Added the test/ruby payload (closes #126).

ronin-rb · Aug 10, 2024 · 24a413f · 24a413f
1 parent dbfead1
commit 24a413f
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -174,6 +174,7 @@ $ ronin-payloads list
   test/js
   test/open_redirect
   test/php
+  test/ruby
   test/url
   test/xss
 ```

diff --git a/lib/ronin/payloads/builtin/test/ruby.rb b/lib/ronin/payloads/builtin/test/ruby.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+#
+# ronin-payloads - A Ruby micro-framework for writing and running exploit
+# payloads.
+#
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-payloads is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-payloads is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-payloads.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/payloads/ruby_payload'
+
+module Ronin
+  module Payloads
+    module Test
+      #
+      # A test Ruby payload. Allows using custom Ruby code with exploits that
+      # require a Ruby payload. Defaults to printing `PWNED` using `echo`.
+      #
+      # @since 0.3.0
+      #
+      class Ruby < RubyPayload
+
+        register 'test/ruby'
+
+        summary "A test Ruby payload"
+        description <<~DESC
+          Allows specifying custom Ruby code for exploits that require a
+          Ruby payload. By default it prints `PWNED` using `puts`.
+        DESC
+
+        param :ruby, String, default: %{puts('PWNED');},
+                             desc:    'The Ruby code to execute'
+
+        def build
+          @payload = params[:ruby]
+        end
+
+      end
+    end
+  end
+end
diff --git a/spec/builtin/test/ruby_spec.rb b/spec/builtin/test/ruby_spec.rb
@@ -0,0 +1,39 @@
+require 'spec_helper'
+require 'ronin/payloads/builtin/test/ruby'
+
+describe Ronin::Payloads::Test::Ruby do
+  it "must inherit from Ronin::Payloads::RubyPayload" do
+    expect(described_class).to be < Ronin::Payloads::RubyPayload
+  end
+
+  describe ".id" do
+    subject { described_class }
+
+    it "must equal 'test/ruby'" do
+      expect(subject.id).to eq('test/ruby')
+    end
+  end
+
+  describe "#build" do
+    context "when the ruby param is not set" do
+      before { subject.build }
+
+      it "must set #payload to `puts('PWNED');`" do
+        expect(subject.payload).to eq(%{puts('PWNED');})
+      end
+    end
+
+    context "when the ruby param is set" do
+      let(:ruby) { "puts('lol');" }
+
+      before do
+        subject.params[:ruby] = ruby
+        subject.build
+      end
+
+      it "must set #payload to the ruby param" do
+        expect(subject.payload).to eq(ruby)
+      end
+    end
+  end
+end