0.1.1.
+* Require [ronin-vulns] ~> 0.1, >= 0.1.1.
+
+#### CLI
+
+* Fixed multiple bugs in the `--encoder-param` option of the
+  `ronin-exploits run ` command.
+
+### 1.0.0 / 2023-02-01
 
 * Upgraded to the LGPL-3 license.
 * Require `ruby` >= 3.0.0.
@@ -291,7 +302,7 @@
     * Added the Exploit#target which will return the current selected
       target, or the first target of the exploit.
     * Added the Exploit#arch, Exploit#os and Exploit#product methods.
-    * Added the Exploit#verify_target!, Exploit#verify_arch!, 
+    * Added the Exploit#verify_target!, Exploit#verify_arch!,
       Exploit#verify_os! and Exploit#verify_product! methods.
     * Added Exploit#encoded_payload.
     * Added Exploit#encode_payload!.

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
@@ -37,7 +39,7 @@ group :development do
   gem 'rspec',           '~> 3.0'
   gem 'simplecov',       '~> 0.20'
 
-  gem 'kramdown',	       '~> 2.0'
+  gem 'kramdown',        '~> 2.0'
   gem 'kramdown-man',    '~> 0.1'
 
   gem 'redcarpet',       platform: :mri
@@ -47,4 +49,6 @@ group :development do
   gem 'dead_end',        require: false
   gem 'sord',            require: false, platform: :mri
   gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   '~> 0.2', require: false, platform: :mri
 end

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rubygems'
 
 begin
@@ -5,7 +7,7 @@ begin
 rescue LoadError => e
   warn e.message
   warn "Run `gem install bundler` to install Bundler."
-  exit -1
+  exit(-1)
 end
 
 begin

data/bin/ronin-exploits

@@ -1,17 +1,16 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'rubygems'
 
 root = File.expand_path(File.join(File.dirname(__FILE__),'..'))
 if File.file?(File.join(root,'Gemfile.lock'))
   Dir.chdir(root) do
-    begin
-      require 'bundler/setup'
-    rescue LoadError => e
-      warn e.message
-      warn "Run `gem install bundler` to install Bundler"
-      exit -1
-    end
+    require 'bundler/setup'
+  rescue LoadError => e
+    warn e.message
+    warn "Run `gem install bundler` to install Bundler"
+    exit(-1)
   end
 end
 

data/gemspec.yml

@@ -34,10 +34,10 @@ generated_files:
 dependencies:
   uri-query_params: ~> 0.6
   # Ronin dependencies:
-  ronin-support: ~> 1.0
+  ronin-support: ~> 1.0, >= 1.0.1
   ronin-code-sql: ~> 2.0
-  ronin-payloads: ~> 0.1
-  ronin-vulns: ~> 0.1
+  ronin-payloads: ~> 0.1, >= 0.1.1
+  ronin-vulns: ~> 0.1, >= 0.1.1
   ronin-post_ex: ~> 0.1
   ronin-core: ~> 0.1
   ronin-repos: ~> 0.1

data/lib/ronin/exploits/advisory.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/command.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/commands/irb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/commands/list.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/commands/new.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -44,7 +45,7 @@ module Ronin
         #     ronin-exploit new [options] FILE
         #
         # ## Options
-        # 
+        #
         #     -t exploit|heap_overflow|stack_overflow|web|open_redirect|lfi|rfi|sqli|ssti|xss,
         #         --type                       The type for the new exploit
         #     -a, --author NAME                The name of the author
@@ -198,7 +199,9 @@ module Ronin
                           type: Core::CLI::Options::Values::ARCHES
                         },
                         desc: 'The architecture to target' do |arch|
+                          # lazy initialize @target
                           @target ||= {}
+
                           @target[:arch] = arch
                         end
 
@@ -207,7 +210,9 @@ module Ronin
                         type: Core::CLI::Options::Values::OSES
                       },
                       desc: 'The Operating System (OS) to target' do |os|
+                        # lazy initialize @target
                         @target ||= {}
+
                         @target[:os] = os
                       end
 
@@ -216,7 +221,9 @@ module Ronin
                                 usage: 'VERSION'
                               },
                               desc: 'The OS version to target' do |ver|
+                                # lazy initialize @target
                                 @target ||= {}
+
                                 @target[:os_version] = ver
                               end
 
@@ -226,7 +233,9 @@ module Ronin
                               usage: 'NAME'
                             },
                             desc: 'The software to target' do |name|
+                              # lazy initialize @target
                               @target ||= {}
+
                               @target[:software] = name
                             end
 
@@ -236,7 +245,9 @@ module Ronin
                                       usage: 'ARCH'
                                     },
                                     desc: 'The software version to target' do |ver|
+                                      # lazy initialize @target
                                       @target ||= {}
+
                                       @target[:version] = ver
                                     end
 

data/lib/ronin/exploits/cli/commands/run.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -92,7 +93,7 @@ module Ronin
           # Payload options
           option :payload_file, value: {
                                   type: String,
-                                  usage: 'FILE',
+                                  usage: 'FILE'
                                 },
                                 desc: 'Load the payload from the given Ruby file'
           option :read_payload, value: {
@@ -130,7 +131,7 @@ module Ronin
                                   usage: 'FILE'
                                 },
                                 desc: 'Load the payload encoder from the Ruby file' do |file|
-                                  @load_encoders << [:file, file]
+                                  @encoders_to_load << [:file, file]
                                 end
 
           option :encoder, short: '-E',
@@ -139,18 +140,18 @@ module Ronin
                              usage: 'NAME'
                            },
                            desc: 'Loads the payload encoder by name' do |name|
-                             @load_encoders << [:name, name]
+                             @encoders_to_load << [:name, name]
                            end
 
           option :encoder_param, value: {
                                    type: /\A[^\.\=\s]+\.[^=\s]+=.+\z/,
                                    usage: 'ENCODER.NAME=VALUE'
                                  },
-                                 desc: 'Sets a param on the ENCODER' do
+                                 desc: 'Sets a param on the ENCODER' do |str|
                                    prefix, value = str.split('=',2)
-                                   ecndoer, name = prefix.split('.',2)
+                                   encoder, name = prefix.split('.',2)
 
-                                   @encodeer_params[encoder][name] = value
+                                   @encoder_params[encoder][name.to_sym] = value
                                  end
 
           # Target options
@@ -221,6 +222,26 @@ module Ronin
 
           man_page 'ronin-exploits-run.1'
 
+          # Thte encoder names and paths to load.
+          #
+          # @return [Array<(Symbol, String)>]
+          attr_reader :encoders_to_load
+
+          # The encoder params.
+          #
+          # @return [Hash{String => Hash{String => String}}]
+          attr_reader :encoder_params
+
+          # The payload params.
+          #
+          # @return [Hash{Hash{String => String}]
+          attr_reader :payload_params
+
+          # The keyword arguments to select a target with.
+          #
+          # @return [Hash{Hash{Symbol => Object}]
+          attr_reader :target_kwargs
+
           #
           # Initializes the `ronin-exploits run` command.
           #
@@ -230,10 +251,10 @@ module Ronin
           def initialize(**kwargs)
             super(**kwargs)
 
-            @load_encoders  = []
-            @encoder_params = Hash.new { |hash,key| hash[key] = {} }
-            @payload_params = {}
-            @target_kwargs  = {}
+            @encoders_to_load  = []
+            @encoder_params    = Hash.new { |hash,key| hash[key] = {} }
+            @payload_params    = {}
+            @target_kwargs     = {}
           end
 
           #
@@ -268,7 +289,7 @@ module Ronin
           # `--encoder-file`.
           #
           def load_encoders
-            @encoder_classes = @load_encoders.map do |(type,value)|
+            @encoder_classes = @encoders_to_load.map do |(type,value)|
               case type
               in :name then load_encoder(value)
               in :file then load_encoder_from(value)
@@ -427,16 +448,14 @@ module Ronin
           # Performs the cleanup stage of the exploit.
           #
           def perform_cleanup
-            begin
-              @exploit.perform_cleanup
-            rescue ExploitError => error
-              print_error "failed to cleanup exploit #{@exploit.class_id}: #{error.message}"
-              exit(1)
-            rescue => error
-              print_exception(error)
-              print_error "an unhandled exception occurred while cleaning up the exploit #{@exploit.class_id}"
-              exit(-1)
-            end
+            @exploit.perform_cleanup
+          rescue ExploitError => error
+            print_error "failed to cleanup exploit #{@exploit.class_id}: #{error.message}"
+            exit(1)
+          rescue => error
+            print_exception(error)
+            print_error "an unhandled exception occurred while cleaning up the exploit #{@exploit.class_id}"
+            exit(-1)
           end
 
         end

data/lib/ronin/exploits/cli/commands/show.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -48,7 +49,7 @@ module Ronin
         #     -h, --help                       Print help information
         #
         # ## Arguments
-        # 
+        #
         #     [NAME]                           The exploit name to load
         #
         class Show < ExploitCommand
@@ -97,7 +98,7 @@ module Ronin
                  exploit.include?(Mixins::HasTargets)
                 unless exploit.targets.empty?
                   exploit.targets.each_with_index do |target,index|
-                    puts "[ Target ##{index+1} ]"
+                    puts "[ Target ##{index + 1} ]"
                     puts
 
                     indent { print_target(target) }
@@ -118,16 +119,17 @@ module Ronin
           #   The loaded exploit class.
           #
           def print_metadata(exploit)
-            fields = {}
-            fields['Type'] = exploit_type(exploit)
+            fields = {
+              'Type' => exploit_type(exploit)
+            }
 
             if defined?(Core::Metadata::Version) &&
                exploit.include?(Core::Metadata::Version)
               fields['Version'] = exploit.version if exploit.version
             end
 
-            fields['Quality']   = exploit.quality   if exploit.quality
-            fields['Released']  = exploit.release_date  if exploit.release_date
+            fields['Quality']   = exploit.quality if exploit.quality
+            fields['Released']  = exploit.release_date if exploit.release_date
             fields['Disclosed'] = exploit.disclosure_date if exploit.disclosure_date
 
             if defined?(Metadata::Arch) && exploit.include?(Metadata::Arch)
@@ -144,7 +146,7 @@ module Ronin
                                  os
                                end
               end
-           end
+            end
 
             if (software = exploit.software)
               fields['Software'] = software
@@ -164,7 +166,7 @@ module Ronin
               fields['Payload Type'] = payload_type(exploit.payload_class)
             end
 
-            fields['Summary']   = exploit.summary   if exploit.summary
+            fields['Summary'] = exploit.summary if exploit.summary
             print_fields(fields)
           end
 
@@ -252,6 +254,7 @@ module Ronin
           #
           def print_target(target)
             fields = {}
+
             fields['Arch'] = target.arch if target.arch
 
             if target.os

data/lib/ronin/exploits/cli/exploit_command.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -24,6 +25,9 @@ require 'ronin/exploits/cli/exploit_methods'
 module Ronin
   module Exploits
     class CLI
+      #
+      # Base class for all commands which load or run exploits.
+      #
       class ExploitCommand < Command
 
         include ExploitMethods

data/lib/ronin/exploits/cli/exploit_methods.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -25,6 +26,9 @@ require 'ronin/core/params/exceptions'
 module Ronin
   module Exploits
     class CLI
+      #
+      # Mixin which adds methods for loading and running exploit classes.
+      #
       module ExploitMethods
         #
         # Loads a exploit class.

data/lib/ronin/exploits/cli/ruby_shell.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/client_side_web_vuln.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/exceptions.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/exploit.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -63,27 +64,27 @@ module Ronin
     # [Params]: https://ronin-rb.dev/docs/ronin-core/Ronin/Core/Params/Mixin.html
     #
     # ## Example
-    # 
+    #
     #     require 'ronin/exploits/exploit'
     #     require 'ronin/exploits/mixins/remote_tcp'
-    #     
+    #
     #     module Ronin
     #       module Exploits
     #         class MyExploit < Exploit
     #
     #           include Mixins::RemoteTCP
-    #     
+    #
     #           register 'my_exploit'
-    #     
+    #
     #           summary 'My first exploit'
     #           description <<~EOS
     #             This is my first exploit.
     #             Bla bla bla bla.
     #           EOS
-    #     
+    #
     #           author '...'
     #           author '...', email: '...', twitter: '...'
-    #     
+    #
     #           disclosure_date 'YYY-MM-DD'
     #           release_date 'YYYY-MM-DD'
     #
@@ -121,7 +122,7 @@ module Ronin
     #     register 'my_exploit'
     #
     # ### quality
-    # 
+    #
     # Defines the quality level of the exploit. Accepted values are:
     #
     # * `:testing`
@@ -157,7 +158,7 @@ module Ronin
     #     author 'doctor_doom', email: '...', twitter: '...'
     #
     # ### software
-    # 
+    #
     # Defines the software which the exploit targets.
     #
     #     software 'TestApp'
@@ -181,33 +182,33 @@ module Ronin
     # default to `String`. Params must have a one-line description.
     #
     #     param :str, desc: 'A basic string param'
-    #     
+    #
     #     param :feature_flag, Boolean, desc: 'A boolean param'
-    #     
+    #
     #     param :enum, Enum[:one, :two, :three],
     #                  desc: 'An enum param'
     #
     #     param :num1, Integer, desc: 'An integer param'
-    #     
+    #
     #     param :num2, Integer, default: 42,
     #                          desc: 'A param with a default value'
-    #     
+    #
     #     param :num3, Integer, default: ->{ rand(42) },
     #                           desc: 'A param with a dynamic default value'
-    #     
+    #
     #     param :float, Float, 'Floating point param'
     #
     #     param :url, URI, desc: 'URL param'
     #
     #     param :pattern, Regexp, desc: 'Regular Expression param'
-    # 
+    #
     # Params may then be accessed in instance methods using `params` Hash.
     #
     #     param :padding, Integer, desc: 'Amount of additional padding'
     #
     #     def build
     #       # ...
-    #     
+    #
     #       if params[:padding]
     #         @buffer << 'A' * params[:padding]
     #       end
@@ -231,7 +232,7 @@ module Ronin
     #     end
     #
     # ### build
-    # 
+    #
     # The method which defines the logic that builds the exploit before
     # launching it.
     #
@@ -440,6 +441,9 @@ module Ronin
       # @param [Hash{Symbol => Object}] kwargs
       #   Additional keyword arguments.
       #
+      # @option kwargs [Hash{Symbol => Object}] :params
+      #   The param values for the exploit.
+      #
       def initialize(**kwargs)
         super(**kwargs)
       end

data/lib/ronin/exploits/heap_overflow.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.