Add @wchen-r7's test module to the test dir

See the referenced gist on #2545
2013-10-23 16:00:43 -05:00 · 2013-10-23 16:00:43 -05:00 · a554784d59
parent afcce8a511
commit a554784d59
1 changed files with 102 additions and 0 deletions
--- a/test/modules/exploits/test/js_tester.rb
+++ b/test/modules/exploits/test/js_tester.rb
@ -0,0 +1,102 @@
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::Remote::HttpServer::HTML
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "IE test",
+      'Description'    => %q{
+        Test
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         => [ 'sinn3r' ],
+      'References'     => [ [ 'URL', 'http://metasploit.com' ] ],
+      'Platform'       => 'win',
+      'Targets'        => [ [ 'Automatic', {} ] ],
+      'Payload'        =>
+        {
+          'BadChars'        => "\x00",
+          'StackAdjustment' => -3500
+        },
+      'Privileged'     => false,
+      'DisclosureDate' => "Apr 1 2013",
+      'DefaultTarget'  => 0))
+  end
+
+  def test_base64
+    %Q|
+    #{js_base64}
+
+    var s = "hello, world!!";
+    document.write(Base64.encode(s));
+    |
+  end
+
+  def test_ajax_download
+    %Q|
+    #{js_ajax_download}
+
+    ajax_download({path:"/test.bin"});
+    |
+  end
+
+  def test_mstime_malloc
+    %Q|
+    #{js_mstime_malloc}
+
+    shellcode = unescape("%u4141%u4141%u4141%u4141%u4141");
+    offset    = 3;
+    s         = 0x58;
+    objId     = "myanim";
+    mstime_malloc({shellcode:shellcode,offset:offset,heapBlockSize:s,objId:oId});
+    |
+  end
+
+  def test_property_spray
+    %Q|
+    #{js_property_spray}
+
+    var s = unescape("%u4141%u4141%u4242%u4242%u4343%u4343%u4444%u4444");
+    sprayHeap({shellcode:s});
+    |
+  end
+
+  def test_heap_spray
+    %Q|
+    #{js_heap_spray}
+
+    var s = unescape("%u4141%u4141%u4242%u4242%u4343%u4343%u4444%u4444");
+    sprayHeap(s, 0x0c0c0c0c, 0x40000);
+    |
+  end
+
+
+  def on_request_uri(cli, request)
+    # Change the following to a specific function
+    js = test_base64
+
+
+    html = %Q|
+    <!doctype html>
+    <HTML XMLNS:t ="urn:schemas-microsoft-com:time">
+    <head>
+    <meta>
+      <?IMPORT namespace="t" implementation="#default#time2">
+    </meta>
+    <script>
+      #{js}
+    </script>
+    </head>
+    <body>
+    <t:ANIMATECOLOR id="myanim"/>
+    </body>
+    </html>
+    |
+
+    send_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache'})
+  end
+
+end