ronin-post_ex

CI Code Climate Gem Version

Description

ronin-post_ex is a Ruby API for Post-Exploitation.

This library is used by ronin-payloads, ronin-c2, and ronin-exploits to provide a Post-Exploitation API around payloads, C2 sessions, or even exploits.

ronin-post_ex is part of the ronin-rb project, a Ruby toolkit for security research and development.

Features

Limitations

  • Does not currently support Windows systems.
  • Does not fully support bidirectional fully interactive shell commands.

Examples

Bind Shell

session = Ronin::PostEx::Sessions::BindShell.connect(host,port)
system  = session.system

system.shell.ls('/')
# => "..."

Reverse Shell

session = Ronin::PostEx::Sessions::ReverseShell.listen(host,port)
system  = session.system

system.shell.ls('/')
# => "..."

Custom Session Class

Define a custom session class which defines the Post-Exploitation API methods:

class RATSession < Ronin::PostEx::Sessions::Session

  def initialize(host,port)
    # ...
  end

  def rpc_call(method,*arguments)
    # ...
  end

  def fs_read(path)
    rpc_call("fs_read",path)
  end

  def shell_exec(command)
    rpc_call("shell_exec",command)
  end

  # ...

end

session = RATSession.new
system  = session.system

System

Interact with the system's remote files as if they were local files:

file = system.fs.open('/etc/passwd')

file.each_line do |line|
  user, x, uid, gid, name, home_dir, shell = line.split(':')

  puts "User Detected: #{user} (id=#{uid})"
end

Get information about the current process:

system.process.pid
# => 1234

system.process.getuid
# => 1001

system.process.environ
# => {"HOME"=>"...", "PATH"=>"...", ...}

Execute commands on the remote system:

system.shell.ls('/')
# => "bin\nboot\ndev\netc\nhome\nlib\nlib64\nlost+found\nmedia\nmnt\nopt\nproc\nroot\nrun\nsbin\nsnap\nsrv\nsys\ntmp\nusr\nvar\n"

system.shell.exec("find -type f -name '*.xls' /srv") do |path|
  puts "Found XLS file: #{path}"
end

Spawn an interactive command shell:

system.shell.interact
$

Spawn an interactive post-exploitation system shell:

system.interact
ronin-post_ex> help
  help [COMMAND]                    Prints the list of commands or additional help
  fs.chdir DIR                      Changes the current working directory
  fs.pwd                            Prints the current working directory
  fs.readfile FILE                  Reads the contents of a given FILE
  fs.readlink SYMLINK               Reads the destination path of a symlink
  fs.readdir DIR                    Reads the contents of a given directory
  fs.hexdump FILE                   Hexdumps a given file
  fs.copy SRC DEST                  Copies the SRC file to the DEST path
  fs.unlink FILE                    Deletes a given file
  fs.rmdir DIR                      Removes a given directory
  fs.mv SRC DEST                    Moves or renames a given file or directory
  fs.link SRC DEST                  Creates a link from the source to the destination
  fs.chown USER PATH                Changes the owner of a given file or directory
  fs.chgrp GROUP PATH               Changes the group of a given file or directory
  fs.chmod MODE PATH                Changes the permission mode of a given file or directory
  fs.stat PATH                      Prints file system information about a given file or directory
  fs.open PATH [MODE]               Opens a file for reading or writing
  files                             Lists opened files
  file.seek FILE_ID POS [WHENCE]    Seeks to a position within the file
  file.read FILE_ID LENGTH          Reads LENGTH of data from an opened file
  file.write FILE_ID DATA           Writes data to an opened file
  file.close FILE_ID                Closes an open file
ronin-post_ex> 

Requirements

Install

$ gem install ronin-post_ex

Gemfile

gem 'ronin-post_ex', '~> 0.1'

gemspec

gem.add_dependency 'ronin-post_ex', '~> 0.1'

Development

  1. Fork It!
  2. Clone It!
  3. cd ronin-post_ex/
  4. bundle install
  5. git checkout -b my_feature
  6. Code It!
  7. bundle exec rake spec
  8. git push origin my_feature

License

Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)

ronin-post_ex is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ronin-post_ex is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with ronin-post_ex. If not, see https://www.gnu.org/licenses/.