infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/rapid7/metasploit-framework

bug/bundler_fix
jvazquez-r7 2013-07-22 17:10:45 -05:00
parent 4367a9ae49 48666f1466
commit e828517ed8
7 changed files with 431 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb
View File

@ -46,8 +46,8 @@ class Metasploit4 < Msf::Exploit::Remote
[
Opt::RPORT(443),
OptBool.new('SSL', [true, 'Use SSL', true]),
OptString.new('MYUSERNAME', [true, 'Your username', 'admin']),
OptString.new('MYPASSWORD', [true, 'Your password', 'changeme']),
OptString.new('USERNAME', [true, 'Your username', 'admin']),
OptString.new('PASSWORD', [true, 'Your password', 'changeme']),
OptString.new('TARGETURI', [ true, 'The path to the application', '/']),
], self.class
)
@ -59,8 +59,8 @@ class Metasploit4 < Msf::Exploit::Remote
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'users', 'login'),
'vars_post' => {
'login[login]' => datastore['MYUSERNAME'],
'login[password]' => datastore['MYPASSWORD']
'login[login]' => datastore['USERNAME'],
'login[password]' => datastore['PASSWORD']
}
)

20
modules/post/windows/recon/resolve_hostname.rb
View File

@ -13,7 +13,14 @@ class Metasploit3 < Msf::Post
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Recon Resolve Hostname',
'Description' => %q{ This module resolves a hostname to IP address via the victim, similiar to the Unix dig command},
'Description' => %q{
This module resolves a hostname to IP address via the victim,
similar to the Unix 'dig' command. Since resolution happens over
an established session from the perspective of the remote host,
this module can be used to determine differences between external
and internal resolution, especially for potentially high-value
internal addresses of devices named 'mail' or 'www.'
},
'License' => MSF_LICENSE,
'Author' => [ 'mubix' ],
'Platform' => [ 'win' ],
@ -23,7 +30,8 @@ class Metasploit3 < Msf::Post
register_options(
[
OptString.new('HOSTNAME', [false, 'Hostname to lookup', nil]),
OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil])
OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil]),
OptBool.new('SAVEHOSTS', [true, 'Save resolved hosts to the database', true])
], self.class)
end
@ -50,6 +58,14 @@ class Metasploit3 < Msf::Post
ip = sockaddr[4,4].unpack('N').first
hostip = Rex::Socket.addr_itoa(ip)
print_status("#{hostname} resolves to #{hostip}")
if datastore['SAVEHOSTS']
report_host({
:host => hostip,
:name => hostname
})
end
rescue Rex::Post::Meterpreter::RequestError
print_status('Windows 2000 and prior does not support getaddrinfo')
end

25
spec/lib/msf/ui/command_dispatcher/auxiliary_spec.rb Normal file
View File

@ -0,0 +1,25 @@
require 'spec_helper'
require 'msf/ui'
require 'msf/ui/console/command_dispatcher/auxiliary'
describe Msf::Ui::Console::CommandDispatcher::Auxiliary do
include_context 'Msf::DBManager'
include_context 'Msf::UIDriver'
subject(:aux) do
described_class.new(driver)
end
describe "#cmd_run" do
end
describe "#cmd_rerun" do
end
describe "#cmd_exploit" do
end
describe "#cmd_reload" do
end
end

143
spec/lib/msf/ui/command_dispatcher/core_spec.rb
View File

@ -5,103 +5,94 @@ require 'msf/ui/console/module_command_dispatcher'
require 'msf/ui/console/command_dispatcher/core'
describe Msf::Ui::Console::CommandDispatcher::Core do
include_context 'Msf::DBManager'
include_context 'Msf::DBManager'
include_context 'Msf::UIDriver'
let(:driver) do
mock(
'Driver',
:framework => framework
).tap { |driver|
driver.stub(:on_command_proc=).with(kind_of(Proc))
driver.stub(:print_line).with(kind_of(String))
}
end
subject(:core) do
described_class.new(driver)
end
subject(:core) do
described_class.new(driver)
end
context '#search_modules_sql' do
def search_modules_sql
core.search_modules_sql(match)
end
context '#search_modules_sql' do
def search_modules_sql
core.search_modules_sql(match)
end
let(:match) do
''
end
let(:match) do
''
end
it 'should generate Matching Modules table' do
core.should_receive(:generate_module_table).with('Matching Modules').and_call_original
it 'should generate Matching Modules table' do
core.should_receive(:generate_module_table).with('Matching Modules').and_call_original
search_modules_sql
end
search_modules_sql
end
it 'should call Msf::DBManager#search_modules' do
db_manager.should_receive(:search_modules).with(match).and_return([])
it 'should call Msf::DBManager#search_modules' do
db_manager.should_receive(:search_modules).with(match).and_return([])
search_modules_sql
end
search_modules_sql
end
context 'with matching Mdm::Module::Details' do
let(:match) do
module_detail.fullname
end
context 'with matching Mdm::Module::Details' do
let(:match) do
module_detail.fullname
end
let!(:module_detail) do
FactoryGirl.create(:mdm_module_detail)
end
let!(:module_detail) do
FactoryGirl.create(:mdm_module_detail)
end
context 'printed table' do
def cell(table, row, column)
row_line_number = 6 + row
line_number = 0
context 'printed table' do
def cell(table, row, column)
row_line_number = 6 + row
line_number = 0
cell = nil
cell = nil
table.each_line do |line|
if line_number == row_line_number
# strip prefix and postfix
padded_cells = line[3...-1]
cells = padded_cells.split(/\s{2,}/)
table.each_line do |line|
if line_number == row_line_number
# strip prefix and postfix
padded_cells = line[3...-1]
cells = padded_cells.split(/\s{2,}/)
cell = cells[column]
break
end
cell = cells[column]
break
end
line_number += 1
end
line_number += 1
end
cell
end
cell
end
let(:printed_table) do
table = ''
let(:printed_table) do
table = ''
core.stub(:print_line) do |string|
table = string
end
core.stub(:print_line) do |string|
table = string
end
search_modules_sql
search_modules_sql
table
end
table
end
it 'should have fullname in first column' do
cell(printed_table, 0, 0).should include(module_detail.fullname)
end
it 'should have fullname in first column' do
cell(printed_table, 0, 0).should include(module_detail.fullname)
end
it 'should have disclosure date in second column' do
cell(printed_table, 0, 1).should include(module_detail.disclosure_date.to_s)
end
it 'should have disclosure date in second column' do
cell(printed_table, 0, 1).should include(module_detail.disclosure_date.to_s)
end
it 'should have rank name in third column' do
cell(printed_table, 0, 2).should include(Msf::RankingName[module_detail.rank])
end
it 'should have rank name in third column' do
cell(printed_table, 0, 2).should include(Msf::RankingName[module_detail.rank])
end
it 'should have name in fourth column' do
cell(printed_table, 0, 3).should include(module_detail.name)
end
end
end
end
it 'should have name in fourth column' do
cell(printed_table, 0, 3).should include(module_detail.name)
end
end
end
end
end

267
spec/lib/msf/ui/command_dispatcher/db_spec.rb Normal file
View File

@ -0,0 +1,267 @@
require 'spec_helper'
require 'msf/ui'
require 'msf/ui/console/command_dispatcher/db'
describe Msf::Ui::Console::CommandDispatcher::Db do
include_context 'Msf::DBManager'
include_context 'Msf::UIDriver'
subject(:db) do
described_class.new(driver)
end
describe "#cmd_workspace" do
describe "-h" do
it "should show a help message" do
db.cmd_workspace "-h"
@output.should =~ [
"Usage:",
" workspace List workspaces",
" workspace [name] Switch workspace",
" workspace -a [name] ... Add workspace(s)",
" workspace -d [name] ... Delete workspace(s)",
" workspace -r <old> <new> Rename workspace",
" workspace -h Show this help information"
]
end
end
end
describe "#cmd_hosts" do
describe "-h" do
it "should show a help message" do
db.cmd_hosts "-h"
@output.should =~ [
"Usage: hosts [ options ] [addr1 addr2 ...]",
"OPTIONS:",
" -a,--add Add the hosts instead of searching",
" -d,--delete Delete the hosts instead of searching",
" -c <col1,col2> Only show the given columns (see list below)",
" -h,--help Show this help information",
" -u,--up Only show hosts which are up",
" -o <file> Send output to a file in csv format",
" -R,--rhosts Set RHOSTS from the results of the search",
" -S,--search Search string to filter by",
"Available columns: address, arch, comm, comments, created_at, cred_count, exploit_attempt_count, host_detail_count, info, mac, name, note_count, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count"
]
end
end
end
describe "#cmd_services" do
describe "-h" do
it "should show a help message" do
db.cmd_services "-h"
@output.should =~ [
"Usage: services [-h] [-u] [-a] [-r <proto>] [-p <port1,port2>] [-s <name1,name2>] [-o <filename>] [addr1 addr2 ...]",
" -a,--add Add the services instead of searching",
" -d,--delete Delete the services instead of searching",
" -c <col1,col2> Only show the given columns",
" -h,--help Show this help information",
" -s <name1,name2> Search for a list of service names",
" -p <port1,port2> Search for a list of ports",
" -r <protocol> Only show [tcp|udp] services",
" -u,--up Only show services which are up",
" -o <file> Send output to a file in csv format",
" -R,--rhosts Set RHOSTS from the results of the search",
" -S,--search Search string to filter by",
"Available columns: created_at, info, name, port, proto, state, updated_at"
]
end
end
describe "-p" do
before(:each) do
host = FactoryGirl.create(:mdm_host, :workspace => framework.db.workspace, :address => "192.168.0.1")
FactoryGirl.create(:mdm_service, :host => host, :port => 1024)
FactoryGirl.create(:mdm_service, :host => host, :port => 1025)
FactoryGirl.create(:mdm_service, :host => host, :port => 1026)
end
it "should list services that are on a given port" do
db.cmd_services "-p", "1024,1025"
@output.should =~ [
"Services",
"========",
"",
"host port proto name state info",
"---- ---- ----- ---- ----- ----",
"192.168.0.1 1024 snmp open ",
"192.168.0.1 1025 snmp open "
]
end
end
describe "-np" do
before(:each) do
host = FactoryGirl.create(:mdm_host, :workspace => framework.db.workspace, :address => "192.168.0.1")
FactoryGirl.create(:mdm_service, :host => host, :port => 1024)
FactoryGirl.create(:mdm_service, :host => host, :port => 1025)
FactoryGirl.create(:mdm_service, :host => host, :port => 1026)
end
it "should list services that are not on a given port" do
pending("refs redmine ticket #4821") {
db.cmd_services "-np", "1024"
@output.should =~ [
"Services",
"========",
"",
"host port proto name state info",
"---- ---- ----- ---- ----- ----",
"192.168.0.1 1025 snmp open ",
"192.168.0.1 1026 snmp open "
]
}
end
end
end
describe "#cmd_vulns" do
describe "-h" do
it "should show a help message" do
db.cmd_vulns "-h"
@output.should =~ [
"Print all vulnerabilities in the database",
"Usage: vulns [addr range]",
" -h,--help Show this help information",
" -p,--port <portspec> List vulns matching this port spec",
" -s <svc names> List vulns matching these service names",
" -S,--search Search string to filter by",
" -i,--info Display Vuln Info",
"Examples:",
" vulns -p 1-65536 # only vulns with associated services",
" vulns -p 1-65536 -s http # identified as http on any port"
]
end
end
end
describe "#cmd_notes" do
describe "-h" do
it "should show a help message" do
db.cmd_notes "-h"
@output.should =~ [
"Usage: notes [-h] [-t <type1,type2>] [-n <data string>] [-a] [addr range]",
" -a,--add Add a note to the list of addresses, instead of listing",
" -d,--delete Delete the hosts instead of searching",
" -n,--note <data> Set the data for a new note (only with -a)",
" -t <type1,type2> Search for a list of types",
" -h,--help Show this help information",
" -R,--rhosts Set RHOSTS from the results of the search",
" -S,--search Regular expression to match for search",
" --sort <field1,field2> Fields to sort by (case sensitive)",
"Examples:",
" notes --add -t apps -n 'winzip' 10.1.1.34 10.1.20.41",
" notes -t smb.fingerprint 10.1.1.34 10.1.20.41",
" notes -S 'nmap.nse.(http|rtsp)' --sort type,output"
]
end
end
end
describe "#cmd_loot" do
describe "-h" do
it "should show a help message" do
db.cmd_loot "-h"
@output.should =~ [
"Usage: loot <options>",
" Info: loot [-h] [addr1 addr2 ...] [-t <type1,type2>]",
" Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] [-t [type]",
" Del: loot -d [addr1 addr2 ...]",
" -a,--add Add loot to the list of addresses, instead of listing",
" -d,--delete Delete *all* loot matching host and type",
" -f,--file File with contents of the loot to add",
" -i,--info Info of the loot to add",
" -t <type1,type2> Search for a list of types",
" -h,--help Show this help information",
" -S,--search Search string to filter by"
]
end
end
end
describe "#cmd_creds" do
describe "-h" do
it "should show a help message" do
db.cmd_creds "-h"
@output.should =~ [
"Usage: creds [addr range]",
"Usage: creds -a <addr range> -p <port> -t <type> -u <user> -P <pass>",
" -a,--add Add creds to the given addresses instead of listing",
" -d,--delete Delete the creds instead of searching",
" -h,--help Show this help information",
" -o <file> Send output to a file in csv format",
" -p,--port <portspec> List creds matching this port spec",
" -s <svc names> List creds matching these service names",
" -t,--type <type> Add a cred of this type (only with -a). Default: password",
" -u,--user Add a cred for this user (only with -a). Default: blank",
" -P,--password Add a cred with this password (only with -a). Default: blank",
" -R,--rhosts Set RHOSTS from the results of the search",
" -S,--search Search string to filter by",
"Examples:",
" creds # Default, returns all active credentials",
" creds all # Returns all credentials active or not",
" creds 1.2.3.4/24 # nmap host specification",
" creds -p 22-25,445 # nmap port specification",
" creds 10.1.*.* -s ssh,smb all"
]
end
end
end
describe "#cmd_db_import" do
describe "-h" do
it "should show a help message" do
db.cmd_db_import "-h"
@output.should =~ [
"Usage: db_import <filename> [file2...]",
"Filenames can be globs like *.xml, or **/*.xml which will search recursively",
"Currently supported file types include:",
" Acunetix XML",
" Amap Log",
" Amap Log -m",
" Appscan XML",
" Burp Session XML",
" Foundstone XML",
" IP360 ASPL",
" IP360 XML v3",
" Microsoft Baseline Security Analyzer",
" Nessus NBE",
" Nessus XML (v1 and v2)",
" NetSparker XML",
" NeXpose Simple XML",
" NeXpose XML Report",
" Nmap XML",
" OpenVAS Report",
" Qualys Asset XML",
" Qualys Scan XML",
" Retina XML"
]
end
end
end
describe "#cmd_db_export" do
describe "-h" do
it "should show a help message" do
db.cmd_db_export "-h"
@output.should =~ [
"Usage:",
" db_export -f <format> [-a] [filename]",
" Format can be one of: xml, pwdump"
]
end
end
end
describe "#db_nmap" do
it "should have some specs describing its output"
end
describe "#db_rebuild_cache" do
it "should have some specs describing its output"
end
end

32
spec/lib/msf/ui/command_dispatcher/exploit_spec.rb Normal file
View File

@ -0,0 +1,32 @@
require 'spec_helper'
require 'msf/ui'
require 'msf/ui/console/command_dispatcher/exploit'
describe Msf::Ui::Console::CommandDispatcher::Exploit do
include_context 'Msf::DBManager'
include_context 'Msf::UIDriver'
subject(:exp) do
described_class.new(driver)
end
describe "#cmd_exploit" do
end
describe "#cmd_rcheck" do
end
describe "#cmd_rexploit" do
end
describe "#cmd_reload" do
end
describe "#cmd_run" do
end
describe "#cmd_rerun" do
end
end

18
spec/support/shared/contexts/msf/ui_driver.rb Normal file
View File

@ -0,0 +1,18 @@
shared_context 'Msf::UIDriver' do
let(:driver) do
mock(
'Driver',
:framework => framework
).tap { |driver|
driver.stub(:on_command_proc=).with(kind_of(Proc))
driver.stub(:print_line).with(kind_of(String)) do |string|
@output ||= []
@output.concat string.split("\n")
end
driver.stub(:print_error).with(kind_of(String)) do |string|
@error ||= []
@error.concat string.split("\n")
end
}
end
end