# -*- coding:binary -*- require 'spec_helper' require 'rex/java/serialization' require 'rex/proto/rmi' require 'msf/java/rmi/client' require 'stringio' describe Msf::Java::Rmi::Client::Jmx::Server do let(:new_client_response) do "\x51\xac\xed\x00\x05\x77\x0f\x01\x82\x73\x92\x35\x00\x00\x01\x4c" + "\x48\x27\x84\x49\x80\xbf\x73\x72\x00\x32\x6a\x61\x76\x61\x78\x2e" + "\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2e\x72\x65\x6d\x6f\x74" + "\x65\x2e\x72\x6d\x69\x2e\x52\x4d\x49\x43\x6f\x6e\x6e\x65\x63\x74" + "\x69\x6f\x6e\x49\x6d\x70\x6c\x5f\x53\x74\x75\x62\x00\x00\x00\x00" + "\x00\x00\x00\x02\x02\x00\x00\x70\x78\x72\x00\x1a\x6a\x61\x76\x61" + "\x2e\x72\x6d\x69\x2e\x73\x65\x72\x76\x65\x72\x2e\x52\x65\x6d\x6f" + "\x74\x65\x53\x74\x75\x62\xe9\xfe\xdc\xc9\x8b\xe1\x65\x1a\x02\x00" + "\x00\x70\x78\x72\x00\x1c\x6a\x61\x76\x61\x2e\x72\x6d\x69\x2e\x73" + "\x65\x72\x76\x65\x72\x2e\x52\x65\x6d\x6f\x74\x65\x4f\x62\x6a\x65" + "\x63\x74\xd3\x61\xb4\x91\x0c\x61\x33\x1e\x03\x00\x00\x70\x78\x70" + "\x77\x37\x00\x0a\x55\x6e\x69\x63\x61\x73\x74\x52\x65\x66\x00\x0e" + "\x31\x37\x32\x2e\x31\x36\x2e\x31\x35\x38\x2e\x31\x33\x32\x00\x00" + "\x13\x26\xa2\x01\x50\x97\x40\xd4\x90\xd1\x82\x73\x92\x35\x00\x00" + "\x01\x4c\x48\x27\x84\x49\x80\xbe\x01\x78" end let(:remote_address) do '172.16.158.132' end subject(:mod) do mod = ::Msf::Exploit.new mod.extend ::Msf::Java::Rmi::Client mod.send(:initialize) mod end let(:io) { StringIO.new('', 'w+b') } describe "#send_new_client" do context "when there is an RMIServerImpl_Stub interface" do before(:each) do allow_any_instance_of(::StringIO).to receive(:put) do |io, data| io.seek(0) io.write(new_client_response) io.seek(0) end allow_any_instance_of(::StringIO).to receive(:get_once) do |io, length, timeout| io.read end end it "returns the reference information" do expect(mod.send_new_client(sock: io)[:address]).to eq(remote_address) end end end end