metasploit-framework/spec/support/shared/contexts/msf/util/exe.rb

95 lines
5.2 KiB
Ruby
Raw Normal View History

2013-07-05 22:02:45 +00:00
shared_context 'Msf::Util::Exe' do
@platform_format_map = {
"windows" => [
{ :format => "dll", :arch => "x86", :file_fp => /PE32 .*DLL/ },
{ :format => "dll", :arch => "x64", :file_fp => /PE32\+.*DLL/ },
{ :format => "exe", :arch => "x86", :file_fp => /PE32 / },
{ :format => "exe", :arch => "x64", :file_fp => /PE32\+/ },
{ :format => "exe", :arch => "x86_64", :file_fp => /PE32\+/ },
2013-07-05 22:02:45 +00:00
{ :format => "exe-small", :arch => "x86", :file_fp => /PE32 / },
# No template for 64-bit exe-small. That's fine, we probably
# don't need one.
#{ :format => "exe-small", :arch => "x64", :file_fp => /PE32\+/ },
{ :format => "exe-only", :arch => "x86", :file_fp => /PE32 / },
{ :format => "exe-only", :arch => "x64", :file_fp => /PE32\+ / },
{ :format => "exe-only", :arch => "x86_64", :file_fp => /PE32\+ / },
2013-08-24 02:34:02 +00:00
{ :format => "exe-service", :arch => "x86", :file_fp => /PE32 / },
{ :format => "exe-service", :arch => "x64", :file_fp => /PE32\+ / },
{ :format => "exe-service", :arch => "x86_64", :file_fp => /PE32\+ / },
2013-08-23 23:33:06 +00:00
{ :format => "vbs", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "vbs", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "loop-vbs", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "loop-vbs", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "asp", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "asp", :arch => "x86_64", :file_fp => /ASCII/ },
2013-11-11 21:29:34 +00:00
{ :format => "aspx-exe", :arch => "x86", :file_fp => /(ASCII)|(HTML document text)/ },
{ :format => "aspx-exe", :arch => "x86_64", :file_fp => /(ASCII)|(HTML document text)/ },
{ :format => "aspx", :arch => "x86", :file_fp => /(ASCII)|(HTML document text)/ },
{ :format => "aspx", :arch => "x86_64", :file_fp => /(ASCII)|(HTML document text)/ },
2013-08-23 23:33:06 +00:00
{ :format => "vba", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "vba", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "vba-exe", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "vba-exe", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "psh", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "psh", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "psh-net", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "psh-net", :arch => "x86_64", :file_fp => /ASCII/ },
2014-01-01 00:09:11 +00:00
{ :format => "war", :arch => "x86", :file_fp => /zip/i },
{ :format => "war", :arch => "x86_64", :file_fp => /zip/i },
2013-11-11 21:29:34 +00:00
{ :format => "msi", :arch => "x86", :file_fp => /(Composite Document)|(CDF V2 Document)/ },
{ :format => "msi", :arch => "x64", :file_fp => /(Composite Document)|(CDF V2 Document)/ },
{ :format => "msi", :arch => "x86_64", :file_fp => /(Composite Document)|(CDF V2 Document)/ },
{ :format => "msi-nouac", :arch => "x86", :file_fp => /(Composite Document)|(CDF V2 Document)/ },
{ :format => "msi-nouac", :arch => "x64", :file_fp => /(Composite Document)|(CDF V2 Document)/ },
{ :format => "msi-nouac", :arch => "x86_64", :file_fp => /(Composite Document)|(CDF V2 Document)/ },
2013-07-05 22:02:45 +00:00
],
"linux" => [
{ :format => "elf", :arch => "x86", :file_fp => /ELF 32.*SYSV/ },
{ :format => "elf", :arch => "x64", :file_fp => /ELF 64.*SYSV/ },
{ :format => "elf", :arch => "armle", :file_fp => /ELF 32.*ARM/ },
{ :format => "elf", :arch => "mipsbe", :file_fp => /ELF 32-bit MSB executable, MIPS/ },
{ :format => "elf", :arch => "mipsle", :file_fp => /ELF 32-bit LSB executable, MIPS/ },
2014-01-01 00:09:11 +00:00
{ :format => "war", :arch => "x86", :file_fp => /zip/i },
{ :format => "war", :arch => "x64", :file_fp => /zip/i },
{ :format => "war", :arch => "armle", :file_fp => /zip/i },
{ :format => "war", :arch => "mipsbe", :file_fp => /zip/i },
{ :format => "war", :arch => "mipsle", :file_fp => /zip/i },
2013-07-05 22:02:45 +00:00
],
"bsd" => [
{ :format => "elf", :arch => "x86", :file_fp => /ELF 32.*BSD/ },
2014-01-01 00:09:11 +00:00
{ :format => "war", :arch => "x86", :file_fp => /zip/i },
2013-07-05 22:02:45 +00:00
],
"solaris" => [
{ :format => "elf", :arch => "x86", :file_fp => /ELF 32/ },
2014-01-01 00:09:11 +00:00
{ :format => "war", :arch => "x86", :file_fp => /zip/i },
2013-07-05 22:02:45 +00:00
],
"osx" => [
{ :format => "macho", :arch => "x86", :file_fp => /Mach-O.*i386/ },
{ :format => "macho", :arch => "x64", :file_fp => /Mach-O 64/ },
2013-08-06 19:00:35 +00:00
{ :format => "macho", :arch => "armle", :file_fp => /Mach-O.*(acorn|arm)/ },
2013-07-05 22:02:45 +00:00
{ :format => "macho", :arch => "ppc", :file_fp => /Mach-O.*ppc/ },
2014-01-01 00:09:11 +00:00
{ :format => "war", :arch => "x86", :file_fp => /zip/i },
{ :format => "war", :arch => "x64", :file_fp => /zip/i },
{ :format => "war", :arch => "armle", :file_fp => /zip/i },
{ :format => "war", :arch => "ppc", :file_fp => /zip/i },
2013-07-05 22:02:45 +00:00
],
}
def verify_bin_fingerprint(format_hash, bin)
bin.should be_a(String)
fp = IO.popen("file -","w+") do |io|
2013-08-23 23:47:16 +00:00
begin
io.write(bin)
2013-08-28 22:16:14 +00:00
rescue Errno::EPIPE
2013-08-23 23:47:16 +00:00
end
io.close_write
io.read
2013-07-05 22:02:45 +00:00
end
if format_hash[:file_fp]
fp.should =~ format_hash[:file_fp]
end
end
end