diff --git a/spec/lib/msf/core/exploit/powershell.rb b/spec/lib/msf/core/exploit/powershell.rb index 5ceba1813c..7c671dd849 100644 --- a/spec/lib/msf/core/exploit/powershell.rb +++ b/spec/lib/msf/core/exploit/powershell.rb @@ -4,40 +4,210 @@ require 'spec_helper' require 'msf/core' require 'msf/core/exploit/powershell' -EXAMPLE_PATH = File.join(Msf::Config.data_directory, "exploits", "powershell", "powerdump.ps1") +def decompress(code) + Rex::Exploitation::Powershell::Script.new(code).decompress_code +end describe Msf::Exploit::Powershell do - let(:datastore) { { } } subject do - mod = Module.new + mod = Msf::Exploit.allocate mod.extend described_class - mod.stub( - :datastore => datastore - ) - + mod.send(:initialize, {}) mod end + let(:example_script) do + File.join(Msf::Config.data_directory, "exploits", "powershell", "powerdump.ps1") + end + describe "::read_script" do it 'should read a sample script file' do - script = subject.read_script(EXAMPLE_PATH) + script = subject.read_script(example_script) script.should be_kind_of(Rex::Exploitation::Powershell::Script) end end describe "::encode_script" do it 'should read and encode a sample script file' do - script = subject.encode_script(EXAMPLE_PATH) + script = subject.encode_script(example_script) script.should be script.length.should be > 0 end end describe "::compress_script" do - it 'should create a compress script' do - script = File.read(EXAMPLE_PATH) - compressed = subject.compress_script(script) - compressed.length.should be < script.length + context 'when default datastore is set' do + it 'should create a compressed script' do + script = File.read(example_script) + compressed = subject.compress_script(script) + compressed.length.should be < script.length + compressed.include?('IO.Compression').should be_true + end + + it 'should create a compressed script with eof' do + script = File.read(example_script) + compressed = subject.compress_script(script, 'end_of_file') + compressed.length.should be < script.length + end + end + + context 'when strip_comments is true' do + before do + subject.datastore['Powershell::strip_comments'] = true + subject.options.validate(subject.datastore) + end + it 'should strip comments' do + script = File.read(example_script) + compressed = subject.compress_script(script) + compressed.length.should be < script.length + end + end + context 'when strip_comment is false' do + before do + subject.datastore['Powershell::strip_comments'] = false + subject.options.validate(subject.datastore) + end + it 'shouldnt strip comments' do + script = File.read(example_script) + compressed = subject.compress_script(script) + compressed.length.should be < script.length + end + end + + context 'when strip_whitespace is true' do + before do + subject.datastore['Powershell::strip_whitespace'] = true + subject.options.validate(subject.datastore) + end + it 'should strip whitespace' do + script = File.read(example_script) + compressed = subject.compress_script(script) + decompress(compressed).length.should be < script.length + end + end + + context 'when strip_whitespace is false' do + before do + subject.datastore['Powershell::strip_whitespace'] = false + subject.options.validate(subject.datastore) + end + it 'shouldnt strip whitespace' do + script = File.read(example_script) + compressed = subject.compress_script(script) + decompress(compressed).length.should be script.length + end + end + + context 'when sub_vars is true' do + before do + subject.datastore['Powershell::sub_vars'] = true + subject.options.validate(subject.datastore) + end + it 'should substitute variables' do + script = File.read(example_script) + compressed = subject.compress_script(script) + decompress(compressed).include?('$hashes').should be_false + end + end + + context 'when sub_vars is false' do + before do + subject.datastore['Powershell::sub_vars'] = false + subject.options.validate(subject.datastore) + end + it 'shouldnt substitute variables' do + script = File.read(example_script) + compressed = subject.compress_script(script) + decompress(compressed).include?('$hashes').should be_true + end + end + + context 'when sub_funcs is true' do + before do + subject.datastore['Powershell::sub_funcs'] = true + subject.options.validate(subject.datastore) + end + it 'should substitute functions' do + script = File.read(example_script) + compressed = subject.compress_script(script) + decompress(compressed).include?('DumpHashes').should be_false + end + end + + context 'when sub_funcs is false' do + before do + subject.datastore['Powershell::sub_funcs'] = false + subject.options.validate(subject.datastore) + end + it 'shouldnt substitute variables' do + script = File.read(example_script) + compressed = subject.compress_script(script) + decompress(compressed).include?('DumpHashes').should be_true + end + end + end + + describe "::cmd_psh_payload" do + it 'should generate a command line with an x86 payload' do + + end + + it 'should generate a command line with an x64 payload' do + + end + + context 'when persist is true' do + it 'should add a persistance loop' + end + end + + context 'when persist is false' do + it 'shouldnt add a persistance loop' do + end + end + + context 'when prepend_sleep is set' do + it 'should add a sleep' do + + end + end + + context 'when prepend_sleep isnt set' do + it 'shouldnt add a sleep' do + + end + end + + context 'when method is old' do + + end + + context 'when method is net' do + + end + + context 'when method is reflection' do + + end + + context 'when method is msil' do + + end + + context 'when encode_inner_payload' do + + end + + context 'when encode_final_payload' do + + end + + context 'when remove_comspec' do + + end + + context 'when use single quotes' do + end end