ronin-rb / ronin-exploits Goto Github PK

Over the years people seem to be confused that ronin-exploits does not contain any actual working exploits, just the library code that allows you to write and run exploits. Should we rename the repository to ronin-exploit or ronin-exploitation to avoid this confusion?

Extract the data/ronin/payloads/php/rpc.php and data/ronin/payloads/php/rpc.js files out into their own repository.

Ronin::Exploits::Helpers::FormatString should be checked against the libformatstr library.

Extract lib/ronin/payloads out into it's own repository.

Add rubocop to the repository.

• Add the rubocop gem to the Gemfile.
• Start with the template rubocop.yml file which closely matches Ronin's general code style.
• Add the rubocop task and add it to the CI.

In the bin/ronin-* files, check for the existence of Gemfile.lock and then require 'bundler/setup'.

This will help with making dynamic Shellcode payloads.

Add a Ronin::Exploits::CLI main command class that will auto-load the other sub-commands. See ronin-repos as an example.

Delete the lib/ronin/payloads directory and all related files in favor of the new ronin-payloads gem.

Add ronin-repos as a dependency to the gemspec.yml.

Ronin::Database::Migrations need to be defined for the Exploit and Payload classes.

Once we remove all DataMapper or Database code, the yard-dm dependency will no longer be needed.

Replace all database model properties that store the Exploit's metadata with class methods for declaring the metadata.

• ronin/exploits/advisory
• ronin/exploits/target
• ronin/exploits/exploiit
• ronin/exploits/mixins/has_targets
• ronin/exploits/mixins/has_payload
• ronin/exploits/memory_corruption
• ronin/exploits/stack_overflow
• ronin/exploits/heap_overflow
• ronin/exploits/web
• ronin/exploits/lfi
• ronin/exploits/rfi
• ronin/exploits/sqli

Example

class Exploit

  def self.foo(value=nil)
    if value
      @foo = value
    else
      @foo
    end
  end

  # ...    
end

class ExampleExploit < Exploit

  foo "Some value"
  # ...
  
end

Remove the ronin dependency from the gemspec.yml.

ronin-exploit from the repository throws an require error track back to this line of code:

https://github.com/ronin-ruby/ronin-exploits/blob/master/lib/ronin/database/migrations/exploits/exploit.rb#L23

``require': cannot load such file -- ronin/database/migrations/license (LoadError)`

I can't find where this license file in either ronin or ronin-exploit

Exploits currently use Ronin::Script::Testable and Ronin::Exploits::Tests, which provides methods for testing data and raising exceptions. @mephux mentioned a need for more specific test/validation methods (ex: validates_is_running /WuFTP/).

Reduce the amount of meta-programming and define Ronin::Exploits::Exploit classes as plain Ruby classes.

• Remove Ronin::Script and Ronin::Behaviors.
• Remove the helper method in favor of just including Mixin modules.
• Replace all database properties with metadata getter/setter class methods.
• Add a reigster class method that registers the exploit class with Ronin::Exploits/Ronin::Core::ModuleRegistry.

• Ronin::Exploits::Exploit
• Ronin::Exploits::Web
• Ronin::Exploits::MemoryCorruption
• Ronin::Exploits::StackOverflow
• Ronin::Exploits::HeapOverflow
• Ronin::Exploits::LFI
• Ronin::Exploits::RFI
• Ronin::Exploits::SQLI

Remove the lib/ronin/post_exploitation* directory and files in favor of the new ronin-post_exploitation gem.

Exploit classes should register themselves with Ronin::Exploits.

Replace targeting_arch, target_os, targeting_product with custom arch=, os=, product= methods.

Error when trying to run ronin-exploit (clone from git and bundle install)
bin/ronin-exploit:18:in require': /tmp/ronin-exploits/lib/ronin/ui/cli/commands/exploit.rb:66: syntax error, unexpected tLABEL (SyntaxError) Payloads:Exception: e ^ from bin/ronin-exploit:18:in

Add ronin-c2 to gemspec.yml as a dependency. The Ronin::Exploits classes may include Ronin::C2 functionality (ex: LFI exploit may provide the file-read capability).

Refactor the Ronin::Exploits::CLI::Commands classes to use the Ronin::Core::CLI::Command class.

• ronin/exploits/cli/commands/list
• ronin/exploits/cli/commands/run

Extract the data/ronin/payloads/ruby/rpc.rb file out into it's own repository.

Due to issues with how TruffleRuby implements keyword argument splatting, command_kit fails to pass specs on TruffleRuby. Will have to hold off on TruffleRuby support until TruffleRuby fixed keyword argument splatting or adds support for Ruby 3.0.

Ronin now requires Ruby >= 3.0. Re-enable JRuby in the CI matrix once JRuby achieves 3.0 support.

Since we will not be storing exploits in the database, remove the ronin/vuln.rb model.

Add ronin-payloads to gemspec.yml as a dependency.

Need to finish the Ronin::Exploits::SQLi class, which uses Ronin::Code::SQL to generate SQL injections.

Remove the yard* dependencies from the gemspec.yml and move the yard gem into the Gemfile.

Since we will not be storing exploits in the database, remove the ronin/advisory.rb model.

Add a db_each_table / db_each_column methods to Ronin::Exploits::SQLi which can enumerate the tables/columns in the database.

Switch from options={} to keyword arguments.

• lib/ronin/exploits/exploit.rb: def use_target!(options={})
• lib/ronin/exploits/exploit.rb: def build_payload!(options={})
• lib/ronin/exploits/exploit.rb: def build!(options={},&block)
• lib/ronin/exploits/exploit.rb: def exploit!(options={},&block)
• lib/ronin/exploits/web.rb: def self.test(uri,options={})
• lib/ronin/exploits/web.rb: def http_request(options={},&block)

Extract the lib/ronin/post_exploitation/ code into it's own repository and gem, which ronin-exploits can then dep in.

Now that Ronin::Exploits::Exploit will be a Plain-Old-Ruby-Object (PORO), we can remove the following database files:

• lib/ronin/database/migrations/advisory.rb
• lib/ronin/database/migrations/exploits/
• lib/ronin/database/migrations/exploits.rb
• lib/ronin/database/migrations/vuln.rb

Ronin::Payloads::Shellcode needs helper methods for using Ronin::Code::ASM::Program.

Add a new sub-command for generating a boilerplate exploit or payload file. Add options to support generating different types of exploits or payloads. Try to reuse the .erb templates in data/ronin/gen/exploits/.

There should be commands for testing URLs for Web Exploits and saving them into the Database.

Remove payload files in favor of the new ronin-payloads dependency.

• bin/ronin-encoder*
• bin/ronin-payload*
• examples/bin_sh_amd64.rb
• examples/bin_sh.rb
• examples/local_shell.rb
• lib/ronin/database/migrations/encoders.rb
• lib/ronin/database/migrations/encoders/
• lib/ronin/database/migrations/payloads/
• lib/ronin/database/migrations/payloads.rb
• lib/ronin/encoders/
• lib/ronin/encoders.rb
• lib/ronin/payloads/
• lib/ronin/payloads.rb
• lib/ronin/gen/generators/payloads/
• data/ronin/gen/payloads/
• lib/ronin/ui/cli/commands/*encoder*
• lib/ronin/ui/cli/commands/*payload*
• spec/payloads/
• spec/encoders/
• spec/helpers/encoders.rb
• spec/helpers/payloads.rb
• spec/helpers/scripts/payloads/
• spec/gen/generators/payloads/

The ronin-exploits command should be able to search Ronin::Repos for all exploit files (aka files within the exploits/ directory). Additionally, ronin-exploit should be able to search for and load an exploit file/class from Ronin::Repos.

Extract data/ronin/payloads/node.js/rpc.js out into it's own repository.

Drop the ronin-gen dependency.

We need a Web Exploit (similar to LFI) for scanning and crafting XSS.

Add a Ronin::Exploits::CLI::Commands::New sub-command which generates boilerplate exploit modules. Reuse the .erb templates in data/ronin/gen/exploits/. Add options based on the parameters in the lib/ronin/gen/generators/exploits/... classes.

Exploit classes need full Examples added to their top-level documentation. These Examples must be short, functional and copy-pastable.

• ronin/exploits/stack_overflow
• ronin/exploits/seh_overflow
• ronin/exploits/lfi
• ronin/exploits/rfi
• ronin/exploits/sqli

Once we have a Ronin::Exploits::CLI::Commands::Gen sub-command, we can delete the lib/ronin/gen/ directory.

When debugging output is enabled it will allow the user to see what data is being sent and received by the Network methods.

• Ronin::Exploits::Mixins::RemoteTCP
• Ronin::Exploits::Mixins::RemoteUDP
• Ronin::Exploits::Mixins::HTTP