From f80fd684809a6091e8fe6114f4002bb41e359478 Mon Sep 17 00:00:00 2001 From: darkbushido Date: Tue, 19 Aug 2014 15:06:47 -0500 Subject: [PATCH] adding more scenarios updating ms08-067's scenarios so they are testing show options and show advanced changing the scenario descriptions and feature descriptions for help.feature and ms08-067 --- features/commands/help.feature | 2 +- .../exploit/smb/ms08_067_netapi.feature | 162 +++++++++++++++++- 2 files changed, 156 insertions(+), 8 deletions(-) diff --git a/features/commands/help.feature b/features/commands/help.feature index c46faef2ea..f6882969f1 100644 --- a/features/commands/help.feature +++ b/features/commands/help.feature @@ -1,7 +1,7 @@ @msfconsole Feature: Help command - Scenario: msfconsole starts and is not horribly broken + Scenario: The Help commands output When I type "help" And I type "exit" Then the output should contain: diff --git a/features/modules/exploit/smb/ms08_067_netapi.feature b/features/modules/exploit/smb/ms08_067_netapi.feature index 3a9a2824a4..068213a0e1 100644 --- a/features/modules/exploit/smb/ms08_067_netapi.feature +++ b/features/modules/exploit/smb/ms08_067_netapi.feature @@ -1,20 +1,168 @@ @msfconsole Feature: MS08-067 netapi - - Scenario: Test driving a module + + Scenario: The MS08-067 Module should have the following options When I type "use exploit/windows/smb/ms08_067_netapi" - And I type "set RHOST w2k3sp2-x86-u.vuln.lax.rapid7.com" - And I type "set PAYLOAD windows/meterpreter/bind_tcp" - And I type "run" + And I type "show options" And I type "exit" + Then the output should contain: + """ + Module options (exploit/windows/smb/ms08_067_netapi): + + Name Current Setting Required Description + ---- --------------- -------- ----------- + RHOST yes The target address + RPORT 445 yes Set the SMB service port + SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) + """ + + Scenario: The MS08-067 Module should have the following advanced options + When I type "use exploit/windows/smb/ms08_067_netapi" + And I type "show advanced" And I type "exit" - Then the output should match /Meterpreter session \d+ opened/ + Then the output should contain: + """ + Module advanced options: + + Name : CHOST + Current Setting: + Description : The local client address + + Name : CPORT + Current Setting: + Description : The local client port + + Name : ConnectTimeout + Current Setting: 10 + Description : Maximum number of seconds to establish a TCP connection + + Name : ContextInformationFile + Current Setting: + Description : The information file that contains context information + + Name : DCERPC::ReadTimeout + Current Setting: 10 + Description : The number of seconds to wait for DCERPC responses + + Name : DisablePayloadHandler + Current Setting: false + Description : Disable the handler code for the selected payload + + Name : EnableContextEncoding + Current Setting: false + Description : Use transient context when encoding payloads + + Name : NTLM::SendLM + Current Setting: true + Description : Always send the LANMAN response (except when NTLMv2_session is + specified) + + Name : NTLM::SendNTLM + Current Setting: true + Description : Activate the 'Negotiate NTLM key' flag, indicating the use of + NTLM responses + + Name : NTLM::SendSPN + Current Setting: true + Description : Send an avp of type SPN in the ntlmv2 client Blob, this allow + authentification on windows Seven/2008r2 when SPN is required + + Name : NTLM::UseLMKey + Current Setting: false + Description : Activate the 'Negotiate Lan Manager Key' flag, using the LM key + when the LM response is sent + + Name : NTLM::UseNTLM2_session + Current Setting: true + Description : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a + NTLMv2_session + + Name : NTLM::UseNTLMv2 + Current Setting: true + Description : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key + is true + + Name : Proxies + Current Setting: + Description : Use a proxy chain + + Name : SMB::ChunkSize + Current Setting: 500 + Description : The chunk size for SMB segments, bigger values will increase + speed but break NT 4.0 and SMB signing + + Name : SMB::Native_LM + Current Setting: Windows 2000 5.0 + Description : The Native LM to send during authentication + + Name : SMB::Native_OS + Current Setting: Windows 2000 2195 + Description : The Native OS to send during authentication + + Name : SMB::VerifySignature + Current Setting: false + Description : Enforces client-side verification of server response signatures + + Name : SMBDirect + Current Setting: true + Description : The target port is a raw SMB service (not NetBIOS) + + Name : SMBDomain + Current Setting: . + Description : The Windows domain to use for authentication + + Name : SMBName + Current Setting: *SMBSERVER + Description : The NetBIOS hostname (required for port 139 connections) + + Name : SMBPass + Current Setting: + Description : The password for the specified username + + Name : SMBUser + Current Setting: + Description : The username to authenticate as + + Name : SSL + Current Setting: false + Description : Negotiate SSL for outgoing connections + + Name : SSLCipher + Current Setting: + Description : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH" + + Name : SSLVerifyMode + Current Setting: PEER + Description : SSL verification method (accepted: CLIENT_ONCE, + FAIL_IF_NO_PEER_CERT, NONE, PEER) + + Name : SSLVersion + Current Setting: SSL3 + Description : Specify the version of SSL that should be used (accepted: SSL2, + SSL3, TLS1) + + Name : VERBOSE + Current Setting: false + Description : Enable detailed status messages + + Name : WORKSPACE + Current Setting: + Description : Specify the workspace for this module + + Name : WfsDelay + Current Setting: 0 + Description : Additional delay when waiting for a session + """ @msfconsole - @target + @targets Scenario: Show RHOST/etc variable expansion from a config file + When I type "use exploit/windows/smb/ms08_067_netapi" When RHOST is WINDOWS + And I type "set PAYLOAD windows/meterpreter/bind_tcp" And I type "show options" + And I type "run" + And I type "exit" And I type "exit" Then the output should match /spider-wxp/