From ec974535ac19977e1a8f0e6d349236e3883dfb46 Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Wed, 7 May 2014 14:43:15 -0500
Subject: [PATCH] create base object for mssql scanner

created skeleton for MSSQL Loginscanner
included concerns.

also added an NTLM concern and shared example group
---
 .../framework/login_scanner/mssql.rb          |  24 ++++
 lib/metasploit/framework/mssql/client.rb      |   2 +
 .../framework/login_scanner/mssql_spec.rb     |  12 ++
 .../framework/login_scanner/ntlm.rb           | 135 ++++++++++++++++++
 4 files changed, 173 insertions(+)
 create mode 100644 spec/lib/metasploit/framework/login_scanner/mssql_spec.rb
 create mode 100644 spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb

diff --git a/lib/metasploit/framework/login_scanner/mssql.rb b/lib/metasploit/framework/login_scanner/mssql.rb
index e69de29bb2..fd63516e59 100644
--- a/lib/metasploit/framework/login_scanner/mssql.rb
+++ b/lib/metasploit/framework/login_scanner/mssql.rb
@@ -0,0 +1,24 @@
+require 'metasploit/framework/mssql/client'
+require 'metasploit/framework/login_scanner/base'
+require 'metasploit/framework/login_scanner/rex_socket'
+require 'metasploit/framework/login_scanner/ntlm'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+
+      # This is the LoginScanner class for dealing with Microsoft SQL Servers.
+      # It is responsible for taking a single target, and a list of credentials
+      # and attempting them. It then saves the results
+      class MSSQL
+        include Metasploit::Framework::LoginScanner::Base
+        include Metasploit::Framework::LoginScanner::RexSocket
+        include Metasploit::Framework::LoginScanner::NTLM
+        include Metasploit::Framework::MSSQL::Client
+
+
+      end
+
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/metasploit/framework/mssql/client.rb b/lib/metasploit/framework/mssql/client.rb
index 754861b837..b22392bef7 100644
--- a/lib/metasploit/framework/mssql/client.rb
+++ b/lib/metasploit/framework/mssql/client.rb
@@ -1,3 +1,5 @@
+require 'metasploit/framework/tcp/client'
+
 module Metasploit
   module Framework
     module MSSQL
diff --git a/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb b/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb
new file mode 100644
index 0000000000..ea0ffa046c
--- /dev/null
+++ b/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb
@@ -0,0 +1,12 @@
+require 'spec_helper'
+require 'metasploit/framework/login_scanner/mssql'
+
+describe Metasploit::Framework::LoginScanner::MSSQL do
+
+  subject(:login_scanner) { described_class.new }
+
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base'
+  it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
+  it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
+
+end
\ No newline at end of file
diff --git a/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb b/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb
new file mode 100644
index 0000000000..4216606a89
--- /dev/null
+++ b/spec/support/shared/examples/lib/metasploit/framework/login_scanner/ntlm.rb
@@ -0,0 +1,135 @@
+shared_examples_for 'Metasploit::Framework::LoginScanner::NTLM' do 
+  
+  subject(:login_scanner) { described_class.new }
+
+  it { should respond_to :send_lm }
+  it { should respond_to :send_ntlm }
+  it { should respond_to :send_spn }
+  it { should respond_to :use_ntlm2_session }
+  it { should respond_to :use_ntlmv2 }
+
+  context 'validations' do
+
+    context '#send_lm' do
+      it 'is not valid for the string true' do
+        login_scanner.send_lm = 'true'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:send_lm]).to include 'is not included in the list'
+      end
+
+      it 'is not valid for the string false' do
+        login_scanner.send_lm = 'false'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:send_lm]).to include 'is not included in the list'
+      end
+
+      it 'is  valid for true class' do
+        login_scanner.send_lm = true
+        expect(login_scanner.errors[:send_lm]).to be_empty
+      end
+
+      it 'is  valid for false class' do
+        login_scanner.send_lm = false
+        expect(login_scanner.errors[:send_lm]).to be_empty
+      end
+    end
+
+    context '#send_ntlm' do
+      it 'is not valid for the string true' do
+        login_scanner.send_ntlm = 'true'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:send_ntlm]).to include 'is not included in the list'
+      end
+
+      it 'is not valid for the string false' do
+        login_scanner.send_ntlm = 'false'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:send_ntlm]).to include 'is not included in the list'
+      end
+
+      it 'is  valid for true class' do
+        login_scanner.send_ntlm = true
+        expect(login_scanner.errors[:send_ntlm]).to be_empty
+      end
+
+      it 'is  valid for false class' do
+        login_scanner.send_ntlm = false
+        expect(login_scanner.errors[:send_ntlm]).to be_empty
+      end
+    end
+
+    context '#send_spn' do
+      it 'is not valid for the string true' do
+        login_scanner.send_spn = 'true'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:send_spn]).to include 'is not included in the list'
+      end
+
+      it 'is not valid for the string false' do
+        login_scanner.stop_on_success = 'false'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:send_spn]).to include 'is not included in the list'
+      end
+
+      it 'is  valid for true class' do
+        login_scanner.send_spn = true
+        expect(login_scanner.errors[:send_spn]).to be_empty
+      end
+
+      it 'is  valid for false class' do
+        login_scanner.send_spn = false
+        expect(login_scanner.errors[:send_spn]).to be_empty
+      end
+    end
+
+    context '#use_ntlm2_session' do
+      it 'is not valid for the string true' do
+        login_scanner.use_ntlm2_session = 'true'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:use_ntlm2_session]).to include 'is not included in the list'
+      end
+
+      it 'is not valid for the string false' do
+        login_scanner.use_ntlm2_session = 'false'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:use_ntlm2_session]).to include 'is not included in the list'
+      end
+
+      it 'is  valid for true class' do
+        login_scanner.use_ntlm2_session = true
+        expect(login_scanner.errors[:use_ntlm2_session]).to be_empty
+      end
+
+      it 'is  valid for false class' do
+        login_scanner.use_ntlm2_session = false
+        expect(login_scanner.errors[:use_ntlm2_session]).to be_empty
+      end
+    end
+
+    context '#use_ntlmv2' do
+      it 'is not valid for the string true' do
+        login_scanner.use_ntlmv2 = 'true'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:use_ntlmv2]).to include 'is not included in the list'
+      end
+
+      it 'is not valid for the string false' do
+        login_scanner.use_ntlmv2 = 'false'
+        expect(login_scanner).to_not be_valid
+        expect(login_scanner.errors[:use_ntlmv2]).to include 'is not included in the list'
+      end
+
+      it 'is  valid for true class' do
+        login_scanner.use_ntlmv2 = true
+        expect(login_scanner.errors[:use_ntlmv2]).to be_empty
+      end
+
+      it 'is  valid for false class' do
+        login_scanner.use_ntlmv2 = false
+        expect(login_scanner.errors[:use_ntlmv2]).to be_empty
+      end
+    end
+
+  end
+
+end