|
4 | 4 | describe Msf::Exploit::Remote::BrowserExploitServer do |
5 | 5 |
|
6 | 6 | subject(:server) do |
7 | | - mod = Msf::Exploit.allocate |
| 7 | + mod = Msf::Exploit::Remote.allocate |
8 | 8 | mod.extend described_class |
9 | 9 | mod.send(:initialize, {}) |
10 | 10 | mod |
|
17 | 17 | service |
18 | 18 | end |
19 | 19 |
|
| 20 | + let(:expected_user_agent) do |
| 21 | + 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)' |
| 22 | + end |
| 23 | + |
20 | 24 | let(:profile_name) do |
21 | 25 | 'random' |
22 | 26 | end |
|
25 | 29 | 'linux' |
26 | 30 | end |
27 | 31 |
|
28 | | - let(:expected_user_agent) do |
29 | | - 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)' |
30 | | - end |
31 | | - |
32 | 32 | let(:exploit_page) do |
33 | 33 | server.instance_variable_get(:@exploit_receiver_page) |
34 | 34 | end |
35 | 35 |
|
36 | 36 | let(:expected_profile) do |
37 | 37 | { |
38 | | - :source=>'script', |
39 | | - :os_name=>'Windows XP', |
40 | | - :ua_name=>'MSIE', |
41 | | - :ua_ver=>'8.0', |
42 | | - :arch=>'x86', |
43 | | - :office=>'null', |
44 | | - :activex=>'true', |
45 | | - :proxy=>false, |
46 | | - :language=>'en-us', |
47 | | - :tried=>true |
| 38 | + :source =>'script', |
| 39 | + :os_name =>'Windows XP', |
| 40 | + :ua_name =>'MSIE', |
| 41 | + :ua_ver =>'8.0', |
| 42 | + :arch =>'x86', |
| 43 | + :office =>'null', |
| 44 | + :activex =>'true', |
| 45 | + :proxy =>false, |
| 46 | + :language =>'en-us', |
| 47 | + :tried => true |
48 | 48 | } |
49 | 49 | end |
50 | 50 |
|
|
296 | 296 | server.on_request_uri(cli, request) |
297 | 297 | end |
298 | 298 | end |
| 299 | + |
| 300 | + |
| 301 | + describe '#get_payload' do |
| 302 | + let(:cli) { |
| 303 | + Rex::Socket::Tcp |
| 304 | + } |
| 305 | + |
| 306 | + before(:each) do |
| 307 | + allow(cli).to receive(:peerhost).and_return('0.0.0.0') |
| 308 | + allow(cli).to receive(:peerport).and_return(4444) |
| 309 | + end |
| 310 | + |
| 311 | + let(:encoded) { '@EXE@' } |
| 312 | + |
| 313 | + let(:x86_payload) { |
| 314 | + double(:encoded => encoded, :arch => ['x86']) |
| 315 | + } |
| 316 | + |
| 317 | + let(:x86_64_payload) { |
| 318 | + double(:encoded => encoded, :arch => ['x86_64']) |
| 319 | + } |
| 320 | + |
| 321 | + context 'when the payload supports the visitor\'s browser architecture' do |
| 322 | + it 'returns a payload' do |
| 323 | + allow(server).to receive(:regenerate_payload).and_return(x86_payload) |
| 324 | + expect(server.get_payload(cli, expected_profile)).to eq(encoded) |
| 325 | + end |
| 326 | + end |
| 327 | + |
| 328 | + context 'when the payload does not support the visitor\'s browser architecture' do |
| 329 | + it 'raises a BESException' do |
| 330 | + allow(server).to receive(:regenerate_payload).and_return(x86_64_payload) |
| 331 | + expect{server.get_payload(cli, expected_profile)}.to raise_error(Msf::Exploit::Remote::BrowserExploitServer::BESException) |
| 332 | + end |
| 333 | + end |
| 334 | + end |
| 335 | + |
299 | 336 | end |
300 | 337 |
|
301 | 338 | end |
0 commit comments