metasploit-credential 0.14.5 → 0.14.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/metasploit/credential/exporter/core.rb +2 -2
- data/lib/metasploit/credential/exporter/pwdump.rb +2 -2
- data/lib/metasploit/credential/migrator.rb +1 -1
- data/lib/metasploit/credential/version.rb +1 -3
- data/spec/dummy/config/database.yml +13 -11
- data/spec/dummy/db/structure.sql +1 -0
- data/spec/lib/metasploit/credential/creation_spec.rb +6 -8
- data/spec/lib/metasploit/credential/exporter/core_spec.rb +100 -85
- data/spec/lib/metasploit/credential/exporter/pwdump_spec.rb +14 -16
- data/spec/lib/metasploit/credential/importer/core_spec.rb +10 -12
- data/spec/lib/metasploit/credential/importer/multi_spec.rb +4 -6
- data/spec/lib/metasploit/credential/importer/pwdump_spec.rb +11 -13
- data/spec/lib/metasploit/credential/importer/zip_spec.rb +5 -7
- data/spec/lib/metasploit/credential/migrator_spec.rb +13 -13
- data/spec/lib/metasploit/credential/version_spec.rb +3 -5
- data/spec/lib/metasploit/credential_spec.rb +1 -3
- data/spec/models/mdm/service_spec.rb +3 -5
- data/spec/models/mdm/session_spec.rb +2 -4
- data/spec/models/mdm/task_spec.rb +4 -6
- data/spec/models/mdm/user_spec.rb +2 -4
- data/spec/models/mdm/workspace_spec.rb +2 -4
- data/spec/models/metasploit/credential/blank_username_spec.rb +5 -7
- data/spec/models/metasploit/credential/core_spec.rb +43 -45
- data/spec/models/metasploit/credential/login/status_spec.rb +19 -21
- data/spec/models/metasploit/credential/login_spec.rb +36 -38
- data/spec/models/metasploit/credential/nonreplayable_hash_spec.rb +3 -5
- data/spec/models/metasploit/credential/ntlm_hash_spec.rb +13 -15
- data/spec/models/metasploit/credential/origin/cracked_password_spec.rb +5 -7
- data/spec/models/metasploit/credential/origin/import_spec.rb +8 -10
- data/spec/models/metasploit/credential/origin/manual_spec.rb +7 -9
- data/spec/models/metasploit/credential/origin/service_spec.rb +10 -12
- data/spec/models/metasploit/credential/origin/session_spec.rb +11 -13
- data/spec/models/metasploit/credential/password_hash_spec.rb +4 -6
- data/spec/models/metasploit/credential/password_spec.rb +3 -5
- data/spec/models/metasploit/credential/postgres_md5_spec.rb +4 -6
- data/spec/models/metasploit/credential/private_spec.rb +8 -10
- data/spec/models/metasploit/credential/public_spec.rb +5 -7
- data/spec/models/metasploit/credential/realm_spec.rb +14 -16
- data/spec/models/metasploit/credential/replayable_hash_spec.rb +3 -5
- data/spec/models/metasploit/credential/ssh_key_spec.rb +15 -17
- data/spec/models/metasploit/credential/username_spec.rb +6 -8
- data/spec/models/metasploit_data_models/search/visitor/relation_spec.rb +1 -3
- data/spec/spec_helper.rb +83 -18
- data/spec/support/shared/contexts/mdm/workspace.rb +1 -1
- data/spec/support/shared/examples/core_validations.rb +117 -42
- data/spec/support/shared/examples/single_table_inheritance_database_columns.rb +2 -2
- data/spec/support/shared/examples/timestamp_database_column.rb +2 -2
- metadata +9 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f871f34dcef9e0d0a2920b5a7963be5876acbb3f
|
|
4
|
+
data.tar.gz: 3d775fdd96872361a401f14f1da5b0d0f0c8aed9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 96b50334f63d7aef2637c5afb1a3c0ebd7db689488e2e5164ca2699cf520769792c7c5b1649a11f6afffb1cefcfbdf487e831c271a73df9206742fbd5fc13496
|
|
7
|
+
data.tar.gz: cb5183c5aaf3dc0b4459657bf3df69921d4f247b5a3b3c642df90411aa9a31347f551608033656a83077e6c7d8181243e1e6fb6153247ae493c9d5c858870ad3
|
|
@@ -49,10 +49,10 @@ class Metasploit::Credential::Exporter::Core
|
|
|
49
49
|
# Attributes
|
|
50
50
|
#
|
|
51
51
|
|
|
52
|
-
# @!attribute export_data
|
|
52
|
+
# @!attribute [rw] export_data
|
|
53
53
|
# Holds the raw information from the database before it is formatted into the {#data} attribute
|
|
54
54
|
# @return [Array]
|
|
55
|
-
|
|
55
|
+
attr_writer :export_data
|
|
56
56
|
|
|
57
57
|
# @!attribute finalized_zip_file
|
|
58
58
|
# The final output artifacts, zipped
|
|
@@ -70,10 +70,10 @@ class Metasploit::Credential::Exporter::Pwdump
|
|
|
70
70
|
# Attributes
|
|
71
71
|
#
|
|
72
72
|
|
|
73
|
-
# @!attribute logins
|
|
73
|
+
# @!attribute [rw] logins
|
|
74
74
|
# Holds the raw information from the database before it is formatted into the {#data} attribute
|
|
75
75
|
# @return [Array<Metasploit::Credential::Login>]
|
|
76
|
-
|
|
76
|
+
attr_writer :logins
|
|
77
77
|
|
|
78
78
|
|
|
79
79
|
#
|
|
@@ -104,7 +104,7 @@ class Metasploit::Credential::Migrator
|
|
|
104
104
|
# @return [String]
|
|
105
105
|
def key_data_from_file(path)
|
|
106
106
|
# Sometimes we will set the :pass attribute to a file path containing the key
|
|
107
|
-
if File.
|
|
107
|
+
if File.exist?(path)
|
|
108
108
|
File.read(path)
|
|
109
109
|
# In other cases we store the entire SSH key directly in the :pass attribute
|
|
110
110
|
elsif Metasploit::Credential::SSHKey.new(data: path).private?
|
|
@@ -9,9 +9,7 @@ module Metasploit
|
|
|
9
9
|
# The minor version number, scoped to the {MAJOR} version number.
|
|
10
10
|
MINOR = 14
|
|
11
11
|
# The patch number, scoped to the {MAJOR} and {MINOR} version number.
|
|
12
|
-
PATCH =
|
|
13
|
-
# The prerelease version, scoped to the {MAJOR}, {MINOR}, and {PATCH} version number.
|
|
14
|
-
# PRERELEASE =
|
|
12
|
+
PATCH = 6
|
|
15
13
|
|
|
16
14
|
# The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the {PRERELEASE} in the
|
|
17
15
|
# {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.
|
|
@@ -1,20 +1,22 @@
|
|
|
1
1
|
# Please only use postgresql bound to a TCP port.
|
|
2
|
-
|
|
2
|
+
defaults: &defaults
|
|
3
3
|
adapter: postgresql
|
|
4
|
-
database: metasploit_credential_development
|
|
5
4
|
username: msf
|
|
6
|
-
password:
|
|
5
|
+
password: pass123
|
|
7
6
|
host: localhost
|
|
8
7
|
port: 5432
|
|
9
|
-
pool:
|
|
8
|
+
pool: 50
|
|
10
9
|
timeout: 5
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
# Note also, sqlite3 is totally unsupported by Metasploit now.
|
|
11
|
+
development:
|
|
12
|
+
database: metasploit_cr_dev
|
|
13
|
+
<<: *defaults
|
|
14
|
+
|
|
17
15
|
test:
|
|
18
|
-
|
|
19
|
-
|
|
16
|
+
database: metasploit_cr_test
|
|
17
|
+
min_messages: WARNING
|
|
18
|
+
<<: *defaults
|
|
20
19
|
|
|
20
|
+
production:
|
|
21
|
+
database: metasploit_cr_prod
|
|
22
|
+
<<: *defaults
|
data/spec/dummy/db/structure.sql
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
describe Metasploit::Credential::Creation do
|
|
1
|
+
RSpec.describe Metasploit::Credential::Creation do
|
|
4
2
|
include_context 'Mdm::Workspace'
|
|
5
3
|
let(:dummy_class) {
|
|
6
4
|
Class.new do
|
|
@@ -42,7 +40,7 @@ describe Metasploit::Credential::Creation do
|
|
|
42
40
|
|
|
43
41
|
it 'replicates realm in new credential' do
|
|
44
42
|
expect {
|
|
45
|
-
|
|
43
|
+
test_object.create_cracked_credential(
|
|
46
44
|
core_id: old_core.id,
|
|
47
45
|
workspace_id: workspace.id,
|
|
48
46
|
username: public.username,
|
|
@@ -160,7 +158,7 @@ describe Metasploit::Credential::Creation do
|
|
|
160
158
|
|
|
161
159
|
it 'should create an Mdm::Service in state "open"' do
|
|
162
160
|
service = test_object.create_credential_service opts
|
|
163
|
-
service.state.
|
|
161
|
+
expect(service.state).to eq("open")
|
|
164
162
|
end
|
|
165
163
|
end
|
|
166
164
|
|
|
@@ -483,7 +481,7 @@ describe Metasploit::Credential::Creation do
|
|
|
483
481
|
task_id: task.id
|
|
484
482
|
}
|
|
485
483
|
core = test_object.create_credential(opts)
|
|
486
|
-
core.tasks.
|
|
484
|
+
expect(core.tasks).to include(task)
|
|
487
485
|
end
|
|
488
486
|
|
|
489
487
|
end
|
|
@@ -526,7 +524,7 @@ describe Metasploit::Credential::Creation do
|
|
|
526
524
|
task_id: task.id
|
|
527
525
|
}
|
|
528
526
|
core = test_object.create_credential_core(opts)
|
|
529
|
-
core.tasks.
|
|
527
|
+
expect(core.tasks).to include(task)
|
|
530
528
|
end
|
|
531
529
|
|
|
532
530
|
end
|
|
@@ -563,7 +561,7 @@ describe Metasploit::Credential::Creation do
|
|
|
563
561
|
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
|
564
562
|
}
|
|
565
563
|
login = test_object.create_credential_login(login_data)
|
|
566
|
-
login.tasks.
|
|
564
|
+
expect(login.tasks).to include(task)
|
|
567
565
|
|
|
568
566
|
end
|
|
569
567
|
|
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
describe Metasploit::Credential::Exporter::Core do
|
|
1
|
+
RSpec.describe Metasploit::Credential::Exporter::Core do
|
|
4
2
|
include_context 'Mdm::Workspace'
|
|
5
3
|
include_context 'export objects'
|
|
6
4
|
|
|
@@ -24,19 +22,19 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
24
22
|
end
|
|
25
23
|
|
|
26
24
|
it 'should be in LOGIN_MODE by default' do
|
|
27
|
-
core_exporter.mode.
|
|
25
|
+
expect(core_exporter.mode).to eq(Metasploit::Credential::Exporter::Core::LOGIN_MODE)
|
|
28
26
|
end
|
|
29
27
|
end
|
|
30
28
|
|
|
31
29
|
describe "#export!" do
|
|
32
30
|
it 'should create the zipfile' do
|
|
33
31
|
core_exporter.export!
|
|
34
|
-
File.exists?(core_exporter.output_zipfile_path).
|
|
32
|
+
expect(File.exists?(core_exporter.output_zipfile_path)).to eq(true)
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
it 'should output to a directory whose name contains the standardized identifier' do
|
|
38
36
|
core_exporter.export!
|
|
39
|
-
core_exporter.output_final_directory_path.
|
|
37
|
+
expect(core_exporter.output_final_directory_path).to include(Metasploit::Credential::Exporter::Core::CREDS_DUMP_FILE_IDENTIFIER)
|
|
40
38
|
end
|
|
41
39
|
end
|
|
42
40
|
|
|
@@ -46,14 +44,14 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
46
44
|
describe "when the argument is a Core" do
|
|
47
45
|
it 'should be formed from the Public#username and the Private#id' do
|
|
48
46
|
key_path = core_exporter.path_for_key(core)
|
|
49
|
-
Pathname.new(key_path).basename.to_s.
|
|
47
|
+
expect(Pathname.new(key_path).basename.to_s).to eq(key_path_basename_string)
|
|
50
48
|
end
|
|
51
49
|
end
|
|
52
50
|
|
|
53
51
|
describe "when the argument is a Login" do
|
|
54
52
|
it 'should be formed from the Public#username and the Private#id' do
|
|
55
53
|
key_path = core_exporter.path_for_key(login)
|
|
56
|
-
Pathname.new(key_path).basename.to_s.
|
|
54
|
+
expect(Pathname.new(key_path).basename.to_s).to eq(key_path_basename_string)
|
|
57
55
|
end
|
|
58
56
|
end
|
|
59
57
|
end
|
|
@@ -62,20 +60,27 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
62
60
|
let(:result_hash) { core_exporter.line_for_core(core) }
|
|
63
61
|
|
|
64
62
|
it 'should produce values in the proper order' do
|
|
65
|
-
result_hash.values.
|
|
66
|
-
|
|
63
|
+
expect(result_hash.values).to eq(
|
|
64
|
+
[
|
|
65
|
+
core.public.username,
|
|
66
|
+
core.private.type,
|
|
67
|
+
core.private.data,
|
|
68
|
+
core.realm.key,
|
|
69
|
+
core.realm.value
|
|
70
|
+
]
|
|
71
|
+
)
|
|
67
72
|
end
|
|
68
73
|
|
|
69
74
|
it 'should produce a hash with the public username' do
|
|
70
|
-
result_hash[:username].
|
|
75
|
+
expect(result_hash[:username]).to eq(core.public.username)
|
|
71
76
|
end
|
|
72
77
|
|
|
73
78
|
it 'should produce a hash with the private data' do
|
|
74
|
-
result_hash[:private_data].
|
|
79
|
+
expect(result_hash[:private_data]).to eq(core.private.data)
|
|
75
80
|
end
|
|
76
81
|
|
|
77
82
|
it 'should produce a hash with the name of the private type' do
|
|
78
|
-
result_hash[:private_type].
|
|
83
|
+
expect(result_hash[:private_type]).to eq(core.private.type)
|
|
79
84
|
end
|
|
80
85
|
end
|
|
81
86
|
|
|
@@ -84,84 +89,94 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
84
89
|
let(:result_hash) { core_exporter.line_for_login(login) }
|
|
85
90
|
|
|
86
91
|
it 'should produce values in the proper order' do
|
|
87
|
-
result_hash.values.
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
92
|
+
expect(result_hash.values).to eq(
|
|
93
|
+
[
|
|
94
|
+
core.public.username,
|
|
95
|
+
core.private.type,
|
|
96
|
+
core.private.data,
|
|
97
|
+
core.realm.key,
|
|
98
|
+
core.realm.value,
|
|
99
|
+
login.service.host.address,
|
|
100
|
+
login.service.port,
|
|
101
|
+
login.service.name,
|
|
102
|
+
login.service.proto,
|
|
103
|
+
login.status,
|
|
104
|
+
login.access_level,
|
|
105
|
+
login.last_attempted_at
|
|
106
|
+
]
|
|
107
|
+
)
|
|
93
108
|
end
|
|
94
109
|
|
|
95
110
|
it 'should produce a hash with the service host address' do
|
|
96
|
-
result_hash[:host_address].
|
|
111
|
+
expect(result_hash[:host_address]).to eq(login.service.host.address)
|
|
97
112
|
end
|
|
98
113
|
|
|
99
114
|
it 'should produce a hash with the service port' do
|
|
100
|
-
result_hash[:service_port].
|
|
115
|
+
expect(result_hash[:service_port]).to eq(login.service.port)
|
|
101
116
|
end
|
|
102
117
|
|
|
103
118
|
it 'should produce a hash with the service name' do
|
|
104
|
-
result_hash[:service_name].
|
|
119
|
+
expect(result_hash[:service_name]).to eq(login.service.name)
|
|
105
120
|
end
|
|
106
121
|
|
|
107
122
|
it 'should produce a hash with the service protocol' do
|
|
108
|
-
result_hash[:service_protocol].
|
|
123
|
+
expect(result_hash[:service_protocol]).to eq(login.service.proto)
|
|
109
124
|
end
|
|
110
125
|
|
|
111
126
|
it 'should produce a hash with the login status' do
|
|
112
|
-
result_hash[:status].
|
|
127
|
+
expect(result_hash[:status]).to eq(login.status)
|
|
113
128
|
end
|
|
114
129
|
|
|
115
130
|
it 'should produce a hash with the login access_level' do
|
|
116
|
-
result_hash[:access_level].
|
|
131
|
+
expect(result_hash[:access_level]).to eq(login.access_level)
|
|
117
132
|
end
|
|
118
133
|
|
|
119
134
|
it 'should produce a hash with the login last_attempted_at' do
|
|
120
|
-
result_hash[:last_attempted_at].
|
|
135
|
+
expect(result_hash[:last_attempted_at]).to eq(login.last_attempted_at)
|
|
121
136
|
end
|
|
122
137
|
|
|
123
138
|
it 'should produce a hash with the public information' do
|
|
124
|
-
result_hash[:username].
|
|
139
|
+
expect(result_hash[:username]).to eq(login.core.public.username)
|
|
125
140
|
end
|
|
126
141
|
|
|
127
142
|
it 'should produce a hash with the private data' do
|
|
128
|
-
result_hash[:private_data].
|
|
143
|
+
expect(result_hash[:private_data]).to eq(login.core.private.data)
|
|
129
144
|
end
|
|
130
145
|
|
|
131
146
|
it 'should produce a hash with the demodulized name of the private type' do
|
|
132
|
-
result_hash[:private_type].
|
|
147
|
+
expect(result_hash[:private_type]).to eq(login.core.private.type)
|
|
133
148
|
end
|
|
134
149
|
end
|
|
135
150
|
|
|
136
151
|
describe "#output" do
|
|
137
152
|
it 'should be a writable File' do
|
|
138
153
|
file_stat = core_exporter.output.stat
|
|
139
|
-
file_stat.
|
|
154
|
+
expect(file_stat).to be_writable
|
|
140
155
|
end
|
|
141
156
|
|
|
142
157
|
it 'should not be opened in binmode' do
|
|
143
|
-
core_exporter.output.
|
|
158
|
+
expect(core_exporter.output).not_to be_binmode
|
|
144
159
|
end
|
|
145
160
|
end
|
|
146
161
|
|
|
147
162
|
describe "#output_directory_path" do
|
|
148
163
|
it 'should be in the platform-agnostic temp directory' do
|
|
149
|
-
core_exporter.output_final_directory_path.
|
|
164
|
+
expect(core_exporter.output_final_directory_path).to include(Dir.tmpdir)
|
|
150
165
|
end
|
|
151
166
|
|
|
152
167
|
it 'should have the set export prefix' do
|
|
153
|
-
core_exporter.output_final_directory_path.
|
|
168
|
+
expect(core_exporter.output_final_directory_path).to include(Metasploit::Credential::Exporter::Core::TEMP_ZIP_PATH_PREFIX)
|
|
154
169
|
end
|
|
155
170
|
|
|
156
171
|
describe "uniqueness for export" do
|
|
157
172
|
let(:path_fragment){ "export-#{Time.now.to_s}" }
|
|
158
173
|
|
|
159
174
|
before(:each) do
|
|
160
|
-
core_exporter.
|
|
175
|
+
allow(core_exporter).to receive(:output_final_subdirectory_name).and_return(path_fragment)
|
|
161
176
|
end
|
|
162
177
|
|
|
163
178
|
it 'should include a special time-stamped directory to contain the export data being staged' do
|
|
164
|
-
core_exporter.output_final_directory_path.
|
|
179
|
+
expect(core_exporter.output_final_directory_path).to include(core_exporter.output_final_subdirectory_name)
|
|
165
180
|
end
|
|
166
181
|
end
|
|
167
182
|
end
|
|
@@ -169,44 +184,44 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
169
184
|
describe "#data" do
|
|
170
185
|
describe "in LOGIN_MODE" do
|
|
171
186
|
before(:each) do
|
|
172
|
-
core_exporter.
|
|
187
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::LOGIN_MODE
|
|
173
188
|
end
|
|
174
189
|
|
|
175
190
|
describe "when whitelist_ids is present" do
|
|
176
191
|
before(:each) do
|
|
177
|
-
core_exporter.
|
|
192
|
+
allow(core_exporter).to receive(:whitelist_ids).and_return([login1.id])
|
|
178
193
|
end
|
|
179
194
|
|
|
180
195
|
it 'should contain only those objects whose IDs are in the whitelist' do
|
|
181
|
-
core_exporter.data.
|
|
196
|
+
expect(core_exporter.data).not_to include(login2)
|
|
182
197
|
end
|
|
183
198
|
end
|
|
184
199
|
|
|
185
200
|
describe "when whitelist_ids is blank" do
|
|
186
201
|
it 'should be the same as #export_data' do
|
|
187
|
-
core_exporter.data.
|
|
202
|
+
expect(core_exporter.data).to eq(core_exporter.export_data)
|
|
188
203
|
end
|
|
189
204
|
end
|
|
190
205
|
end
|
|
191
206
|
|
|
192
207
|
describe "in CORE_MODE" do
|
|
193
208
|
before(:each) do
|
|
194
|
-
core_exporter.
|
|
209
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
195
210
|
end
|
|
196
211
|
|
|
197
212
|
describe "when whitelist_ids is present" do
|
|
198
213
|
before(:each) do
|
|
199
|
-
core_exporter.
|
|
214
|
+
allow(core_exporter).to receive(:whitelist_ids).and_return([core1.id])
|
|
200
215
|
end
|
|
201
216
|
|
|
202
217
|
it 'should contain only those objects whose IDs are in the whitelist' do
|
|
203
|
-
core_exporter.data.
|
|
218
|
+
expect(core_exporter.data).not_to include(core2)
|
|
204
219
|
end
|
|
205
220
|
end
|
|
206
221
|
|
|
207
222
|
describe "when whitelist_ids is blank" do
|
|
208
223
|
it 'should be the same as #export_data' do
|
|
209
|
-
core_exporter.data.
|
|
224
|
+
expect(core_exporter.data).to eq(core_exporter.export_data)
|
|
210
225
|
end
|
|
211
226
|
end
|
|
212
227
|
end
|
|
@@ -215,22 +230,22 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
215
230
|
describe "#export_data" do
|
|
216
231
|
describe "in CORE_MODE" do
|
|
217
232
|
before(:each) do
|
|
218
|
-
core_exporter.
|
|
233
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
219
234
|
end
|
|
220
235
|
|
|
221
236
|
it 'should grab data using the proper scope' do
|
|
222
|
-
Metasploit::Credential::Core.
|
|
237
|
+
expect(Metasploit::Credential::Core).to receive(:workspace_id).with(core_exporter.workspace.id)
|
|
223
238
|
core_exporter.export_data
|
|
224
239
|
end
|
|
225
240
|
end
|
|
226
241
|
|
|
227
242
|
describe "in LOGIN_MODE" do
|
|
228
243
|
before(:each) do
|
|
229
|
-
core_exporter.
|
|
244
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::LOGIN_MODE
|
|
230
245
|
end
|
|
231
246
|
|
|
232
247
|
it 'should grab data using the proper scope' do
|
|
233
|
-
Metasploit::Credential::Login.
|
|
248
|
+
expect(Metasploit::Credential::Login).to receive(:in_workspace_including_hosts_and_services).with(core_exporter.workspace)
|
|
234
249
|
core_exporter.export_data
|
|
235
250
|
end
|
|
236
251
|
end
|
|
@@ -240,7 +255,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
240
255
|
describe "#render_manifest_and_output_keys" do
|
|
241
256
|
describe "in CORE_MODE" do
|
|
242
257
|
before(:each) do
|
|
243
|
-
core_exporter.
|
|
258
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
244
259
|
core_exporter.render_manifest_output_and_keys
|
|
245
260
|
path = core_exporter.output_final_directory_path + '/' + Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME
|
|
246
261
|
|
|
@@ -260,34 +275,34 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
260
275
|
end
|
|
261
276
|
|
|
262
277
|
it 'should contain the Public#username for all Core objects' do
|
|
263
|
-
@core_publics.
|
|
264
|
-
@core_publics.
|
|
278
|
+
expect(@core_publics).to include(core1.public.username)
|
|
279
|
+
expect(@core_publics).to include(core2.public.username)
|
|
265
280
|
end
|
|
266
281
|
|
|
267
282
|
it 'should contain the Private#type for all Core objects' do
|
|
268
|
-
@core_private_types.
|
|
269
|
-
@core_private_types.
|
|
283
|
+
expect(@core_private_types).to include(core1.private.type)
|
|
284
|
+
expect(@core_private_types).to include(core2.private.type)
|
|
270
285
|
end
|
|
271
286
|
|
|
272
287
|
it 'should contain the Private#data for all Core objects' do
|
|
273
|
-
@core_private_data.
|
|
274
|
-
@core_private_data.
|
|
288
|
+
expect(@core_private_data).to include(core1.private.data)
|
|
289
|
+
expect(@core_private_data).to include(core2.private.data)
|
|
275
290
|
end
|
|
276
291
|
|
|
277
292
|
it 'should contain the Realm#key for all Core objects' do
|
|
278
|
-
@core_realm_keys.
|
|
279
|
-
@core_realm_keys.
|
|
293
|
+
expect(@core_realm_keys).to include(core1.realm.key)
|
|
294
|
+
expect(@core_realm_keys).to include(core2.realm.key)
|
|
280
295
|
end
|
|
281
296
|
|
|
282
297
|
it 'should contain the Realm#value for all Core objects' do
|
|
283
|
-
@core_realm_values.
|
|
284
|
-
@core_realm_values.
|
|
298
|
+
expect(@core_realm_values).to include(core1.realm.value)
|
|
299
|
+
expect(@core_realm_values).to include(core2.realm.value)
|
|
285
300
|
end
|
|
286
301
|
end
|
|
287
302
|
|
|
288
303
|
describe "in LOGIN_MODE" do
|
|
289
304
|
before(:each) do
|
|
290
|
-
core_exporter.
|
|
305
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::LOGIN_MODE
|
|
291
306
|
core_exporter.render_manifest_output_and_keys
|
|
292
307
|
path = core_exporter.output_final_directory_path + '/' + Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME
|
|
293
308
|
|
|
@@ -316,48 +331,48 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
316
331
|
|
|
317
332
|
|
|
318
333
|
it 'should contain the Public#username for all Login objects' do
|
|
319
|
-
@login_publics.
|
|
320
|
-
@login_publics.
|
|
334
|
+
expect(@login_publics).to include(login1.core.public.username)
|
|
335
|
+
expect(@login_publics).to include(login2.core.public.username)
|
|
321
336
|
end
|
|
322
337
|
|
|
323
338
|
it 'should contain the Private#type for all Login objects' do
|
|
324
|
-
@login_private_types.
|
|
325
|
-
@login_private_types.
|
|
339
|
+
expect(@login_private_types).to include(login1.core.private.type)
|
|
340
|
+
expect(@login_private_types).to include(login2.core.private.type)
|
|
326
341
|
end
|
|
327
342
|
|
|
328
343
|
it 'should contain the Private#data for all Login objects' do
|
|
329
|
-
@login_private_data.
|
|
330
|
-
@login_private_data.
|
|
344
|
+
expect(@login_private_data).to include(login1.core.private.data)
|
|
345
|
+
expect(@login_private_data).to include(login2.core.private.data)
|
|
331
346
|
end
|
|
332
347
|
|
|
333
348
|
it 'should contain the Realm#key for all Login objects' do
|
|
334
|
-
@login_realm_keys.
|
|
335
|
-
@login_realm_keys.
|
|
349
|
+
expect(@login_realm_keys).to include(login1.core.realm.key)
|
|
350
|
+
expect(@login_realm_keys).to include(login2.core.realm.key)
|
|
336
351
|
end
|
|
337
352
|
|
|
338
353
|
it 'should contain the Realm#value for all Login objects' do
|
|
339
|
-
@login_realm_values.
|
|
340
|
-
@login_realm_values.
|
|
354
|
+
expect(@login_realm_values).to include(login1.core.realm.value)
|
|
355
|
+
expect(@login_realm_values).to include(login2.core.realm.value)
|
|
341
356
|
end
|
|
342
357
|
|
|
343
358
|
it 'should contain the associated Mdm::Host#address for all Login objects' do
|
|
344
|
-
@login_host_addresses.
|
|
345
|
-
@login_host_addresses.
|
|
359
|
+
expect(@login_host_addresses).to include(login1.service.host.address)
|
|
360
|
+
expect(@login_host_addresses).to include(login2.service.host.address)
|
|
346
361
|
end
|
|
347
362
|
|
|
348
363
|
it 'should contain the associated Mdm::Service#port (stringified) for all Login objects' do
|
|
349
|
-
@login_service_ports.
|
|
350
|
-
@login_service_ports.
|
|
364
|
+
expect(@login_service_ports).to include(login1.service.port.to_s)
|
|
365
|
+
expect(@login_service_ports).to include(login2.service.port.to_s)
|
|
351
366
|
end
|
|
352
367
|
|
|
353
368
|
it 'should contain the associated Mdm::Service#name for all Login objects' do
|
|
354
|
-
@login_service_names.
|
|
355
|
-
@login_service_names.
|
|
369
|
+
expect(@login_service_names).to include(login1.service.name)
|
|
370
|
+
expect(@login_service_names).to include(login2.service.name)
|
|
356
371
|
end
|
|
357
372
|
|
|
358
373
|
it 'should contain the associated Mdm::Service#proto for all Login objects' do
|
|
359
|
-
@login_service_protocols.
|
|
360
|
-
@login_service_protocols.
|
|
374
|
+
expect(@login_service_protocols).to include(login1.service.proto)
|
|
375
|
+
expect(@login_service_protocols).to include(login2.service.proto)
|
|
361
376
|
end
|
|
362
377
|
end
|
|
363
378
|
end
|
|
@@ -365,7 +380,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
365
380
|
describe "#render_zip" do
|
|
366
381
|
describe "when there are no SSH keys in the dataset" do
|
|
367
382
|
before(:each) do
|
|
368
|
-
core_exporter.
|
|
383
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
369
384
|
core_exporter.render_manifest_output_and_keys
|
|
370
385
|
core_exporter.render_zip
|
|
371
386
|
end
|
|
@@ -375,7 +390,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
375
390
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
376
391
|
manifest_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME).first
|
|
377
392
|
end
|
|
378
|
-
manifest_entry.
|
|
393
|
+
expect(manifest_entry).not_to be_blank
|
|
379
394
|
end
|
|
380
395
|
|
|
381
396
|
it 'should not contain a keys directory' do
|
|
@@ -383,7 +398,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
383
398
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
384
399
|
keys_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::KEYS_SUBDIRECTORY_NAME).first
|
|
385
400
|
end
|
|
386
|
-
keys_entry.
|
|
401
|
+
expect(keys_entry).to be_blank
|
|
387
402
|
end
|
|
388
403
|
end
|
|
389
404
|
|
|
@@ -396,7 +411,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
396
411
|
workspace: workspace)}
|
|
397
412
|
|
|
398
413
|
before(:each) do
|
|
399
|
-
core_exporter.
|
|
414
|
+
allow(core_exporter).to receive(:mode).and_return Metasploit::Credential::Exporter::Core::CORE_MODE
|
|
400
415
|
core_exporter.render_manifest_output_and_keys
|
|
401
416
|
core_exporter.render_zip
|
|
402
417
|
end
|
|
@@ -406,7 +421,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
406
421
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
407
422
|
manifest_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME).first
|
|
408
423
|
end
|
|
409
|
-
manifest_entry.
|
|
424
|
+
expect(manifest_entry).not_to be_blank
|
|
410
425
|
end
|
|
411
426
|
|
|
412
427
|
it 'should contain a keys directory' do
|
|
@@ -414,7 +429,7 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
414
429
|
Zip::File.open(core_exporter.output_zipfile_path) do |zip_file|
|
|
415
430
|
keys_entry = zip_file.glob(Metasploit::Credential::Importer::Zip::KEYS_SUBDIRECTORY_NAME).first
|
|
416
431
|
end
|
|
417
|
-
keys_entry.
|
|
432
|
+
expect(keys_entry).not_to be_blank
|
|
418
433
|
end
|
|
419
434
|
|
|
420
435
|
describe "the keys directory" do
|
|
@@ -426,12 +441,12 @@ describe Metasploit::Credential::Exporter::Core do
|
|
|
426
441
|
end
|
|
427
442
|
|
|
428
443
|
it 'should contain a key for each SSH private in the export' do
|
|
429
|
-
@key_entries.size.
|
|
444
|
+
expect(@key_entries.size).to eq(core_exporter.data[:core].select{ |d| d.private.type == Metasploit::Credential::SSHKey.name }.size)
|
|
430
445
|
end
|
|
431
446
|
|
|
432
447
|
it 'should contain key files named with Public#username and Private#id for each Core that uses an SSHKey' do
|
|
433
448
|
key_names = @key_entries.map{ |e| e.to_s.gsub("#{Metasploit::Credential::Importer::Zip::KEYS_SUBDIRECTORY_NAME}/", '') }
|
|
434
|
-
key_names.
|
|
449
|
+
expect(key_names).to include("#{core_with_key.public.username}-#{core_with_key.private.id}")
|
|
435
450
|
end
|
|
436
451
|
|
|
437
452
|
end
|