Added a Ronin::Exploits::CommandInjection class (closes #121).

README.md

@@ -35,6 +35,7 @@ research and development.
   * [SEH Overflows][docs-seh-overflow]
   * [Heap Overflows][docs-heap-overflow]
   * [Use After Free (UAF)][docs-use-after-free]
+  * [Command Injection][docs-command-injection]
   * [Open Redirect][docs-open-redirect]
   * [Local File Inclusions (LFI)][docs-lfi]
   * [Remote File Inclusions (RFI)][docs-rfi]
@@ -54,6 +55,7 @@ research and development.
 [docs-seh-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SEHOverflow.html
 [docs-heap-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/HeapOverflow.html
 [docs-use-after-free]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/UseAfterFree.html
+[docs-command-injection]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/CommandInjection.html
 [docs-open-redirect]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/OpenRedirect.html
 [docs-lfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/LFI.html
 [docs-rfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/RFI.html
@@ -284,6 +286,29 @@ module Ronin
 end
 ```
 
+Define a Command Injection exploit:
+
+```ruby
+require 'ronin/exploits/command_injection'
+require 'ronin/exploits/mixins/http'
+
+module Ronin
+  module Exploits
+    class MyExploit < CommandInjection
+
+      register 'my_exploit'
+
+      include Mixins::HTTP
+
+      def launch
+        http_post '/form.php', post_data: {var: "';#{payload}#"}
+      end
+
+    end
+  end
+end
+```
+
 Define an Open Redirect exploit:
 
 ```ruby

lib/ronin/exploits.rb

@@ -27,6 +27,7 @@
 require 'ronin/exploits/seh_overflow'
 require 'ronin/exploits/heap_overflow'
 require 'ronin/exploits/use_after_free'
+require 'ronin/exploits/command_injection'
 require 'ronin/exploits/web'
 require 'ronin/exploits/lfi'
 require 'ronin/exploits/rfi'

lib/ronin/exploits/cli/commands/new.rb

@@ -104,6 +104,11 @@ class New < Command
               class: 'UseAfterFree'
             },
 
+            command_injection: {
+              file:  'command_injection',
+              class: 'CommandInjection'
+            },
+
             web: {
               file:  'web',
               class: 'Web'

lib/ronin/exploits/command_injection.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/exploit'
+require 'ronin/exploits/mixins/has_payload'
+require 'ronin/payloads/command_payload'
+
+module Ronin
+  module Exploits
+    #
+    # Represents a command injection exploit.
+    #
+    # ## Example
+    #
+    #     require 'ronin/exploits/command_injection'
+    #     require 'ronin/exploits/mixins/http'
+    #
+    #     module Ronin
+    #       module Exploits
+    #         class MyExploit < CommandInjection
+    #
+    #           register 'my_exploit'
+    #
+    #           include Mixins::HTTP
+    #
+    #           def launch
+    #             http_post '/form.php', post_data: {var: "';#{payload}#"}
+    #           end
+    #
+    #         end
+    #       end
+    #     end
+    #
+    # @api public
+    #
+    # @since 1.1.0
+    #
+    class CommandInjection < Exploit
+
+      include Mixins::HasPayload
+
+      payload_class Payloads::CommandPayload
+
+      #
+      # Returns the type or kind of exploit.
+      #
+      # @return [Symbol]
+      #
+      # @note
+      #   This is used internally to map an exploit class to a printable type.
+      #
+      # @api private
+      #
+      def self.exploit_type
+        :command_injection
+      end
+
+    end
+  end
+end

man/ronin-exploits-new.1.md

@@ -19,7 +19,7 @@ Creates a new exploit file.
 
 ## OPTIONS
 
-`-t`, `--type` `exploit`\|`heap_overflow`\|`stack_overflow`\|`web`\|`open_redirect`\|`lfi`\|`rfi`\|`sqli`\|`ssti`\|`xss`
+`-t`, `--type` `exploit`\|`heap_overflow`\|`stack_overflow`\|`command_injection`\|`web`\|`open_redirect`\|`lfi`\|`rfi`\|`sqli`\|`ssti`\|`xss`
 : The type for the new exploit.
 
 `-a`, `--author` *NAME*

spec/command_injection_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+require 'ronin/exploits/command_injection'
+
+describe Ronin::Exploits::CommandInjection do
+  it "must inherit from Ronin::Exploits::Exploit" do
+    expect(described_class).to be < Ronin::Exploits::Exploit
+  end
+
+  it "must include Ronin::Exploits::Mixins::HasPayload" do
+    expect(described_class).to include(Ronin::Exploits::Mixins::HasPayload)
+  end
+
+  describe ".payload_class" do
+    subject { described_class }
+
+    it "must be Ronin::Payloads::CommandPayload" do
+      expect(subject.payload_class).to be(Ronin::Payloads::CommandPayload)
+    end
+  end
+
+  describe ".exploit_type" do
+    subject { described_class }
+
+    it { expect(subject.exploit_type).to eq(:command_injection) }
+  end
+end