Do some rspec

2014-03-02 20:37:08 +00:00 · 2014-03-02 20:37:08 +00:00 · 1ca690eccf
parent c9a2135959
commit 1ca690eccf
2 changed files with 116 additions and 4 deletions
--- a/lib/msf/core/exploit/powershell.rb
+++ b/lib/msf/core/exploit/powershell.rb
@ -99,7 +99,7 @@ module Exploit::Powershell
  # Generate a powershell command line
  #
  def generate_psh_command_line(opts)
-    if opts[:path] and opts[:path][-1,1] == "\\"
+    if opts[:path] and (opts[:path][-1,1] != "\\")
      opts[:path] << "\\"
    end

@ -116,8 +116,16 @@ module Exploit::Powershell

  #
  # Generate arguments for the powershell command
+  # The format will be have no space at the start and have a space
+  # afterwards e.g. "-Arg1 x -Arg -Arg x "
  #
  def generate_psh_args(opts)
+    return "" unless opts
+
+    unless opts.has_key? :shorten
+      opts[:shorten] = (datastore['Powershell::method'] != 'old')
+    end
+
    arg_string = " "
    opts.each_pair do |arg, value|
      case arg
@ -153,8 +161,8 @@ module Exploit::Powershell
      arg_string << "-Command #{opts[:command]}"
    end

-    # Shorten args if PSH 2.0+
-    unless datastore['Powershell::method'] == 'old'
+    # Shorten arg if PSH 2.0+
+    if opts[:shorten]
      arg_string.gsub!(' -Command ', ' -c ')
      arg_string.gsub!(' -EncodedCommand ', ' -e ')
      arg_string.gsub!(' -ExecutionPolicy ', ' -ep ')
@ -170,7 +178,11 @@ module Exploit::Powershell
    end

    #Strip off first space character
-    arg_string[1..-1]
+    arg_string = arg_string[1..-1]
+    #Remove final space character
+    arg_string = arg_string[0..-2] if (arg_string[-1] == " ")
+
+    arg_string
  end

  #
--- a/spec/lib/msf/core/exploit/powershell.rb
+++ b/spec/lib/msf/core/exploit/powershell.rb
@ -0,0 +1,100 @@
+# -*- coding:binary -*-
+require 'spec_helper'
+
+require 'msf/core'
+require 'msf/core/exploit/powershell'
+
+describe Msf::Exploit::Powershell do
+  let(:datastore) { { } }
+  subject do
+    mod = Module.new
+    mod.extend described_class
+    mod.stub(
+      :datastore => datastore
+    )
+
+    mod
+  end
+
+  describe "::generate_psh_command_line" do
+    it 'should contain no full stop when :no_full_stop' do
+      opts = {:no_full_stop => true}
+      command = subject.generate_psh_command_line(opts)
+      command.include?("powershell ").should be_true
+    end
+
+    it 'should contain full stop unless :no_full_stop' do
+      opts = {}
+      command = subject.generate_psh_command_line(opts)
+      command.include?("powershell.exe ").should be_true
+
+      opts = {:no_full_stop => false}
+      command = subject.generate_psh_command_line(opts)
+      command.include?("powershell.exe ").should be_true
+    end
+
+    it 'should ensure the path should always ends with \\' do
+      opts = {:path => "test"}
+      command = subject.generate_psh_command_line(opts)
+      command.include?("test\\powershell.exe ").should be_true
+
+      opts = {:path => "test\\"}
+      command = subject.generate_psh_command_line(opts)
+      command.include?("test\\powershell.exe ").should be_true
+    end
+  end
+
+  describe "::generate_psh_args" do
+    it 'should return empty string for nil opts' do
+      subject.generate_psh_args(nil).should eql ""
+    end
+
+    command_args = [[:encodedcommand, "parp"],
+                    [:executionpolicy, "bypass"],
+                    [:inputformat, "xml"],
+                    [:file, "x"],
+                    [:noexit, true],
+                    [:nologo, true],
+                    [:noninteractive, true],
+                    [:mta, true],
+                    [:outputformat, 'xml'],
+                    [:sta, true],
+                    [:noprofile, true],
+                    [:windowstyle, "hidden"],
+                    [:command, "Z"]
+    ]
+
+    permutations = (0..command_args.length).to_a.combination(2).map{|i,j| command_args[i...j]}
+
+    permutations.each do |perms|
+      opts = {}
+      perms.each do |k,v|
+        opts[k] = v
+        it "should generate correct arguments for #{opts}" do
+          opts[:shorten] = true
+          short_args = subject.generate_psh_args(opts)
+          opts[:shorten] = false
+          long_args = subject.generate_psh_args(opts)
+
+          opt_length = opts.length - 1
+
+          short_args.should_not be_nil
+          long_args.should_not be_nil
+          short_args.count('-').should eql opt_length
+          long_args.count('-').should eql opt_length
+          short_args[0].should_not eql " "
+          long_args[0].should_not eql " "
+          short_args[-1].should_not eql " "
+          long_args[-1].should_not eql " "
+
+          if opts[:command]
+            long_args[-10..-1].should eql "-Command Z"
+            short_args[-4..-1].should eql "-c Z"
+          end
+       end
+      end
+    end
+  end
+
+end
+