Fix some BES rspec
wchen-r7
parent
5a858d68a5
commit
eabf561a1f
|
|
@ -3,40 +3,38 @@ require 'msf/core'
|
|||
|
||||
describe Msf::Exploit::Remote::BrowserExploitServer do
|
||||
|
||||
# When unpacked, this gives us:
|
||||
# {
|
||||
# "BAP.1433806920.Client.blLGFIlwYrxfvcY" =>
|
||||
# {
|
||||
# "source" => "script",
|
||||
# "os_name" => "Windows 8.1",
|
||||
# "os_vendor" => "undefined",
|
||||
# "os_device" => "undefined",
|
||||
# "ua_name" => "Firefox",
|
||||
# "ua_ver" => "35.0",
|
||||
# "arch" => "x86",
|
||||
# "java" => "1.7",
|
||||
# "silverlight" => "false",
|
||||
# "flash" => "14.0",
|
||||
# "vuln_test" => "true",
|
||||
# "proxy" => false,
|
||||
# "language" => "en-US,en;q=0.5",
|
||||
# "tried" => true,
|
||||
# "activex" => [{"clsid"=>"{D27CDB6E-AE6D-11cf-96B8-444553540000}", "method"=>"LoadMovie"}]
|
||||
# }}
|
||||
let(:first_packed_profile) do
|
||||
"\x81\xD9%BAP.1433806920.Client.blLGFIlwYrxfvcY\x8F\xA6source\xA6script\xA7os_name\xABWindows 8.1\xA9os_vendor\xA9undefined\xA9os_device\xA9undefined\xA7ua_name\xA7Firefox\xA6ua_ver\xA435.0\xA4arch\xA3x86\xA4java\xA31.7\xABsilverlight\xA5false\xA5flash\xA414.0\xA9vuln_test\xA4true\xA5proxy\xC2\xA8language\xC4\x0Een-US,en;q=0.5\xA5tried\xC3\xA7activex\x91\x82\xA5clsid\xD9&{D27CDB6E-AE6D-11cf-96B8-444553540000}\xA6method\xA9LoadMovie"
|
||||
let(:in_memory_profile) do
|
||||
{
|
||||
"BAP.1433806920.Client.blLGFIlwYrxfvcY" =>
|
||||
{
|
||||
source: "script",
|
||||
os_name: "Windows 8.1",
|
||||
os_vendor: "undefined",
|
||||
os_device: "undefined",
|
||||
ua_name: "Firefox",
|
||||
ua_ver: "35.0",
|
||||
arch: "x86",
|
||||
java: "1.7",
|
||||
silverlight: "false",
|
||||
flash: "14.0",
|
||||
vuln_test: "true",
|
||||
proxy: false,
|
||||
language: "en-US,en;q=0.5",
|
||||
tried: true,
|
||||
activex: [{"clsid"=>"{D27CDB6E-AE6D-11cf-96B8-444553540000}", "method"=>"LoadMovie"}]
|
||||
}}
|
||||
end
|
||||
|
||||
let(:default_note_type_prefix) do
|
||||
MessagePack.unpack(first_packed_profile).keys.first.split('.')[0,3] * "."
|
||||
in_memory_profile.keys.first.split('.')[0,3] * "."
|
||||
end
|
||||
|
||||
let(:first_profile_tag) do
|
||||
MessagePack.unpack(first_packed_profile).keys.first.split('.')[3]
|
||||
in_memory_profile.keys.first.split('.')[3]
|
||||
end
|
||||
|
||||
let(:first_profile_info) do
|
||||
MessagePack.unpack(first_packed_profile).values.first
|
||||
in_memory_profile.values.first
|
||||
end
|
||||
|
||||
let(:cli) do
|
||||
|
|
@ -46,6 +44,10 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
sock
|
||||
end
|
||||
|
||||
let(:shortname) do
|
||||
'browser_exploit_server'
|
||||
end
|
||||
|
||||
def create_fake_note(tag, data)
|
||||
note = double('note')
|
||||
allow(note).to receive(:ntype).and_return(tag)
|
||||
|
|
@ -57,7 +59,7 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
|
||||
before(:each) do
|
||||
allow_any_instance_of(described_class).to receive(:vprint_status)
|
||||
@notes = [create_fake_note(first_profile_tag, first_packed_profile)]
|
||||
@notes = [create_fake_note(first_profile_tag, in_memory_profile)]
|
||||
end
|
||||
|
||||
subject(:server) do
|
||||
|
|
@ -65,6 +67,7 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
mod.extend described_class
|
||||
mod.send(:initialize)
|
||||
mod.send(:datastore=, {'NoteTypePrefix' => default_note_type_prefix})
|
||||
allow(mod).to receive(:shortname).and_return(shortname)
|
||||
mod
|
||||
end
|
||||
|
||||
|
|
@ -99,14 +102,14 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
|
||||
describe '#has_bad_activex?' do
|
||||
context 'when there is a bad activex' do
|
||||
let(:js_ax_value) { "#{first_profile_info['activex'][0][:clsid]}=>#{first_profile_info['activex'][0][:method]}=>false" }
|
||||
let(:js_ax_value) { "#{first_profile_info[:activex][0][:clsid]}=>#{first_profile_info[:activex][0][:method]}=>false" }
|
||||
it 'returns false' do
|
||||
expect(server.has_bad_activex?(js_ax_value)).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
context 'when there is no bad activex' do
|
||||
let(:js_ax_value) { "#{first_profile_info['activex'][0][:clsid]}=>#{first_profile_info['activex'][0][:method]}=>true" }
|
||||
let(:js_ax_value) { "#{first_profile_info[:activex][0][:clsid]}=>#{first_profile_info[:activex][0][:method]}=>true" }
|
||||
it 'returns true' do
|
||||
expect(server.has_bad_activex?(js_ax_value)).to be_falsey
|
||||
end
|
||||
|
|
@ -194,7 +197,7 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
|
||||
describe '#on_request_uri' do
|
||||
before(:each) do
|
||||
allow(server).to receive(:get_profile_info) { MessagePack.unpack(first_packed_profile) }
|
||||
allow(server).to receive(:get_profile_info) { in_memory_profile }
|
||||
allow(server).to receive(:init_profile).with(kind_of(String))
|
||||
allow(server).to receive(:update_profile)
|
||||
allow(server).to receive(:process_browser_info)
|
||||
|
|
@ -260,4 +263,113 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#browser_profile_prefix' do
|
||||
it 'returns a BES prefix' do
|
||||
expect(subject.browser_profile_prefix).to include(shortname)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#get_custom_404_url' do
|
||||
let(:custom_404) do
|
||||
'http://example.com'
|
||||
end
|
||||
|
||||
before(:each) do
|
||||
allow(subject).to receive(:datastore).and_return({'Custom404'=>custom_404})
|
||||
end
|
||||
|
||||
context 'when a custom 404 URL is set' do
|
||||
it 'returns the URL' do
|
||||
expect(subject.get_custom_404_url).to eq(custom_404)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#get_module_uri' do
|
||||
let(:exploit_receiver_page) do
|
||||
'exploit_receiver_page'
|
||||
end
|
||||
|
||||
before(:each) do
|
||||
subject.instance_variable_set(:@exploit_receiver_page, exploit_receiver_page)
|
||||
allow(subject).to receive(:get_uri).and_return('')
|
||||
end
|
||||
|
||||
it 'returns a module URI' do
|
||||
expect(subject.get_module_uri).to include(exploit_receiver_page)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#try_set_target' do
|
||||
let(:aux_mod) do
|
||||
mod = Msf::Auxiliary.allocate
|
||||
mod.extend described_class
|
||||
mod.send(:initialize)
|
||||
mod
|
||||
end
|
||||
|
||||
let(:target_options) do
|
||||
{ua_name: 'Firefox'}
|
||||
end
|
||||
|
||||
let(:target) do
|
||||
t = double('target')
|
||||
allow(t).to receive(:opts).and_return(target_options)
|
||||
t
|
||||
end
|
||||
|
||||
let(:default_auto_target) do
|
||||
# The default auto target is always the first on the list.
|
||||
# In a module this would be the "Automatic" target.
|
||||
t = double('target')
|
||||
allow(t).to receive(:opts).and_return({})
|
||||
t
|
||||
end
|
||||
|
||||
let(:targets) do
|
||||
[ default_auto_target, target ]
|
||||
end
|
||||
|
||||
context 'when an auxiliary uses BES' do
|
||||
it 'returns nil' do
|
||||
expect(aux_mod.try_set_target(first_profile_info)).to be_nil
|
||||
end
|
||||
end
|
||||
|
||||
context 'when an exploit uses BES' do
|
||||
it 'sets the instance variable @target' do
|
||||
expect(subject.instance_variable_get(:@target)).to be_nil
|
||||
allow(subject).to receive(:targets).and_return(targets)
|
||||
subject.try_set_target(first_profile_info)
|
||||
expect(subject.instance_variable_get(:@target)).to eq(target)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
skip '#get_bad_requirements' do
|
||||
end
|
||||
|
||||
skip '#process_browser_info' do
|
||||
end
|
||||
|
||||
skip '#has_proxy?' do
|
||||
end
|
||||
|
||||
skip '#cookie_name' do
|
||||
end
|
||||
|
||||
skip '#cookie_header' do
|
||||
end
|
||||
|
||||
skip '#send_exploit_html' do
|
||||
end
|
||||
|
||||
skip '#send_not_found' do
|
||||
end
|
||||
|
||||
skip '#js_vuln_test' do
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue