metasploit-framework/features/modules/exploit/smb/ms08_067_netapi.feature

Feature: MS08-067 netapi

  Background:
    Given I run `msfconsole` interactively
    And I wait for stdout to contain "Free Metasploit Pro trial: http://r-7.co/trymsp"
    
  Scenario: The MS08-067 Module should have the following options
    When I type "use exploit/windows/smb/ms08_067_netapi"
    And I type "show options"
    And I type "exit"
    Then the output should contain the following:
    | Module options (exploit/windows/smb/ms08_067_netapi)         |
    | Name     Current Setting  Required  Description              |
    | ----     ---------------  --------  -----------              |
    | RHOST                     yes       The target address       |
    | RPORT    445              yes       Set the SMB service port |
    | RPORT    445              yes       Set the SMB service port |

  Scenario: The MS08-067 Module should have the following advanced options
    When I type "use exploit/windows/smb/ms08_067_netapi"
    And I type "show advanced"
    And I type "exit"
    Then the output should contain the following:
 | Name           : CHOST                                                           |
 | Description    : The local client address                                        |
 | Name           : CPORT                                                           |
 | Description    : The local client port                                           |
 | Name           : ConnectTimeout                                                  |
 | Description    : Maximum number of seconds to establish a TCP connection         |
 | Name           : ContextInformationFile                                          |
 | Description    : The information file that contains context information          |
 | Name           : DCERPC::ReadTimeout                                             |
 | Description    : The number of seconds to wait for DCERPC responses              |
 | Name           : DisablePayloadHandler                                           |
 | Description    : Disable the handler code for the selected payload               |
 | Name           : EnableContextEncoding                                           |
 | Description    : Use transient context when encoding payloads                    |
 | Name           : NTLM::SendLM                                                    |
 | Description    : Always send the LANMAN response (except when NTLMv2_session is  |
 | specified)                                                                       |
 | Name           : NTLM::SendNTLM                                                  |
 | Description    : Activate the 'Negotiate NTLM key' flag, indicating the use of   |
 | NTLM responses                                                                   |
 | Name           : NTLM::SendSPN                                                   |
 | Current Setting: true                                                            |
 | Description    : Send an avp of type SPN in the ntlmv2 client Blob, this allow   |
 | authentification on windows Seven/2008r2 when SPN is required                    |
 | Name           : NTLM::UseLMKey                                                  |
 | Description    : Activate the 'Negotiate Lan Manager Key' flag, using the LM key |
 | when the LM response is sent                                                     |
 | Name           : NTLM::UseNTLM2_session                                          |
 | Description    : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a   |
 | NTLMv2_session                                                                   |
 | Name           : NTLM::UseNTLMv2                                                 |
 | Description    : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key  |
 | is true                                                                          |
 # | Name           : Proxies                                                         |
 # | Description    : Use a proxy chain                                               |
 | Name           : SMB::ChunkSize                                                  |
 | Current Setting: 500                                                             |
 | Description    : The chunk size for SMB segments, bigger values will increase    |
 | speed but break NT 4.0 and SMB signing                                           |
 | Name           : SMB::Native_LM                                                  |
 | Description    : The Native LM to send during authentication                     |
 | Name           : SMB::Native_OS                                                  |
 | Description    : The Native OS to send during authentication                     |
 | Name           : SMB::VerifySignature                                            |
 | Description    : Enforces client-side verification of server response signatures |
 | Name           : SMBDirect                                                       |
 | Description    : The target port is a raw SMB service (not NetBIOS)              |
 | Name           : SMBDomain                                                       |
 | Description    : The Windows domain to use for authentication                    |
 | Name           : SMBName                                                         |
 | Description    : The NetBIOS hostname (required for port 139 connections)        |
 | Name           : SMBPass                                                         |
 | Description    : The password for the specified username                         |
 | Name           : SMBUser                                                         |
 | Description    : The username to authenticate as                                 |
 | Name           : SSL                                                             |
 | Description    : Negotiate SSL for outgoing connections                          |
 | Name           : SSLCipher                                                       |
 | Description    : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"           |
 | Name           : SSLVerifyMode                                                   |
 | Description    : SSL verification method (accepted: CLIENT_ONCE,                 |
 | FAIL_IF_NO_PEER_CERT, NONE, PEER)                                                |
 | Name           : SSLVersion                                                      |
 | Description    : Specify the version of SSL that should be used (accepted: SSL2, |
 | SSL3, TLS1)                                                                      |
 | Name           : VERBOSE                                                         |
 | Description    : Enable detailed status messages                                 |
 | Name           : WORKSPACE                                                       |
 | Description    : Specify the workspace for this module                           |
 | Name           : WfsDelay                                                        |
 | Description    : Additional delay when waiting for a session                     |

  @targets
  Scenario: Show RHOST/etc variable expansion from a config file
    When I type "use exploit/windows/smb/ms08_067_netapi"
    When RHOST is WINDOWS
    And I type "set PAYLOAD windows/meterpreter/bind_tcp"
    And I type "show options"
    And I type "run"
    And I type "exit"
    And I type "exit"
    Then the output should match /spider-wxp/
moving the scenarios around 2014-08-13 21:54:29 +00:00			`Feature: MS08-067 netapi`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00
updating how we use cucumber to match lukes changes 2014-09-02 23:57:55 +00:00			`Background:`
			Given I run `msfconsole` interactively
			`And I wait for stdout to contain "Free Metasploit Pro trial: http://r-7.co/trymsp"`

adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00			`Scenario: The MS08-067 Module should have the following options`
Add @msfconsole tag, simpler module example 2014-08-13 20:55:11 +00:00			`When I type "use exploit/windows/smb/ms08_067_netapi"`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00			`And I type "show options"`
working on a first pass at cucumber for framework 2014-08-13 19:28:28 +00:00			`And I type "exit"`
updating how we use cucumber to match lukes changes 2014-09-02 23:57:55 +00:00			`Then the output should contain the following:`
			`\| Module options (exploit/windows/smb/ms08_067_netapi) \|`
			`\| Name Current Setting Required Description \|`
			`\| ---- --------------- -------- ----------- \|`
			`\| RHOST yes The target address \|`
			`\| RPORT 445 yes Set the SMB service port \|`
			`\| RPORT 445 yes Set the SMB service port \|`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00
			`Scenario: The MS08-067 Module should have the following advanced options`
			`When I type "use exploit/windows/smb/ms08_067_netapi"`
			`And I type "show advanced"`
working on a first pass at cucumber for framework 2014-08-13 19:28:28 +00:00			`And I type "exit"`
updating how we use cucumber to match lukes changes 2014-09-02 23:57:55 +00:00			`Then the output should contain the following:`
			`\| Name : CHOST \|`
			`\| Description : The local client address \|`
			`\| Name : CPORT \|`
			`\| Description : The local client port \|`
			`\| Name : ConnectTimeout \|`
			`\| Description : Maximum number of seconds to establish a TCP connection \|`
			`\| Name : ContextInformationFile \|`
			`\| Description : The information file that contains context information \|`
			`\| Name : DCERPC::ReadTimeout \|`
			`\| Description : The number of seconds to wait for DCERPC responses \|`
			`\| Name : DisablePayloadHandler \|`
			`\| Description : Disable the handler code for the selected payload \|`
			`\| Name : EnableContextEncoding \|`
			`\| Description : Use transient context when encoding payloads \|`
			`\| Name : NTLM::SendLM \|`
			`\| Description : Always send the LANMAN response (except when NTLMv2_session is \|`
			`\| specified) \|`
			`\| Name : NTLM::SendNTLM \|`
			`\| Description : Activate the 'Negotiate NTLM key' flag, indicating the use of \|`
			`\| NTLM responses \|`
			`\| Name : NTLM::SendSPN \|`
			`\| Current Setting: true \|`
			`\| Description : Send an avp of type SPN in the ntlmv2 client Blob, this allow \|`
			`\| authentification on windows Seven/2008r2 when SPN is required \|`
			`\| Name : NTLM::UseLMKey \|`
			`\| Description : Activate the 'Negotiate Lan Manager Key' flag, using the LM key \|`
			`\| when the LM response is sent \|`
			`\| Name : NTLM::UseNTLM2_session \|`
			`\| Description : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a \|`
			`\| NTLMv2_session \|`
			`\| Name : NTLM::UseNTLMv2 \|`
			`\| Description : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key \|`
			`\| is true \|`
			`# \| Name : Proxies \|`
			`# \| Description : Use a proxy chain \|`
			`\| Name : SMB::ChunkSize \|`
			`\| Current Setting: 500 \|`
			`\| Description : The chunk size for SMB segments, bigger values will increase \|`
			`\| speed but break NT 4.0 and SMB signing \|`
			`\| Name : SMB::Native_LM \|`
			`\| Description : The Native LM to send during authentication \|`
			`\| Name : SMB::Native_OS \|`
			`\| Description : The Native OS to send during authentication \|`
			`\| Name : SMB::VerifySignature \|`
			`\| Description : Enforces client-side verification of server response signatures \|`
			`\| Name : SMBDirect \|`
			`\| Description : The target port is a raw SMB service (not NetBIOS) \|`
			`\| Name : SMBDomain \|`
			`\| Description : The Windows domain to use for authentication \|`
			`\| Name : SMBName \|`
			`\| Description : The NetBIOS hostname (required for port 139 connections) \|`
			`\| Name : SMBPass \|`
			`\| Description : The password for the specified username \|`
			`\| Name : SMBUser \|`
			`\| Description : The username to authenticate as \|`
			`\| Name : SSL \|`
			`\| Description : Negotiate SSL for outgoing connections \|`
			`\| Name : SSLCipher \|`
			`\| Description : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH" \|`
			`\| Name : SSLVerifyMode \|`
			`\| Description : SSL verification method (accepted: CLIENT_ONCE, \|`
			`\| FAIL_IF_NO_PEER_CERT, NONE, PEER) \|`
			`\| Name : SSLVersion \|`
			`\| Description : Specify the version of SSL that should be used (accepted: SSL2, \|`
			`\| SSL3, TLS1) \|`
			`\| Name : VERBOSE \|`
			`\| Description : Enable detailed status messages \|`
			`\| Name : WORKSPACE \|`
			`\| Description : Specify the workspace for this module \|`
			`\| Name : WfsDelay \|`
			`\| Description : Additional delay when waiting for a session \|`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00
			`@targets`
Add @target hooks to set RHOST/RHOSTS from config 2014-08-13 22:22:09 +00:00			`Scenario: Show RHOST/etc variable expansion from a config file`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00			`When I type "use exploit/windows/smb/ms08_067_netapi"`
Add @target hooks to set RHOST/RHOSTS from config 2014-08-13 22:22:09 +00:00			`When RHOST is WINDOWS`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00			`And I type "set PAYLOAD windows/meterpreter/bind_tcp"`
Add @target hooks to set RHOST/RHOSTS from config 2014-08-13 22:22:09 +00:00			`And I type "show options"`
adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 2014-08-19 20:06:47 +00:00			`And I type "run"`
			`And I type "exit"`
Add @target hooks to set RHOST/RHOSTS from config 2014-08-13 22:22:09 +00:00			`And I type "exit"`
			`Then the output should match /spider-wxp/`