adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/spec/lib/msf/ui/console/command_dispatcher/exploit_spec.rb
T

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

522 lines
18 KiB
Ruby
Raw Normal View History

Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
require 'spec_helper'
decribe -> RSpec.describe
2015-10-16 15:57:04 -05:00
RSpec.describe Msf::Ui::Console::CommandDispatcher::Exploit do
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
include_context 'Msf::DBManager'
include_context 'Msf::UIDriver'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
include_context 'Rex::Job#start run inline'
include_context 'Msf::Framework#threads cleaner', verify_cleanup_required: false
let(:remote_exploit_mod) do
mod_klass = Class.new(Msf::Exploit) do
def initialize
super(
'Name' => 'mock module',
'Description' => 'mock module',
'Author' => ['Unknown'],
'License' => MSF_LICENSE,
'Arch' => ARCH_CMD,
'Platform' => ['unix'],
'Targets' => [['Automatic', {}]],
'DefaultTarget' => 0,
)
register_options(
[
Msf::Opt::RHOSTS,
Msf::Opt::RPORT(3000),
Msf::OptFloat.new('FloatValue', [false, 'A FloatValue which should be normalized before framework runs this module', 3.5])
]
)
end
def check
print_status("Checking for target #{datastore['RHOSTS']}:#{datastore['RPORT']} with normalized datastore value #{datastore['FloatValue'].inspect}")
end
def run
print_status("Running for target #{datastore['RHOSTS']}:#{datastore['RPORT']} with normalized datastore value #{datastore['FloatValue'].inspect}")
end
Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
alias_method :exploit, :run
def cleanup
print_status("Cleanup for target #{datastore['RHOSTS']}:#{datastore['RPORT']}")
end
end
mod = mod_klass.new
datastore = Msf::ModuleDataStore.new(mod)
allow(mod).to receive(:framework).and_return(framework)
Fix replicant edgecase
2021-07-06 17:08:17 +01:00
mod.send(:datastore=, datastore)
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
datastore.import_options(mod.options)
Default simplify_module to not load_saved_config and update all references
2021-08-19 13:04:26 +01:00
Msf::Simple::Framework.simplify_module(mod)
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
mod
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
let(:non_remote_exploit_mod) do
mod_klass = Class.new(Msf::Exploit) do
def initialize
super(
'Name' => 'mock module',
'Description' => 'mock module',
'Author' => ['Unknown'],
'License' => MSF_LICENSE,
'Arch' => ARCH_CMD,
'Platform' => ['unix'],
'Targets' => [['Automatic', {}]],
'DefaultTarget' => 0,
)
register_options(
[
Msf::OptFloat.new('FloatValue', [false, 'A FloatValue which should be normalized before framework runs this module', 3.5])
]
)
Ignore iterating multiple rhosts if option not registered
2022-03-08 17:31:26 +00:00
deregister_options('RHOSTS')
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
end
def run
print_status("Running with normalized datastore value #{datastore['FloatValue'].inspect}")
end
alias_method :exploit, :run
def cleanup
print_status('Cleanup')
end
end
mod = mod_klass.new
datastore = Msf::ModuleDataStore.new(mod)
allow(mod).to receive(:framework).and_return(framework)
Fix replicant edgecase
2021-07-06 17:08:17 +01:00
mod.send(:datastore=, datastore)
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
datastore.import_options(mod.options)
Default simplify_module to not load_saved_config and update all references
2021-08-19 13:04:26 +01:00
Msf::Simple::Framework.simplify_module(mod)
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
mod
end
subject do
instance = described_class.new(driver)
instance
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
def set_default_payload(mod)
mod.datastore['PAYLOAD'] = 'generic/no_session_payload'
mod.datastore['LHOST'] = '127.0.0.1'
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
before do
run_rex_jobs_inline!
allow(driver).to receive(:input).and_return(driver_input)
allow(driver).to receive(:output).and_return(driver_output)
current_mod.init_ui(driver_input, driver_output)
allow(subject).to receive(:mod).and_return(current_mod)
framework.modules.add_module_path(File.join(FILE_FIXTURES_PATH, 'modules'))
end
describe '#cmd_check' do
context 'when checking a remote exploit module' do
let(:current_mod) { remote_exploit_mod }
it 'reports missing RHOST values' do
allow(current_mod).to receive(:run).and_call_original
current_mod.datastore['RHOSTS'] = ''
subject.cmd_check
expected_output = [
Update expected error in tests
2024-02-23 12:47:48 +00:00
'Msf::OptionValidateError One or more options failed to validate: RHOSTS.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
expect(subject.mod).not_to have_received(:run)
end
it 'runs a single RHOST value' do
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_check
expected_output = [
'Checking for target 192.0.2.1:3000 with normalized datastore value 3.5',
'Cleanup for target 192.0.2.1:3000',
'192.0.2.1:3000 - Check failed: The state could not be determined.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'runs multiple RHOST values' do
current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2'
subject.cmd_check
expected_output = [
'Checking for target 192.0.2.1:3000 with normalized datastore value 3.5',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Cleanup for target 192.0.2.1:3000',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'192.0.2.1:3000 - Check failed: The state could not be determined.',
'Checking for target 192.0.2.2:3000 with normalized datastore value 3.5',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Cleanup for target 192.0.2.2:3000',
'192.0.2.2:3000 - Check failed: The state could not be determined.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
end
it 'normalizes the datastore before running' do
current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2'
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_check
expected_output = [
'Checking for target 192.0.2.1:3000 with normalized datastore value 5.0',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Cleanup for target 192.0.2.1:3000',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'192.0.2.1:3000 - Check failed: The state could not be determined.',
'Checking for target 192.0.2.2:3000 with normalized datastore value 5.0',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Cleanup for target 192.0.2.2:3000',
'192.0.2.2:3000 - Check failed: The state could not be determined.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports inline options' do
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_check('RHOSTS=192.0.2.5', 'FloatValue=10.0')
expected_output = [
'Checking for target 192.0.2.5:3000 with normalized datastore value 10.0',
'Cleanup for target 192.0.2.5:3000',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'192.0.2.5:3000 - Check failed: The state could not be determined.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports multiple inlined RHOST values' do
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_check('RHOSTS=192.0.2.5 192.0.2.6', 'FloatValue=10.0')
expected_output = [
'Checking for target 192.0.2.5:3000 with normalized datastore value 10.0',
'Cleanup for target 192.0.2.5:3000',
'192.0.2.5:3000 - Check failed: The state could not be determined.',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Checking for target 192.0.2.6:3000 with normalized datastore value 10.0',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Cleanup for target 192.0.2.6:3000',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'192.0.2.6:3000 - Check failed: The state could not be determined.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
end
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
it 'incorrectly handles unknown flags, and inadvertently runs the module with the old rhosts value' do
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_check('-j')
expected_output = [
'Checking for target 192.0.2.1:3000 with normalized datastore value 3.5',
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Cleanup for target 192.0.2.1:3000',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'192.0.2.1:3000 - Check failed: The state could not be determined.'
]
expect(@combined_output).to match_array(expected_output)
end
end
context 'when checking a non remote exploit module' do
let(:current_mod) { non_remote_exploit_mod }
it 'notifies the user that this module does not support check' do
subject.cmd_check
expected_output = [
Add ruby 3.1 support
2022-03-23 13:05:42 +00:00
'This module does not support check.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
end
end
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
describe '#cmd_run' do
before do
set_default_payload(current_mod)
end
context 'when running a remote exploit module' do
let(:current_mod) { remote_exploit_mod }
it 'reports missing RHOST values' do
allow(current_mod).to receive(:run).and_call_original
current_mod.datastore['RHOSTS'] = nil
subject.cmd_run
expected_output = [
Update expected error in tests
2024-02-23 12:47:48 +00:00
'Msf::OptionValidateError One or more options failed to validate: RHOSTS.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
expect(subject.mod).not_to have_received(:run)
end
it 'attempts to run modules with blank RHOSTS' do
allow(current_mod).to receive(:run).and_call_original
current_mod.datastore['RHOSTS'] = ''
subject.cmd_run
expected_output = [
Update expected error in tests
2024-02-23 12:47:48 +00:00
'Msf::OptionValidateError One or more options failed to validate: RHOSTS.'
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
]
expect(@combined_output).to match_array(expected_output)
expect(subject.mod).not_to have_received(:run)
end
it 'reports a missing payload value' do
allow(current_mod).to receive(:run).and_call_original
current_mod.datastore['PAYLOAD'] = nil
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_run
expected_output = [
'Exploit failed: A payload has not been selected.',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
Add test for payload option validation
2021-07-26 12:20:46 +01:00
expect(subject.mod).not_to have_received(:run)
end
it 'validates payload options' do
set_default_payload(current_mod)
allow(current_mod).to receive(:run).and_call_original
current_mod.datastore['REQUIRED_PAYLOAD_OPTION'] = 'foo'
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_run
expected_output = [
'Exploit completed, but no session was created.',
Update expected error in tests
2024-02-23 12:47:48 +00:00
'Msf::OptionValidateError One or more options failed to validate: REQUIRED_PAYLOAD_OPTION.'
Add test for payload option validation
2021-07-26 12:20:46 +01:00
]
expect(@combined_output).to match_array(expected_output)
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
expect(subject.mod).not_to have_received(:run)
end
it 'runs a single RHOST value' do
set_default_payload(current_mod)
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_run
expected_output = [
'Running for target 192.0.2.1:3000 with normalized datastore value 3.5',
'Cleanup for target 192.0.2.1:3000',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'runs multiple RHOST values' do
set_default_payload(current_mod)
current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2'
subject.cmd_run
expected_output = [
Update the necessary unit tests
2021-07-19 16:00:07 -04:00
'Exploiting target 192.0.2.1',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Running for target 192.0.2.1:3000 with normalized datastore value 3.5',
'Cleanup for target 192.0.2.1:3000',
Update the necessary unit tests
2021-07-19 16:00:07 -04:00
'Exploiting target 192.0.2.2',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Running for target 192.0.2.2:3000 with normalized datastore value 3.5',
'Cleanup for target 192.0.2.2:3000',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'normalizes the datastore before running' do
set_default_payload(current_mod)
current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2'
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_run
expected_output = [
Update the necessary unit tests
2021-07-19 16:00:07 -04:00
'Exploiting target 192.0.2.1',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Running for target 192.0.2.1:3000 with normalized datastore value 5.0',
'Cleanup for target 192.0.2.1:3000',
Update the necessary unit tests
2021-07-19 16:00:07 -04:00
'Exploiting target 192.0.2.2',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Running for target 192.0.2.2:3000 with normalized datastore value 5.0',
'Cleanup for target 192.0.2.2:3000',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports inline options' do
set_default_payload(current_mod)
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_run('RHOSTS=192.0.2.5', 'FloatValue=10.0')
expected_output = [
'Running for target 192.0.2.5:3000 with normalized datastore value 10.0',
'Cleanup for target 192.0.2.5:3000',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports multiple inlined RHOST values' do
set_default_payload(current_mod)
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_run('RHOSTS=192.0.2.5 192.0.2.6', 'FloatValue=10.0')
expected_output = [
Consolidate module argument parsing for ensuring consistency
2021-06-21 11:51:00 +01:00
'Exploiting target 192.0.2.5',
'Running for target 192.0.2.5:3000 with normalized datastore value 10.0',
'Cleanup for target 192.0.2.5:3000',
'Exploiting target 192.0.2.6',
'Running for target 192.0.2.6:3000 with normalized datastore value 10.0',
'Cleanup for target 192.0.2.6:3000',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports rhosts as arguments' do
set_default_payload(current_mod)
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_run('192.0.2.5', '192.0.2.6')
expected_output = [
'Exploiting target 192.0.2.5',
'Running for target 192.0.2.5:3000 with normalized datastore value 5.0',
'Cleanup for target 192.0.2.5:3000',
'Exploiting target 192.0.2.6',
'Running for target 192.0.2.6:3000 with normalized datastore value 5.0',
'Cleanup for target 192.0.2.6:3000',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'honors the -j flag, and the module is run as a job' do
set_default_payload(current_mod)
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_run('-j')
expected_output = [
'Running rex job 0 inline',
'Running for target 192.0.2.1:3000 with normalized datastore value 3.5',
'Exploit running as background job 0.',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'honors the -j flag, and the module is run as a job when there are multiple hosts' do
set_default_payload(current_mod)
current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2'
subject.cmd_run('-j')
expected_output = [
Update the necessary unit tests
2021-07-19 16:00:07 -04:00
'Exploiting target 192.0.2.1',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Running rex job 0 inline',
'Running for target 192.0.2.1:3000 with normalized datastore value 3.5',
Update the necessary unit tests
2021-07-19 16:00:07 -04:00
'Exploiting target 192.0.2.2',
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
'Running rex job 1 inline',
'Running for target 192.0.2.2:3000 with normalized datastore value 3.5',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
end
context 'when running a non remote exploit module' do
let(:current_mod) { non_remote_exploit_mod }
it 'reports a missing payload value' do
allow(current_mod).to receive(:run).and_call_original
current_mod.datastore['PAYLOAD'] = nil
current_mod.datastore['RHOSTS'] = '192.0.2.1'
subject.cmd_run
expected_output = [
'Exploit failed: A payload has not been selected.',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
expect(subject.mod).not_to have_received(:run)
end
it 'runs when a payload is set' do
set_default_payload(current_mod)
subject.cmd_run
expected_output = [
'Running with normalized datastore value 3.5',
'Cleanup',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
Ignore iterating multiple rhosts if option not registered
2022-03-08 17:31:26 +00:00
it 'runs the module once, even if multiple rhost values are set' do
set_default_payload(current_mod)
current_mod.datastore.store('FloatValue', '10.0')
current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2 192.0.2.3'
subject.cmd_run
expected_output = [
'Running with normalized datastore value 10.0',
'Cleanup',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
it 'normalized the datastore before running' do
set_default_payload(current_mod)
current_mod.datastore.store('FloatValue', '5.0')
subject.cmd_run
expected_output = [
'Running with normalized datastore value 5.0',
'Cleanup',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports inline options' do
set_default_payload(current_mod)
subject.cmd_run('FloatValue=10.0')
expected_output = [
'Running with normalized datastore value 10.0',
'Cleanup',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
Correctly handle inline payloads being set via datastore options, i.e. run payload=xyz
2021-08-20 13:17:52 +01:00
it 'supports payloads being set via an option' do
set_default_payload(current_mod)
subject.cmd_run('-p', 'foo/bar/baz')
expected_output = [
'Exploit failed: You specified an invalid payload: foo/bar/baz',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
it 'supports payloads being set via a datastore option' do
set_default_payload(current_mod)
subject.cmd_run('payload=foo/bar/baz')
expected_output = [
'Exploit failed: You specified an invalid payload: foo/bar/baz',
'Exploit completed, but no session was created.'
]
expect(@combined_output).to match_array(expected_output)
end
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
end
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
passing all of my changes into rubymines formatter
2013-07-19 11:35:15 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
describe '#cmd_rerun' do
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
passing all of my changes into rubymines formatter
2013-07-19 11:35:15 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
describe '#cmd_exploit' do
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
end
Adding in specs for ui command dispatchers
2013-07-18 12:56:21 -05:00
Add tests for aux and exploit cmd_check and cmd_run
2021-06-25 11:46:44 +01:00
describe '#cmd_reload' do
end
adding new lines to the end of files.
2013-07-22 16:26:45 -05:00
end
Reference in New Issue Copy Permalink