ronin-exploits 0.2.1 → 0.3.0

data/History.txt

@@ -1,3 +1,125 @@
+=== 0.3.0 / 2009-09-24
+
+* Require ronin >= 0.3.0.
+* Require ronin-gen >= 0.2.0.
+* Require rspec >= 1.2.8.
+* Require yard >= 0.2.3.5.
+* Added Ronin::Vuln::Behavior.drop_privileges.
+* Added Ronin::Vuln::Behavior.exit_program.
+* Added Ronin::Vuln::Behavior.crash_program.
+* Added Ronin::Controls.
+* Added Ronin::Controls::Behaviors.
+* Added Ronin::Controls::Helpers.
+* Added Ronin::Controls::Helpers::CommandExec.
+* Added Ronin::Controls::Helpers::DirCreate.
+* Added Ronin::Controls::Helpers::DirListing.
+* Added Ronin::Controls::Helpers::DirRemove.
+* Added Ronin::Controls::Helpers::FileCtime.
+* Added Ronin::Controls::Helpers::FileMtime.
+* Added Ronin::Controls::Helpers::FileOwnership.
+* Added Ronin::Controls::Helpers::FileRead.
+* Added Ronin::Controls::Helpers::FileRemove.
+* Added Ronin::Controls::Helpers::FileWrite.
+* Added Ronin::Controls::Helpers::MemoryRead.
+* Added Ronin::Controls::Helpers::MemoryWrite.
+* Added Ronin::Model::TargetsProduct.
+* Added Ronin::Exploits::Exploit#target=.
+* Added Ronin::Exploits::Exploit#payload=.
+* Added Ronin::Exploits::Exploit#raw_payload=.
+* Added Ronin::Exploits::Exploit#build_payload!.
+* Added Ronin::Payloads::HasPayload.
+* Added Ronin::Payloads::Helpers::Chained
+* Added Ronin::Generators::Exploits.
+* Added Ronin::Generators::Exploits::Exploit.
+* Added Ronin::Generators::Exploits::Local.
+* Added Ronin::Generators::Exploits::Remote.
+* Added Ronin::Generators::Exploits::RemoteTCP.
+* Added Ronin::Generators::Exploits::RemoteUDP.
+* Added Ronin::Generators::Exploits::FTP.
+* Added Ronin::Generators::Exploits::HTTP.
+* Added Ronin::Generators::Exploits::Web.
+* Added Ronin::Generators::Payloads.
+* Added Ronin::Generators::Payloads::Payload.
+* Added Ronin::Generators::Payloads::BinaryPayload.
+* Added Ronin::Generators::Payloads::Shellcode.
+* Added Ronin::Generators::Payloads::Nops.
+* Added Ronin::UI::CommandLine::Commands::Exploit.
+* Added Ronin::UI::CommandLine::Commands::Exploits.
+* Added Ronin::UI::CommandLine::Commands::Payload.
+* Added Ronin::UI::CommandLine::Commands::Payloads.
+* Added Ronin::UI::CommandLine::Commands::GenExploit.
+* Added Ronin::UI::CommandLine::Commands::GenLocalExploit.
+* Added Ronin::UI::CommandLine::Commands::GenRemoteExploit.
+* Added Ronin::UI::CommandLine::Commands::GenRemoteTcpExploit.
+* Added Ronin::UI::CommandLine::Commands::GenRemoteUdpExploit.
+* Added Ronin::UI::CommandLine::Commands::GenFtpExploit.
+* Added Ronin::UI::CommandLine::Commands::GenHttpExploit.
+* Added Ronin::UI::CommandLine::Commands::GenWebExploit.
+* Added Ronin::UI::CommandLine::Commands::GenPayload.
+* Added Ronin::UI::CommandLine::Commands::GenBinaryPayload.
+* Added Ronin::UI::CommandLine::Commands::GenShellcode.
+* Added Ronin::UI::CommandLine::Commands::GenNops.
+* Added the ronin-exploit script.
+* Added the ronin-exploits script.
+* Added the ronin-payload script.
+* Added the ronin-payloads script.
+* Added the ronin-gen-exploit script.
+* Added the ronin-gen-local-exploit script.
+* Added the ronin-gen-remote-exploit script.
+* Added the ronin-gen-remote-tcp-exploit script.
+* Added the ronin-gen-remote-udp-exploit script.
+* Added the ronin-gen-ftp-exploit script.
+* Added the ronin-gen-http-exploit script.
+* Added the ronin-gen-payload script.
+* Added the ronin-gen-binary-payload script.
+* Added the ronin-gen-shellcode script.
+* Added the ronin-gen-nops script.
+* Renamed Ronin::Vuln::Behavior.priv_escalation to gain_privileges.
+* Renamed Ronin::Exploits::Exploit#select_target to use_target!.
+* Renamed Ronin::Exploits::Exploit#call to exploit!.
+* Renamed Ronin::Exploits::Exploit#encode_with to encode_payload.
+* Renamed Ronin::Payloads::Encoder to Ronin::Payloads::Encoders::Encoder.
+* Renamed Ronin::Payloads::Encoders::Encoder#call to encode.
+* Renamed Ronin::Exploits::Exploit#encoded_payload=.
+* Removed Ronin::Payloads::Payload#payload to raw_payload.
+* Removed Ronin::Payloads::Payload#call.
+* Moved to YARD based documentation.
+* Updated the project summary and 3-point description for Ronin Exploits.
+* Ronin::Model::TargetsArch now auto-defines a relationship with Arch.
+* Ronin::Model::TargetsOS now auto-defines a relationship with OS.
+* Ronin::Model::TargetsProduct now auto-defines a relationship with Product.
+* Refactored Ronin::Exploits::Exploit.
+* Include Ronin::Controls::Behaviors into Ronin::Exploits::Exploit.
+* Made Ronin::Exploits::Exploit#to_s more robust.
+* Safely load exploit helpers using the new require_within method.
+* Allow Ronin::Exploits::Exploit#encode_payload to accept a block, which
+  will be used to encode the payload.
+* No longer allow the payload to be directly passed to
+  Ronin::Exploits::Exploit#build!.
+* Allow an index or query to be passed to
+  Ronin::Exploits::Exploit#use_target!.
+* Have Ronin::Exploits::Exploit#build_payload! only reset @raw_payload
+  if a payload is set.
+* Make sure Ronin::Exploits::Exploit#encode_payload! cannot set the
+  encoded_payload to nil.
+* Allow Ronin::Exploits::Exploit#encode_payload! to use either
+  Ronin::Payloads::Encoders::Encoder or Proc objects.
+* Allow Ronin::Exploits::Exploit#build_payload! to pass options to
+  Ronin::Payloads::Payload#build!.
+* Allow Ronin::Exploits::Exploit#build! to pass options to
+  Ronin::Exploits::Exploit#build_payload!.
+* Ronin::Exploits::Exploit#deploy! no longer receives options.
+* Allow Ronin::Exploits::Exploit#exploit! to accept a :dry_run option,
+  which will cause the exploit to be built but *not* deployed.
+* Default the @buffer instance variable to an empty String, in
+  Ronin::Exploits::Helpers::BufferOverflow.
+* Default the @format_string instance variable to an empty String, in
+  Ronin::Exploits::Helpers::FormatString.
+* Refactored Ronin::Payloads::Payload.
+* Include Ronin::Controls::Behaviors into Ronin::Payloads::Payload.
+* Made Ronin::Payloads::Payload#to_s more robust.
+* Safely load payload helpers using the new require_within method.
+
 === 0.2.1 / 2009-07-02
 
 * Use Hoe >= 2.0.0.

data/Manifest.txt

@@ -3,26 +3,55 @@ COPYING.txt
 Manifest.txt
 README.txt
 Rakefile
-TODO.txt
 bin/ronin-payload
+bin/ronin-exploit
 bin/ronin-payloads
 bin/ronin-exploits
+bin/ronin-gen-exploit
+bin/ronin-gen-local-exploit
+bin/ronin-gen-remote-exploit
+bin/ronin-gen-remote-tcp-exploit
+bin/ronin-gen-remote-udp-exploit
+bin/ronin-gen-http-exploit
+bin/ronin-gen-ftp-exploit
+bin/ronin-gen-web-exploit
+bin/ronin-gen-payload
+bin/ronin-gen-binary-payload
+bin/ronin-gen-shellcode
+bin/ronin-gen-nops
 lib/ronin/model/has_default_port.rb
 lib/ronin/model/targets_arch.rb
 lib/ronin/model/targets_os.rb
+lib/ronin/model/targets_product.rb
 lib/ronin/vuln/behavior.rb
+lib/ronin/controls.rb
+lib/ronin/controls/exceptions.rb
+lib/ronin/controls/exceptions/not_implemented.rb
+lib/ronin/controls/exceptions/program_not_found.rb
+lib/ronin/controls/behaviors.rb
+lib/ronin/controls/file_system.rb
+lib/ronin/controls/helpers.rb
+lib/ronin/controls/helpers/memory_read.rb
+lib/ronin/controls/helpers/memory_write.rb
+lib/ronin/controls/helpers/file_read.rb
+lib/ronin/controls/helpers/file_write.rb
+lib/ronin/controls/helpers/file_remove.rb
+lib/ronin/controls/helpers/file_ownership.rb
+lib/ronin/controls/helpers/file_mtime.rb
+lib/ronin/controls/helpers/file_ctime.rb
+lib/ronin/controls/helpers/dir_listing.rb
+lib/ronin/controls/helpers/dir_create.rb
+lib/ronin/controls/helpers/dir_remove.rb
+lib/ronin/controls/helpers/command_exec.rb
 lib/ronin/exploits.rb
 lib/ronin/exploits/exceptions.rb
+lib/ronin/exploits/exceptions/exception.rb
 lib/ronin/exploits/exceptions/unknown_helper.rb
 lib/ronin/exploits/exceptions/target_unspecified.rb
 lib/ronin/exploits/exceptions/target_data_missing.rb
 lib/ronin/exploits/exceptions/exploit_not_built.rb
 lib/ronin/exploits/exceptions/restricted_char.rb
 lib/ronin/exploits/exceptions/payload_size.rb
-lib/ronin/exploits/arch.rb
-lib/ronin/exploits/os.rb
-lib/ronin/exploits/license.rb
-lib/ronin/exploits/product.rb
 lib/ronin/exploits/verifiers.rb
 lib/ronin/exploits/helpers.rb
 lib/ronin/exploits/helpers/file_based.rb
@@ -33,7 +62,7 @@ lib/ronin/exploits/helpers/format_string.rb
 lib/ronin/exploits/targets.rb
 lib/ronin/exploits/targets/buffer_overflow.rb
 lib/ronin/exploits/targets/format_string.rb
-lib/ronin/exploits/allow.rb
+lib/ronin/exploits/control.rb
 lib/ronin/exploits/target.rb
 lib/ronin/exploits/exploit.rb
 lib/ronin/exploits/exploit_author.rb
@@ -47,20 +76,16 @@ lib/ronin/exploits/web.rb
 lib/ronin/exploits/version.rb
 lib/ronin/payloads.rb
 lib/ronin/payloads/exceptions.rb
+lib/ronin/payloads/exceptions/exception.rb
 lib/ronin/payloads/exceptions/unknown_helper.rb
-lib/ronin/payloads/license.rb
-lib/ronin/payloads/arch.rb
-lib/ronin/payloads/os.rb
-lib/ronin/payloads/encoder.rb
-lib/ronin/payloads/encoders.rb
-lib/ronin/payloads/encoders/xor.rb
+lib/ronin/payloads/exceptions/not_implemented.rb
 lib/ronin/payloads/helpers.rb
-lib/ronin/payloads/helpers/exceptions.rb
-lib/ronin/payloads/helpers/exceptions/not_implemented.rb
-lib/ronin/payloads/helpers/exceptions/program_not_found.rb
-lib/ronin/payloads/helpers/file_system.rb
-lib/ronin/payloads/helpers/shell.rb
+lib/ronin/payloads/helpers/chained.rb
 lib/ronin/payloads/helpers/rpc.rb
+lib/ronin/payloads/encoders.rb
+lib/ronin/payloads/encoders/encoder.rb
+lib/ronin/payloads/encoders/xor.rb
+lib/ronin/payloads/has_payload.rb
 lib/ronin/payloads/control.rb
 lib/ronin/payloads/payload_author.rb
 lib/ronin/payloads/payload.rb
@@ -69,25 +94,76 @@ lib/ronin/payloads/asm_payload.rb
 lib/ronin/payloads/nops.rb
 lib/ronin/payloads/shellcode.rb
 lib/ronin/payloads/web_payload.rb
+lib/ronin/generators/exploits.rb
+lib/ronin/generators/exploits/exploit.rb
+lib/ronin/generators/exploits/local.rb
+lib/ronin/generators/exploits/remote.rb
+lib/ronin/generators/exploits/remote_tcp.rb
+lib/ronin/generators/exploits/remote_udp.rb
+lib/ronin/generators/exploits/http.rb
+lib/ronin/generators/exploits/ftp.rb
+lib/ronin/generators/exploits/web.rb
+lib/ronin/generators/exploits/static.rb
+lib/ronin/generators/payloads.rb
+lib/ronin/generators/payloads/payload.rb
+lib/ronin/generators/payloads/binary_payload.rb
+lib/ronin/generators/payloads/shellcode.rb
+lib/ronin/generators/payloads/nops.rb
+lib/ronin/generators/payloads/static.rb
 lib/ronin/ui/command_line/commands/payload.rb
+lib/ronin/ui/command_line/commands/exploit.rb
 lib/ronin/ui/command_line/commands/payloads.rb
 lib/ronin/ui/command_line/commands/exploits.rb
+lib/ronin/ui/command_line/commands/gen_exploit.rb
+lib/ronin/ui/command_line/commands/gen_local_exploit.rb
+lib/ronin/ui/command_line/commands/gen_remote_exploit.rb
+lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb
+lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb
+lib/ronin/ui/command_line/commands/gen_http_exploit.rb
+lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb
+lib/ronin/ui/command_line/commands/gen_web_exploit.rb
+lib/ronin/ui/command_line/commands/gen_payload.rb
+lib/ronin/ui/command_line/commands/gen_binary_payload.rb
+lib/ronin/ui/command_line/commands/gen_shellcode.rb
+lib/ronin/ui/command_line/commands/gen_nops.rb
 tasks/spec.rb
+tasks/yard.rb
+static/ronin/generators/exploits/_header.erb
+static/ronin/generators/exploits/_helpers.erb
+static/ronin/generators/exploits/_cache.erb
+static/ronin/generators/exploits/exploit.erb
+static/ronin/generators/exploits/local.erb
+static/ronin/generators/exploits/remote.erb
+static/ronin/generators/exploits/remote_tcp.erb
+static/ronin/generators/exploits/remote_udp.erb
+static/ronin/generators/exploits/http.erb
+static/ronin/generators/exploits/ftp.erb
+static/ronin/generators/exploits/web.erb
+static/ronin/generators/payloads/_header.erb
+static/ronin/generators/payloads/_helpers.erb
+static/ronin/generators/payloads/_cache.erb
+static/ronin/generators/payloads/payload.erb
+static/ronin/generators/payloads/binary_payload.erb
+static/ronin/generators/payloads/shellcode.erb
+static/ronin/generators/payloads/nops.erb
 spec/spec_helper.rb
 spec/helpers/database.rb
 spec/helpers/objects.rb
-spec/objects/exploits/test.rb
+spec/objects/exploits/simple.rb
 spec/objects/exploits/example.rb
-spec/objects/payloads/test.rb
+spec/objects/payloads/simple.rb
 spec/exploits_spec.rb
 spec/model/models/default_port_model.rb
 spec/model/models/non_default_port_model.rb
 spec/model/models/targets_arch_model.rb
 spec/model/models/targets_os_model.rb
+spec/model/models/targets_product_model.rb
 spec/model/has_default_port_spec.rb
 spec/model/targets_arch_spec.rb
 spec/model/targets_os_spec.rb
+spec/model/targets_product_spec.rb
 spec/vuln/behavior_spec.rb
+spec/controls/behaviors_examples.rb
 spec/exploits/targets/buffer_overflow_spec.rb
 spec/exploits/target_spec.rb
 spec/exploits/exploit_spec.rb
@@ -101,6 +177,20 @@ spec/exploits/binary_exploit_spec.rb
 spec/exploits/padding_exploit_spec.rb
 spec/exploits/buffer_overflow_exploit_spec.rb
 spec/exploits/format_string_exploit_spec.rb
-spec/payloads/encoder_spec.rb
+spec/payloads/encoders/encoder_spec.rb
 spec/payloads/encoders/xor_spec.rb
 spec/payloads/payload_spec.rb
+spec/generators/exploits/exploit_examples.rb
+spec/generators/exploits/exploit_spec.rb
+spec/generators/exploits/local_spec.rb
+spec/generators/exploits/remote_spec.rb
+spec/generators/exploits/remote_tcp_spec.rb
+spec/generators/exploits/remote_udp_spec.rb
+spec/generators/exploits/http_spec.rb
+spec/generators/exploits/ftp_spec.rb
+spec/generators/exploits/web_spec.rb
+spec/generators/payloads/payload_examples.rb
+spec/generators/payloads/payload_spec.rb
+spec/generators/payloads/binary_payload_spec.rb
+spec/generators/payloads/shellcode_spec.rb
+spec/generators/payloads/nops_spec.rb

data/README.txt

@@ -2,7 +2,7 @@
 
 * http://ronin.rubyforge.org/exploits/
 * http://github.com/postmodern/ronin-exploits
-* irc.freenode.net ##ronin
+* irc.freenode.net #ronin
 * Postmodern (postmodern.mod3 at gmail.com)
 
 == DESCRIPTION:
@@ -10,61 +10,131 @@
 Ronin Exploits is a Ruby library for Ronin that provides exploitation and
 payload crafting functionality.
 
-Ronin is a Ruby platform designed for information security and data
-exploration tasks. Ronin allows for the rapid development and distribution
-of code over many of the common Source-Code-Management (SCM) systems.
+Ronin is a Ruby platform for exploit development and security research.
+Ronin allows for the rapid development and distribution of code, exploits
+or payloads over many common Source-Code-Management (SCM) systems.
 
-=== Free
+=== Ruby
 
-All source code within Ronin is licensed under the GPL-2, therefore no user
-will ever have to pay for Ronin or updates to Ronin. Not only is the
-source code free, the Ronin project will not sell enterprise grade security
-snake-oil solutions, give private training classes or later turn Ronin into
-commercial software.
+Ronin's Ruby environment allows security researchers to leverage Ruby with
+ease. The Ruby environment contains a multitude of convenience methods
+for working with data in Ruby, a Ruby Object Database, a customized Ruby
+Console and an extendable command-line interface.
 
-=== Modular
+=== Extend
 
-Ronin was not designed as one monolithic framework but instead as a
-collection of libraries which can be individually installed. This allows
-users to pick and choose what functionality they want in Ronin.
+Ronin's more specialized features are provided by additional Ronin
+libraries, which users can choose to install. These libraries can allow
+one to write and run Exploits and Payloads, scan for PHP vulnerabilities,
+perform Google Dorks  or run 3rd party scanners.
 
-=== Decentralized
+=== Publish
 
-Ronin does not have a central repository of exploits and payloads which
-all developers contribute to. Instead Ronin has Overlays, repositories of
-code that can be hosted on any CVS/SVN/Git/Rsync server. Users can then use
-Ronin to quickly install or update Overlays. This allows developers and
-users to form their own communities, independent of the main developers
-of Ronin.
+Ronin allows users to publish and share code, exploits, payloads or other
+data via Overlays. Overlays are directories of code and data that can be
+hosted on any SVN, Hg, Git or Rsync server. Ronin makes it easy to create,
+install or update Overlays.
 
 == FEATURES:
 
-* Ability to define payloads based on:
+* Ability to define Payloads based on:
   * Contributing authors.
   * Behaviors they control.
   * Helpers they use.
-* Ability to define payload encoders:
+* Ability to define Payload Encoders:
   * Architectures they target.
   * OSes they target.
-* Ability to define exploits based on:
-  * Wether they are local or remote.
+* Ability to define Exploits based on:
+  * Whether they are local or remote.
   * Protocol they use.
   * Contributing authors.
+  * Behaviors they control.
   * Disclosure status.
   * Level of weaponization.
-  * Behaviors the vulnerability allows.
   * Architectures they target.
   * OSes they target.
   * Products they target.
   * Helpers they use.
+* Provides a simple three phase process of building, verifying and
+  deploying Exploits and Payloads.
+* Allows adding arbitrary target data to the targets of Exploits.
+* Allows combining Payloads with Exploits.
+* Allows using a raw-payload with an Exploit.
+* Allows the addition of multiple Payload Encoders to an Exploit.
+* Allows chaining multiple Payloads together.
+* Provides a multitude of exploit and payload generators which can create
+  customized skeleton Ruby Exploits and Payloads.
 
-== REQUIREMENTS:
+== SYNOPSIS:
 
-* {ronin}[http://ronin.rubyforge.org/] >= 0.2.3
+* Generate a skeleton exploit, with some custom information:
 
-== INSTALL:
+    $ ronin-gen exploit exploit.rb --name Example \
+                                   --controls command_exec \
+				   --status proven \
+				   --authors Postmodern \
+				   --description "This is an example."
 
-  $ sudo gem install ronin-exploits
+  * To generate other types of exploits, you can specify +local_exploit+,
+    +remote_exploit+, +remote_tcp_exploit+, +remote_udp_exploit+,
+    +ftp_exploit+, +http_exploit+ or +web_exploit+, instead of simply
+    +exploit+.
+
+* Generate a skeleton payload, with some custom information:
+
+    $ ronin-gen payload payload.rb --name Example \
+                                   --controls file_read file_write \
+				   --authors Postmodern \
+				   --description "This is an example."
+
+  * To generate other types of payloads, you can specify +binary_payload+,
+    +shellcode+ or +nops+, instead of simply +payload+.
+
+* List available payloads:
+
+    $ ronin-payloads
+
+* Print information about a payload:
+
+    $ ronin-payloads -n NAME -v
+
+* Build and output a payload:
+
+    $ ronin-payload NAME
+
+* Build and output a raw unescaped payload:
+
+    $ ronin-payload NAME --raw
+
+* Load a payload from a file, then build and output it:
+
+    $ ronin-payload -f FILE
+
+* List available exploits:
+
+    $ ronin-exploits
+
+* Print information about an exploit:
+
+    $ ronin-exploits -n NAME -v
+
+* Build and deploy an exploit:
+
+    $ ronin-exploit -n NAME --host example.com --port 9999
+
+* Load an exploit from a file, then build and deploy it:
+
+    $ ronin-exploit -f FILE --host example.com --port 9999
+
+* Build and deploy an exploit, with a payload:
+
+    $ ronin-exploit -n NAME --host example.com --port 9999 -P PAYLOAD_NAME
+
+* Build and deploy an exploit, with a raw payload:
+
+    $ ronin-exploit -n NAME --host example.com --port 9999 \
+                    --raw-payload \
+		    `echo -en "\x66\x31\xc0\xfe\xc0\xb3\xff\xcd\x80"`
 
 == EXAMPLES:
 
@@ -127,7 +197,7 @@ of Ronin.
       #
       # Base64 encodes the specified _data_.
       #
-      def call(data)
+      def encode(data)
         return data.to_s.base64_encode
       end
     end
@@ -149,6 +219,8 @@ of Ronin.
 
         author(:name => 'Postmodern', :organization => 'SophSec')
 
+        control :code_exec
+
         targeting do |target|
           target.arch :i686
           target.os :name => 'Linux'
@@ -171,6 +243,15 @@ of Ronin.
       end
     end
 
+== REQUIREMENTS:
+
+* {ronin}[http://ronin.rubyforge.org/] >= 0.3.0
+* {ronin-gen}[http://ronin.rubyforge.org/gen/] >= 0.2.0
+
+== INSTALL:
+
+  $ sudo gem install ronin-exploits
+
 == LICENSE:
 
 Ronin Exploits - A Ruby library for Ronin that provides exploitation and