Add a warning before use
parent
bff66ade60
commit
ff0af805e3
|
@ -70,10 +70,104 @@ describe Md5LookupUtility do
|
|||
end
|
||||
end
|
||||
|
||||
def get_stdout(&block)
|
||||
out = $stdout
|
||||
$stdout = fake = StringIO.new
|
||||
begin
|
||||
yield
|
||||
ensure
|
||||
$stdout = out
|
||||
end
|
||||
fake.string
|
||||
end
|
||||
|
||||
#
|
||||
# Tests start here
|
||||
#
|
||||
|
||||
|
||||
describe Md5LookupUtility::Disclaimer do
|
||||
|
||||
let(:group_name) { 'MD5Lookup' }
|
||||
let(:setting_name) { 'waiver' }
|
||||
let(:data) { true }
|
||||
let(:t_path) { 'filepath' }
|
||||
|
||||
def stub_save
|
||||
ini = Rex::Parser::Ini.new(t_path)
|
||||
allow(ini).to receive(:to_file).with(any_args)
|
||||
allow(Rex::Parser::Ini).to receive(:new).and_return(ini)
|
||||
return ini
|
||||
end
|
||||
|
||||
def stub_load(with_setting=true)
|
||||
if with_setting
|
||||
ini = stub_save
|
||||
disclamer.save_waiver
|
||||
else
|
||||
ini = Rex::Parser::Ini.new(t_path)
|
||||
end
|
||||
|
||||
allow(Rex::Parser::Ini).to receive(:new).and_return(ini)
|
||||
return ini
|
||||
end
|
||||
|
||||
subject(:disclamer) do
|
||||
Md5LookupUtility::Disclaimer.new
|
||||
end
|
||||
|
||||
describe '#ack' do
|
||||
context 'When \'Y\' is entered' do
|
||||
it 'returns true' do
|
||||
agree = "Y\n"
|
||||
allow($stdin).to receive(:gets).and_return(agree)
|
||||
get_stdout { expect(disclamer.ack).to be_truthy }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#save_waiver' do
|
||||
context 'when waiver is true' do
|
||||
it 'saves the wavier setting' do
|
||||
ini = stub_save
|
||||
disclamer.save_waiver
|
||||
expect(ini[group_name]).to eq({setting_name=>true})
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#has_waiver?' do
|
||||
context 'when there is a waiver' do
|
||||
it 'returns true' do
|
||||
ini = stub_load(true)
|
||||
expect(disclamer.send(:has_waiver?)).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
context 'when there is no waiver' do
|
||||
it 'returns false' do
|
||||
ini = stub_load(false)
|
||||
expect(disclamer.send(:has_waiver?)).to be_falsey
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#save_setting' do
|
||||
context 'when a setting is given' do
|
||||
it 'saves the setting' do
|
||||
ini = stub_save
|
||||
disclamer.send(:save_setting, setting_name, data)
|
||||
expect(ini[group_name]).to eq({setting_name=>true})
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#load_setting' do
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
describe Md5LookupUtility::Md5Lookup do
|
||||
|
||||
describe '.new' do
|
||||
|
@ -146,19 +240,10 @@ describe Md5LookupUtility do
|
|||
|
||||
describe '#run' do
|
||||
context 'when a hash is found' do
|
||||
|
||||
def get_stdout(&block)
|
||||
out = $stdout
|
||||
$stdout = fake = StringIO.new
|
||||
begin
|
||||
yield
|
||||
ensure
|
||||
$stdout = out
|
||||
end
|
||||
fake.string
|
||||
end
|
||||
|
||||
it 'prints a \'found\' message' do
|
||||
disclaimer = Md5LookupUtility::Disclaimer.new
|
||||
allow(disclaimer).to receive(:has_waiver?).and_return(true)
|
||||
allow(Md5LookupUtility::Disclaimer).to receive(:new).and_return(disclaimer)
|
||||
allow(subject).to receive(:get_hash_results).and_yield(expected_result)
|
||||
output = get_stdout { subject.run }
|
||||
expect(output).to include('Found:')
|
||||
|
|
|
@ -60,6 +60,89 @@ end
|
|||
|
||||
module Md5LookupUtility
|
||||
|
||||
# This class manages the disclamer
|
||||
class Disclaimer
|
||||
|
||||
# @!attribute config_file
|
||||
# @return [String] The config file path
|
||||
attr_accessor :config_file
|
||||
|
||||
# @!attribute group_name
|
||||
# @return [String] The name of the tool
|
||||
attr_accessor :group_name
|
||||
|
||||
|
||||
def initialize
|
||||
self.config_file = Msf::Config.config_file
|
||||
self.group_name = 'MD5Lookup'
|
||||
end
|
||||
|
||||
# Prompts a disclamer. The user will not be able to get out unless they acknowledge.
|
||||
#
|
||||
# @return [TrueClass] true if acknowledged.
|
||||
def ack
|
||||
print_status("WARNING: This tool will submit and look up your MD5 hashes in the")
|
||||
print_status("clear (HTTP) on third party websites.")
|
||||
print_status
|
||||
print_status("The services from these third party websites are not within control")
|
||||
print_status("of Metasploit (or Rapid7), and we shall not be liable for any loss or")
|
||||
print_status("damage of whatever nature (direct, indirect, consequential, or other)")
|
||||
print_status("as a result of your use of these services.")
|
||||
print_status
|
||||
|
||||
while true
|
||||
$stdout.print "[*] Enter 'Y' to acknowledge: "
|
||||
if $stdin.gets =~ /^y|yes$/i
|
||||
return true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
# Saves the waiver so the warning won't show again after ack
|
||||
#
|
||||
# @return [void]
|
||||
def save_waiver
|
||||
save_setting('waiver', true)
|
||||
end
|
||||
|
||||
|
||||
# Returns true if we don't have to show the warning again
|
||||
#
|
||||
# @return [Boolean]
|
||||
def has_waiver?
|
||||
load_setting('waiver') == 'true' ? true : false
|
||||
end
|
||||
|
||||
|
||||
private
|
||||
|
||||
# Saves a setting to Metasploit's config file
|
||||
#
|
||||
# @param key_name [String] The name of the setting
|
||||
# @param value [String] The value of the setting
|
||||
# @return [void]
|
||||
def save_setting(key_name, value)
|
||||
ini = Rex::Parser::Ini.new(self.config_file)
|
||||
ini.add_group(self.group_name) if ini[self.group_name].nil?
|
||||
ini[self.group_name][key_name] = value
|
||||
ini.to_file(self.config_file)
|
||||
end
|
||||
|
||||
|
||||
# Returns the value of a specific setting
|
||||
#
|
||||
# @param key_name [String] The name of the setting
|
||||
# @return [String]
|
||||
def load_setting(key_name)
|
||||
ini = Rex::Parser::Ini.new(self.config_file)
|
||||
group = ini[self.group_name]
|
||||
return '' if group.nil?
|
||||
group[key_name].to_s
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
# This class is basically an auxiliary module without relying on msfconsole
|
||||
class Md5Lookup < Msf::Auxiliary
|
||||
|
||||
|
@ -309,23 +392,34 @@ module Md5LookupUtility
|
|||
input = @opts[:input]
|
||||
dbs = @opts[:databases]
|
||||
|
||||
disclamer = Md5LookupUtility::Disclaimer.new
|
||||
|
||||
unless disclamer.has_waiver?
|
||||
disclamer.ack
|
||||
disclamer.save_waiver
|
||||
end
|
||||
|
||||
get_hash_results(input, dbs) do |result|
|
||||
original_hash = result[:hash]
|
||||
cracked_hash = result[:cracked_hash]
|
||||
credit_db = result[:credit]
|
||||
|
||||
print_status("Found: #{original_hash} = #{cracked_hash} (from #{credit_db})")
|
||||
|
||||
save_result(result) if @output_handle
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
# Cleans up the output file handler if exists
|
||||
#
|
||||
# @return [void]
|
||||
def cleanup
|
||||
@output_handle.close if @output_handle
|
||||
end
|
||||
|
||||
|
||||
private
|
||||
|
||||
|
||||
# Saves the MD5 result to file
|
||||
#
|
||||
# @param result [Hash] The result that contains the MD5 information
|
||||
|
|
Loading…
Reference in New Issue