create base object for mssql scanner
created skeleton for MSSQL Loginscanner included concerns. also added an NTLM concern and shared example groupbug/bundler_fix
parent
234e129523
commit
ec974535ac
|
@ -0,0 +1,24 @@
|
||||||
|
require 'metasploit/framework/mssql/client'
|
||||||
|
require 'metasploit/framework/login_scanner/base'
|
||||||
|
require 'metasploit/framework/login_scanner/rex_socket'
|
||||||
|
require 'metasploit/framework/login_scanner/ntlm'
|
||||||
|
|
||||||
|
module Metasploit
|
||||||
|
module Framework
|
||||||
|
module LoginScanner
|
||||||
|
|
||||||
|
# This is the LoginScanner class for dealing with Microsoft SQL Servers.
|
||||||
|
# It is responsible for taking a single target, and a list of credentials
|
||||||
|
# and attempting them. It then saves the results
|
||||||
|
class MSSQL
|
||||||
|
include Metasploit::Framework::LoginScanner::Base
|
||||||
|
include Metasploit::Framework::LoginScanner::RexSocket
|
||||||
|
include Metasploit::Framework::LoginScanner::NTLM
|
||||||
|
include Metasploit::Framework::MSSQL::Client
|
||||||
|
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,3 +1,5 @@
|
||||||
|
require 'metasploit/framework/tcp/client'
|
||||||
|
|
||||||
module Metasploit
|
module Metasploit
|
||||||
module Framework
|
module Framework
|
||||||
module MSSQL
|
module MSSQL
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
require 'metasploit/framework/login_scanner/mssql'
|
||||||
|
|
||||||
|
describe Metasploit::Framework::LoginScanner::MSSQL do
|
||||||
|
|
||||||
|
subject(:login_scanner) { described_class.new }
|
||||||
|
|
||||||
|
it_behaves_like 'Metasploit::Framework::LoginScanner::Base'
|
||||||
|
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||||
|
it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
|
||||||
|
|
||||||
|
end
|
|
@ -0,0 +1,135 @@
|
||||||
|
shared_examples_for 'Metasploit::Framework::LoginScanner::NTLM' do
|
||||||
|
|
||||||
|
subject(:login_scanner) { described_class.new }
|
||||||
|
|
||||||
|
it { should respond_to :send_lm }
|
||||||
|
it { should respond_to :send_ntlm }
|
||||||
|
it { should respond_to :send_spn }
|
||||||
|
it { should respond_to :use_ntlm2_session }
|
||||||
|
it { should respond_to :use_ntlmv2 }
|
||||||
|
|
||||||
|
context 'validations' do
|
||||||
|
|
||||||
|
context '#send_lm' do
|
||||||
|
it 'is not valid for the string true' do
|
||||||
|
login_scanner.send_lm = 'true'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:send_lm]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is not valid for the string false' do
|
||||||
|
login_scanner.send_lm = 'false'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:send_lm]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for true class' do
|
||||||
|
login_scanner.send_lm = true
|
||||||
|
expect(login_scanner.errors[:send_lm]).to be_empty
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for false class' do
|
||||||
|
login_scanner.send_lm = false
|
||||||
|
expect(login_scanner.errors[:send_lm]).to be_empty
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context '#send_ntlm' do
|
||||||
|
it 'is not valid for the string true' do
|
||||||
|
login_scanner.send_ntlm = 'true'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:send_ntlm]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is not valid for the string false' do
|
||||||
|
login_scanner.send_ntlm = 'false'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:send_ntlm]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for true class' do
|
||||||
|
login_scanner.send_ntlm = true
|
||||||
|
expect(login_scanner.errors[:send_ntlm]).to be_empty
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for false class' do
|
||||||
|
login_scanner.send_ntlm = false
|
||||||
|
expect(login_scanner.errors[:send_ntlm]).to be_empty
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context '#send_spn' do
|
||||||
|
it 'is not valid for the string true' do
|
||||||
|
login_scanner.send_spn = 'true'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:send_spn]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is not valid for the string false' do
|
||||||
|
login_scanner.stop_on_success = 'false'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:send_spn]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for true class' do
|
||||||
|
login_scanner.send_spn = true
|
||||||
|
expect(login_scanner.errors[:send_spn]).to be_empty
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for false class' do
|
||||||
|
login_scanner.send_spn = false
|
||||||
|
expect(login_scanner.errors[:send_spn]).to be_empty
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context '#use_ntlm2_session' do
|
||||||
|
it 'is not valid for the string true' do
|
||||||
|
login_scanner.use_ntlm2_session = 'true'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:use_ntlm2_session]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is not valid for the string false' do
|
||||||
|
login_scanner.use_ntlm2_session = 'false'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:use_ntlm2_session]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for true class' do
|
||||||
|
login_scanner.use_ntlm2_session = true
|
||||||
|
expect(login_scanner.errors[:use_ntlm2_session]).to be_empty
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for false class' do
|
||||||
|
login_scanner.use_ntlm2_session = false
|
||||||
|
expect(login_scanner.errors[:use_ntlm2_session]).to be_empty
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context '#use_ntlmv2' do
|
||||||
|
it 'is not valid for the string true' do
|
||||||
|
login_scanner.use_ntlmv2 = 'true'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:use_ntlmv2]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is not valid for the string false' do
|
||||||
|
login_scanner.use_ntlmv2 = 'false'
|
||||||
|
expect(login_scanner).to_not be_valid
|
||||||
|
expect(login_scanner.errors[:use_ntlmv2]).to include 'is not included in the list'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for true class' do
|
||||||
|
login_scanner.use_ntlmv2 = true
|
||||||
|
expect(login_scanner.errors[:use_ntlmv2]).to be_empty
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is valid for false class' do
|
||||||
|
login_scanner.use_ntlmv2 = false
|
||||||
|
expect(login_scanner.errors[:use_ntlmv2]).to be_empty
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue