Module: Msf::Exploit::RubyDeserialization

Includes:: Powershell

Defined in:: lib/msf/core/exploit/ruby_deserialization.rb

Overview

Ruby deserialization exploit module

Class Method Summary collapse

.gadget_chains ⇒ Object

Instance Method Summary collapse

#generate_ruby_deserialization_for_command(command, name) ⇒ String

Generate a binary blob that when deserialized by Ruby will execute the specified command using the platform-specific shell.
#generate_ruby_deserialization_for_payload(payload, name) ⇒ String

Generate a binary blob that when deserialized by ruby will execute the specified payload.

Methods included from Powershell

#bypass_powershell_protections, #cmd_psh_payload, #compress_script, #decode_script, #decompress_script, #encode_script, #generate_psh_args, #generate_psh_command_line, #initialize, #make_subs, #process_subs, #read_script, #run_hidden_psh

Class Method Details

.gadget_chains ⇒ `Object`



50
51
52

# File 'lib/msf/core/exploit/ruby_deserialization.rb', line 50

def self.gadget_chains
  Msf::Util::RubyDeserialization.payload_names
end

Instance Method Details

#generate_ruby_deserialization_for_command(command, name) ⇒ `String`

Generate a binary blob that when deserialized by Ruby will execute the specified command using the platform-specific shell.

Parameters:

name (String) —

The name of the payload to use.
command (String) —

The OS command to execute.

Returns:

(String) —

The opaque data blob.



16
17
18

# File 'lib/msf/core/exploit/ruby_deserialization.rb', line 16

def generate_ruby_deserialization_for_command(command, name)
  Msf::Util::RubyDeserialization.payload(name, command)
end

#generate_ruby_deserialization_for_payload(payload, name) ⇒ `String`

Generate a binary blob that when deserialized by ruby will execute the specified payload. This routine converts the payload automatically based on the platform and architecture.