infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/MSP-11925/create-user-data' into staging/single-vuln-push 

Conflicts:
	Gemfile.lock
bug/bundler_fix
James Lee 2015-03-24 12:42:08 -05:00
parent f5947e8ef5 96195f317e
commit 414983ac8c
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
9 changed files with 519 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -3,6 +3,8 @@ source 'https://rubygems.org'
# spec.add_runtime_dependency '<name>', [<version requirements>] # spec.add_runtime_dependency '<name>', [<version requirements>]
gemspec name: 'metasploit-framework' gemspec name: 'metasploit-framework'
gem 'metasploit_data_models', git: 'https://github.com/rapid7/metasploit_data_models.git', branch: 'staging/single-vuln-push'
# separate from test as simplecov is not run on travis-ci # separate from test as simplecov is not run on travis-ci
group :coverage do group :coverage do
# code coverage for tests # code coverage for tests

25
Gemfile.lock
View File

@ -1,3 +1,18 @@
GIT
remote: https://github.com/rapid7/metasploit_data_models.git
revision: 6835d9cf61ad998db4184405ab21a92ef92caaa5
branch: staging/single-vuln-push
specs:
metasploit_data_models (0.23.2.pre.single.pre.vuln.pre.push)
activerecord (>= 3.2.13, < 4.0.0)
activesupport
arel-helpers
metasploit-concern (~> 0.3.0)
metasploit-model (~> 0.29.0)
pg
railties (< 4.0.0)
recog (~> 1.0)
PATH PATH
remote: . remote: .
specs: specs:
@ -123,15 +138,6 @@ GEM
metasploit-model (0.29.0) metasploit-model (0.29.0)
activesupport activesupport
railties (< 4.0.0) railties (< 4.0.0)
metasploit_data_models (0.23.1)
activerecord (>= 3.2.13, < 4.0.0)
activesupport
arel-helpers
metasploit-concern (~> 0.3.0)
metasploit-model (~> 0.29.0)
pg
railties (< 4.0.0)
recog (~> 1.0)
meterpreter_bins (0.0.17) meterpreter_bins (0.0.17)
method_source (0.8.2) method_source (0.8.2)
mime-types (1.25.1) mime-types (1.25.1)
@ -236,6 +242,7 @@ DEPENDENCIES
metasploit-framework! metasploit-framework!
metasploit-framework-db! metasploit-framework-db!
metasploit-framework-pcap! metasploit-framework-pcap!
metasploit_data_models!
pry pry
rake (>= 10.0.0) rake (>= 10.0.0)
redcarpet redcarpet

79
db/schema.rb
View File

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20150212214222) do ActiveRecord::Schema.define(:version => 20150312155312) do
create_table "api_keys", :force => true do |t| create_table "api_keys", :force => true do |t|
t.text "token" t.text "token"
@ -19,6 +19,47 @@ ActiveRecord::Schema.define(:version => 20150212214222) do
t.datetime "updated_at", :null => false t.datetime "updated_at", :null => false
end end
create_table "automatic_exploitation_match_results", :force => true do |t|
t.integer "match_id"
t.integer "run_id"
t.string "state", :null => false
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
create_table "automatic_exploitation_match_sets", :force => true do |t|
t.integer "workspace_id"
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
add_index "automatic_exploitation_match_sets", ["user_id"], :name => "index_automatic_exploitation_match_sets_on_user_id"
add_index "automatic_exploitation_match_sets", ["workspace_id"], :name => "index_automatic_exploitation_match_sets_on_workspace_id"
create_table "automatic_exploitation_matches", :force => true do |t|
t.integer "module_detail_id"
t.string "state"
t.integer "nexpose_data_vulnerability_definition_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.integer "match_set_id"
t.string "matchable_type"
t.integer "matchable_id"
t.text "module_fullname"
end
add_index "automatic_exploitation_matches", ["module_detail_id"], :name => "index_automatic_exploitation_matches_on_ref_id"
add_index "automatic_exploitation_matches", ["module_fullname"], :name => "index_automatic_exploitation_matches_on_module_fullname"
create_table "automatic_exploitation_runs", :force => true do |t|
t.integer "workspace_id"
t.integer "user_id"
t.integer "match_set_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
create_table "clients", :force => true do |t| create_table "clients", :force => true do |t|
t.integer "host_id" t.integer "host_id"
t.datetime "created_at" t.datetime "created_at"
@ -155,19 +196,22 @@ ActiveRecord::Schema.define(:version => 20150212214222) do
end end
create_table "loots", :force => true do |t| create_table "loots", :force => true do |t|
t.integer "workspace_id", :default => 1, :null => false t.integer "workspace_id", :default => 1, :null => false
t.integer "host_id" t.integer "host_id"
t.integer "service_id" t.integer "service_id"
t.string "ltype", :limit => 512 t.string "ltype", :limit => 512
t.string "path", :limit => 1024 t.string "path", :limit => 1024
t.text "data" t.text "data"
t.datetime "created_at", :null => false t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false t.datetime "updated_at", :null => false
t.string "content_type" t.string "content_type"
t.text "name" t.text "name"
t.text "info" t.text "info"
t.integer "module_run_id"
end end
add_index "loots", ["module_run_id"], :name => "index_loots_on_module_run_id"
create_table "macros", :force => true do |t| create_table "macros", :force => true do |t|
t.datetime "created_at", :null => false t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false t.datetime "updated_at", :null => false
@ -359,6 +403,24 @@ ActiveRecord::Schema.define(:version => 20150212214222) do
add_index "module_refs", ["detail_id"], :name => "index_module_refs_on_module_detail_id" add_index "module_refs", ["detail_id"], :name => "index_module_refs_on_module_detail_id"
add_index "module_refs", ["name"], :name => "index_module_refs_on_name" add_index "module_refs", ["name"], :name => "index_module_refs_on_name"
create_table "module_runs", :force => true do |t|
t.datetime "attempted_at"
t.text "fail_detail"
t.string "fail_reason"
t.integer "module_detail_id"
t.text "module_full_name"
t.integer "port"
t.string "proto"
t.integer "session_id"
t.string "status"
t.integer "trackable_id"
t.string "trackable_type"
t.integer "user_id"
t.string "username"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
create_table "module_targets", :force => true do |t| create_table "module_targets", :force => true do |t|
t.integer "detail_id" t.integer "detail_id"
t.integer "index" t.integer "index"
@ -481,13 +543,16 @@ ActiveRecord::Schema.define(:version => 20150212214222) do
t.integer "port" t.integer "port"
t.string "platform" t.string "platform"
t.text "datastore" t.text "datastore"
t.datetime "opened_at", :null => false t.datetime "opened_at", :null => false
t.datetime "closed_at" t.datetime "closed_at"
t.string "close_reason" t.string "close_reason"
t.integer "local_id" t.integer "local_id"
t.datetime "last_seen" t.datetime "last_seen"
t.integer "module_run_id"
end end
add_index "sessions", ["module_run_id"], :name => "index_sessions_on_module_run_id"
create_table "tags", :force => true do |t| create_table "tags", :force => true do |t|
t.integer "user_id" t.integer "user_id"
t.string "name", :limit => 1024 t.string "name", :limit => 1024

2
lib/msf/core/db_manager/exploit_attempt.rb
View File

@ -209,4 +209,4 @@ module Msf::DBManager::ExploitAttempt
host.exploit_attempts.create(attempt_info) host.exploit_attempts.create(attempt_info)
} }
end end
end end

120
lib/msf/core/db_manager/session.rb
View File

@ -121,7 +121,6 @@ module Msf::DBManager::Session
else else
raise ArgumentError.new("Missing option :session or :host") raise ArgumentError.new("Missing option :session or :host")
end end
ret = {}
# Truncate the session data if necessary # Truncate the session data if necessary
if sess_data[:desc] if sess_data[:desc]
@ -145,61 +144,80 @@ module Msf::DBManager::Session
end end
end end
if opts[:session] if opts[:session]
session.db_record = s session.db_record = s
end if session.assoc_exploit.user_data_is_match?
# do some shit with the match
# If this is a live session, we know the host is vulnerable to something. MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
if opts[:session] and session.via_exploit match: session.assoc_exploit.user_data[:match],
mod = framework.modules.create(session.via_exploit) match_set: session.assoc_exploit.user_data[:match_set],
run: session.assoc_exploit.user_data[:run],
if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule'] state: 'succeeded',
mod_fullname = sess_data[:datastore]['ParentModule'] )
mod_name = ::Mdm::Module::Detail.find_by_fullname(mod_fullname).name elsif session.via_exploit
else # This is a live session, we know the host is vulnerable to something.
mod_name = mod.name infer_vuln_from_session(session, wspace)
mod_fullname = mod.fullname
end end
vuln_info = {
:host => host.address,
:name => mod_name,
:refs => mod.references,
:workspace => wspace,
:exploited_at => Time.now.utc,
:info => "Exploited by #{mod_fullname} to create Session #{s.id}"
}
port = session.exploit_datastore["RPORT"]
service = (port ? host.services.find_by_port(port.to_i) : nil)
vuln_info[:service] = service if service
vuln = framework.db.report_vuln(vuln_info)
if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
via_exploit = sess_data[:datastore]['ParentModule']
else
via_exploit = session.via_exploit
end
attempt_info = {
:timestamp => Time.now.utc,
:workspace => wspace,
:module => via_exploit,
:username => session.username,
:refs => mod.references,
:session_id => s.id,
:host => host,
:service => service,
:vuln => vuln
}
framework.db.report_exploit_success(attempt_info)
end end
s s
} }
end end
end
protected
# @param session [Msf::Session] A session with a {db_record Msf::Session#db_record}
# @param wspace [Mdm::Workspace]
# @return [void]
def infer_vuln_from_session(session, wspace)
s = session.db_record
host = session.db_record.host
mod = framework.modules.create(session.via_exploit)
if session.via_exploit == "exploit/multi/handler" and session.exploit_datastore['ParentModule']
mod_fullname = session.exploit_datastore['ParentModule']
mod_name = ::Mdm::Module::Detail.find_by_fullname(mod_fullname).name
else
mod_name = mod.name
mod_fullname = mod.fullname
end
vuln_info = {
:host => host.address,
:name => mod_name,
:refs => mod.references,
:workspace => wspace,
:exploited_at => Time.now.utc,
:info => "Exploited by #{mod_fullname} to create Session #{s.id}"
}
port = session.exploit_datastore["RPORT"]
service = (port ? host.services.find_by_port(port.to_i) : nil)
vuln_info[:service] = service if service
vuln = framework.db.report_vuln(vuln_info)
if session.via_exploit == "exploit/multi/handler" and session.exploit_datastore['ParentModule']
via_exploit = session.exploit_datastore['ParentModule']
else
via_exploit = session.via_exploit
end
attempt_info = {
:timestamp => Time.now.utc,
:workspace => wspace,
:module => via_exploit,
:username => session.username,
:refs => mod.references,
:session_id => s.id,
:host => host,
:service => service,
:vuln => vuln
}
framework.db.report_exploit_success(attempt_info)
end
end

16
lib/msf/core/module.rb
View File

@ -278,6 +278,14 @@ class Module
raise RuntimeError, "#{reason.to_s}: #{msg}" raise RuntimeError, "#{reason.to_s}: #{msg}"
end end
# Whether {user_data} contains everything necessary to make a
# `MetasploitDataModels::AutomaticExploitation::MatchResult`
#
# @return [bool]
def user_data_is_match?
user_data.kind_of?(Hash) && user_data.keys == [ :match, :match_set, :run ]
end
## ##
# #
# Just some handy quick checks # Just some handy quick checks
@ -295,6 +303,7 @@ class Module
# The array of zero or more platforms. # The array of zero or more platforms.
# #
attr_reader :platform attr_reader :platform
# #
# The reference count for the module. # The reference count for the module.
# #
@ -315,6 +324,13 @@ class Module
# #
attr_accessor :error attr_accessor :error
# An opaque bag of data to attach to a module. This is useful for attaching
# some piece of identifying info on to a module before calling
# {Msf::Simple::Exploit#exploit_simple} or
# {Msf::Simple::Auxiliary#run_simple} for correlating where modules came
# from.
attr_accessor :user_data
protected protected
# #

11
spec/lib/msf/core/module_spec.rb
View File

@ -46,6 +46,17 @@ describe Msf::Module do
it { is_expected.to respond_to :is_usable } it { is_expected.to respond_to :is_usable }
end end
describe '#user_data_is_match?' do
subject(:msf_module) {
msf_module = described_class.new
msf_module.user_data = { match: 'match', match_set: 'match_set', run: 'run' }
msf_module
}
specify do
expect(msf_module.user_data_is_match?).to eq(true)
end
end
describe "cloning modules into replicants" do describe "cloning modules into replicants" do
module MsfExtensionTestFoo; def my_test1; true; end; end; module MsfExtensionTestFoo; def my_test1; true; end; end;
module MsfExtensionTestBar; def my_test2; true; end; end; module MsfExtensionTestBar; def my_test2; true; end; end;

35
spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
View File

@ -3,4 +3,37 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
it { is_expected.to respond_to :report_exploit_attempt } it { is_expected.to respond_to :report_exploit_attempt }
it { is_expected.to respond_to :report_exploit_failure } it { is_expected.to respond_to :report_exploit_failure }
it { is_expected.to respond_to :report_exploit_success } it { is_expected.to respond_to :report_exploit_success }
end
describe '#report_exploit_success' do
let(:workspace) do
FactoryGirl.create(:mdm_workspace)
end
let(:host) do
FactoryGirl.create(:mdm_host, workspace: workspace)
end
let(:refs) do
[ FactoryGirl.create(:mdm_ref) ]
end
let(:vuln) do
FactoryGirl.create(:mdm_vuln)
end
let(:opts) do
{
workspace: workspace,
refs: refs,
host: host,
vuln: vuln,
}
end
specify do
expect{ subject.report_exploit_success(opts) }.to change{ Mdm::VulnAttempt.count }.by(1)
end
end
end

569
spec/support/shared/examples/msf/db_manager/session.rb
View File

@ -39,12 +39,15 @@ shared_examples_for 'Msf::DBManager::Session' do
let(:module_instance) do let(:module_instance) do
name = 'multi/handler' name = 'multi/handler'
double( d = double(
'Msf::Module', 'Msf::Exploit',
:user_data => user_data,
:fullname => "exploit/#{name}", :fullname => "exploit/#{name}",
:framework => framework, :framework => framework,
:name => name :name => name
) )
allow(d).to receive(:user_data_is_match?).and_return(false)
d
end end
let(:options_workspace) do let(:options_workspace) do
@ -65,6 +68,7 @@ shared_examples_for 'Msf::DBManager::Session' do
let(:session) do let(:session) do
session_class.new.tap do |session| session_class.new.tap do |session|
session.assoc_exploit = module_instance
session.exploit_datastore = exploit_datastore session.exploit_datastore = exploit_datastore
session.info = 'Info' session.info = 'Info'
session.platform = 'Platform' session.platform = 'Platform'
@ -81,6 +85,7 @@ shared_examples_for 'Msf::DBManager::Session' do
Class.new do Class.new do
include Msf::Session include Msf::Session
attr_accessor :assoc_exploit
attr_accessor :datastore attr_accessor :datastore
attr_accessor :platform attr_accessor :platform
attr_accessor :type attr_accessor :type
@ -117,153 +122,339 @@ shared_examples_for 'Msf::DBManager::Session' do
) )
end end
context 'with :workspace' do context 'with a match in user_data' do
before(:each) do let(:user_data) do
options[:workspace] = options_workspace {
match: FactoryGirl.create(:automatic_exploitation_match),
match_set: FactoryGirl.create(:automatic_exploitation_match_set),
run: FactoryGirl.create(:automatic_exploitation_run),
}
end end
it 'should not find workspace from session' do before do
db_manager.should_not_receive(:find_workspace) allow(module_instance).to receive(:user_data_is_match?).and_return(true)
end
report_session it 'should make a MatchResult' do
expect { report_session }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult, :count).by(1)
end end
end end
context 'without :workspace' do context 'without user_data' do
it 'should find workspace from session' do let(:user_data) { nil }
db_manager.should_receive(:find_workspace).with(session.workspace).and_call_original
report_session
end
it 'should pass session.workspace to #find_or_create_host' do
db_manager.should_receive(:find_or_create_host).with(
hash_including(
:workspace => session_workspace
)
).and_return(host)
report_session
end
end
context 'with workspace from either :workspace or session' do
it 'should pass normalized host from session as :host to #find_or_create_host' do
normalized_host = double('Normalized Host')
db_manager.stub(:normalize_host).with(session).and_return(normalized_host)
# stub report_vuln so its use of find_or_create_host and normalize_host doesn't interfere.
db_manager.stub(:report_vuln)
db_manager.should_receive(:find_or_create_host).with(
hash_including(
:host => normalized_host
)
).and_return(host)
report_session
end
context 'with session responds to arch' do
let(:arch) do
FactoryGirl.generate :mdm_host_arch
end
context 'with :workspace' do
before(:each) do before(:each) do
session.stub(:arch => arch) options[:workspace] = options_workspace
end end
it 'should pass :arch to #find_or_create_host' do it 'should not find workspace from session' do
db_manager.should_not_receive(:find_workspace)
report_session
end
end
context 'without :workspace' do
it 'should find workspace from session' do
db_manager.should_receive(:find_workspace).with(session.workspace).and_call_original
report_session
end
it 'should pass session.workspace to #find_or_create_host' do
db_manager.should_receive(:find_or_create_host).with( db_manager.should_receive(:find_or_create_host).with(
hash_including( hash_including(
:arch => arch :workspace => session_workspace
) )
).and_call_original ).and_return(host)
report_session report_session
end end
end end
context 'without session responds to arch' do context 'with workspace from either :workspace or session' do
it 'should not pass :arch to #find_or_create_host' do it 'should pass normalized host from session as :host to #find_or_create_host' do
normalized_host = double('Normalized Host')
db_manager.stub(:normalize_host).with(session).and_return(normalized_host)
# stub report_vuln so its use of find_or_create_host and normalize_host doesn't interfere.
db_manager.stub(:report_vuln)
db_manager.should_receive(:find_or_create_host).with( db_manager.should_receive(:find_or_create_host).with(
hash_excluding( hash_including(
:arch :host => normalized_host
) )
).and_call_original ).and_return(host)
report_session
end
end
it 'should create an Mdm::Session' do
expect {
report_session
}.to change(Mdm::Session, :count).by(1)
end
it { should be_an Mdm::Session }
it 'should set session.db_record to created Mdm::Session' do
mdm_session = report_session
session.db_record.should == mdm_session
end
context 'with session.via_exploit' do
it 'should create session.via_exploit module' do
framework.modules.should_receive(:create).with(session.via_exploit).and_call_original
report_session report_session
end end
it 'should create Mdm::Vuln' do context 'with session responds to arch' do
expect { let(:arch) do
report_session FactoryGirl.generate :mdm_host_arch
}.to change(Mdm::Vuln, :count).by(1)
end
context 'created Mdm::Vuln' do
let(:mdm_session) do
Mdm::Session.last
end
let(:rport) do
nil
end end
before(:each) do before(:each) do
Timecop.freeze session.stub(:arch => arch)
end
session.exploit_datastore['RPORT'] = rport it 'should pass :arch to #find_or_create_host' do
db_manager.should_receive(:find_or_create_host).with(
hash_including(
:arch => arch
)
).and_call_original
report_session report_session
end end
end
context 'without session responds to arch' do
it 'should not pass :arch to #find_or_create_host' do
db_manager.should_receive(:find_or_create_host).with(
hash_excluding(
:arch
)
).and_call_original
report_session
end
end
it 'should create an Mdm::Session' do
expect {
report_session
}.to change(Mdm::Session, :count).by(1)
end
it { should be_an Mdm::Session }
it 'should set session.db_record to created Mdm::Session' do
mdm_session = report_session
session.db_record.should == mdm_session
end
context 'with session.via_exploit' do
it 'should create session.via_exploit module' do
framework.modules.should_receive(:create).with(session.via_exploit).and_call_original
report_session
end
it 'should create Mdm::Vuln' do
expect {
report_session
}.to change(Mdm::Vuln, :count).by(1)
end
context 'created Mdm::Vuln' do
let(:mdm_session) do
Mdm::Session.last
end
let(:rport) do
nil
end
before(:each) do
Timecop.freeze
session.exploit_datastore['RPORT'] = rport
report_session
end
after(:each) do
Timecop.return
end
subject(:vuln) do
Mdm::Vuln.last
end
it { expect(subject.host).to eq(Mdm::Host.last) }
it { expect(subject.refs).to eq([]) }
it { expect(subject.exploited_at).to be_within(1.second).of(Time.now.utc) }
context "with session.via_exploit 'exploit/multi/handler'" do
context "with session.exploit_datastore['ParentModule']" do
it { expect(subject.info).to eq("Exploited by #{parent_module_fullname} to create Session #{mdm_session.id}") }
it { expect(subject.name).to eq(parent_module_name) }
end
end
context "without session.via_exploit 'exploit/multi/handler'" do
let(:reference_name) do
'windows/smb/ms08_067_netapi'
end
before(:each) do
path = File.join(
parent_path,
'exploits',
"#{reference_name}.rb"
)
type = 'exploit'
# fake cache data for ParentModule so it can be loaded
framework.modules.send(
:module_info_by_path=,
{
path =>
{
:parent_path => parent_path,
:reference_name => reference_name,
:type => type,
}
}
)
session.via_exploit = "#{type}/#{reference_name}"
end
it { expect(subject.info).to eq("Exploited by #{session.via_exploit} to create Session #{mdm_session.id}") }
it { expect(subject.name).to eq(reference_name) }
end
context 'with RPORT' do
let(:rport) do
# use service.port instead of having service use rport so
# that service is forced to exist before call to
# report_service, which happens right after using rport in
# outer context's before(:each)
service.port
end
let(:service) do
FactoryGirl.create(
:mdm_service,
:host => host
)
end
it { expect(subject.service).to eq(service) }
end
context 'without RPORT' do
it { expect(subject.service).to be_nil }
end
end
context 'created Mdm::ExploitAttempt' do
let(:rport) do
nil
end
before(:each) do
Timecop.freeze
session.exploit_datastore['RPORT'] = rport
report_session
end
after(:each) do
Timecop.return
end
subject(:exploit_attempt) do
Mdm::ExploitAttempt.last
end
it { expect(subject.attempted_at).to be_within(1.second).of(Time.now.utc) }
# @todo https://www.pivotaltracker.com/story/show/48362615
it { expect(subject.session_id).to eq(Mdm::Session.last.id) }
it { expect(subject.exploited).to be_truthy }
# @todo https://www.pivotaltracker.com/story/show/48362615
it { expect(subject.vuln_id).to eq(Mdm::Vuln.last.id) }
context "with session.via_exploit 'exploit/multi/handler'" do
context "with session.datastore['ParentModule']" do
it { expect(subject.module).to eq(parent_module_fullname) }
end
end
context "without session.via_exploit 'exploit/multi/handler'" do
before(:each) do
session.via_exploit = parent_module_fullname
end
it { expect(subject.module).to eq(session.via_exploit) }
end
end
end
context 'returned Mdm::Session' do
before(:each) do
Timecop.freeze
end
after(:each) do after(:each) do
Timecop.return Timecop.return
end end
subject(:vuln) do subject(:mdm_session) do
Mdm::Vuln.last report_session
end end
it { expect(subject.host).to eq(Mdm::Host.last) } #
it { expect(subject.refs).to eq([]) } # Ensure session has attributes present so its on mdm_session are
it { expect(subject.exploited_at).to be_within(1.second).of(Time.now.utc) } # not just comparing nils.
#
it 'should have session.info present' do
session.info.should be_present
end
it 'should have session.sid present' do
session.sid.should be_present
end
it 'should have session.platform present' do
session.platform.should be_present
end
it 'should have session.type present' do
session.type.should be_present
end
it 'should have session.via_exploit present' do
session.via_exploit.should be_present
end
it 'should have session.via_payload present' do
session.via_exploit.should be_present
end
it { expect(subject.datastore).to eq(session.exploit_datastore.to_h) }
it { expect(subject.desc).to eq(session.info) }
it { expect(subject.host_id).to eq(Mdm::Host.last.id) }
it { expect(subject.last_seen).to be_within(1.second).of(Time.now.utc) }
it { expect(subject.local_id).to eq(session.sid) }
it { expect(subject.opened_at).to be_within(1.second).of(Time.now.utc) }
it { expect(subject.platform).to eq(session.platform) }
it { expect(subject.routes).to eq([]) }
it { expect(subject.stype).to eq(session.type) }
it { expect(subject.via_payload).to eq(session.via_payload) }
context "with session.via_exploit 'exploit/multi/handler'" do context "with session.via_exploit 'exploit/multi/handler'" do
it "should have session.via_exploit of 'exploit/multi/handler'" do
session.via_exploit.should == 'exploit/multi/handler'
end
context "with session.exploit_datastore['ParentModule']" do context "with session.exploit_datastore['ParentModule']" do
it { expect(subject.info).to eq("Exploited by #{parent_module_fullname} to create Session #{mdm_session.id}") } it "should have session.exploit_datastore['ParentModule']" do
it { expect(subject.name).to eq(parent_module_name) } session.exploit_datastore['ParentModule'].should_not be_nil
end
it { expect(subject.via_exploit).to eq(parent_module_fullname) }
end end
end end
context "without session.via_exploit 'exploit/multi/handler'" do context "without session.via_exploit 'exploit/multi/handler'" do
let(:reference_name) do
'windows/smb/ms08_067_netapi'
end
before(:each) do before(:each) do
reference_name = 'windows/smb/ms08_067_netapi'
path = File.join( path = File.join(
parent_path, parent_path,
'exploits', 'exploits',
@ -287,176 +478,12 @@ shared_examples_for 'Msf::DBManager::Session' do
session.via_exploit = "#{type}/#{reference_name}" session.via_exploit = "#{type}/#{reference_name}"
end end
it { expect(subject.info).to eq("Exploited by #{session.via_exploit} to create Session #{mdm_session.id}") } it "should not have session.via_exploit of 'exploit/multi/handler'" do
it { expect(subject.name).to eq(reference_name) } session.via_exploit.should_not == 'exploit/multi/handler'
end
context 'with RPORT' do
let(:rport) do
# use service.port instead of having service use rport so
# that service is forced to exist before call to
# report_service, which happens right after using rport in
# outer context's before(:each)
service.port
end end
let(:service) do it { expect(subject.via_exploit).to eq(session.via_exploit) }
FactoryGirl.create(
:mdm_service,
:host => host
)
end
it { expect(subject.service).to eq(service) }
end end
context 'without RPORT' do
it { expect(subject.service).to be_nil }
end
end
context 'created Mdm::ExploitAttempt' do
let(:rport) do
nil
end
before(:each) do
Timecop.freeze
session.exploit_datastore['RPORT'] = rport
report_session
end
after(:each) do
Timecop.return
end
subject(:exploit_attempt) do
Mdm::ExploitAttempt.last
end
it { expect(subject.attempted_at).to be_within(1.second).of(Time.now.utc) }
# @todo https://www.pivotaltracker.com/story/show/48362615
it { expect(subject.session_id).to eq(Mdm::Session.last.id) }
it { expect(subject.exploited).to be_truthy }
# @todo https://www.pivotaltracker.com/story/show/48362615
it { expect(subject.vuln_id).to eq(Mdm::Vuln.last.id) }
context "with session.via_exploit 'exploit/multi/handler'" do
context "with session.datastore['ParentModule']" do
it { expect(subject.module).to eq(parent_module_fullname) }
end
end
context "without session.via_exploit 'exploit/multi/handler'" do
before(:each) do
session.via_exploit = parent_module_fullname
end
it { expect(subject.module).to eq(session.via_exploit) }
end
end
end
context 'returned Mdm::Session' do
before(:each) do
Timecop.freeze
end
after(:each) do
Timecop.return
end
subject(:mdm_session) do
report_session
end
#
# Ensure session has attributes present so its on mdm_session are
# not just comparing nils.
#
it 'should have session.info present' do
session.info.should be_present
end
it 'should have session.sid present' do
session.sid.should be_present
end
it 'should have session.platform present' do
session.platform.should be_present
end
it 'should have session.type present' do
session.type.should be_present
end
it 'should have session.via_exploit present' do
session.via_exploit.should be_present
end
it 'should have session.via_payload present' do
session.via_exploit.should be_present
end
it { expect(subject.datastore).to eq(session.exploit_datastore.to_h) }
it { expect(subject.desc).to eq(session.info) }
it { expect(subject.host_id).to eq(Mdm::Host.last.id) }
it { expect(subject.last_seen).to be_within(1.second).of(Time.now.utc) }
it { expect(subject.local_id).to eq(session.sid) }
it { expect(subject.opened_at).to be_within(1.second).of(Time.now.utc) }
it { expect(subject.platform).to eq(session.platform) }
it { expect(subject.routes).to eq([]) }
it { expect(subject.stype).to eq(session.type) }
it { expect(subject.via_payload).to eq(session.via_payload) }
context "with session.via_exploit 'exploit/multi/handler'" do
it "should have session.via_exploit of 'exploit/multi/handler'" do
session.via_exploit.should == 'exploit/multi/handler'
end
context "with session.exploit_datastore['ParentModule']" do
it "should have session.exploit_datastore['ParentModule']" do
session.exploit_datastore['ParentModule'].should_not be_nil
end
it { expect(subject.via_exploit).to eq(parent_module_fullname) }
end
end
context "without session.via_exploit 'exploit/multi/handler'" do
before(:each) do
reference_name = 'windows/smb/ms08_067_netapi'
path = File.join(
parent_path,
'exploits',
"#{reference_name}.rb"
)
type = 'exploit'
# fake cache data for ParentModule so it can be loaded
framework.modules.send(
:module_info_by_path=,
{
path =>
{
:parent_path => parent_path,
:reference_name => reference_name,
:type => type,
}
}
)
session.via_exploit = "#{type}/#{reference_name}"
end
it "should not have session.via_exploit of 'exploit/multi/handler'" do
session.via_exploit.should_not == 'exploit/multi/handler'
end
it { expect(subject.via_exploit).to eq(session.via_exploit) }
end end
end end
end end
@ -641,4 +668,4 @@ shared_examples_for 'Msf::DBManager::Session' do
end end
end end
end end
end end