GitBook: [master] 11 pages and one asset modified

Author: KINGSABRI

.gitbook/assets/bhr-cover.png

@@ -8,6 +8,8 @@ description: ruby for pentesters
 _**Rubyfu, where Ruby goes evil!**_  
 ![Twitter Follow](https://img.shields.io/twitter/follow/Rubyfu.svg?style=social&label=Follow&style=plastic)
 
+## Introduction
+
 This book is a great collection of ideas, tricks, and skills that could be useful for Hackers. It's a unique extraction reference, summarizes a lot of research and experience in order to achieve your **w00t** in the shortest and smartest way. Rubyfu is where you'll find plug-n-hack code. Rubyfu is a book to use not only to read, it's where ruby goes evil.
 
 ### Who should read this book?
@@ -46,3 +48,40 @@ Module 0x6 explores forensic capabilities with Rubyfu. Whoever you are: redteam,
 
 ![](https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png)
 
+## Black Hat Ruby **— Offensive Ruby programming book for hackers & pentesters**
+
+Black Hat Ruby is the commercial edition of Rubyfu. The book contains many new topics and solving a lot of real-world challenges with detailed explanations targeting professionals.
+
+![Black Hat Ruby cover](.gitbook/assets/bhr-cover.png)
+
+{% hint style="success" %}
+You can purchase [**Black Hat Ruby on Amazon**](https://www.amazon.com/dp/B08JHSF6GT)\*\*\*\*
+{% endhint %}
+
+The primary goal of Black Hat Ruby book is to provide you with a vast angle of using Ruby as an information security professional in an offensive manner. The book meant to help you with weaponizing Ruby language in various offensive scenarios whether you are testing web applications, networks, systems, or exploit development to carve your ideas into working and achieving code.
+
+Another intended goal of the book is to route you to the code that achieves your goal in the shortest time. This book is aimed at security researchers, security consultants, penetration testers, red teamers, or any professional who is interested in writing offensive Code.
+
+In this book, you will learn: 
+
+* Hacker's day to day string manipulation, conversion, and extraction. 
+* Compiling ruby to exe, parsing, and files such as XML, JSON, HTML, and binary. 
+* Manipulating files stamps, creating malicious Shortcut, Excel & PDF files. 
+* Generating the most common hashes for various platforms. 
+* Using ruby to execute system commands. 
+* Tactical code for red teaming activities, such as lateral movements via WinRM, WMI and creating malicious OLE and malicious Excel files for spear phishing. 
+* Importing Windows system internal for execute shellcode, dll injection. 
+* Introduction to the network Socket operations in Ruby and creating a remote shell. 
+* Malicious use for network services such as HTTP, SSH, DNS, FTP, TFTP for exploitation and data exfiltration. 
+* Packet manipulation and building network packet from the ground up to for ARP spoofing, rogue wireless access point \(AP\), SNMP spoofing and parsing captured pcap files. 
+* Introduction about dealing with services and creating covert C2 for data exfiltration. 
+* Automating the hunting of XSS and blind-XSS. • Exploiting Web socket and WSDL services and its APIs. 
+* Using Slack as a C2 
+* Understanding and creating advanced Burp Suite scanner extensions \(active and passive\) and manipulate the Burp user interface in detail. 
+* Step by step basic buffer overflow exploit development using ruby. 
+* Porting your stand-alone exploit to Metasploit and creating Auxiliary, Exploit and Post modules.
+
+Happy Hacking!
+
+
+

README.md

@@ -2,10 +2,7 @@
 
 ![](../.gitbook/assets/ruby_loves_us.jpg)
 
-**Big love to those people who support this book by any meaning.**   
-  
-  
-
+**Big love to those people who support this book by any meaning.**
 
 ## Founder
 

contributors/README.md

@@ -44,8 +44,7 @@ We can't stop being jealous of Metasploit console \(msfconsole\), where we take
 
 The Readline module provides an interface for GNU Readline. This module defines a number of methods to facilitate completion and accesses input history from the Ruby interpreter.
 
-{% code-tabs %}
-{% code-tabs-item title="console-basic1.rb" %}
+{% code title="console-basic1.rb" %}
 ```ruby
 #!/usr/bin/env ruby
 # KING SABRI | @KINGSABRI
@@ -70,15 +69,13 @@ while line = Readline.readline('-> ', true)
   break if line =~ /^quit.*/i or line =~ /^exit.*/i
 end
 ```
-{% endcode-tabs-item %}
-{% endcode-tabs %}
+{% endcode %}
 
 Now run it and try out the tab completion!
 
 Well, the main idea for tab completion is to make things easier, not just "press tab". Here is a simple thought...
 
-{% code-tabs %}
-{% code-tabs-item title="console-basic2.rb" %}
+{% code title="console-basic2.rb" %}
 ```ruby
 require 'readline'
 
@@ -115,8 +112,7 @@ while line = Readline.readline('-> ', true)  # Start console with character -> a
   break if line =~ /^quit.*/i or line =~ /^exit.*/i
 end
 ```
-{% endcode-tabs-item %}
-{% endcode-tabs %}
+{% endcode %}
 
 Things can go much farther, like _msfconsole_, maybe?
 

module-0x1-or-basic-ruby-kung-fu/README.md

@@ -29,13 +29,14 @@ end
 Output:
 
 ```text
-172.17.1.96	MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
-172.17.1.96	MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
-172.17.1.96	MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check)
-172.17.1.93	MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
-172.17.1.93	MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
-172.17.1.93	MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (uncredentialed check)
-172.17.1.50	Microsoft RDP RCE (CVE-2019-0708) (BlueKeep) (uncredentialed check)
+172.17.1.96    MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
+172.17.1.96    MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
+172.17.1.96    MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check)
+172.17.1.93    MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
+172.17.1.93    MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
+172.17.1.93    MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (uncredentialed check)
+172.17.1.50    Microsoft RDP RCE (CVE-2019-0708) (BlueKeep) (uncredentialed check)
 ```
 
 Read more on [GitHub](https://github.com/mephux/ruby-nessus).
+

module-0x3-or-network-kung-fu/network-scanning/nessus.md

@@ -16,7 +16,7 @@ We have 3 machines in this scenario as shown below.
 Here the list of IP and MAC addresses of each of theme in the following table
 
 | Host/Info | IP Address | MAC Address |
-| --- | :---: | :---: |
+| :--- | :---: | :---: |
 | Attacker | 192.168.0.100 | 3C:77:E6:68:66:E9 |
 | Victim | 192.168.0.21 | 00:0C:29:38:1D:61 |
 | Router | 192.168.0.1 | 00:50:7F:E6:96:20 |

module-0x3-or-network-kung-fu/packet-manipulation/arp-spoofing.md

@@ -280,10 +280,10 @@ end
 
 [https://github.com/SilverFoxx/Spoofa/blob/master/spoofa](https://github.com/SilverFoxx/Spoofa/blob/master/spoofa)
 
-Sources  - The code has been modified and fixed
+Sources - The code has been modified and fixed
 
 | Bit | Flag | Description | Reference |
-| :---: | --- | --- | --- |
+| :---: | :--- | :--- | :--- |
 | bit 5 | AA | Authoritative Answer | \[RFC1035\] |
 | bit 6 | TC | Truncated Response | \[RFC1035\] |
 | bit 7 | RD | Recursion Desired | \[RFC1035\] |

module-0x3-or-network-kung-fu/packet-manipulation/dns-spooging.md

@@ -45,8 +45,7 @@ end
 
 #### Simple Shortened URL extractor
 
-{% code-tabs %}
-{% code-tabs-item title="urlextractor.rb" %}
+{% code title="urlextractor.rb" %}
 ```ruby
 #!/usr/bin/env ruby
 require 'net/http'
@@ -61,8 +60,7 @@ loop do
   end
 end
 ```
-{% endcode-tabs-item %}
-{% endcode-tabs %}
+{% endcode %}
 
 Run it
 

module-0x4-or-web-kung-fu/README.md

@@ -10,8 +10,7 @@
 
 Import the Burp Suite Extender Core API `IBurpExtender`
 
-{% code-tabs %}
-{% code-tabs-item title="alert.rb" %}
+{% code title="alert.rb" %}
 ```ruby
 require 'java'
 java_import 'burp.IBurpExtender'
@@ -25,8 +24,7 @@ class BurpExtender
   end
 end
 ```
-{% endcode-tabs-item %}
-{% endcode-tabs %}
+{% endcode %}
 
 Load the plugin alert.rb  
 ![](../.gitbook/assets/webfu__burp-ext1.png)

module-0x4-or-web-kung-fu/extending-burp-suite.md

@@ -1,8 +1,7 @@
-## Special Blind LDAP Injection (without "*")
+# LDAP injection
 
 The is a very basic script that will retrieve the password of a user in a Blind LDAP Injection case by bruteforcing all characters one by one.
 
-
 ```ruby
 #!/usr/bin/env ruby
 require 'net/http'
@@ -20,3 +19,4 @@ flag = ''
   end
 end
 ```
+

module-0x4-or-web-kung-fu/ldap-injection.md

@@ -49,8 +49,9 @@ asm> pop eax
 
 Note: it is possible to do exactly the same thing with a metasploit embedded tool: [`nasm_shell`](https://github.com/rapid7/metasploit-framework/blob/master/tools/exploit/nasm_shell.rb).
 
-```
+```text
 $ /opt/metasploit/tools/exploit/nasm_shell.rb
 nasm > jmp esp
 00000000  FFE4              jmp esp
 ```
+

module-0x5-or-exploitation-kung-fu/metasm.md

@@ -60,11 +60,11 @@
   * Haiti - A CLI tool and library to identify the hash type of a given hash \[ [link](https://github.com/noraj/haiti) \]
   * ctf-party - A library to enhance and speed up script/exploit writing for CTF players \[ [link](https://github.com/noraj/ctf-party) \]
   * itdis - A small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not. \[ [link](https://gitlab.com/noraj/itdis) \]
-  * nvd_feed_api - A simple ruby API/library for managing NVD CVE feeds. The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database. \[ [link](https://gitlab.com/noraj/nvd_api) \]
+  * nvd\_feed\_api - A simple ruby API/library for managing NVD CVE feeds. The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database. \[ [link](https://gitlab.com/noraj/nvd_api) \]
   * VBSmin - VBScript minifier CLI tool and library \[ [link](https://github.com/noraj/vbsmin) \]
   * Fingerprinter - CMS/LMS/Library etc Versions Fingerprinter \[ [link](https://github.com/erwanlr/Fingerprinter) \]
   * API-fuzzer - API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities \[ [link](https://github.com/Fuzzapi/API-fuzzer) \]
-  * oxml_xxe - Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) \[ [link](https://github.com/BuffaloWill/oxml_xxe) \]
+  * oxml\_xxe - Tool for embedding XXE/XML exploits into different filetypes \(docx/xlsx, odt/ods, svg, xml, etc.\) \[ [link](https://github.com/BuffaloWill/oxml_xxe) \]
   * SSRF Proxy - Facilitates tunneling HTTP communications through servers vulnerable to SSRF \[ [link](https://github.com/bcoles/ssrf_proxy) \]
   * XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods \[ [link](https://github.com/enjoiz/XXEinjector) \]
   * envizon - Network visualization & vulnerability management/reporting \[ [link](https://github.com/evait-security/envizon) \]