diff --git a/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb b/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb index ea0ffa046c..e40a25c121 100644 --- a/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb +++ b/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb @@ -2,6 +2,33 @@ require 'spec_helper' require 'metasploit/framework/login_scanner/mssql' describe Metasploit::Framework::LoginScanner::MSSQL do + let(:public) { 'root' } + let(:private) { 'toor' } + + let(:pub_blank) { + Metasploit::Framework::LoginScanner::Credential.new( + paired: true, + public: public, + private: '' + ) + } + + let(:pub_pub) { + Metasploit::Framework::LoginScanner::Credential.new( + paired: true, + public: public, + private: public + ) + } + + let(:pub_pri) { + Metasploit::Framework::LoginScanner::Credential.new( + paired: true, + public: public, + private: private + ) + } + subject(:login_scanner) { described_class.new } @@ -9,4 +36,58 @@ describe Metasploit::Framework::LoginScanner::MSSQL do it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket' it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM' + it { should respond_to :windows_authentication } + + context 'validations' do + context '#windows_authentication' do + it 'is not valid for the string true' do + login_scanner.windows_authentication = 'true' + expect(login_scanner).to_not be_valid + expect(login_scanner.errors[:windows_authentication]).to include 'is not included in the list' + end + + it 'is not valid for the string false' do + login_scanner.windows_authentication = 'false' + expect(login_scanner).to_not be_valid + expect(login_scanner.errors[:windows_authentication]).to include 'is not included in the list' + end + + it 'is valid for true class' do + login_scanner.windows_authentication = true + expect(login_scanner.errors[:windows_authentication]).to be_empty + end + + it 'is valid for false class' do + login_scanner.windows_authentication = false + expect(login_scanner.errors[:windows_authentication]).to be_empty + end + end + end + + context '#attempt_login' do + context 'when the is a connection error' do + it 'returns a result with the connection_error status' do + my_scanner = login_scanner + my_scanner.should_receive(:mssql_login).and_raise ::Rex::ConnectionError + expect(my_scanner.attempt_login(pub_blank).status).to eq :connection_error + end + end + + context 'when the login fails' do + it 'returns a result object with a status of :failed' do + my_scanner = login_scanner + my_scanner.should_receive(:mssql_login).and_return false + expect(my_scanner.attempt_login(pub_blank).status).to eq :failed + end + end + + context 'when the login succeeds' do + it 'returns a result object with a status of :success' do + my_scanner = login_scanner + my_scanner.should_receive(:mssql_login).and_return true + expect(my_scanner.attempt_login(pub_blank).status).to eq :success + end + end + end + end \ No newline at end of file diff --git a/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb b/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb index 4216606a89..871ed96569 100644 --- a/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb +++ b/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb @@ -66,7 +66,7 @@ shared_examples_for 'Metasploit::Framework::LoginScanner::NTLM' do end it 'is not valid for the string false' do - login_scanner.stop_on_success = 'false' + login_scanner.send_spn = 'false' expect(login_scanner).to_not be_valid expect(login_scanner.errors[:send_spn]).to include 'is not included in the list' end