infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

removing unused step files 

changing the ms08_067 tests to fail when proxies show up in the wrong section
bug/bundler_fix
darkbushido 2014-09-11 16:51:49 -05:00
parent 93cd53a800
commit 4ef60d1a00
No known key found for this signature in database
GPG Key ID: 3922EB70FB80E8DD
3 changed files with 154 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

233
features/modules/exploit/smb/ms08_067_netapi.feature
View File

@ -1,6 +1,9 @@
Feature: MS08-067 netapi Feature: MS08-067 netapi
Background: Background:
Given a directory named "home"
And I cd to "home"
And a mocked home directory
Given I run `msfconsole` interactively Given I run `msfconsole` interactively
And I wait for stdout to contain "Free Metasploit Pro trial: http://r-7.co/trymsp" And I wait for stdout to contain "Free Metasploit Pro trial: http://r-7.co/trymsp"
@ -8,90 +11,162 @@ Feature: MS08-067 netapi
When I type "use exploit/windows/smb/ms08_067_netapi" When I type "use exploit/windows/smb/ms08_067_netapi"
And I type "show options" And I type "show options"
And I type "exit" And I type "exit"
Then the output should contain the following: Then the output should contain:
| Module options (exploit/windows/smb/ms08_067_netapi) | """
| Name Current Setting Required Description | Module options (exploit/windows/smb/ms08_067_netapi):
| ---- --------------- -------- ----------- |
| RHOST yes The target address | Name Current Setting Required Description
| RPORT 445 yes Set the SMB service port | ---- --------------- -------- -----------
| RPORT 445 yes Set the SMB service port | RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
"""
Scenario: The MS08-067 Module should have the following advanced options Scenario: The MS08-067 Module should have the following advanced options
When I type "use exploit/windows/smb/ms08_067_netapi" When I type "use exploit/windows/smb/ms08_067_netapi"
And I type "show advanced" And I type "show advanced"
And I type "exit" And I type "exit"
Then the output should contain the following: Then the output should contain:
| Name : CHOST | """
| Description : The local client address | Module advanced options:
| Name : CPORT |
| Description : The local client port | Name : CHOST
| Name : ConnectTimeout | Current Setting:
| Description : Maximum number of seconds to establish a TCP connection | Description : The local client address
| Name : ContextInformationFile |
| Description : The information file that contains context information | Name : CPORT
| Name : DCERPC::ReadTimeout | Current Setting:
| Description : The number of seconds to wait for DCERPC responses | Description : The local client port
| Name : DisablePayloadHandler |
| Description : Disable the handler code for the selected payload | Name : ConnectTimeout
| Name : EnableContextEncoding | Current Setting: 10
| Description : Use transient context when encoding payloads | Description : Maximum number of seconds to establish a TCP connection
| Name : NTLM::SendLM |
| Description : Always send the LANMAN response (except when NTLMv2_session is | Name : ContextInformationFile
| specified) | Current Setting:
| Name : NTLM::SendNTLM | Description : The information file that contains context information
| Description : Activate the 'Negotiate NTLM key' flag, indicating the use of |
| NTLM responses | Name : DCERPC::ReadTimeout
| Name : NTLM::SendSPN | Current Setting: 10
| Current Setting: true | Description : The number of seconds to wait for DCERPC responses
| Description : Send an avp of type SPN in the ntlmv2 client Blob, this allow |
| authentification on windows Seven/2008r2 when SPN is required | Name : DisablePayloadHandler
| Name : NTLM::UseLMKey | Current Setting: false
| Description : Activate the 'Negotiate Lan Manager Key' flag, using the LM key | Description : Disable the handler code for the selected payload
| when the LM response is sent |
| Name : NTLM::UseNTLM2_session | Name : EnableContextEncoding
| Description : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a | Current Setting: false
| NTLMv2_session | Description : Use transient context when encoding payloads
| Name : NTLM::UseNTLMv2 |
| Description : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key | Name : NTLM::SendLM
| is true | Current Setting: true
# | Name : Proxies | Description : Always send the LANMAN response (except when NTLMv2_session is
# | Description : Use a proxy chain | specified)
| Name : SMB::ChunkSize |
| Current Setting: 500 | Name : NTLM::SendNTLM
| Description : The chunk size for SMB segments, bigger values will increase | Current Setting: true
| speed but break NT 4.0 and SMB signing | Description : Activate the 'Negotiate NTLM key' flag, indicating the use of
| Name : SMB::Native_LM | NTLM responses
| Description : The Native LM to send during authentication |
| Name : SMB::Native_OS | Name : NTLM::SendSPN
| Description : The Native OS to send during authentication | Current Setting: true
| Name : SMB::VerifySignature | Description : Send an avp of type SPN in the ntlmv2 client Blob, this allow
| Description : Enforces client-side verification of server response signatures | authentification on windows Seven/2008r2 when SPN is required
| Name : SMBDirect |
| Description : The target port is a raw SMB service (not NetBIOS) | Name : NTLM::UseLMKey
| Name : SMBDomain | Current Setting: false
| Description : The Windows domain to use for authentication | Description : Activate the 'Negotiate Lan Manager Key' flag, using the LM key
| Name : SMBName | when the LM response is sent
| Description : The NetBIOS hostname (required for port 139 connections) |
| Name : SMBPass | Name : NTLM::UseNTLM2_session
| Description : The password for the specified username | Current Setting: true
| Name : SMBUser | Description : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a
| Description : The username to authenticate as | NTLMv2_session
| Name : SSL |
| Description : Negotiate SSL for outgoing connections | Name : NTLM::UseNTLMv2
| Name : SSLCipher | Current Setting: true
| Description : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH" | Description : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key
| Name : SSLVerifyMode | is true
| Description : SSL verification method (accepted: CLIENT_ONCE, |
| FAIL_IF_NO_PEER_CERT, NONE, PEER) | Name : Proxies
| Name : SSLVersion | Current Setting:
| Description : Specify the version of SSL that should be used (accepted: SSL2, | Description : Use a proxy chain
| SSL3, TLS1) |
| Name : VERBOSE | Name : SMB::ChunkSize
| Description : Enable detailed status messages | Current Setting: 500
| Name : WORKSPACE | Description : The chunk size for SMB segments, bigger values will increase
| Description : Specify the workspace for this module | speed but break NT 4.0 and SMB signing
| Name : WfsDelay |
| Description : Additional delay when waiting for a session | Name : SMB::Native_LM
Current Setting: Windows 2000 5.0
Description : The Native LM to send during authentication
Name : SMB::Native_OS
Current Setting: Windows 2000 2195
Description : The Native OS to send during authentication
Name : SMB::VerifySignature
Current Setting: false
Description : Enforces client-side verification of server response signatures
Name : SMBDirect
Current Setting: true
Description : The target port is a raw SMB service (not NetBIOS)
Name : SMBDomain
Current Setting: .
Description : The Windows domain to use for authentication
Name : SMBName
Current Setting: *SMBSERVER
Description : The NetBIOS hostname (required for port 139 connections)
Name : SMBPass
Current Setting:
Description : The password for the specified username
Name : SMBUser
Current Setting:
Description : The username to authenticate as
Name : SSL
Current Setting: false
Description : Negotiate SSL for outgoing connections
Name : SSLCipher
Current Setting:
Description : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
Name : SSLVerifyMode
Current Setting: PEER
Description : SSL verification method (accepted: CLIENT_ONCE,
FAIL_IF_NO_PEER_CERT, NONE, PEER)
Name : SSLVersion
Current Setting: SSL3
Description : Specify the version of SSL that should be used (accepted: SSL2,
SSL3, TLS1)
Name : VERBOSE
Current Setting: false
Description : Enable detailed status messages
Name : WORKSPACE
Current Setting:
Description : Specify the workspace for this module
Name : WfsDelay
Current Setting: 0
Description : Additional delay when waiting for a session
"""
@targets @targets
Scenario: Show RHOST/etc variable expansion from a config file Scenario: Show RHOST/etc variable expansion from a config file

5
features/step_definitions/console_output.rb
View File

@ -1,5 +0,0 @@
Then /^the output should contain the following:$/ do |table|
table.raw.flatten.each do |expected|
assert_partial_output(expected, all_output)
end
end

0
features/step_definitions/msfconsole.rb
View File