Class: Ronin::Exploits::CLI::Commands::Run Private
- Inherits:
-
ExploitCommand
- Object
- Core::CLI::Command
- Ronin::Exploits::CLI::Command
- ExploitCommand
- Ronin::Exploits::CLI::Commands::Run
- Includes:
- CommandKit::Printing::Indent, Core::CLI::Logging, Core::CLI::Options::Param, Payloads::CLI::EncoderMethods, Payloads::CLI::PayloadMethods
- Defined in:
- lib/ronin/exploits/cli/commands/run.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Runs an exploit.
Usage
ronin-exploits run [options] {NAME | -f FILE}
Options
-f, --file FILE The exploit file to load
-p, --param NAME=VALUE Sets a param
-D, --dry-run Builds the exploit but does not launch it
--payload-file FILE Load the payload from the given Ruby file
--read-payload FILE Reads the payload string from the file
--payload-string STRING Uses the raw payload string instead
-P, --payload NAME The payload to load and use
--payload-param NAME=VALUE Sets a param in the payload
--encoder-file FILE Load the payload encoder from the Ruby file
-E, --encoder NAME Loads the payload encoder by name
--encoder-param ENCODER.NAME=VALUE
Sets a param of the ENCODER
-t, --target INDEX Selects the target by index
-A x86|x86-64|amd64|ia64|ppc|ppc64|arm|armbe|arm64|arm64be|mips|mipsle|mips64|mips64le,
--target-arch Selects the target with the matching arch
-O linux|macos|windows|freebsd|openbsd|netbsd,
--target-os Selects the target with the matching OS
--target-os-version VERSION Selects the target with the matching OS version
-S, --target-software NAME Selects the target with the matching software name
-V, --target-version VERSION Selects the target with the matching software version
-L, --save-loot DIR Saves any found loot to the DIR
-D, --debug Enables debugging messages
--irb Open an interactive Ruby shell inside the exploit
-h, --help Print help information
Arguments
[NAME] The exploit name to load
Instance Attribute Summary collapse
-
#encoder_params ⇒ Hash{String => Hash{String => String}}
readonly
private
The encoder params.
-
#encoders_to_load ⇒ Array<(Symbol, String)>
readonly
private
Thte encoder names and paths to load.
-
#payload_params ⇒ Hash{String => String}
readonly
private
The payload params.
-
#target_kwargs ⇒ Hash{Symbol => Object}
readonly
private
The keyword arguments to select a target with.
Attributes inherited from ExploitCommand
Instance Method Summary collapse
-
#initialize(**kwargs) ⇒ Run
constructor
private
Initializes the
ronin-exploits run
command. -
#initialize_encoders ⇒ Object
private
Initializes the payload encoders specified by
--encoder
or--encoder-file
. -
#initialize_exploit ⇒ Object
private
Initializes the exploit.
-
#initialize_payload ⇒ Object
private
Initializes the payload specified by
--payload
,--payload-file
,--read-payload
, or--payload-string
. -
#load_encoders ⇒ Object
private
Loads the payload encoder classes specified by
--encoder
or--encoder-file
. -
#load_payload ⇒ Object
private
Loads the payload class specified by
--payload
or--payload-file
. -
#perform_cleanup ⇒ Object
private
Performs the cleanup stage of the exploit.
-
#post_exploitation ⇒ Object
private
Performs the post-exploitation stage.
-
#print_loot ⇒ Object
private
Prints any loot collected by the exploit.
-
#run(name = nil) ⇒ Object
private
Runs the
ronin-exploits run
command. -
#run_exploit ⇒ Object
private
Runs the exploit.
-
#save_loot ⇒ Object
private
Saves the collected loot to the
--save-loot
directory. -
#start_shell ⇒ Object
private
Starts an interactive ruby shell within the exploit object.
-
#validate_payload ⇒ Object
private
Validates the payload.
Methods inherited from ExploitCommand
#load_exploit, #load_exploit_from, #validate_exploit
Methods included from ExploitMethods
#load_exploit, #load_exploit_from, #validate_exploit
Constructor Details
#initialize(**kwargs) ⇒ Run
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the ronin-exploits run
command.
251 252 253 254 255 256 257 258 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 251 def initialize(**kwargs) super(**kwargs) @encoders_to_load = [] @encoder_params = Hash.new { |hash,key| hash[key] = {} } @payload_params = {} @target_kwargs = {} end |
Instance Attribute Details
#encoder_params ⇒ Hash{String => Hash{String => String}} (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The encoder params.
233 234 235 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 233 def encoder_params @encoder_params end |
#encoders_to_load ⇒ Array<(Symbol, String)> (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Thte encoder names and paths to load.
228 229 230 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 228 def encoders_to_load @encoders_to_load end |
#payload_params ⇒ Hash{String => String} (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The payload params.
238 239 240 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 238 def payload_params @payload_params end |
#target_kwargs ⇒ Hash{Symbol => Object} (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The keyword arguments to select a target with.
243 244 245 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 243 def target_kwargs @target_kwargs end |
Instance Method Details
#initialize_encoders ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the payload encoders specified by --encoder
or
--encoder-file
.
306 307 308 309 310 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 306 def initialize_encoders @encoders = @encoder_classes.map do |encoder_class| encoder_class.new(params: @encoder_params[encoder_class.id]) end end |
#initialize_exploit ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the exploit.
349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 349 def initialize_exploit kwargs = {params: @params} if @exploit_class.include?(Mixins::HasPayload) kwargs[:payload] = @payload end if @exploit_class.include?(Mixins::HasTargets) kwargs[:target] = if [:target] [:target] elsif !@target_kwargs.empty? @target_kwargs end end super(**kwargs) end |
#initialize_payload ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the payload specified by --payload
, --payload-file
,
--read-payload
, or --payload-string
.
328 329 330 331 332 333 334 335 336 337 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 328 def initialize_payload @payload = if @payload_class super(@payload_class, params: @payload_params, encoders: @encoders) elsif [:read_payload] File.binread([:read_payload]) elsif [:payload_string] [:payload_string] end end |
#load_encoders ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Loads the payload encoder classes specified by --encoder
or
--encoder-file
.
291 292 293 294 295 296 297 298 299 300 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 291 def load_encoders @encoder_classes = @encoders_to_load.map do |(type,value)| case type when :name then load_encoder(value) when :file then load_encoder_from(value) else raise(NotImplementedError,"invalid encoder type: #{type.inspect}") end end end |
#load_payload ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Loads the payload class specified by --payload
or
--payload-file
.
316 317 318 319 320 321 322 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 316 def load_payload @payload_class = if [:payload] super([:payload]) elsif [:payload_file] load_payload_from([:payload_file]) end end |
#perform_cleanup ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Performs the cleanup stage of the exploit.
452 453 454 455 456 457 458 459 460 461 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 452 def perform_cleanup @exploit.perform_cleanup rescue ExploitError => error print_error "failed to cleanup exploit #{@exploit.class_id}: #{error.}" exit(1) rescue => error print_exception(error) print_error "an unhandled exception occurred while cleaning up the exploit #{@exploit.class_id}" exit(-1) end |
#post_exploitation ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Performs the post-exploitation stage.
398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 398 def post_exploitation if @exploit_class.include?(Mixins::HasPayload) && @exploit.payload.kind_of?(Ronin::Payloads::Payload) && @exploit.payload.kind_of?(Ronin::Payloads::Mixins::PostEx) unless @exploit.payload.session print_error "payload (#{@exploit.payload.class_id}) did not create a post-exploitation session" perform_cleanup eixt(1) end @exploit.payload.session.system.interact elsif @exploit_class.include?(Mixins::Loot) print_loot save_loot if [:save_loot] end end |
#print_loot ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Prints any loot collected by the exploit.
419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 419 def print_loot unless @exploit.loot.empty? log_info "Exploit found the following loot:" indent do @exploit.loot.each do |file| puts puts "#{file.path}:" puts indent do file.to_s.each_line do |line| puts line end end puts end end else log_error "Exploit did not find any loot :(" end end |
#run(name = nil) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Runs the ronin-exploits run
command.
266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 266 def run(name=nil) super(name) load_encoders load_payload initialize_encoders initialize_payload validate_payload initialize_exploit validate_exploit run_exploit if [:irb] start_shell else post_exploitation end perform_cleanup end |
#run_exploit ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Runs the exploit.
370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 370 def run_exploit log_info "Running exploit #{@exploit.class_id} ..." begin @exploit.exploit(dry_run: [:dry_run]) rescue ExploitError => error print_error "failed to run exploit #{@exploit.class_id}: #{error.}" exit(1) rescue => error print_exception(error) print_error "an unhandled exception occurred while running the exploit #{@exploit.class_id}" exit(-1) end end |
#save_loot ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Saves the collected loot to the --save-loot
directory.
445 446 447 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 445 def save_loot @exploit.loot.save(.fetch(:save_loot)) end |
#start_shell ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Starts an interactive ruby shell within the exploit object.
388 389 390 391 392 393 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 388 def start_shell log_info "Exploit #{@exploit.class_id} launched!" log_info "Starting interactive Ruby shell ..." RubyShell.start(name: @exploit_class.name, context: @exploit) end |
#validate_payload ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Validates the payload.
342 343 344 |
# File 'lib/ronin/exploits/cli/commands/run.rb', line 342 def validate_payload super(@payload) if @payload end |