# # Ronin Exploits - A Ruby library for Ronin that provides exploitation and # payload crafting functionality. # # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # require 'ronin/ui/command_line/command' require 'ronin/exploits' require 'ronin/payloads' require 'ronin/database' require 'parameters/parser' module Ronin module UI module CommandLine module Commands class Exploit < Command desc "exploit [options]", "Builds and deploys an exploit" method_option :database, :type => :string, :default => Database.config, :aliases => '-D' # exploit options method_option :name, :type => :string, :aliases => '-n' method_option :version, :type => :string, :aliases => '-V' method_option :params, :type => :array, :default => [], :aliases => '-p' method_option :host, :type => :string method_option :port, :type => :numeric method_option :local_host, :type => :string method_option :local_port, :type => :numeric method_option :dry_run, :type => :boolean, :default => false method_option :raw_payload, :type => :string method_option :file, :type => :string, :aliases => '-f' # target options method_option :target, :type => :numeric, :alias => '-t' method_option :target_arch, :type => :string, :aliases => '-a' method_option :target_os, :type => :string, :aliases => '-o' method_option :target_product, :type => :string method_option :target_version, :type => :string # payload options method_option :payload_name, :type => :string, :aliases => '--payload -P' method_option :payload_version, :type => :string method_option :payload_file, :type => :string def default Database.setup(options[:database]) # Load the exploit if options[:file] load_exploit! else find_exploit! end unless @exploit print_error "Could not find the specified exploit" exit -1 end if options[:target] unless exploit.use_target!(options[:target]) print_error "Invalid target index: #{options[:target]}" exit -1 end elsif (options[:target_arch] || options[:target_os] || options[:target_product] || options[:target_version]) exploit.use_target! do |target| if (options[:target_arch] && target.arch) next unless target.arch.name == options[:target_arch] end if (options[:target_os] && target.os) next unless target.os.name == options[:target_os] end if (options[:target_product] && target.product) next unless target.product.name.include?(options[:target_product]) end if (options[:target_version] && target.product) next unless target.product.version == options[:target_version] end true end end if options[:raw_payload] exploit.raw_payload = options[:raw_payload] elsif options[:payload_file] load_payload! elsif options[:payload_name] find_payload! end params = Parameters::Parser.parse(options[:params]) params[:host] = options[:host] if options[:host] params[:port] = options[:port] if options[:port] params[:local_host] = options[:local_host] if options[:local_host] params[:local_port] = options[:local_port] if options[:local_port] params[:dry_run] = options.dry_run? begin @exploit.exploit!(params) rescue Parameters::MissingParam, Exploits::Exception, Payloads::Exception => e print_error(e.message) end end protected def load_exploit! @exploit = Exploits::Exploit.load_from(options[:file]) end def find_exploit! @exploit = Exploits::Exploit.load_first do if options[:name] exploits = exploits.named(options[:name]) end if options[:describing] exploits = exploits.describing(options[:describing]) end if options[:version] exploits = exploits.revision(options[:version]) end if options[:license] exploits = exploits.licensed_under(options[:license]) end if options[:arch] exploits = exploits.targeting_arch(options[:arch]) end if options[:os] exploits = exploits.targeting_os(options[:os]) end exploits end end def load_payload! unless @exploit.use_payload_from!(options[:payload_file]) print_error "Could not load a compatible payload for the exploit!" end end def find_payload! @exploit.use_payload! do |payloads| if options[:payload_name] payloads = payloads.named(options[:payload_name]) end if options[:payload_version] payloads = payloads.revision(options[:payload_version]) end payloads end unless @exploit.payload print_error "Could not find a compatible payload for the exploit!" exit -1 end end end end end end end