infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make post service manipulation tests work 

Fix a funny default service name, adjust test to be case-agnostic.

winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.

The following RC script has 7 successful outputs when run against a reverse_tcp shell.

Run a reverse_tcp stager and the following RC script to run the test

```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```

Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411, though it runs ok on
Windows XP.
bug/bundler_fix
Brent Cook 2014-12-30 14:03:23 -06:00
parent c96c8a03cf
commit 0c94536b87
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
test/modules/post/test/services.rb
View File

@ -29,7 +29,7 @@ class Metasploit3 < Msf::Post
register_options(
[
OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]),
OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "test"]),
OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]),
OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]),
OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]),
@ -69,7 +69,18 @@ class Metasploit3 < Msf::Post
ret &&= results.kind_of? Array
ret &&= results.length > 0
ret &&= results.include? datastore["QSERVICE"]
# Adjust the QSERVICE to match the case of the service name. This is used
# later in test_info, which is case-sensitive.
found = false
results.each do |service|
if service.downcase == datastore["QSERVICE"].downcase
datastore["QSERVICE"] = service.to_s
found = true
break
end
end
ret &&= found
ret
end
@ -83,7 +94,8 @@ class Metasploit3 < Msf::Post
ret &&= results.kind_of? Hash
if ret
ret &&= results.has_key? "Name"
ret &&= (results["Name"] == "Windows Management Instrumentation")
ret &&= ([results["Name"]] &
["Windows Management Instrumentation", "@%Systemroot%\\system32\\wbem\\\wmisvc.dll,-205"]).any?
ret &&= results.has_key? "Startup"
ret &&= results.has_key? "Command"
ret &&= results.has_key? "Credentials"