peter50216 / pwntools-ruby Goto Github PK

Expected usage: shellcraft.sleep(1)

Since syscall nanosleep accepts data pointers as arguments, needs an optional address parameter:

Both of them have been push to RubyGems.org

While Keystone has changed it's module and gem name (from Keystone to KeystoneEngine), we need to change lib/pwnlib/asm.rb as well.

Update dentaku version to 2.0.11

To implement these, we need:

• make_elf: convert shellcode into ELF (#88)
• Tubes::Process: launch a local process (#111)

As title

These test open a hard-coded port on localhost and sends some data through it. However, since the tests are run in parallel, only one run gets the port and the others error out.

Each sub test should use a different port.

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

• Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
• Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
• Fast: Using static and client side technologies resulting in fast browsing.
• Rich tables: search, sort, browse, filter, clear
• Fancy informational popups
• Badges / Shields
• Static API
• Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

• Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
• Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
• Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

So what?

That's all, this message is just to notify you if you care.

Tested on OSX 10.13.3 and Ubuntu 16.04, both using Ruby version 2.4.3 and pwntools-1.0.1 from master branch using example provided on pwntools-ruby project Github homepage.

[DEBUG] Received 0x14 bytes:
00000000 4c 65 74 27 73 20 73 74 61 72 74 20 74 68 65 20 │Let'│s st│art │the │
00000010 43 54 46 3a │CTF:│
00000014
[DEBUG] Sent 0x18 bytes:
00000000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 │AAAA│AAAA│AAAA│AAAA│
00000010 41 41 41 41 87 80 04 08 │AAAA│····│
00000018
[DEBUG] Received 0x14 bytes:
00000000 20 a7 c1 ff 01 00 00 00 38 af c1 ff 00 00 00 00 │ ···│····│8···│····│
00000010 4a af c1 ff │J···│
00000014
/Users/sp00k/.rvm/gems/ruby-2.4.3/gems/pwntools-1.0.1/lib/pwnlib/tubes/tube.rb:148:in index': incompatible character encodings: ASCII-8BIT and UTF-8 (Encoding::CompatibilityError) from /Users/sp00k/.rvm/gems/ruby-2.4.3/gems/pwntools-1.0.1/lib/pwnlib/tubes/tube.rb:148:in block (2 levels) in recvuntil'
from /Users/sp00k/.rvm/gems/ruby-2.4.3/gems/pwntools-1.0.1/lib/pwnlib/tubes/tube.rb:147:in each' from /Users/sp00k/.rvm/gems/ruby-2.4.3/gems/pwntools-1.0.1/lib/pwnlib/tubes/tube.rb:147:in block in recvuntil'
from /Users/sp00k/.rvm/gems/ruby-2.4.3/gems/pwntools-1.0.1/lib/pwnlib/timer.rb:54:in countdown' from /Users/sp00k/.rvm/gems/ruby-2.4.3/gems/pwntools-1.0.1/lib/pwnlib/tubes/tube.rb:131:in recvuntil'
from ./start.rb:9:in `

recv until EOF

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::VersionConflict with message: Bundler found conflicting requirements for the Ruby version:
  In Gemfile:
    Ruby (~> 2.3.8.0)

    rubocop (~> 1) was resolved to 1.12.1, which depends on
      rubocop-ast (>= 1.2.0, < 2.0) was resolved to 1.4.1, which depends on
        Ruby (>= 2.4)

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

View the update logs.

…so out tests failed: https://travis-ci.org/peter50216/pwntools-ruby/jobs/482743037

Which is very useful

Just an way to say you you had a wonderful idea and that people in infosec love ruby too ❤️ 💎

https://github.com/p0deje/yard-doctest

Might be a good way to ensure all examples are valid.

Currently the segment is r-x:

Let it be rwx might be better

Let me check why

See Gallopsled/pwntools#981

In short, binary can be NoRelro even with tag BIND_NOW because the pointers can be bound when loading but not marked as ReadOnly.

recvuntil returns '' instead of raising EOFError when EOF is reached...

Because argv: [] will push NULL on stack, causes 'rsp' changed

shellcraft.memcpy(dst, src, n)

I need this to fix #181

Currently all files under shellcraft/templates cannot be documented.
Need redesign the shellcraft module to do so.

Features we want for shellcraft are listed as follows(so we can make sure our new design fulfills them):

1. Support multi-architecture (currently i386/amd64).
2. When one invokes shellcraft.sh, it would find the correct assembly according to context.arch.
3. All public methods are documented.
4. Since there are many common codes between these two architecture, we need DRY (currently we use x86 directory to achieve this)
5. Don't be confused between shellcraft.connect and shellcraft.syscall.connect, which was a bug in pwntools-python.
6. [Discuss] Do we really need to support something like shellcraft.i386.linux.sh under amd64 context? One can use context.local to achieve calling another architecture's assemblies.

Hello, I did not find the answer in your documentation.

Python pwntools

process = process('...')
process.recvuntil("...")
process.sendline('...')

Equivalent with 'pwntools-ruby' ?
Thanks.

• If you see error message
  can't find header files for ruby at /usr/lib/ruby/include/ruby.h while installing
  try: [sudo] apt-get install ruby-dev and install pwntools again
• Error would occur when installing the gem rainbow, with an error message that rake is not installed - don't know why, might be rainbow's bug

pry version 0.13.0 depends on method_source ~> 1.0, but pwntools-ruby use ~> 0.9. This cause an error when trying to require "pwn" inside newer version of pry:

[1] pry(main)> require 'pwn'
Gem::ConflictError: Unable to activate pwntools-1.2.0, because method_source-1.0.0 conflicts with method_source (~> 0.9)
from ~/.rbenv/versions/2.7.1/lib/ruby/2.7.0/rubygems/specification.rb:2243:in `raise_if_conflicts'
Caused by Gem::ConflictError: Unable to activate pwntools-1.2.0, because method_source-1.0.0 conflicts with method_source (~> 0.9)
from ~/.rbenv/versions/2.7.1/lib/ruby/2.7.0/rubygems/specification.rb:2243:in `raise_if_conflicts'
Caused by LoadError: cannot load such file -- pwn
from ~/.rbenv/versions/2.7.1/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require'

Tube::recvuntil optionally takes a timeout. If provided, it enters a loop like

while @timer.active?
  s = recv(1)
  return '' if s.empty?
  # process s
end

However, that return bails out of the whole function, not the @Timer loop. Should be next if s.empty?

Our tests against Ruby 2.8.0dev failed with a lot errors on shellcraft.
https://travis-ci.org/peter50216/pwntools-ruby/jobs/633714408

https://github.com/peter50216/pwntools-ruby/blob/master/lib/pwnlib/constants/linux/amd64.rb#L237

Both line 237 and 238 are const :__NR_vserver, 236

ruby -e "require 'pwn'"
throws

/lib/ruby/gems/2.5.0/gems/pwntools-1.1.0/lib/pwnlib/logger.rb:46:in `read': no implicit conversion of nil into String (TypeError)