metasploit-credential 0.14.5 → 0.14.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/metasploit/credential/exporter/core.rb +2 -2
- data/lib/metasploit/credential/exporter/pwdump.rb +2 -2
- data/lib/metasploit/credential/migrator.rb +1 -1
- data/lib/metasploit/credential/version.rb +1 -3
- data/spec/dummy/config/database.yml +13 -11
- data/spec/dummy/db/structure.sql +1 -0
- data/spec/lib/metasploit/credential/creation_spec.rb +6 -8
- data/spec/lib/metasploit/credential/exporter/core_spec.rb +100 -85
- data/spec/lib/metasploit/credential/exporter/pwdump_spec.rb +14 -16
- data/spec/lib/metasploit/credential/importer/core_spec.rb +10 -12
- data/spec/lib/metasploit/credential/importer/multi_spec.rb +4 -6
- data/spec/lib/metasploit/credential/importer/pwdump_spec.rb +11 -13
- data/spec/lib/metasploit/credential/importer/zip_spec.rb +5 -7
- data/spec/lib/metasploit/credential/migrator_spec.rb +13 -13
- data/spec/lib/metasploit/credential/version_spec.rb +3 -5
- data/spec/lib/metasploit/credential_spec.rb +1 -3
- data/spec/models/mdm/service_spec.rb +3 -5
- data/spec/models/mdm/session_spec.rb +2 -4
- data/spec/models/mdm/task_spec.rb +4 -6
- data/spec/models/mdm/user_spec.rb +2 -4
- data/spec/models/mdm/workspace_spec.rb +2 -4
- data/spec/models/metasploit/credential/blank_username_spec.rb +5 -7
- data/spec/models/metasploit/credential/core_spec.rb +43 -45
- data/spec/models/metasploit/credential/login/status_spec.rb +19 -21
- data/spec/models/metasploit/credential/login_spec.rb +36 -38
- data/spec/models/metasploit/credential/nonreplayable_hash_spec.rb +3 -5
- data/spec/models/metasploit/credential/ntlm_hash_spec.rb +13 -15
- data/spec/models/metasploit/credential/origin/cracked_password_spec.rb +5 -7
- data/spec/models/metasploit/credential/origin/import_spec.rb +8 -10
- data/spec/models/metasploit/credential/origin/manual_spec.rb +7 -9
- data/spec/models/metasploit/credential/origin/service_spec.rb +10 -12
- data/spec/models/metasploit/credential/origin/session_spec.rb +11 -13
- data/spec/models/metasploit/credential/password_hash_spec.rb +4 -6
- data/spec/models/metasploit/credential/password_spec.rb +3 -5
- data/spec/models/metasploit/credential/postgres_md5_spec.rb +4 -6
- data/spec/models/metasploit/credential/private_spec.rb +8 -10
- data/spec/models/metasploit/credential/public_spec.rb +5 -7
- data/spec/models/metasploit/credential/realm_spec.rb +14 -16
- data/spec/models/metasploit/credential/replayable_hash_spec.rb +3 -5
- data/spec/models/metasploit/credential/ssh_key_spec.rb +15 -17
- data/spec/models/metasploit/credential/username_spec.rb +6 -8
- data/spec/models/metasploit_data_models/search/visitor/relation_spec.rb +1 -3
- data/spec/spec_helper.rb +83 -18
- data/spec/support/shared/contexts/mdm/workspace.rb +1 -1
- data/spec/support/shared/examples/core_validations.rb +117 -42
- data/spec/support/shared/examples/single_table_inheritance_database_columns.rb +2 -2
- data/spec/support/shared/examples/timestamp_database_column.rb +2 -2
- metadata +9 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f871f34dcef9e0d0a2920b5a7963be5876acbb3f
|
|
4
|
+
data.tar.gz: 3d775fdd96872361a401f14f1da5b0d0f0c8aed9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 96b50334f63d7aef2637c5afb1a3c0ebd7db689488e2e5164ca2699cf520769792c7c5b1649a11f6afffb1cefcfbdf487e831c271a73df9206742fbd5fc13496
|
|
7
|
+
data.tar.gz: cb5183c5aaf3dc0b4459657bf3df69921d4f247b5a3b3c642df90411aa9a31347f551608033656a83077e6c7d8181243e1e6fb6153247ae493c9d5c858870ad3
|
|
@@ -49,10 +49,10 @@ class Metasploit::Credential::Exporter::Core
|
|
|
49
49
|
# Attributes
|
|
50
50
|
#
|
|
51
51
|
|
|
52
|
-
# @!attribute export_data
|
|
52
|
+
# @!attribute [rw] export_data
|
|
53
53
|
# Holds the raw information from the database before it is formatted into the {#data} attribute
|
|
54
54
|
# @return [Array]
|
|
55
|
-
|
|
55
|
+
attr_writer :export_data
|
|
56
56
|
|
|
57
57
|
# @!attribute finalized_zip_file
|
|
58
58
|
# The final output artifacts, zipped
|
|
@@ -70,10 +70,10 @@ class Metasploit::Credential::Exporter::Pwdump
|
|
|
70
70
|
# Attributes
|
|
71
71
|
#
|
|
72
72
|
|
|
73
|
-
# @!attribute logins
|
|
73
|
+
# @!attribute [rw] logins
|
|
74
74
|
# Holds the raw information from the database before it is formatted into the {#data} attribute
|
|
75
75
|
# @return [Array<Metasploit::Credential::Login>]
|
|
76
|
-
|
|
76
|
+
attr_writer :logins
|
|
77
77
|
|
|
78
78
|
|
|
79
79
|
#
|
|
@@ -104,7 +104,7 @@ class Metasploit::Credential::Migrator
|
|
|
104
104
|
# @return [String]
|
|
105
105
|
def key_data_from_file(path)
|
|
106
106
|
# Sometimes we will set the :pass attribute to a file path containing the key
|
|
107
|
-
if File.
|
|
107
|
+
if File.exist?(path)
|
|
108
108
|
File.read(path)
|
|
109
109
|
# In other cases we store the entire SSH key directly in the :pass attribute
|
|
110
110
|
elsif Metasploit::Credential::SSHKey.new(data: path).private?
|
|
@@ -9,9 +9,7 @@ module Metasploit
|
|
|
9
9
|
# The minor version number, scoped to the {MAJOR} version number.
|
|
10
10
|
MINOR = 14
|
|
11
11
|
# The patch number, scoped to the {MAJOR} and {MINOR} version number.
|
|
12
|
-
PATCH =
|
|
13
|
-
# The prerelease version, scoped to the {MAJOR}, {MINOR}, and {PATCH} version number.
|
|
14
|
-
# PRERELEASE =
|
|
12
|
+
PATCH = 6
|
|
15
13
|
|
|
16
14
|
# The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the {PRERELEASE} in the
|
|
17
15
|
# {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.
|
|
@@ -1,20 +1,22 @@
|
|
|
1
1
|
# Please only use postgresql bound to a TCP port.
|
|
2
|
-
|
|
2
|
+
defaults: &defaults
|
|
3
3
|
adapter: postgresql
|
|
4
|
-
database: metasploit_credential_development
|
|
5
4
|
username: msf
|
|
6
|
-
password:
|
|
5
|
+
password: pass123
|
|
7
6
|
host: localhost
|
|
8
7
|
port: 5432
|
|
9
|
-
pool:
|
|
8
|
+
pool: 50
|
|
10
9
|
timeout: 5
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
# Note also, sqlite3 is totally unsupported by Metasploit now.
|
|
11
|
+
development:
|
|
12
|
+
database: metasploit_cr_dev
|
|
13
|
+
<<: *defaults
|
|
14
|
+
|
|
17
15
|
test:
|
|
18
|
-
|
|
19
|
-
|
|
16
|
+
database: metasploit_cr_test
|
|
17
|
+
min_messages: WARNING
|
|
18
|
+
<<: *defaults
|
|
20
19
|
|
|
20
|
+
production:
|
|
21
|
+
database: metasploit_cr_prod
|
|
22
|
+
<<: *defaults
|
data/spec/dummy/db/structure.sql
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
describe Metasploit::Credential::Creation do
|
|
1
|
+
RSpec.describe Metasploit::Credential::Creation do
|
|
4
2
|
include_context 'Mdm::Workspace'
|
|
5
3
|
let(:dummy_class) {
|
|
6
4
|
Class.new do
|
|
@@ -42,7 +40,7 @@ describe Metasploit::Credential::Creation do
|
|
|
42
40
|
|
|
43
41
|
it 'replicates realm in new credential' do
|
|
44
42
|
expect {
|
|
45
|
-
|
|
43
|
+
test_object.create_cracked_credential(
|
|
46
44
|
core_id: old_core.id,
|
|
47
45
|
workspace_id: workspace.id,
|
|
48
46
|
username: public.username,
|
|
@@ -160,7 +158,7 @@ describe Metasploit::Credential::Creation do
|
|
|
160
158
|
|
|
161
159
|
it 'should create an Mdm::Service in state "open"' do
|
|
162
160
|
service = test_object.create_credential_service opts
|
|
163
|
-
service.state.
|
|
161
|
+
expect(service.state).to eq("open")
|
|
164
162
|
end
|
|
165
163
|
end
|
|
166
164
|
|
|
@@ -483,7 +481,7 @@ describe Metasploit::Credential::Creation do
|
|
|
483
481
|
task_id: task.id
|
|
484
482
|
}
|
|
485
483
|
core = test_object.create_credential(opts)
|
|
486
|
-
core.tasks.
|
|
484
|
+
expect(core.tasks).to include(task)
|
|
487
485
|
end
|
|
488
486
|
|
|
489
487
|
end
|
|
@@ -526,7 +524,7 @@ describe Metasploit::Credential::Creation do
|
|
|
526
524
|
task_id: task.id
|
|
527
525
|
}
|
|
528
526
|
core = test_object.create_credential_core(opts)
|
|
529
|
-
core.tasks.
|
|
527
|
+
expect(core.tasks).to include(task)
|
|
530
528
|
end
|
|
531
529
|
|
|
532
530
|
end
|
|
@@ -563,7 +561,7 @@ describe Metasploit::Credential::Creation do
|
|
|
563
561
|
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
|
564
562
|
}
|
|
565
563
|
login = test_object.create_credential_login(login_data)
|
|
566
|
-
login.tasks.
|
|
564
|
+
expect(login.tasks).to include(task)
|
|
567
565
|
|
|
568
566
|
end
|
|
569
567
|
|
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
describe Metasploit::Credential::Exporter::Core do
|
|
1
|
+
RSpec.describe Metasploit::Credential::Exporter::Core do
|
|
4
2
|
include_context 'Mdm::Workspace'
|
|
5
3
|
include_context 'export objects'
|
|
6
4
|
|
|
@@ -24,19 +22,19 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
24
22
|
end
|
|
25
23
|
|
|
26
24
|
it 'should be in LOGIN_MODE by default' do
|
|
27
|
-
core_exporter.mode.
|
|
25
|
+
expect(core_exporter.mode).to eq(Metasploit::Credential::Exporter::Core::LOGIN_MODE)
|
|
28
26
|
end
|
|
29
27
|
end
|
|
30
28
|
|
|
31
29
|
describe "#export!" do
|
|
32
30
|
it 'should create the zipfile' do
|
|
33
31
|
core_exporter.export!
|
|
34
|
-
File.exists?(core_exporter.output_zipfile_path).
|
|
32
|
+
expect(File.exists?(core_exporter.output_zipfile_path)).to eq(true)
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
it 'should output to a directory whose name contains the standardized identifier' do
|
|
38
36
|
core_exporter.export!
|
|
39
|
-
core_exporter.output_final_directory_path.
|
|
37
|
+
expect(core_exporter.output_final_directory_path).to include(Metasploit::Credential::Exporter::Core::CREDS_DUMP_FILE_IDENTIFIER)
|
|
40
38
|
end
|
|
41
39
|
end
|
|
42
40
|
|
|
@@ -46,14 +44,14 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
46
44
|
describe "when the argument is a Core" do
|
|
47
45
|
it 'should be formed from the Public#username and the Private#id' do
|
|
48
46
|
key_path = core_exporter.path_for_key(core)
|
|
49
|
-
Pathname.new(key_path).basename.to_s.
|
|
47
|
+
expect(Pathname.new(key_path).basename.to_s).to eq(key_path_basename_string)
|
|
50
48
|
end
|
|
51
49
|
end
|
|
52
50
|
|
|
53
51
|
describe "when the argument is a Login" do
|
|
54
52
|
it 'should be formed from the Public#username and the Private#id' do
|
|
55
53
|
key_path = core_exporter.path_for_key(login)
|
|
56
|
-
Pathname.new(key_path).basename.to_s.
|
|
54
|
+
expect(Pathname.new(key_path).basename.to_s).to eq(key_path_basename_string)
|
|
57
55
|
end
|
|
58
56
|
end
|
|
59
57
|
end
|
|
@@ -62,20 +60,27 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
62
60
|
let(:result_hash) { core_exporter.line_for_core(core) }
|
|
63
61
|
|
|
64
62
|
it 'should produce values in the proper order' do
|
|
65
|
-
result_hash.values.
|
|
66
|
-
|
|
63
|
+
expect(result_hash.values).to eq(
|
|
64
|
+
[
|
|
65
|
+
core.public.username,
|
|
66
|
+
core.private.type,
|
|
67
|
+
core.private.data,
|
|
68
|
+
core.realm.key,
|
|
69
|
+
core.realm.value
|
|
70
|
+
]
|
|
71
|
+
)
|
|
67
72
|
end
|
|
68
73
|
|
|
69
74
|
it 'should produce a hash with the public username' do
|
|
70
|
-
result_hash[:username].
|
|
75
|
+
expect(result_hash[:username]).to eq(core.public.username)
|
|
71
76
|
end
|
|
72
77
|
|
|
73
78
|
it 'should produce a hash with the private data' do
|
|
74
|
-
result_hash[:private_data].
|
|
79
|
+
expect(result_hash[:private_data]).to eq(core.private.data)
|
|
75
80
|
end
|
|
76
81
|
|
|
77
82
|
it 'should produce a hash with the name of the private type' do
|
|
78
|
-
result_hash[:private_type].
|
|
83
|
+
expect(result_hash[:private_type]).to eq(core.private.type)
|
|
79
84
|
end
|
|
80
85
|
end
|
|
81
86
|
|
|
@@ -84,84 +89,94 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
84
89
|
let(:result_hash) { core_exporter.line_for_login(login) }
|
|
85
90
|
|
|
86
91
|
it 'should produce values in the proper order' do
|
|
87
|
-
result_hash.values.
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
92
|
+
expect(result_hash.values).to eq(
|
|
93
|
+
[
|
|
94
|
+
core.public.username,
|
|
95
|
+
core.private.type,
|
|
96
|
+
core.private.data,
|
|
97
|
+
core.realm.key,
|
|
98
|
+
core.realm.value,
|
|
99
|
+
login.service.host.address,
|
|
100
|
+
login.service.port,
|
|
101
|
+
login.service.name,
|
|
102
|
+
login.service.proto,
|
|
103
|
+
login.status,
|
|
104
|
+
login.access_level,
|
|
105
|
+
login.last_attempted_at
|
|
106
|
+
]
|
|
107
|
+
)
|
|
93
108
|
end
|
|
94
109
|
|
|
95
110
|
it 'should produce a hash with the service host address' do
|
|
96
|
-
result_hash[:host_address].
|
|
111
|
+
expect(result_hash[:host_address]).to eq(login.service.host.address)
|
|
97
112
|
end
|
|
98
113
|
|
|
99
114
|
it 'should produce a hash with the service port' do
|
|
100
|
-
result_hash[:service_port].
|
|
115
|
+
expect(result_hash[:service_port]).to eq(login.service.port)
|
|
101
116
|
end
|
|
102
117
|
|
|
103
118
|
it 'should produce a hash with the service name' do
|
|
104
|
-
result_hash[:service_name].
|
|
119
|
+
expect(result_hash[:service_name]).to eq(login.service.name)
|
|
105
120
|
end
|
|
106
121
|
|
|
107
122
|
it 'should produce a hash with the service protocol' do
|
|
108
|
-
result_hash[:service_protocol].
|
|
123
|
+
expect(result_hash[:service_protocol]).to eq(login.service.proto)
|
|
109
124
|
end
|
|
110
125
|
|
|
111
126
|
it 'should produce a hash with the login status' do
|
|
112
|
-
result_hash[:status].
|
|
127
|
+
expect(result_hash[:status]).to eq(login.status)
|
|
113
128
|
end
|
|
114
129
|
|
|
115
130
|
it 'should produce a hash with the login access_level' do
|
|
116
|
-
result_hash[:access_level].
|
|
131
|
+
expect(result_hash[:access_level]).to eq(login.access_level)
|
|
117
132
|
end
|
|
118
133
|
|
|
119
134
|
it 'should produce a hash with the login last_attempted_at' do
|
|
120
|
-
result_hash[:last_attempted_at].
|
|
135
|
+
expect(result_hash[:last_attempted_at]).to eq(login.last_attempted_at)
|
|
121
136
|
end
|
|
122
137
|
|
|
123
138
|
it 'should produce a hash with the public information' do
|
|
124
|
-
result_hash[:username].
|
|
139
|
+
expect(result_hash[:username]).to eq(login.core.public.username)
|
|
125
140
|
end
|
|
126
141
|
|
|
127
142
|
it 'should produce a hash with the private data' do
|
|
128
|
-
result_hash[:private_data].
|
|
143
|
+
expect(result_hash[:private_data]).to eq(login.core.private.data)
|
|
129
144
|
end
|
|
130
145
|
|
|
131
146
|
it 'should produce a hash with the demodulized name of the private type' do
|
|
132
|
-
result_hash[:private_type].
|
|
147
|
+
expect(result_hash[:private_type]).to eq(login.core.private.type)
|
|
133
148
|
end
|
|
134
149
|
end
|
|
135
150
|
|
|
136
151
|
describe "#output" do
|
|
137
152
|
it 'should be a writable File' do
|
|
138
153
|
file_stat = core_exporter.output.stat
|
|
139
|
-
file_stat.
|
|
154
|
+
expect(file_stat).to be_writable
|
|
140
155
|
end
|
|
141
156
|
|
|
142
157
|
it 'should not be opened in binmode' do
|
|
143
|
-
core_exporter.output.
|
|
158
|
+
expect(core_exporter.output).not_to be_binmode
|
|
144
159
|
end
|
|
145
160
|
end
|
|
146
161
|
|
|
147
162
|
describe "#output_directory_path" do
|
|
148
163
|
it 'should be in the platform-agnostic temp directory' do
|
|
149
|
-
core_exporter.output_final_directory_path.
|
|
164
|
+
expect(core_exporter.output_final_directory_path).to include(Dir.tmpdir)
|
|
150
165
|
end
|
|
151
166
|
|
|
152
167
|
it 'should have the set export prefix' do
|
|
153
|
-
core_exporter.output_final_directory_path.
|
|
168
|
+
expect(core_exporter.output_final_directory_path).to include(Metasploit::Credential::Exporter::Core::TEMP_ZIP_PATH_PREFIX)
|
|
154
169
|
end
|
|
155
170
|
|
|
156
171
|
describe "uniqueness for export" do
|
|
157
172
|
let(:path_fragment){ "export-#{Time.now.to_s}" }
|
|
158
173
|
|
|
159
174
|
before(:each) do
|
|
160
|
-
core_exporter.
|
|
175
|
+
allow(core_exporter).to receive(:output_final_subdirectory_name).and_return(path_fragment)
|
|
161
176
|
end
|
|
162
177
|
|
|
163
178
|
it 'should include a special time-stamped directory to contain the export data being staged' do
|
|
164
|
-
core_exporter.output_final_directory_path.
|
|
179
|
+
expect(core_exporter.output_final_directory_path).to include(core_exporter.output_final_subdirectory_name)
|
|
165
180
|
end
|
|
166
181
|
end
|
|
167
182
|
end
|
|
@@ -169,44 +184,44 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
169
184
|
describe "#data" do
|
|
170
185
|
describe "in LOGIN_MODE" do
|
|
171
186
|
before(:each) do
|
|
172
|
-
core_exporter.
|
|
187
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::LOGIN_MODE
|
|
173
188
|
end
|
|
174
189
|
|
|
175
190
|
describe "when whitelist_ids is present" do
|
|
176
191
|
before(:each) do
|
|
177
|
-
core_exporter.
|
|
192
|
+
allow(core_exporter).to receive(:whitelist_ids).and_return([login1.id])
|
|
178
193
|
end
|
|
179
194
|
|
|
180
195
|
it 'should contain only those objects whose IDs are in the whitelist' do
|
|
181
|
-
core_exporter.data.
|
|
196
|
+
expect(core_exporter.data).not_to include(login2)
|
|
182
197
|
end
|
|
183
198
|
end
|
|
184
199
|
|
|
185
200
|
describe "when whitelist_ids is blank" do
|
|
186
201
|
it 'should be the same as #export_data' do
|
|
187
|
-
core_exporter.data.
|
|
202
|
+
expect(core_exporter.data).to eq(core_exporter.export_data)
|
|
188
203
|
end
|
|
189
204
|
end
|
|
190
205
|
end
|
|
191
206
|
|
|
192
207
|
describe "in CORE_MODE" do
|
|
193
208
|
before(:each) do
|
|
194
|
-
core_exporter.
|
|
209
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
195
210
|
end
|
|
196
211
|
|
|
197
212
|
describe "when whitelist_ids is present" do
|
|
198
213
|
before(:each) do
|
|
199
|
-
core_exporter.
|
|
214
|
+
allow(core_exporter).to receive(:whitelist_ids).and_return([core1.id])
|
|
200
215
|
end
|
|
201
216
|
|
|
202
217
|
it 'should contain only those objects whose IDs are in the whitelist' do
|
|
203
|
-
core_exporter.data.
|
|
218
|
+
expect(core_exporter.data).not_to include(core2)
|
|
204
219
|
end
|
|
205
220
|
end
|
|
206
221
|
|
|
207
222
|
describe "when whitelist_ids is blank" do
|
|
208
223
|
it 'should be the same as #export_data' do
|
|
209
|
-
core_exporter.data.
|
|
224
|
+
expect(core_exporter.data).to eq(core_exporter.export_data)
|
|
210
225
|
end
|
|
211
226
|
end
|
|
212
227
|
end
|
|
@@ -215,22 +230,22 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
215
230
|
describe "#export_data" do
|
|
216
231
|
describe "in CORE_MODE" do
|
|
217
232
|
before(:each) do
|
|
218
|
-
core_exporter.
|
|
233
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
219
234
|
end
|
|
220
235
|
|
|
221
236
|
it 'should grab data using the proper scope' do
|
|
222
|
-
Metasploit::Credential::Core.
|
|
237
|
+
expect(Metasploit::Credential::Core).to receive(:workspace_id).with(core_exporter.workspace.id)
|
|
223
238
|
core_exporter.export_data
|
|
224
239
|
end
|
|
225
240
|
end
|
|
226
241
|
|
|
227
242
|
describe "in LOGIN_MODE" do
|
|
228
243
|
before(:each) do
|
|
229
|
-
core_exporter.
|
|
244
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::LOGIN_MODE
|
|
230
245
|
end
|
|
231
246
|
|
|
232
247
|
it 'should grab data using the proper scope' do
|
|
233
|
-
Metasploit::Credential::Login.
|
|
248
|
+
expect(Metasploit::Credential::Login).to receive(:in_workspace_including_hosts_and_services).with(core_exporter.workspace)
|
|
234
249
|
core_exporter.export_data
|
|
235
250
|
end
|
|
236
251
|
end
|
|
@@ -240,7 +255,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
240
255
|
describe "#render_manifest_and_output_keys" do
|
|
241
256
|
describe "in CORE_MODE" do
|
|
242
257
|
before(:each) do
|
|
243
|
-
core_exporter.
|
|
258
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
244
259
|
core_exporter.render_manifest_output_and_keys
|
|
245
260
|
path = core_exporter.output_final_directory_path + '/' + Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME
|
|
246
261
|
|
|
@@ -260,34 +275,34 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
260
275
|
end
|
|
261
276
|
|
|
262
277
|
it 'should contain the Public#username for all Core objects' do
|
|
263
|
-
@core_publics.
|
|
264
|
-
@core_publics.
|
|
278
|
+
expect(@core_publics).to include(core1.public.username)
|
|
279
|
+
expect(@core_publics).to include(core2.public.username)
|
|
265
280
|
end
|
|
266
281
|
|
|
267
282
|
it 'should contain the Private#type for all Core objects' do
|
|
268
|
-
@core_private_types.
|
|
269
|
-
@core_private_types.
|
|
283
|
+
expect(@core_private_types).to include(core1.private.type)
|
|
284
|
+
expect(@core_private_types).to include(core2.private.type)
|
|
270
285
|
end
|
|
271
286
|
|
|
272
287
|
it 'should contain the Private#data for all Core objects' do
|
|
273
|
-
@core_private_data.
|
|
274
|
-
@core_private_data.
|
|
288
|
+
expect(@core_private_data).to include(core1.private.data)
|
|
289
|
+
expect(@core_private_data).to include(core2.private.data)
|
|
275
290
|
end
|
|
276
291
|
|
|
277
292
|
it 'should contain the Realm#key for all Core objects' do
|
|
278
|
-
@core_realm_keys.
|
|
279
|
-
@core_realm_keys.
|
|
293
|
+
expect(@core_realm_keys).to include(core1.realm.key)
|
|
294
|
+
expect(@core_realm_keys).to include(core2.realm.key)
|
|
280
295
|
end
|
|
281
296
|
|
|
282
297
|
it 'should contain the Realm#value for all Core objects' do
|
|
283
|
-
@core_realm_values.
|
|
284
|
-
@core_realm_values.
|
|
298
|
+
expect(@core_realm_values).to include(core1.realm.value)
|
|
299
|
+
expect(@core_realm_values).to include(core2.realm.value)
|
|
285
300
|
end
|
|
286
301
|
end
|
|
287
302
|
|
|
288
303
|
describe "in LOGIN_MODE" do
|
|
289
304
|
before(:each) do
|
|
290
|
-
core_exporter.
|
|
305
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::LOGIN_MODE
|
|
291
306
|
core_exporter.render_manifest_output_and_keys
|
|
292
307
|
path = core_exporter.output_final_directory_path + '/' + Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME
|
|
293
308
|
|
|
@@ -316,48 +331,48 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
316
331
|
|
|
317
332
|
|
|
318
333
|
it 'should contain the Public#username for all Login objects' do
|
|
319
|
-
@login_publics.
|
|
320
|
-
@login_publics.
|
|
334
|
+
expect(@login_publics).to include(login1.core.public.username)
|
|
335
|
+
expect(@login_publics).to include(login2.core.public.username)
|
|
321
336
|
end
|
|
322
337
|
|
|
323
338
|
it 'should contain the Private#type for all Login objects' do
|
|
324
|
-
@login_private_types.
|
|
325
|
-
@login_private_types.
|
|
339
|
+
expect(@login_private_types).to include(login1.core.private.type)
|
|
340
|
+
expect(@login_private_types).to include(login2.core.private.type)
|
|
326
341
|
end
|
|
327
342
|
|
|
328
343
|
it 'should contain the Private#data for all Login objects' do
|
|
329
|
-
@login_private_data.
|
|
330
|
-
@login_private_data.
|
|
344
|
+
expect(@login_private_data).to include(login1.core.private.data)
|
|
345
|
+
expect(@login_private_data).to include(login2.core.private.data)
|
|
331
346
|
end
|
|
332
347
|
|
|
333
348
|
it 'should contain the Realm#key for all Login objects' do
|
|
334
|
-
@login_realm_keys.
|
|
335
|
-
@login_realm_keys.
|
|
349
|
+
expect(@login_realm_keys).to include(login1.core.realm.key)
|
|
350
|
+
expect(@login_realm_keys).to include(login2.core.realm.key)
|
|
336
351
|
end
|
|
337
352
|
|
|
338
353
|
it 'should contain the Realm#value for all Login objects' do
|
|
339
|
-
@login_realm_values.
|
|
340
|
-
@login_realm_values.
|
|
354
|
+
expect(@login_realm_values).to include(login1.core.realm.value)
|
|
355
|
+
expect(@login_realm_values).to include(login2.core.realm.value)
|
|
341
356
|
end
|
|
342
357
|
|
|
343
358
|
it 'should contain the associated Mdm::Host#address for all Login objects' do
|
|
344
|
-
@login_host_addresses.
|
|
345
|
-
@login_host_addresses.
|
|
359
|
+
expect(@login_host_addresses).to include(login1.service.host.address)
|
|
360
|
+
expect(@login_host_addresses).to include(login2.service.host.address)
|
|
346
361
|
end
|
|
347
362
|
|
|
348
363
|
it 'should contain the associated Mdm::Service#port (stringified) for all Login objects' do
|
|
349
|
-
@login_service_ports.
|
|
350
|
-
@login_service_ports.
|
|
364
|
+
expect(@login_service_ports).to include(login1.service.port.to_s)
|
|
365
|
+
expect(@login_service_ports).to include(login2.service.port.to_s)
|
|
351
366
|
end
|
|
352
367
|
|
|
353
368
|
it 'should contain the associated Mdm::Service#name for all Login objects' do
|
|
354
|
-
@login_service_names.
|
|
355
|
-
@login_service_names.
|
|
369
|
+
expect(@login_service_names).to include(login1.service.name)
|
|
370
|
+
expect(@login_service_names).to include(login2.service.name)
|
|
356
371
|
end
|
|
357
372
|
|
|
358
373
|
it 'should contain the associated Mdm::Service#proto for all Login objects' do
|
|
359
|
-
@login_service_protocols.
|
|
360
|
-
@login_service_protocols.
|
|
374
|
+
expect(@login_service_protocols).to include(login1.service.proto)
|
|
375
|
+
expect(@login_service_protocols).to include(login2.service.proto)
|
|
361
376
|
end
|
|
362
377
|
end
|
|
363
378
|
end
|
|
@@ -365,7 +380,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
365
380
|
describe "#render_zip" do
|
|
366
381
|
describe "when there are no SSH keys in the dataset" do
|
|
367
382
|
before(:each) do
|
|
368
|
-
core_exporter.
|
|
383
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
369
384
|
core_exporter.render_manifest_output_and_keys
|
|
370
385
|
core_exporter.render_zip
|
|
371
386
|
end
|
|
@@ -375,7 +390,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
375
390
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
376
391
|
manifest_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME).first
|
|
377
392
|
end
|
|
378
|
-
manifest_entry.
|
|
393
|
+
expect(manifest_entry).not_to be_blank
|
|
379
394
|
end
|
|
380
395
|
|
|
381
396
|
it 'should not contain a keys directory' do
|
|
@@ -383,7 +398,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
383
398
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
384
399
|
keys_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::KEYS_SUBDIRECTORY_NAME).first
|
|
385
400
|
end
|
|
386
|
-
keys_entry.
|
|
401
|
+
expect(keys_entry).to be_blank
|
|
387
402
|
end
|
|
388
403
|
end
|
|
389
404
|
|
|
@@ -396,7 +411,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
396
411
|
workspace: workspace)}
|
|
397
412
|
|
|
398
413
|
before(:each) do
|
|
399
|
-
core_exporter.
|
|
414
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
400
415
|
core_exporter.render_manifest_output_and_keys
|
|
401
416
|
core_exporter.render_zip
|
|
402
417
|
end
|
|
@@ -406,7 +421,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
406
421
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
407
422
|
manifest_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME).first
|
|
408
423
|
end
|
|
409
|
-
manifest_entry.
|
|
424
|
+
expect(manifest_entry).not_to be_blank
|
|
410
425
|
end
|
|
411
426
|
|
|
412
427
|
it 'should contain a keys directory' do
|
|
@@ -414,7 +429,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
414
429
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
415
430
|
keys_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::KEYS_SUBDIRECTORY_NAME).first
|
|
416
431
|
end
|
|
417
|
-
keys_entry.
|
|
432
|
+
expect(keys_entry).not_to be_blank
|
|
418
433
|
end
|
|
419
434
|
|
|
420
435
|
describe "the keys directory" do
|
|
@@ -426,12 +441,12 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
426
441
|
end
|
|
427
442
|
|
|
428
443
|
it 'should contain a key for each SSH private in the export' do
|
|
429
|
-
@key_entries.size.
|
|
444
|
+
expect(@key_entries.size).to eq(core_exporter.data[:core].select{ |d| d.private.type == Metasploit::Credential::SSHKey.name }.size)
|
|
430
445
|
end
|
|
431
446
|
|
|
432
447
|
it 'should contain key files named with Public#username and Private#id for each Core that uses an SSHKey' do
|
|
433
448
|
key_names = @key_entries.map{ |e| e.to_s.gsub("#{Metasploit::Credential::Importer::Zip::KEYS_SUBDIRECTORY_NAME}/", '') }
|
|
434
|
-
key_names.
|
|
449
|
+
expect(key_names).to include("#{core_with_key.public.username}-#{core_with_key.private.id}")
|
|
435
450
|
end
|
|
436
451
|
|
|
437
452
|
end
|