I found myself curious about why Ruby was so relevant to penetration testing and hacking in general and was fortunate enough to find this article on Null Byte.
First, some of the most popular exploitation frameworks are written in Ruby, such as Metasploit: https://github.com/rapid7/metasploit-framework
In the article below, you can use one line of Ruby code in the command line to do things such as dump passwords saved in the attacked computer’s web browser. This requires first hiding Ruby payloads in a PDF file which execute in the background (unbeknownst to the user) after the PDF is opened.
There are a number of other “how to” links in this article that take you further into the “how” of a procedure like this.
https://null-byte.wonderhowto.com/how-to/hacking-macos-hack-macbook-with-one-ruby-command-0186686/
Ruby(Qianru) Yang says
Hi Connor,
Thank you for this interesting article that using one-liner to create a TCP socket and a while loop that says “while there’s data coming in, assign it to cmd, run the input as a shell command, and print it back in the terminal.
And it is so interesting to read how the student at a prestigious university was failing the semester and wanted to change their exam scores to pass the course. 🙂