commit the rest of chao's patch :/
git-svn-id: file:///home/svn/framework3/trunk@12412 4d416f70-5f16-0410-b530-b9f4589650daunstable
Jonathan Cran
parent
3829d2606b
commit
c9ab8f248d
|
|
@ -0,0 +1,286 @@
|
|||
#!/usr/bin/env ruby
|
||||
|
||||
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..','..','..','..','..', 'lib'))
|
||||
|
||||
require 'rex/post/meterpreter/extensions/stdapi/railgun/dll'
|
||||
require 'test/unit'
|
||||
|
||||
module Rex
|
||||
module Post
|
||||
module Meterpreter
|
||||
module Extensions
|
||||
module Stdapi
|
||||
module Railgun
|
||||
class DLL::UnitTest < Test::Unit::TestCase
|
||||
|
||||
TLV_TYPE_NAMES = {
|
||||
TLV_TYPE_RAILGUN_SIZE_OUT => "TLV_TYPE_RAILGUN_SIZE_OUT",
|
||||
TLV_TYPE_RAILGUN_STACKBLOB => "TLV_TYPE_RAILGUN_STACKBLOB",
|
||||
TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "TLV_TYPE_RAILGUN_BUFFERBLOB_IN",
|
||||
TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT",
|
||||
TLV_TYPE_RAILGUN_DLLNAME => "TLV_TYPE_RAILGUN_DLLNAME",
|
||||
TLV_TYPE_RAILGUN_FUNCNAME => "TLV_TYPE_RAILGUN_FUNCNAME",
|
||||
}
|
||||
|
||||
class MockRailgunClient
|
||||
attr_reader :platform, :check_request, :response_tlvs
|
||||
|
||||
def initialize(platform, response_tlvs, check_request)
|
||||
@check_request = check_request
|
||||
@response_tlvs = response_tlvs
|
||||
@platform = platform
|
||||
end
|
||||
|
||||
def send_request(request)
|
||||
check_request.call(request)
|
||||
|
||||
(Class.new do
|
||||
def initialize(response_tlvs)
|
||||
@response_tlvs = response_tlvs
|
||||
end
|
||||
def get_tlv_value(type)
|
||||
return @response_tlvs[type]
|
||||
end
|
||||
end).new(@response_tlvs)
|
||||
end
|
||||
end
|
||||
|
||||
def make_mock_client(platform = "x86/win32", target_request_tlvs = [], response_tlvs = [])
|
||||
check_request = lambda do |request|
|
||||
target_request_tlvs.each_pair do |type, target_value|
|
||||
assert_equal(target_value, request.get_tlv_value(type),
|
||||
"process_function_call should send to client appropriate #{TLV_TYPE_NAMES[type]}")
|
||||
end
|
||||
end
|
||||
|
||||
return MockRailgunClient.new(platform, response_tlvs, check_request)
|
||||
end
|
||||
|
||||
def test_add_function
|
||||
function_descriptions.each do |func|
|
||||
dll = DLL.new(func[:dll_name], make_mock_client(func[:platform]), nil)
|
||||
dll.add_function(func[:name], func[:return_type], func[:params])
|
||||
|
||||
assert(dll.functions.has_key?(func[:name]),
|
||||
"add_function should expand the list of available functions")
|
||||
end
|
||||
end
|
||||
|
||||
def test_method_missing
|
||||
function_descriptions.each do |func|
|
||||
client = make_mock_client(func[:platform], func[:request_to_client], func[:response_from_client])
|
||||
dll = DLL.new(func[:dll_name], client, nil)
|
||||
|
||||
dll.add_function(func[:name], func[:return_type], func[:params])
|
||||
|
||||
actual_returned_hash = dll.send(:method_missing, func[:name].to_sym, *func[:ruby_args])
|
||||
|
||||
assert(func[:returned_hash].has_key?('GetLastError'),
|
||||
"process_function_call should add the result of GetLastError to the key GetLastError")
|
||||
|
||||
assert_equal(func[:returned_hash], actual_returned_hash,
|
||||
"process_function_call convert function result to a ruby hash")
|
||||
end
|
||||
end
|
||||
|
||||
# These are sample descriptions of functions to use for testing.
|
||||
def function_descriptions
|
||||
[
|
||||
{
|
||||
:platform => "x86/win32",
|
||||
:name => "LookupAccountSidA",
|
||||
:params => [
|
||||
["PCHAR","lpSystemName","in"],
|
||||
["LPVOID","Sid","in"],
|
||||
["PCHAR","Name","out"],
|
||||
["PDWORD","cchName","inout"],
|
||||
["PCHAR","ReferencedDomainName","out"],
|
||||
["PDWORD","cchReferencedDomainName","inout"],
|
||||
["PBLOB","peUse","out"],
|
||||
],
|
||||
:return_type => "BOOL",
|
||||
:dll_name => "advapi32",
|
||||
:ruby_args => [nil, 1371864, 100, 100, 100, 100, 1],
|
||||
:request_to_client => {
|
||||
TLV_TYPE_RAILGUN_SIZE_OUT => 201,
|
||||
TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xD8\xEE\x14\x00\x02\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00d\x00\x00\x00\x03\x00\x00\x00\b\x00\x00\x00\x02\x00\x00\x00\xC8\x00\x00\x00",
|
||||
TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
|
||||
TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "d\x00\x00\x00\x00\x00\x00\x00d\x00\x00\x00\x00\x00\x00\x00",
|
||||
TLV_TYPE_RAILGUN_DLLNAME => "advapi32",
|
||||
TLV_TYPE_RAILGUN_FUNCNAME => "LookupAccountSidA"
|
||||
},
|
||||
:response_from_client => {
|
||||
TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "\x06\x00\x00\x00\x00\x00\x00\x00\f\x00\x00\x00\x00\x00\x00\x00",
|
||||
TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "SYSTEM\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANT AUTHORITY\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x05",
|
||||
TLV_TYPE_RAILGUN_BACK_RET => 1,
|
||||
TLV_TYPE_RAILGUN_BACK_ERR => 997
|
||||
},
|
||||
:returned_hash => {
|
||||
"GetLastError" => 997,
|
||||
"return" => true,
|
||||
"Name" => "SYSTEM",
|
||||
"ReferencedDomainName" => "NT AUTHORITY",
|
||||
"peUse" => "\x05",
|
||||
"cchName" => 6,
|
||||
"cchReferencedDomainName" => 12
|
||||
},
|
||||
},
|
||||
{
|
||||
:platform => 'x64/win64',
|
||||
:name => 'LookupAccountSidA',
|
||||
:params => [
|
||||
["PCHAR", "lpSystemName", "in"],
|
||||
["LPVOID", "Sid", "in"],
|
||||
["PCHAR", "Name", "out"],
|
||||
["PDWORD", "cchName", "inout"],
|
||||
["PCHAR", "ReferencedDomainName", "out"],
|
||||
["PDWORD", "cchReferencedDomainName", "inout"],
|
||||
["PBLOB", "peUse", "out"]
|
||||
],
|
||||
:return_type => 'BOOL',
|
||||
:dll_name => 'advapi32',
|
||||
:ruby_args => [nil, 1631552, 100, 100, 100, 100, 1],
|
||||
:request_to_client => {
|
||||
TLV_TYPE_RAILGUN_SIZE_OUT => 201,
|
||||
TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\xE5\x18\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00d\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xC8\x00\x00\x00\x00\x00\x00\x00",
|
||||
TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
|
||||
TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "d\x00\x00\x00\x00\x00\x00\x00d\x00\x00\x00\x00\x00\x00\x00",
|
||||
TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
|
||||
TLV_TYPE_RAILGUN_FUNCNAME => 'LookupAccountSidA',
|
||||
},
|
||||
:response_from_client => {
|
||||
TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "\x06\x00\x00\x00\x00\x00\x00\x00\f\x00\x00\x00\x00\x00\x00\x00",
|
||||
TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "SYSTEM\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANT AUTHORITY\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x05",
|
||||
TLV_TYPE_RAILGUN_BACK_RET => 1,
|
||||
TLV_TYPE_RAILGUN_BACK_ERR => 0,
|
||||
},
|
||||
:returned_hash => {
|
||||
"GetLastError"=>0,
|
||||
"return"=>true,
|
||||
"Name"=>"SYSTEM",
|
||||
"ReferencedDomainName"=>"NT AUTHORITY",
|
||||
"peUse"=>"\x05",
|
||||
"cchName"=>6,
|
||||
"cchReferencedDomainName"=>12
|
||||
},
|
||||
},
|
||||
]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
def MockClient
|
||||
|
||||
def initialize(x64=false)
|
||||
@x64 = x64
|
||||
end
|
||||
|
||||
def send_request(request)
|
||||
|
||||
if @x64
|
||||
## TODO - we can probably parse up the TLV, or fake it
|
||||
|
||||
## Parse up the TLV here
|
||||
only_out_size_bytes = ""
|
||||
literal_pairs_blob = ""
|
||||
in_only_buffer = ""
|
||||
inout_buffer = ""
|
||||
dll_path = ""
|
||||
function_windows_name = ""
|
||||
|
||||
return MockResponse(function_windows_name)
|
||||
else
|
||||
raise "Unimplemented"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
class MockResponse(function)
|
||||
|
||||
def initialize(function)
|
||||
@fuction_to_mock = function
|
||||
end
|
||||
|
||||
def get_tlv_value(TLV_CONST)
|
||||
if @function_to_mock == ""
|
||||
return ##TODO
|
||||
elsif @function_to_mock == "whateverx2"
|
||||
else
|
||||
raise "Unknown TLV_CONST - We don't know how to mock this?"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
## This stuff probably shouldn't be mocked, but we're in a hurry.
|
||||
class MockFunction
|
||||
|
||||
def initialize(name)
|
||||
@name = name
|
||||
@hash = {} ##TODO
|
||||
end
|
||||
|
||||
def params
|
||||
if @name == "ActivateActCtx"
|
||||
@hash = {} ## TODO
|
||||
return @hash
|
||||
else
|
||||
raise "That function: #{@name} is not implemented."
|
||||
end
|
||||
|
||||
def return_type
|
||||
return "" ##TODO
|
||||
end
|
||||
end
|
||||
|
||||
module Rex
|
||||
module Post
|
||||
module Meterpreter
|
||||
module Extensions
|
||||
module Stdapi
|
||||
module Railgun
|
||||
class DLL::UnitTest < Test::Unit::TestCase
|
||||
|
||||
## x64 testing
|
||||
|
||||
def test_add_function_x64
|
||||
dll = DLL.new("kernel32.dll", Mockclient.new)
|
||||
end
|
||||
|
||||
def test_process_function_call_x64
|
||||
dll = DLL.new("kernel32.dll", Mockclient.new(true))
|
||||
process_function_call(MockFunction("ActivateActCtx"),
|
||||
assert ##TODO
|
||||
end
|
||||
|
||||
def test_method_missing_x64
|
||||
dll = DLL.new("kernel32.dll", Mockclient.new)
|
||||
end
|
||||
|
||||
## x86 testing
|
||||
|
||||
def test_add_function_x86
|
||||
dll = DLL.new("kernel32.dll", Mockclient.new(true))
|
||||
end
|
||||
|
||||
def test_process_function_call_x86
|
||||
dll = DLL.new("kernel32.dll", Mockclient.new(true) )
|
||||
end
|
||||
|
||||
def test_method_missing_x86
|
||||
dll = DLL.new("kernel32.dll", Mockclient.new(true))
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in New Issue