2018-12-26 11:18:44 -06:00
|
|
|
require 'rex'
|
|
|
|
|
|
|
|
|
|
RSpec.describe Msf::Util::JavaDeserialization do
|
|
|
|
|
let(:payload_name) do
|
|
|
|
|
'PAYLOAD_NAME'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
let(:default_command) do
|
|
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
describe '#ysoserial_payload' do
|
|
|
|
|
|
|
|
|
|
context 'when default payload is not found' do
|
|
|
|
|
it 'raises a RuntimeError' do
|
2023-06-26 10:34:41 +01:00
|
|
|
stub_const('Msf::Util::JavaDeserialization::PAYLOAD_FILENAME', 'INVALID')
|
|
|
|
|
expect{Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command)}.to raise_error(RuntimeError, /Unable to load JSON data from:/)
|
2018-12-26 11:18:44 -06:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when default payload is not JSON format' do
|
2019-01-16 10:47:52 -06:00
|
|
|
it 'raises a RuntimeError error' do
|
2018-12-26 11:18:44 -06:00
|
|
|
allow(File).to receive(:read).and_return('BAD DATA')
|
2023-06-26 10:34:41 +01:00
|
|
|
expect{Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command)}.to raise_error(RuntimeError, /Unable to load JSON data from:/)
|
2018-12-26 11:18:44 -06:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when payload status is unsupported' do
|
|
|
|
|
it 'raises a unsupported error' do
|
2021-02-22 07:59:05 -05:00
|
|
|
json_data = %Q|{"none":{"BeanShell1":{"status":"unsupported","bytes":"AAAA"}}}|
|
2018-12-26 11:18:44 -06:00
|
|
|
allow(File).to receive(:read).and_return(json_data)
|
|
|
|
|
expect{Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command)}.to raise_error(ArgumentError)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when payload status is static' do
|
|
|
|
|
let(:payload_name) do
|
|
|
|
|
'BeanShell1'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns a Base64 string' do
|
|
|
|
|
original_bytes = 'AAAA'
|
|
|
|
|
b64 = Rex::Text.encode_base64(original_bytes)
|
2021-02-22 07:59:05 -05:00
|
|
|
json_data = %Q|{"none":{"BeanShell1":{"status":"static","bytes":"#{b64}"}}}|
|
2018-12-26 11:18:44 -06:00
|
|
|
allow(File).to receive(:read).and_return(json_data)
|
|
|
|
|
p = Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command)
|
|
|
|
|
expect(p).to eq(original_bytes)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when payload status is dynamic' do
|
|
|
|
|
let(:payload_name) do
|
2019-02-15 09:26:44 +08:00
|
|
|
'CommonsCollections1'
|
2018-12-26 11:18:44 -06:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when missing a command' do
|
|
|
|
|
it 'raises an argument error' do
|
|
|
|
|
expect{Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command)}.to raise_error(ArgumentError)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2019-02-15 09:26:44 +08:00
|
|
|
context 'when a modified type is not found' do
|
|
|
|
|
it 'raises an argument error' do
|
2019-02-15 10:30:59 +08:00
|
|
|
type = 'unknown_type'
|
2019-02-15 09:26:44 +08:00
|
|
|
expect{Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command, modified_type: type)}.to raise_error(ArgumentError)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2018-12-26 11:18:44 -06:00
|
|
|
context 'when a command is provided' do
|
|
|
|
|
it 'returns serialized data' do
|
|
|
|
|
default_command = 'id'
|
|
|
|
|
p = Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command)
|
2019-02-15 09:26:44 +08:00
|
|
|
expect(p).to include('java.util.Mapxr')
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when command and type are provided' do
|
|
|
|
|
it 'returns serialized data' do
|
|
|
|
|
default_command = 'id'
|
|
|
|
|
type = 'bash'
|
|
|
|
|
p = Msf::Util::JavaDeserialization::ysoserial_payload(payload_name, default_command, modified_type: type)
|
|
|
|
|
expect(p).to include('java.util.Mapxr')
|
2018-12-26 11:18:44 -06:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
