English
资源说明:Ronin Exploits is a Ruby library for Ronin that provides exploitation and payload crafting functionality.
# ronin-exploits
[](https://github.com/ronin-rb/ronin-exploits/actions/workflows/ruby.yml)
[](https://codeclimate.com/github/ronin-rb/ronin-exploits)
* [Source](https://github.com/ronin-rb/ronin-exploits)
* [Issues](https://github.com/ronin-rb/ronin-exploits/issues)
* [Documentation](https://rubydoc.info/github/ronin-rb/ronin-exploits/frames)
* [Slack](https://ronin-rb.slack.com) |
[Discord](https://discord.gg/6WAb3PsVX9) |
[Twitter](https://twitter.com/ronin_rb)
## Description
ronin-exploits is a Ruby library for writing and running exploits and payloads.
ronin-exploits is part of the [ronin-rb] project, a [Ruby] toolkit for security
research and development.
## Features
* Define Exploits based on:
* Whether they are local or remote.
* Protocol they use.
* Contributing authors.
* Exploited behaviors.
* Disclosure status.
* Level of weaponization.
* Architectures they target.
* OSes they target.
* Products they target.
* Define Payloads based on:
* Contributing authors.
* Helpers they use.
* Define Payload Encoders:
* Architectures they target.
* OSes they target.
* Provides a simple three phase process of building, verifying and
deploying Exploits and Payloads.
* Allows adding arbitrary target data to the targets of Exploits.
* Allows combining Payloads with Exploits.
* Allows using a raw-payload with an Exploit.
* Allows the addition of multiple Payload Encoders to an Exploit.
* Allows chaining multiple Payloads together.
* Provides the following Exploit classes:
* {Ronin::Exploits::Exploit}
* {Ronin::Exploits::Local}
* {Ronin::Exploits::Remote}
* {Ronin::Exploits::RemoteTCP}
* {Ronin::Exploits::RemoteUDP}
* {Ronin::Exploits::HTTP}
* {Ronin::Exploits::FTP}
* {Ronin::Exploits::Web}
* {Ronin::Exploits::LFI}
* {Ronin::Exploits::RFI}
* {Ronin::Exploits::SQLi}
* Provides the following Exploit helpers:
* {Ronin::Exploits::Helpers::Binary}
* {Ronin::Exploits::Helpers::Padding}
* {Ronin::Exploits::Helpers::BufferOverflow}
* {Ronin::Exploits::Helpers::FormatString}
* {Ronin::Exploits::Helpers::FileBuilder}
* Provides the following Payload classes:
* {Ronin::Payloads::Payload}
* {Ronin::Payloads::BinaryPayload}
* {Ronin::Payloads::ASMPayload}
* {Ronin::Payloads::Nops}
* {Ronin::Payloads::Shellcode}
* {Ronin::Payloads::BindShell}
* Provides the following Payload helpers:
* {Ronin::Payloads::Helpers::BindShell}
* Provides an API for {Ronin::PostExploitation Post-Exploitation}.
* Provides a multitude of exploit and payload generators which can create
customized skeleton Ruby Exploits and Payloads.
## Synopsis
Generate a skeleton exploit, with some custom information:
$ ronin-gen exploit example_exploit.rb \
--name Example --arch i686 --os Linux --product "Example Product" \
--status proven \
--authors Postmodern --description "This is an example."
* To generate other types of exploits specify one of the following:
* `local_exploit`
* `remote_exploit`
* `remote_tcp_exploit`
* `remote_udp_exploit`
* `ftp_exploit`
* `http_exploit`
* `web_exploit`
Generate a skeleton payload, with some custom information:
$ ronin-gen payload example_payload.rb \
--name Example --arch i686 --os Linux \
--authors Postmodern --description "This is an example."
* To generate other types of payloads specify one of the following:
* `binary_payload`
* `shellcode`
* `nops`
List available exploits:
$ ronin-exploits
Print information about an exploit:
$ ronin-exploits -n NAME -v
Build and deploy an exploit:
$ ronin-exploit -n NAME --host example.com --port 9999
Load an exploit from a file, then build and deploy it:
$ ronin-exploit -f FILE --host example.com --port 9999
Build and deploy an exploit, with a payload:
$ ronin-exploit -n NAME --host example.com --port 9999 -P PAYLOAD_NAME
Build and deploy an exploit, with a raw payload:
$ ronin-exploit -n NAME --host example.com --port 9999 --raw-payload \
`echo -en "\x66\x31\xc0\xfe\xc0\xb3\xff\xcd\x80"`
List available payloads:
$ ronin-payloads
Print information about a payload:
$ ronin-payloads -n NAME -v
Build and output a payload:
$ ronin-payload NAME
Build and output a raw unescaped payload:
$ ronin-payload NAME --raw
Load a payload from a file, then build and output it:
$ ronin-payload -f FILE
## Examples
Define a remote TCP exploit:
require 'ronin/exploits/remote_tcp'
Ronin::Exploits::RemoteTCP.object do
helper :buffer_overflow
#
# Cacheable data.
#
cache do
self.name = 'test'
self.description = %{This is an example exploit.}
self.status = :potential
self.released = true
author name: 'Postmodern', organization: 'SophSec'
targeting do |t|
t.targets_arch :x86
t.targets_os 'Linux'
t.targets_software 'ExampleWare', '2.4.7b'
end
end
#
# Builds the exploit.
#
build do
@buffer = "USER #{build_buffer}\n"
end
#
# Deploys the built exploit.
#
deploy do
tcp_send @buffer
end
#
# Evacuates the deployed exploit.
#
evacuate do
tcp_send "QUIT"
end
end
Define a shellcode payload:
require 'ronin/payloads/shellcode'
Ronin::Payloads::Shellcode.object do
cache do
self.name = 'local_shell'
self.version = '0.5'
self.description = %{
Shellcode that spawns a local /bin/sh shell
}
targets_arch :x86
targets_os 'Linux'
end
build do
shellcode do
xor eax, eax
push eax
push 0x68732f2f
push 0x6e69622f
mov esp, ebx
push eax
push ebx
mov esp, ecx
xor edx, edx
int 0xb
end
end
end
Define a payload encoder:
require 'ronin/encoders/encoder'
Ronin::Encoders::Encoder.object do
#
# Cacheable data.
#
cache do
self.name = 'base64_encode'
self.description = %{Example base64 payload encoder}
self.targets_arch :x86
self.targets_os 'Linux'
end
#
# Base64 encodes the specified data.
#
def encode(data)
return data.to_s.base64_encode
end
end
## Requirements
* [Ruby] >= 1.9.1
* [open_namespace] ~> 0.4
* [data_paths] ~> 0.3
* [uri-query_params] ~> 0.6
* [ruby-yasm] ~> 0.2
* [ronin-support] ~> 0.6
* [ronin] ~> 1.6
* [ronin-gen] ~> 1.3
* [ronin-asm] ~> 0.1
* [ronin-sql] ~> 1.0
## Install
$ gem install ronin-exploits
## Development
1. [Fork It!](https://github.com/ronin-rb/ronin-exploits/fork)
2. Clone It!
3. `cd ronin-exploits`
4. `bundle install`
5. `git checkout -b my_feature`
6. Code It!
7. `bundle exec rake spec`
8. `git push origin my_feature`
## License
ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
payload crafting functionality.
Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
This file is part of ronin-exploits.
ronin-exploits is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
ronin-exploits is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with ronin-exploits. If not, see
本源码包内暂不包含可直接显示的源代码文件,请下载源码包。
