parent
dc84b3b1ba
commit
52e3405192
|
@ -104,9 +104,6 @@ module Msf::DBManager::ExploitAttempt
|
|||
# @option opts [String] :module (nil)
|
||||
# @return [void]
|
||||
def do_report_failure_or_success(opts)
|
||||
#require 'pry'
|
||||
#binding.pry
|
||||
|
||||
return unless opts[:refs]
|
||||
::ActiveRecord::Base.connection_pool.with_connection {
|
||||
mrefs = opts[:refs]
|
||||
|
@ -156,9 +153,6 @@ module Msf::DBManager::ExploitAttempt
|
|||
attempt_info[:vuln_id] = vuln.id
|
||||
vuln.vuln_attempts.create(attempt_info)
|
||||
|
||||
# require 'pry'
|
||||
# binding.pry
|
||||
|
||||
create_match_result_for_vuln(vuln,opts)
|
||||
|
||||
# Correct the vuln's associated service if necessary
|
||||
|
@ -191,9 +185,6 @@ module Msf::DBManager::ExploitAttempt
|
|||
def create_match_result_for_vuln(vuln, opts)
|
||||
run = MetasploitDataModels::AutomaticExploitation::Run.where(id:opts[:run_id]).last
|
||||
|
||||
# require 'pry'
|
||||
# binding.pry
|
||||
|
||||
if run.present?
|
||||
match = MetasploitDataModels::AutomaticExploitation::Match.by_run_and_vuln(run,vuln).last
|
||||
|
||||
|
@ -218,9 +209,6 @@ module Msf::DBManager::ExploitAttempt
|
|||
state = MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
|
||||
end
|
||||
|
||||
# require 'pry'
|
||||
# binding.pry
|
||||
|
||||
MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
|
||||
match: opts[:match],
|
||||
run: opts[:run],
|
||||
|
@ -238,9 +226,6 @@ module Msf::DBManager::ExploitAttempt
|
|||
run = opts[:run]
|
||||
module_fullname = opts[:module]
|
||||
|
||||
# require 'pry'
|
||||
# binding.pry
|
||||
|
||||
run.match_set.create_match_for_vuln(
|
||||
vuln,
|
||||
workspace: wspace,
|
||||
|
|
|
@ -43,7 +43,6 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
|
|||
end
|
||||
|
||||
context "with a run" do
|
||||
|
||||
let(:opts) do
|
||||
{
|
||||
workspace: workspace,
|
||||
|
@ -137,7 +136,6 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
|
|||
end
|
||||
|
||||
context "without a run" do
|
||||
|
||||
let(:vuln) do
|
||||
FactoryGirl.create(:mdm_vuln)
|
||||
end
|
||||
|
@ -222,233 +220,223 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
|
|||
end
|
||||
|
||||
|
||||
# describe '#report_exploit_success' do
|
||||
# context "with a match" do
|
||||
# subject(:report_exploit_success) do
|
||||
# db_manager.report_exploit_success(opts)
|
||||
# end
|
||||
#
|
||||
# let(:opts) do
|
||||
# {
|
||||
# workspace: workspace,
|
||||
# refs: refs,
|
||||
# host: host,
|
||||
# vuln: vuln_with_match,
|
||||
# session_id: session_id
|
||||
# }
|
||||
# end
|
||||
#
|
||||
# let(:session_id) do
|
||||
# FactoryGirl.create(:session, host: host).id
|
||||
# end
|
||||
#
|
||||
# let(:match_set) do
|
||||
# FactoryGirl.create(:automatic_exploitation_match_set, user: workspace.owner,workspace:workspace)
|
||||
# end
|
||||
#
|
||||
#
|
||||
# let(:match) do
|
||||
# FactoryGirl.create(:automatic_exploitation_match, match_set_id: match_set.id)
|
||||
# end
|
||||
#
|
||||
# let(:vuln_with_match) do
|
||||
# match.matchable
|
||||
# end
|
||||
#
|
||||
# let(:host) do
|
||||
# FactoryGirl.create(:mdm_host, workspace:workspace,vulns:[vuln_with_match])
|
||||
# end
|
||||
#
|
||||
# let(:workspace) do
|
||||
# FactoryGirl.create(:mdm_workspace)
|
||||
# end
|
||||
#
|
||||
# let(:refs) do
|
||||
# [ FactoryGirl.create(:mdm_ref) ]
|
||||
# end
|
||||
#
|
||||
# context 'with a vuln' do
|
||||
# specify do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.to change(Mdm::VulnAttempt,:count).by(1)
|
||||
# end
|
||||
#
|
||||
# it "should create a match result" do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
|
||||
# end
|
||||
#
|
||||
# it "should create a match result with state SUCCEEDED" do
|
||||
# report_exploit_success
|
||||
# expect(
|
||||
# MetasploitDataModels::AutomaticExploitation::MatchResult.where(
|
||||
# match_id: match.id,
|
||||
# state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
|
||||
# )
|
||||
# ).to exist
|
||||
# end
|
||||
#
|
||||
# context "calling report_exploit_success" do
|
||||
# after(:each) do
|
||||
# report_exploit_success
|
||||
# end
|
||||
#
|
||||
# it "should call create_match_result_for_vuln" do
|
||||
# db_manager.should_receive(:create_match_result_for_vuln)
|
||||
# end
|
||||
#
|
||||
# it "should call create_match_result" do
|
||||
# db_manager.should_receive(:create_match_result)
|
||||
# end
|
||||
#
|
||||
# it "should call create_run_for_vuln" do
|
||||
# db_manager.should_receive(:create_run_for_vuln)
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# end
|
||||
#
|
||||
# context 'without a vuln' do
|
||||
# let(:vuln_with_match) { nil }
|
||||
#
|
||||
# let(:host) do
|
||||
# FactoryGirl.create(:mdm_host, workspace:workspace)
|
||||
# end
|
||||
#
|
||||
# specify do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.not_to change(Mdm::VulnAttempt, :count)
|
||||
# end
|
||||
#
|
||||
# it "should not create a match result" do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
|
||||
# end
|
||||
#
|
||||
# context "calling report_exploit_success" do
|
||||
# after(:each) do
|
||||
# report_exploit_success
|
||||
# end
|
||||
#
|
||||
# it "should not call create_match_result_for_vuln" do
|
||||
# db_manager.should_not_receive(:create_match_result_for_vuln)
|
||||
# end
|
||||
#
|
||||
# it "should not call create_match_result" do
|
||||
# db_manager.should_not_receive(:create_match_result)
|
||||
# end
|
||||
#
|
||||
# it "should not call create_run_for_vuln" do
|
||||
# db_manager.should_not_receive(:create_run_for_vuln)
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# end
|
||||
# end
|
||||
#
|
||||
#
|
||||
# context "without a match" do
|
||||
# subject(:report_exploit_success) do
|
||||
# db_manager.report_exploit_success(opts)
|
||||
# end
|
||||
#
|
||||
# let(:workspace) do
|
||||
# FactoryGirl.create(:mdm_workspace)
|
||||
# end
|
||||
#
|
||||
# let(:host) do
|
||||
# FactoryGirl.create(:mdm_host, workspace: workspace)
|
||||
# end
|
||||
#
|
||||
# let(:refs) do
|
||||
# [ FactoryGirl.create(:mdm_ref) ]
|
||||
# end
|
||||
#
|
||||
# let(:vuln) do
|
||||
# FactoryGirl.create(:mdm_vuln)
|
||||
# end
|
||||
#
|
||||
# let(:opts) do
|
||||
# {
|
||||
# workspace: workspace,
|
||||
# refs: refs,
|
||||
# host: host,
|
||||
# vuln: vuln,
|
||||
# }
|
||||
# end
|
||||
#
|
||||
# context 'with a vuln' do
|
||||
# specify do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.to change(Mdm::VulnAttempt,:count).by(1)
|
||||
# end
|
||||
#
|
||||
# it "should not create a match result" do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
|
||||
# end
|
||||
#
|
||||
# context "calling report_exploit_success" do
|
||||
# after(:each) do
|
||||
# report_exploit_success
|
||||
# end
|
||||
#
|
||||
# it "should call create_match_result_for_vuln" do
|
||||
# db_manager.should_receive(:create_match_result_for_vuln)
|
||||
# end
|
||||
#
|
||||
# it "should not call create_match_result" do
|
||||
# db_manager.should_not_receive(:create_match_result)
|
||||
# end
|
||||
#
|
||||
# it "should call create_run_for_vuln" do
|
||||
# db_manager.should_receive(:create_run_for_vuln)
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# end
|
||||
#
|
||||
# context 'without a vuln' do
|
||||
# let(:vuln) { nil }
|
||||
#
|
||||
# specify do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.not_to change(Mdm::VulnAttempt, :count)
|
||||
# end
|
||||
#
|
||||
# it "should not create a match result" do
|
||||
# expect {
|
||||
# report_exploit_success
|
||||
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
|
||||
# end
|
||||
#
|
||||
# context "calling report_exploit_success" do
|
||||
# after(:each) do
|
||||
# report_exploit_success
|
||||
# end
|
||||
#
|
||||
# it "should not call create_match_result_for_vuln" do
|
||||
# db_manager.should_not_receive(:create_match_result_for_vuln)
|
||||
# end
|
||||
#
|
||||
# it "should not call create_match_result" do
|
||||
# db_manager.should_not_receive(:create_match_result)
|
||||
# end
|
||||
#
|
||||
# it "should not call create_run_for_vuln" do
|
||||
# db_manager.should_not_receive(:create_run_for_vuln)
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# end
|
||||
describe '#report_exploit_success' do
|
||||
subject(:report_exploit_success) do
|
||||
db_manager.report_exploit_success(opts)
|
||||
end
|
||||
|
||||
let(:session_id) do
|
||||
FactoryGirl.create(:session, host: host).id
|
||||
end
|
||||
|
||||
let(:run) do
|
||||
match
|
||||
FactoryGirl.create(:automatic_exploitation_run, user: workspace.owner,workspace:workspace, match_set_id: match_set.id)
|
||||
end
|
||||
|
||||
let(:match_set) do
|
||||
FactoryGirl.create(:automatic_exploitation_match_set, user: workspace.owner,workspace:workspace)
|
||||
end
|
||||
|
||||
let(:match) do
|
||||
FactoryGirl.create(:automatic_exploitation_match,
|
||||
match_set_id: match_set.id,
|
||||
matchable_id:vuln_with_match.id,
|
||||
matchable_type: "Mdm::Vuln"
|
||||
)
|
||||
end
|
||||
|
||||
let(:vuln_with_match) do
|
||||
FactoryGirl.create(:mdm_vuln)
|
||||
end
|
||||
|
||||
let(:host) do
|
||||
FactoryGirl.create(:mdm_host, workspace:workspace)
|
||||
end
|
||||
|
||||
let(:workspace) do
|
||||
FactoryGirl.create(:mdm_workspace)
|
||||
end
|
||||
|
||||
let(:refs) do
|
||||
[ FactoryGirl.create(:mdm_ref) ]
|
||||
end
|
||||
|
||||
context "with a run" do
|
||||
let(:opts) do
|
||||
{
|
||||
workspace: workspace,
|
||||
refs: refs,
|
||||
host: host,
|
||||
vuln: vuln_with_match,
|
||||
run_id: run.id,
|
||||
session_id: session_id
|
||||
}
|
||||
end
|
||||
|
||||
context 'with a vuln' do
|
||||
specify do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.to change(Mdm::VulnAttempt,:count).by(1)
|
||||
end
|
||||
|
||||
it "should create a match result" do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
|
||||
end
|
||||
|
||||
it "should create a match result with state SUCCEEDED" do
|
||||
report_exploit_success
|
||||
expect(
|
||||
MetasploitDataModels::AutomaticExploitation::MatchResult.where(
|
||||
match_id: match.id,
|
||||
state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
|
||||
)
|
||||
).to exist
|
||||
end
|
||||
|
||||
context "calling report_exploit_success" do
|
||||
after(:each) do
|
||||
report_exploit_success
|
||||
end
|
||||
|
||||
it "should call create_match_result_for_vuln" do
|
||||
db_manager.should_receive(:create_match_result_for_vuln)
|
||||
end
|
||||
|
||||
it "should call create_match_result" do
|
||||
db_manager.should_receive(:create_match_result)
|
||||
end
|
||||
|
||||
it "should not call create_match_for_vuln" do
|
||||
db_manager.should_not_receive(:create_match_for_vuln)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
context 'without a run' do
|
||||
let(:vuln_with_match) { nil }
|
||||
|
||||
let(:match) {nil}
|
||||
|
||||
specify do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.not_to change(Mdm::VulnAttempt, :count)
|
||||
end
|
||||
|
||||
it "should not create a match result" do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
|
||||
end
|
||||
|
||||
context "calling report_exploit_success" do
|
||||
after(:each) do
|
||||
report_exploit_success
|
||||
end
|
||||
|
||||
it "should not call create_match_result_for_vuln" do
|
||||
db_manager.should_not_receive(:create_match_result_for_vuln)
|
||||
end
|
||||
|
||||
it "should not call create_match_result" do
|
||||
db_manager.should_not_receive(:create_match_result)
|
||||
end
|
||||
|
||||
it "should not call create_match_for_vuln" do
|
||||
db_manager.should_not_receive(:create_match_for_vuln)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
context "without a run" do
|
||||
let(:vuln) do
|
||||
FactoryGirl.create(:mdm_vuln)
|
||||
end
|
||||
|
||||
let(:opts) do
|
||||
{
|
||||
workspace: workspace,
|
||||
refs: refs,
|
||||
host: host,
|
||||
vuln: vuln,
|
||||
}
|
||||
end
|
||||
|
||||
context 'with a vuln' do
|
||||
specify do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.to change(Mdm::VulnAttempt,:count).by(1)
|
||||
end
|
||||
|
||||
it "should not create a match result" do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
|
||||
end
|
||||
|
||||
context "calling report_exploit_success" do
|
||||
after(:each) do
|
||||
report_exploit_success
|
||||
end
|
||||
|
||||
it "should call create_match_result_for_vuln" do
|
||||
db_manager.should_receive(:create_match_result_for_vuln)
|
||||
end
|
||||
|
||||
it "should not call create_match_result" do
|
||||
db_manager.should_not_receive(:create_match_result)
|
||||
end
|
||||
|
||||
it "should not call create_match_for_vuln" do
|
||||
db_manager.should_not_receive(:create_match_for_vuln)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
context 'without a vuln' do
|
||||
let(:vuln) { nil }
|
||||
|
||||
specify do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.not_to change(Mdm::VulnAttempt, :count)
|
||||
end
|
||||
|
||||
it "should not create a match result" do
|
||||
expect {
|
||||
report_exploit_success
|
||||
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
|
||||
end
|
||||
|
||||
context "calling report_exploit_success" do
|
||||
after(:each) do
|
||||
report_exploit_success
|
||||
end
|
||||
|
||||
it "should not call create_match_result_for_vuln" do
|
||||
db_manager.should_not_receive(:create_match_result_for_vuln)
|
||||
end
|
||||
|
||||
it "should not call create_match_result" do
|
||||
db_manager.should_not_receive(:create_match_result)
|
||||
end
|
||||
|
||||
it "should not call create_match_for_vuln" do
|
||||
db_manager.should_not_receive(:create_match_for_vuln)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue