Everyday Ronin

In day-to-day usage, the Ronin Ruby Console is the most commonly used component of Ronin. This Console is not to be confused with a typical interactive shell with simple one-word commands that most projects implement. Instead, the Console is a customized Interactive Ruby Shell (IRB) with tab-completion and auto-indentation enabled.

The Console provides one with the full power of the Ruby language and the convenience methods of Ronin, all in a handy console. From this Console one can perform research, scan for vulnerabilities and even exploit vulnerable targets.

To install Ronin and the supporting libraries used in this guide, simply run the following command:

$ sudo gem install ronin

To start a Ruby Console with ronin preloaded, simply run the ronin irb command:

$ ronin irb

Note: If you are new to the Ruby programming language, you might consider reviewing the Pragmatic Programmers Guide to Ruby, since it is expected that users of the Ronin Ruby Console have a basic understanding of Ruby programming practices.

If you have questions regarding the methods or Classes defined within Ronin, you can consult the API Documentation for Ronin. If on the other hand, you have questions about methods or Classes provided by Ruby itself, I recommend using rubydoc.info.

Formatting Binary Data

Packing an Integer:

# => "7\x13\0\0"

Note: In Ruby everything is an Object even Integers and Strings are represented as Objects. These Objects have methods and are defined by Classes, much like any other Object in Ruby. In the example above Ronin has added the pack method to the Integer class.

Packing an Integer with a custom address length:

# => "7\x13"

Unpacking a previously packed Integer:

# => [4919]

Generating Text

Please see the Chars library for text generation examples.


Base64 encode a String:

payload = "\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x00 \
\x00\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80 \
\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\xff\xffxff\x2f \

Base64 decode a String:

# => "secret"


Return the MD5 checksum of a String:

"leet school".md5
# => "1b11ba66f5e9d40a7eef699cd812e362"

Return the SHA1 checksum of a String:

"lol train".sha1
# => "37f05f0cc2914615c580af396df5c66316112f48"

Return the SHA256 checksum of a String:

# => "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"

Return the SHA512 checksum of a String:

"thunder growl".sha512
# => "b2a1e560a497514dafda024f9e6fc2dfbfb178483251a708f07a88d4e157e5561604460da313ebc88dde2814ae58a15ae4085d00efb6a825a62f5be3215f5cbf"


Escaping a directory:

# => #<Ronin::Path:../../../../../../..>

Directory traversal:

Path.up(7) / 'etc' / 'passwd'
# => #<Ronin::Path:../../../../../../../etc/passwd>


Creating a TCP Socket for a specified host and port:

sock = tcp_connect('www.example.com', 25)
# => #<TCPSocket:0xb7bbde6c>

Creating a TCP Socket with local host and port information:

tcp_connect('www.example.com', 25, 'some.interface.net', 1212)
# => #<TCPSocket:0xb7ba0dd0>

Create a TCP Socket, then send some data:

tcp_connect_and_send("helo lol.train.com\n", 'www.example.com', 25)
# => #<TCPSocket:0xb7b8fa6c>

Creating a TCP session which will be automatically closed:

tcp_connect('www.example.com', 1212) do |sock|
  sock.write("this is just a test\n")
  puts sock.readline

Grabbing the banner from a TCP service:

tcp_banner('www.example.com', 22)
# => "SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1.4\n"

Creating a UDP Socket for a specified host and port:

sock = udp_connect('www.example.com', 135)
# => #<UDPSocket:0xb7bbde6c>

Creating a UDP Socket with local host and port information:

udp_connect('www.example.com', 135, 'some.interface.net', 3030)
# => #<UDPSocket:0xb7ba0dd0>

Create a UDP Socket, then send some data:

udp_connect_and_send("mic check\n", 'www.example.com', 1212)
# => #<UDPSocket:0xb7b8fa6c>

Creating a UDP session which will be automatically closed:

udp_connect('www.example.com', 3030) do |sock|
  sock.write("I want to devise a virus.\n")
  puts sock.readline

Note: For more Networking convenience methods, consult the documentation for the Net namespace.


Accessing the URL query parameters:

url = URI('http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=1HY&q=bob+ross&btnG=Search')
# => {"btnG"=>"Search", "hs"=>"1HY", "rls"=>"org.mozilla:en-US:official", "client"=>"firefox-a", "hl"=>"en", "q"=>"bob+ross"}

# => "bob+ross"

Setting the URL query parameters:

url.query_params['q'] = 'Upright Citizens Brigade'
# => "http://www.google.com/search?btnG=Search&hs=1HY&rls=org.mozilla:en-US:official&client=firefox-a&hl=en&q=Upright%20Citizens%20Brigade"

Setting the URL query parameters en-mass:

url.query_params = {'q' => 'meowmix', 'start' => 20, 'sa' => 'N'}
# => "http://www.google.com/search?sa=N&start=20&q=meowmix"


HTTP Proxy settings:

# => nil

Setting the HTTP Proxy settings:

Network::HTTP.proxy = ''

Disabling HTTP Proxy settings

Network::HTTP.proxy = nil

Requesting a web-page:

# => #<Net::HTTPOK 200 OK readbody=true>

Requesting only the body of a web-page:

# => "..."

Posting to a web-page:

http_post(some_url, :post_data => {:q => 1, :id => 255})
# => #<Net::HTTPOK 200 OK readbody=true>

Posting to a web-page and only returning the body of the response:

# => "..."