remaining os filtering

now can filter by os name and service pack need to do final logic to turn that into an actual target selection MS-2325
2016-12-28 12:02:19 -06:00 · 2016-12-28 12:02:19 -06:00 · 201b65e43d
parent 05ac2ee6ed
commit 201b65e43d
2 changed files with 69 additions and 13 deletions
--- a/lib/msf/core/exploit/auto_target.rb
+++ b/lib/msf/core/exploit/auto_target.rb
@ -15,8 +15,9 @@ module Msf
      return nil unless auto_target?
      host_record = target_host
      return nil if host_record.nil?
-      potential_targets = filter_by_os_name(host_record)
-
+      filtered_by_family = filter_by_os_family(host_record)
+      filtered_by_name   = filter_by_os_name(filtered_by_family, host_record)
+      filtered_by_sp     = filter_by_os_sp(filtered_by_name,host_record)
    end

    def target_host
@ -38,9 +39,22 @@ module Msf
      filtered_targets.compact
    end

-    def filter_by_os_flavor(potential_targets, host_record)
-      return potential_targets if host_record.os_flavor.blank?
-      potential_targets
+    def filter_by_os_name(potential_targets, host_record)
+      return [] if host_record.os_name.blank?
+      filtered_targets = []
+      potential_targets.each do |target|
+        filtered_targets << target if target.name =~ /#{host_record.os_name}/
+      end
+      filtered_targets
+    end
+
+    def filter_by_os_sp(potential_targets, host_record)
+      return [] if host_record.os_sp.blank?
+      filtered_targets = []
+      potential_targets.each do |target|
+        filtered_targets << target if target.name =~ /#{host_record.os_sp}/
+      end
+      filtered_targets
    end
  end
 end
--- a/spec/lib/msf/core/exploit/auto_target_spec.rb
+++ b/spec/lib/msf/core/exploit/auto_target_spec.rb
@ -61,16 +61,23 @@ RSpec.describe Msf::Exploit::AutoTarget do
    end
  end

-  context 'filtering by OS family' do
-    let(:windows_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows' ) }
+  context 'filtering targets' do
+    let(:windows_xp_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows', os_name: 'Windows XP' ) }
+    let(:windows_xp_sp1_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows', os_name: 'Windows XP', os_sp: 'SP1' ) }
+    let(:windows_xp_sp2_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows', os_name: 'Windows XP', os_sp: 'SP2' ) }
+    let(:windows_xp_sp3_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows', os_name: 'Windows XP', os_sp: 'SP3' ) }
+    let(:windows_7_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows', os_name: 'Windows 7' ) }
    let(:unknown_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: nil ) }
+    let(:potential_targets) { windows_exploit.filter_by_os_family(windows_xp_host) }
+    let(:xp_targets) { windows_exploit.filter_by_os_name(potential_targets,windows_xp_host) }

+    context 'by OS family' do
      it 'should return an array of all matching targets' do
-      expect(windows_exploit.filter_by_os_family(windows_host).count).to eq 4
+        expect(windows_exploit.filter_by_os_family(windows_xp_host).count).to eq 4
      end

      it 'should return an empty array if there are no matches' do
-      expect(linux_exploit.filter_by_os_family(windows_host).count).to eq 0
+        expect(linux_exploit.filter_by_os_family(windows_xp_host).count).to eq 0
      end

      it 'should return nil if the os is unkown on the host' do
@ -78,6 +85,41 @@ RSpec.describe Msf::Exploit::AutoTarget do
      end
    end

+    context 'by OS Name' do
+
+
+      it 'should return an array of matching targets when any exist' do
+        expect(windows_exploit.filter_by_os_name(potential_targets,windows_xp_host)).to eq [potential_targets[1],potential_targets[3]]
+      end
+
+      it 'should return an empty array if there are no matches' do
+        expect(windows_exploit.filter_by_os_name(potential_targets,windows_7_host)).to eq []
+      end
+
+      it 'should return an empty array when there is no OS name' do
+        expect(windows_exploit.filter_by_os_name(potential_targets,unknown_host)).to eq []
+      end
+    end
+
+    context 'by OS Version/Service Pack' do
+      it 'should return an array of matching results if they exist' do
+        expect(windows_exploit.filter_by_os_sp(potential_targets,windows_xp_sp1_host)).to eq [xp_targets[0]]
+      end
+
+      it 'should return an empty array if there are no matching results' do
+        expect(windows_exploit.filter_by_os_sp(potential_targets,windows_xp_sp2_host)).to eq []
+      end
+
+      it 'should return an empty array if there is no SP' do
+        expect(windows_exploit.filter_by_os_sp(potential_targets,unknown_host)).to eq []
+      end
+
+    end
+
+  end
+
+
+


 end