metasploit-framework/spec/support/shared/contexts/msf/util/exe.rb



shared_context 'Msf::Util::Exe' do
  @platform_format_map = {
    "windows" => [
      { :format => "dll",       :arch => "x86", :file_fp => /PE32 .*DLL/  },
      { :format => "dll",       :arch => "x64", :file_fp => /PE32\+.*DLL/ },
      { :format => "exe",       :arch => "x86", :file_fp => /PE32 /  },
      { :format => "exe",       :arch => "x64", :file_fp => /PE32\+/ },
      { :format => "exe",       :arch => "x86_64", :file_fp => /PE32\+/ },
      { :format => "exe-small", :arch => "x86", :file_fp => /PE32 /  },
      # No template for 64-bit exe-small. That's fine, we probably
      # don't need one.
      #{ :format => "exe-small", :arch => "x64", :file_fp => /PE32\+/ },
      { :format => "exe-only",  :arch => "x86", :file_fp => /PE32 /  },
      { :format => "exe-only",  :arch => "x64", :file_fp => /PE32\+ /  },
      { :format => "exe-only",  :arch => "x86_64", :file_fp => /PE32\+ /  },
      { :format => "exe-service",  :arch => "x86", :file_fp => /PE32 /  },
      { :format => "exe-service",  :arch => "x64", :file_fp => /PE32\+ /  },
      { :format => "exe-service",  :arch => "x86_64", :file_fp => /PE32\+ /  },
      { :format => "vbs",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "vbs",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "loop-vbs",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "loop-vbs",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "asp",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "asp",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "aspx-exe",  :arch => "x86", :file_fp => /(ASCII)|(HTML document text)/  },
      { :format => "aspx-exe",  :arch => "x86_64", :file_fp => /(ASCII)|(HTML document text)/  },
      { :format => "aspx",  :arch => "x86", :file_fp => /(ASCII)|(HTML document text)/  },
      { :format => "aspx",  :arch => "x86_64", :file_fp => /(ASCII)|(HTML document text)/  },
      { :format => "vba",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "vba",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "vba-exe",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "vba-exe",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "psh",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "psh",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "psh-net",  :arch => "x86", :file_fp => /ASCII/  },
      { :format => "psh-net",  :arch => "x86_64", :file_fp => /ASCII/  },
      { :format => "war",  :arch => "x86", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "x86_64", :file_fp => /zip|jar/i  },
      { :format => "msi",  :arch => "x86", :file_fp => /(Composite Document)|(CDF V2 Document)/  },
      { :format => "msi",  :arch => "x64", :file_fp => /(Composite Document)|(CDF V2 Document)/  },
      { :format => "msi",  :arch => "x86_64", :file_fp => /(Composite Document)|(CDF V2 Document)/  },
      { :format => "msi-nouac",  :arch => "x86", :file_fp => /(Composite Document)|(CDF V2 Document)/  },
      { :format => "msi-nouac",  :arch => "x64", :file_fp => /(Composite Document)|(CDF V2 Document)/  },
      { :format => "msi-nouac",  :arch => "x86_64", :file_fp => /(Composite Document)|(CDF V2 Document)/  },
    ],
    "linux" => [
      { :format => "elf", :arch => "x86",    :file_fp => /ELF 32.*SYSV/ },
      { :format => "elf", :arch => "x64",    :file_fp => /ELF 64.*SYSV/ },
      { :format => "elf-so", :arch => "x64", :file_fp => /ELF 64.*SYSV/ },
      { :format => "elf", :arch => "armle",  :file_fp => /ELF 32.*ARM/ },
      { :format => "elf", :arch => "mipsbe", :file_fp => /ELF 32-bit MSB\s+executable, MIPS/ },
      { :format => "elf", :arch => "mipsle", :file_fp => /ELF 32-bit LSB\s+executable, MIPS/ },
      { :format => "war",  :arch => "x86", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "x64", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "armle", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "mipsbe", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "mipsle", :file_fp => /zip|jar/i  },
    ],
    "bsd" => [
      { :format => "elf", :arch => "x86", :file_fp => /ELF 32.*BSD/ },
      { :format => "war",  :arch => "x86", :file_fp => /zip|jar/i  },
    ],
    "solaris" => [
      { :format => "elf", :arch => "x86", :file_fp => /ELF 32/ },
      { :format => "war",  :arch => "x86", :file_fp => /zip|jar/i  },
    ],
    "osx" => [
      { :format => "macho", :arch => "x86",   :file_fp => /Mach-O.*i386/  },
      { :format => "macho", :arch => "x64",   :file_fp => /Mach-O 64/     },
      { :format => "macho", :arch => "armle", :file_fp => /Mach-O.*(acorn|arm)/ },
      { :format => "macho", :arch => "ppc",   :file_fp => /Mach-O.*ppc/   },
      { :format => "war",  :arch => "x86", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "x64", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "armle", :file_fp => /zip|jar/i  },
      { :format => "war",  :arch => "ppc", :file_fp => /zip|jar/i  },
    ],
  }

  def verify_bin_fingerprint(format_hash, bin)
    bin.should be_a(String)
    fp = IO.popen("file -","w+") do |io|
       begin
         io.write(bin)
       rescue Errno::EPIPE
       end
       io.close_write
       io.read
    end
    if format_hash[:file_fp]
      fp.should =~ format_hash[:file_fp]
    end
  end
end
Derp, missed file 2013-07-05 22:02:45 +00:00

			`shared_context 'Msf::Util::Exe' do`
			`@platform_format_map = {`
			`"windows" => [`
			`{ :format => "dll", :arch => "x86", :file_fp => /PE32 .*DLL/ },`
			`{ :format => "dll", :arch => "x64", :file_fp => /PE32\+.*DLL/ },`
			`{ :format => "exe", :arch => "x86", :file_fp => /PE32 / },`
			`{ :format => "exe", :arch => "x64", :file_fp => /PE32\+/ },`
Check equality instead of regex Thanks, @Meatballs1 for finding the cause of this bug! [FixRM #8149] 2013-07-06 17:29:37 +00:00			`{ :format => "exe", :arch => "x86_64", :file_fp => /PE32\+/ },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`{ :format => "exe-small", :arch => "x86", :file_fp => /PE32 / },`
			`# No template for 64-bit exe-small. That's fine, we probably`
			`# don't need one.`
			`#{ :format => "exe-small", :arch => "x64", :file_fp => /PE32\+/ },`
			`{ :format => "exe-only", :arch => "x86", :file_fp => /PE32 / },`
			`{ :format => "exe-only", :arch => "x64", :file_fp => /PE32\+ / },`
Fix constant names and 'exe-only' That'll teach me to commit before the specs finish. Really [FixRM #8149] 2013-07-06 17:39:15 +00:00			`{ :format => "exe-only", :arch => "x86_64", :file_fp => /PE32\+ / },`
Merge upstream 2013-08-24 02:34:02 +00:00			`{ :format => "exe-service", :arch => "x86", :file_fp => /PE32 / },`
			`{ :format => "exe-service", :arch => "x64", :file_fp => /PE32\+ / },`
			`{ :format => "exe-service", :arch => "x86_64", :file_fp => /PE32\+ / },`
Make spec exercise non-exes 2013-08-23 23:33:06 +00:00			`{ :format => "vbs", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "vbs", :arch => "x86_64", :file_fp => /ASCII/ },`
			`{ :format => "loop-vbs", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "loop-vbs", :arch => "x86_64", :file_fp => /ASCII/ },`
			`{ :format => "asp", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "asp", :arch => "x86_64", :file_fp => /ASCII/ },`
improve regex 2013-11-11 21:29:34 +00:00			`{ :format => "aspx-exe", :arch => "x86", :file_fp => /(ASCII)\|(HTML document text)/ },`
			`{ :format => "aspx-exe", :arch => "x86_64", :file_fp => /(ASCII)\|(HTML document text)/ },`
			`{ :format => "aspx", :arch => "x86", :file_fp => /(ASCII)\|(HTML document text)/ },`
			`{ :format => "aspx", :arch => "x86_64", :file_fp => /(ASCII)\|(HTML document text)/ },`
Make spec exercise non-exes 2013-08-23 23:33:06 +00:00			`{ :format => "vba", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "vba", :arch => "x86_64", :file_fp => /ASCII/ },`
			`{ :format => "vba-exe", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "vba-exe", :arch => "x86_64", :file_fp => /ASCII/ },`
			`{ :format => "psh", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "psh", :arch => "x86_64", :file_fp => /ASCII/ },`
			`{ :format => "psh-net", :arch => "x86", :file_fp => /ASCII/ },`
			`{ :format => "psh-net", :arch => "x86_64", :file_fp => /ASCII/ },`
adjust Msf::Util::EXE for newer file output Newer releases of File have a much different output when given a jar file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine. Failure/Error: verify_bin_fingerprint(format_hash, bin) expected: /zip/i got: "/dev/stdin: Java archive data (JAR)\n" (using =~) Tested and confirmed working with file 5.17 on Gentoo Linux. 2014-04-22 01:56:56 +00:00			`{ :format => "war", :arch => "x86", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "x86_64", :file_fp => /zip\|jar/i },`
improve regex 2013-11-11 21:29:34 +00:00			`{ :format => "msi", :arch => "x86", :file_fp => /(Composite Document)\|(CDF V2 Document)/ },`
			`{ :format => "msi", :arch => "x64", :file_fp => /(Composite Document)\|(CDF V2 Document)/ },`
			`{ :format => "msi", :arch => "x86_64", :file_fp => /(Composite Document)\|(CDF V2 Document)/ },`
			`{ :format => "msi-nouac", :arch => "x86", :file_fp => /(Composite Document)\|(CDF V2 Document)/ },`
			`{ :format => "msi-nouac", :arch => "x64", :file_fp => /(Composite Document)\|(CDF V2 Document)/ },`
			`{ :format => "msi-nouac", :arch => "x86_64", :file_fp => /(Composite Document)\|(CDF V2 Document)/ },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`],`
			`"linux" => [`
			`{ :format => "elf", :arch => "x86", :file_fp => /ELF 32.*SYSV/ },`
			`{ :format => "elf", :arch => "x64", :file_fp => /ELF 64.*SYSV/ },`
added support to msfpayload to use elf so payload target 2014-06-19 05:59:49 +00:00			`{ :format => "elf-so", :arch => "x64", :file_fp => /ELF 64.*SYSV/ },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`{ :format => "elf", :arch => "armle", :file_fp => /ELF 32.*ARM/ },`
Fix the spec to allow for 1 or more spaces between 2014-06-30 18:18:43 +00:00			`{ :format => "elf", :arch => "mipsbe", :file_fp => /ELF 32-bit MSB\s+executable, MIPS/ },`
			`{ :format => "elf", :arch => "mipsle", :file_fp => /ELF 32-bit LSB\s+executable, MIPS/ },`
adjust Msf::Util::EXE for newer file output Newer releases of File have a much different output when given a jar file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine. Failure/Error: verify_bin_fingerprint(format_hash, bin) expected: /zip/i got: "/dev/stdin: Java archive data (JAR)\n" (using =~) Tested and confirmed working with file 5.17 on Gentoo Linux. 2014-04-22 01:56:56 +00:00			`{ :format => "war", :arch => "x86", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "x64", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "armle", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "mipsbe", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "mipsle", :file_fp => /zip\|jar/i },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`],`
			`"bsd" => [`
			`{ :format => "elf", :arch => "x86", :file_fp => /ELF 32.*BSD/ },`
adjust Msf::Util::EXE for newer file output Newer releases of File have a much different output when given a jar file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine. Failure/Error: verify_bin_fingerprint(format_hash, bin) expected: /zip/i got: "/dev/stdin: Java archive data (JAR)\n" (using =~) Tested and confirmed working with file 5.17 on Gentoo Linux. 2014-04-22 01:56:56 +00:00			`{ :format => "war", :arch => "x86", :file_fp => /zip\|jar/i },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`],`
			`"solaris" => [`
			`{ :format => "elf", :arch => "x86", :file_fp => /ELF 32/ },`
adjust Msf::Util::EXE for newer file output Newer releases of File have a much different output when given a jar file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine. Failure/Error: verify_bin_fingerprint(format_hash, bin) expected: /zip/i got: "/dev/stdin: Java archive data (JAR)\n" (using =~) Tested and confirmed working with file 5.17 on Gentoo Linux. 2014-04-22 01:56:56 +00:00			`{ :format => "war", :arch => "x86", :file_fp => /zip\|jar/i },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`],`
			`"osx" => [`
			`{ :format => "macho", :arch => "x86", :file_fp => /Mach-O.*i386/ },`
			`{ :format => "macho", :arch => "x64", :file_fp => /Mach-O 64/ },`
Fix regex to work on OSX's file(1) 2013-08-06 19:00:35 +00:00			`{ :format => "macho", :arch => "armle", :file_fp => /Mach-O.*(acorn\|arm)/ },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`{ :format => "macho", :arch => "ppc", :file_fp => /Mach-O.*ppc/ },`
adjust Msf::Util::EXE for newer file output Newer releases of File have a much different output when given a jar file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine. Failure/Error: verify_bin_fingerprint(format_hash, bin) expected: /zip/i got: "/dev/stdin: Java archive data (JAR)\n" (using =~) Tested and confirmed working with file 5.17 on Gentoo Linux. 2014-04-22 01:56:56 +00:00			`{ :format => "war", :arch => "x86", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "x64", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "armle", :file_fp => /zip\|jar/i },`
			`{ :format => "war", :arch => "ppc", :file_fp => /zip\|jar/i },`
Derp, missed file 2013-07-05 22:02:45 +00:00			`],`
			`}`

			`def verify_bin_fingerprint(format_hash, bin)`
			`bin.should be_a(String)`
			`fp = IO.popen("file -","w+") do \|io\|`
Whitespace in spec 2013-08-23 23:47:16 +00:00			`begin`
			`io.write(bin)`
Merge and rescue ex correctly 2013-08-28 22:16:14 +00:00			`rescue Errno::EPIPE`
Whitespace in spec 2013-08-23 23:47:16 +00:00			`end`
			`io.close_write`
			`io.read`
Derp, missed file 2013-07-05 22:02:45 +00:00			`end`
			`if format_hash[:file_fp]`
			`fp.should =~ format_hash[:file_fp]`
			`end`
			`end`
			`end`