____________________________________________________________________________
____________________________________________________________________________

01010111 01001001 01010010 01000101 01000100  01010011 ->
01000101 01000011 01010101 01010010 01001001  01010100 ->
01011001                                                       

____________________________________________________________________________
RUBY REMOTE CONTROL [RRC] || README ||
____________________________________________________________________________


_______________________
|| 0x00: ABOUT ME
|| 0x01: WHAT IT IS
|| 0x02: WHAT YOU NEED
|| 0x03: WHAT IT DOES
|| 0x04: THE CODE

____________________________________________________________
____________________________________________________________

_________________
|| 0x00: ABOUT ME

Author: SkyOut
Date: 2006/2007
Website: http://wired-security.net/

This tool has been coded between December 2006 and January
2007 under OpenBSD 4.0!

_________________
|| 0x01: WHAT IT IS

Ruby Remote Control or short RRC is a script for Ruby, which will
spawn a shell on a port specified by the user or just using the
default port 9000.

_______________________
|| 0x02: WHAT YOU NEED

This tool has been developed using Ruby in the version 1.8.4 and
uses only very simple functions. It requires the modules "socket"
and "cgi", which are standard modules; because of this it should
run almost everywhere!

To use this script you need Ruby of course (not Ruby on Rails and
no mod_ruby or whatever, just the Ruby interpreter!). Ruby should
be available for most operating systems and is easy to install.

To run the script type: ruby ruby_remote_control.rb [port (optional)]
You can now contact the script via a web browser: http://host:port/

_____________________
|| 0x03: WHAT IT DOES

RRC has four important functions, which build the base of the script.
Those are:

?open_dir:

This function is the most complex and important one. The script will
show the directory content of the specified directory in a fieldset with
different colours for the files in it, which should make it easy to quickly
check the content.

?open_file:

When you do a directory listing you will find a " [+] " next to some
files, which will show the content of that file in a fieldset, line for line.
Take care with some special files, that should NOT be opened
(example: *.core files). The script has two arrays implemented, that
are made to make it easy to edit, which "special" file types shall be
opened or not (get a " [+] " next to their name or not).

?delete_file:

This function allows you to delete a file from the remote system. You
can find a " [-] " next to files, which will call this function and delete the
chosen file.

?cmd_exec:

When the above functions may still limit the possibilities to work with
the system, then this function should help. You can type any command,
that is available on the system and it will be executed with the rights of
the running process (best would be root of course). The result of that
execution will be shown in an opening fieldset.

Interesting: whoami && uname -a
(get info about your rights on the system and which machine it actually is)

TAKE CARE: commands like "ping host" may result in an infite loop and as a
result crash the shell!

_________________
|| 0x04: THE CODE

The code is quite complex at some points, but nevertheless it should be
understandable. To make this easier you will see a simple structure
overview below.

=== ruby_remote_control.rb ===
[#!/usr/bin/env ruby]
[Requirements]

[Starting the shell + console output]

--- Main code ---
[HTTP header and CSS style information]
[Input fields for directory listing + command execution]
[...]

--- ?open_dir ---
[Check if directory exists + if we have the rights to access it]
[Build a "directory up" link]
[Display content (objects) now: ...]

-> [Object is a directory]
	-> [We are in the root directory (" / ")]
		-> [Object is hidden]
		-> [Object is not hidden]
	-> [We are not in the root directory]
		-> [Object is hidden]
		-> [Object is not hidden]

-> [Object is not a directory]
	-> [Object is an executable]
		-> [Object is hidden]
			-> [Check our arrays]
		-> [Object is not hidden]
			-> [Check our arrays]
	-> [Object is not an executable]
		-> [Object is hidden]
			-> [Check our arrays]
		-> [Object is not hidden]
			-> [Check our arrays]
---------------------

--- ?open_dir help dialogue ---
[If no value has been specified shows a help dialogue]
--------------------------------------

--- ?open_file ---
[Check if the file exists + if we can read it]
[Display the files content line for line]
---------------------

--- ?delete_file ---
[Check if the file exists + if we can write to it]
[Delete the file from the system]
----------------------

--- ?cmd_exec ---
[Execute the command and display the result]
-----------------------

--- ?cmd_exec help dialogue ---
[If no value has been specified shows a help dialogue]
--------------------------------------

--- index ---
[Default index page with some information]*

* displayed when a wrong function call or no function
call has been done!
---------------

[END]
---------------------
____________________________________________________________
____________________________________________________________

As you can see above the most complex function is the one to
display a directorys content and in this function the parts to show
objects, that are not a directory itself. Try to understand the structure
and theory behind it and then look at the code again, it should be
more easy to understand everything now.