Class: Ronin::Exploits::Web
- Defined in:
- lib/ronin/exploits/web.rb
Overview
An Exploit class that represents exploits that run against Web services.
Constant Summary
Constants inherited from HTTP
Instance Attribute Summary
Attributes inherited from Exploit
#encoders, #helpers, #raw_payload, #restricted_chars, #target
Attributes included from Payloads::HasPayload
Class Method Summary collapse
-
.test(uri, options = {}) ⇒ Web
Tests if the URI is vulnerable to the Web Exploit.
Instance Method Summary collapse
-
#exploit(payload, query_params = {}) ⇒ Net::HTTPResponse
Performs a HTTP request to the exploit URL.
-
#exploit_url(payload, query_params = {}) ⇒ URL::HTTP
Creates an exploit URL.
-
#http_request(options = {}) {|response| ... } ⇒ Net::HTTPResponse
protected
Performs an HTTP request.
-
#normal_body ⇒ String
Contains the normal response body for the URL.
-
#normal_response ⇒ Net::HTTPResponse
Contains the normal response for the URL.
-
#url ⇒ URI::HTTP
Builds the target URL based on the
#http_host
,#http_port
, #url_prefix and #url_query_params parameters as well as the #url_path and #url_query properties. -
#url_query_param_value ⇒ String
The value of the targeted query-param.
-
#vulnerable? ⇒ Boolean?
abstract
Determines if the URL is vulnerable.
Methods inherited from HTTP
Methods inherited from RemoteTCP
Methods included from Model::HasDefaultPort
Methods inherited from Exploit
#advisory, advisory, #arch, #build!, #build_payload!, #deploy!, #encode_payload, #encode_payload!, #evacuate!, #exploit!, #helper, #initialize, #os, #payload=, #restrict, #software, #targeting, #targeting_arch, targeting_arch, #targeting_os, targeting_os, #targeting_software, targeting_software, #use_target!
Methods included from Tests
#is_restricted?, #test_arch!, #test_os!, #test_restricted!, #test_software!, #test_target!
Methods included from PostExploitation::Mixin
#fs, #post_exploitation, #process, #resources, #shell
Methods included from Payloads::HasPayload
#default_payload, #initialize, #method_missing, #payload_class, #respond_to?, #use_payload!, #use_payload_from!
Constructor Details
This class inherits a constructor from Ronin::Exploits::Exploit
Dynamic Method Handling
This class handles dynamic methods through the method_missing method in the class Ronin::Payloads::HasPayload
Class Method Details
.test(uri, options = {}) ⇒ Web
Tests if the URI is vulnerable to the Web Exploit.
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/ronin/exploits/web.rb', line 74 def self.test(uri,={}) uri = URI(uri) unless uri.kind_of?(URI) uri.query_params.each do |name,value| exploit = new(.merge( host: uri.host, port: uri.port, url_path: uri.path, url_query: uri.query, url_query_param: URLQueryParamName.first_or_new(name: name) )) return exploit if exploit.vulnerable? end return nil end |
Instance Method Details
#exploit(payload, query_params = {}) ⇒ Net::HTTPResponse
Performs a HTTP request to the exploit URL.
176 177 178 |
# File 'lib/ronin/exploits/web.rb', line 176 def exploit(payload,query_params={}) http_request(url: exploit_url(payload,query_params)) end |
#exploit_url(payload, query_params = {}) ⇒ URL::HTTP
Creates an exploit URL.
153 154 155 156 157 158 159 160 161 162 |
# File 'lib/ronin/exploits/web.rb', line 153 def exploit_url(payload,query_params={}) new_url = url new_url.query_params.merge!(query_params) if self.url_query_param new_url.query_params[self.url_query_param.name] = payload end return new_url end |
#http_request(options = {}) {|response| ... } ⇒ Net::HTTPResponse (protected)
Performs an HTTP request.
219 220 221 222 223 224 225 226 227 228 |
# File 'lib/ronin/exploits/web.rb', line 219 def http_request(={},&block) = { method: self.http_method, headers: self.http_headers, path: self.url_path, query: self.url_query }.merge() return super(,&block) end |
#normal_body ⇒ String
Contains the normal response body for the URL.
137 138 139 |
# File 'lib/ronin/exploits/web.rb', line 137 def normal_body normal_response.body end |
#normal_response ⇒ Net::HTTPResponse
Contains the normal response for the URL.
127 128 129 |
# File 'lib/ronin/exploits/web.rb', line 127 def normal_response @normal_response ||= http_request end |
#url ⇒ URI::HTTP
Builds the target URL based on the #http_host
, #http_port
,
#url_prefix and #url_query_params parameters as well as the
#url_path and #url_query properties.
114 115 116 117 118 119 |
# File 'lib/ronin/exploits/web.rb', line 114 def url path_query = self.url_path path_query += "?#{self.url_query}" if self.url_query return url_for(path_query,self.url_query_params) end |
#url_query_param_value ⇒ String
The value of the targeted query-param.
98 99 100 101 102 |
# File 'lib/ronin/exploits/web.rb', line 98 def url_query_param_value @url_query_param_value ||= ( URI::QueryParams.parse(self.url_query)[self.url_query_param.name].to_s ) end |
#vulnerable? ⇒ Boolean?
Determines if the URL is vulnerable.
189 190 191 |
# File 'lib/ronin/exploits/web.rb', line 189 def vulnerable? nil end |