# frozen_string_literal: true # # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and # payload crafting functionality. # # Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com) # # ronin-exploits is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ronin-exploits is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ronin-exploits. If not, see . # require 'ronin/exploits/memory_corruption' require 'ronin/exploits/mixins/stack_overflow' module Ronin module Exploits # # Represents a stack overflow exploit. # # ## Example # # require 'ronin/exploits/stack_overflow' # require 'ronin/exploits/mixins/remote_tcp' # # module Ronin # module Exploits # class MyExploit < StackOverflow # # register 'my_exploit' # # include Mixins::RemoteTCP # # def build # ebp = 0x06eb9090 # eip = 0x1001ae86 # # @buffer = buffer_overflow(length: 1024, nops: 16, payload: payload, bp: ebp, ip: eip) # end # # def launch # tcp_send "USER #{@buffer}" # end # # end # end # end # # If you want more control over how the buffer is constructed: # # def build # ebp = 0x06eb9090 # eip = 0x1001ae86 # # @buffer = junk(1024) + nops(16) + payload + stack_frame(ebp,eip) # end # # @api public # # @since 1.0.0 # class StackOverflow < MemoryCorruption include Mixins::StackOverflow # # Returns the type or kind of exploit. # # @return [Symbol] # # @note # This is used internally to map an exploit class to a printable type. # # @api private # def self.exploit_type :stack_overflow end end end end