Injectable Ruby (Coming Soon)

Pivoting is all the rage in post-exploitation. The usually strategy for pivoting with dynamic/interpreted languages is to use a mini-VM of the language. This mini-VM is then injected into a compromised process, loads and evaluates custom code on the compromised system. Of course there’s Lua, TinyScheme, Pico LISP and tinypy.

Until Ruby 1.9.1 was released, it was difficult to create a mini-Ruby; mainly the lack of a stable stand-alone byte-code Ruby VM. But now there is TinyRb. The code is on GitHub and an overview of the project is on
macournoyer’s blog.

TinyRb weighs in at just under 43K and 1541 LoC, but it’s missing a couple important things:

  • Float
  • Bignum
  • Module
  • Proc or Block
  • Array
  • Hash
  • IO
  • File
  • exception handling
  • meta-class
  • super-class methods

So it will be a while until TinyRb can evaluate arbitrary Ruby code. But we can hack on it today:

git clone git://github.com/macournoyer/tinyrb.git
cd tinyrb
make
./tinyrb -e "puts 2 + 2"
Advertisements

About this entry