|
22 | 22 | 'admin'
|
23 | 23 | end
|
24 | 24 |
|
| 25 | + let(:username_disabled) do |
| 26 | + 'admin_disabled' |
| 27 | + end |
| 28 | + |
25 | 29 | let(:password) do
|
26 | 30 | 'password'
|
27 | 31 | end
|
28 | 32 |
|
| 33 | + let(:password_disabled) do |
| 34 | + 'password_disabled' |
| 35 | + end |
| 36 | + |
29 | 37 | let(:cred) do
|
30 | 38 | Metasploit::Framework::Credential.new(
|
31 | 39 | paired: true,
|
|
42 | 50 | )
|
43 | 51 | end
|
44 | 52 |
|
| 53 | + let(:disabled_cred) do |
| 54 | + Metasploit::Framework::Credential.new( |
| 55 | + paired: true, |
| 56 | + public: username_disabled, |
| 57 | + private: password_disabled |
| 58 | + ) |
| 59 | + end |
| 60 | + |
45 | 61 | let(:res_code) do
|
46 | 62 | 200
|
47 | 63 | end
|
|
102 | 118 |
|
103 | 119 | before :each do
|
104 | 120 | allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv) do |req|
|
105 |
| - p "#{req.opts['uri']}" |
106 | 121 | if req.opts['uri'] && req.opts['uri'].include?('j_security_check') &&
|
107 | 122 | req.opts['data'] &&
|
108 | 123 | req.opts['data'].include?("j_username=#{username}") &&
|
|
136 | 151 | end
|
137 | 152 |
|
138 | 153 | context '#try_glassfish_3' do
|
| 154 | + |
| 155 | + let(:login_ok_message) do |
| 156 | + '<title>Deploy Enterprise Applications/Modules</title>' |
| 157 | + end |
| 158 | + |
| 159 | + before :each do |
| 160 | + allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv) do |req| |
| 161 | + if req.opts['uri'] && req.opts['uri'].include?('j_security_check') && |
| 162 | + req.opts['data'] && |
| 163 | + req.opts['data'].include?("j_username=#{username}") && |
| 164 | + req. opts['data'].include?("j_password=#{password}") |
| 165 | + res = Rex::Proto::Http::Response.new(302) |
| 166 | + res.headers['Location'] = '/common/applications/uploadFrame.jsf' |
| 167 | + res.headers['Set-Cookie'] = 'JSESSIONID=GOODSESSIONID' |
| 168 | + res |
| 169 | + elsif req.opts['uri'] && req.opts['uri'].include?('j_security_check') && |
| 170 | + req.opts['data'] && |
| 171 | + req.opts['data'].include?("j_username=#{username_disabled}") && |
| 172 | + req. opts['data'].include?("j_password=#{password_disabled}") |
| 173 | + res = Rex::Proto::Http::Response.new(200) |
| 174 | + res.body = 'Secure Admin must be enabled' |
| 175 | + elsif req.opts['uri'] && req.opts['uri'].include?('j_security_check') |
| 176 | + res = Rex::Proto::Http::Response.new(200) |
| 177 | + res.body = 'bad login' |
| 178 | + elsif req.opts['uri'] && |
| 179 | + req.opts['uri'].include?('/common/applications/uploadFrame.jsf') |
| 180 | + res = Rex::Proto::Http::Response.new(200) |
| 181 | + res.body = '<title>Deploy Applications or Modules' |
| 182 | + else |
| 183 | + res = Rex::Proto::Http::Response.new(404) |
| 184 | + end |
| 185 | + |
| 186 | + res |
| 187 | + end |
| 188 | + end |
| 189 | + |
139 | 190 | it 'returns status Metasploit::Model::Login::Status::SUCCESSFUL for a valid credential' do
|
140 |
| - good_auth_res = Rex::Proto::Http::Response.new(302) |
141 |
| - good_res = Rex::Proto::Http::Response.new(200) |
142 |
| - good_res.stub(:body).and_return('<title>Deploy Applications or Modules</title>') |
143 |
| - http_scanner.should_receive(:try_login).with(cred).and_return(good_auth_res) |
144 |
| - http_scanner.should_receive(:send_request).with(kind_of(Hash)).and_return(good_res) |
145 | 191 | http_scanner.try_glassfish_3(cred)[:status].should eq(Metasploit::Model::Login::Status::SUCCESSFUL)
|
146 | 192 | end
|
147 | 193 |
|
148 | 194 | it 'returns status Metasploit::Model::Login::Status::SUCCESSFUL based on a disabled remote admin message' do
|
149 |
| - good_auth_res = Rex::Proto::Http::Response.new(200) |
150 |
| - good_auth_res.stub(:body).and_return('Secure Admin must be enabled') |
151 |
| - http_scanner.should_receive(:try_login).with(cred).and_return(good_auth_res) |
152 |
| - http_scanner.try_glassfish_3(cred)[:status].should eq(Metasploit::Model::Login::Status::SUCCESSFUL) |
| 195 | + http_scanner.try_glassfish_3(disabled_cred)[:status].should eq(Metasploit::Model::Login::Status::SUCCESSFUL) |
153 | 196 | end
|
154 | 197 |
|
155 | 198 | it 'returns status Metasploit::Model::Login::Status::INCORRECT for an invalid credential' do
|
156 |
| - bad_auth_res = Rex::Proto::Http::Response.new(200) |
157 |
| - http_scanner.should_receive(:try_login).with(cred).and_return(bad_auth_res) |
158 |
| - http_scanner.try_glassfish_3(cred)[:status].should eq(Metasploit::Model::Login::Status::INCORRECT) |
| 199 | + http_scanner.try_glassfish_3(bad_cred)[:status].should eq(Metasploit::Model::Login::Status::INCORRECT) |
159 | 200 | end
|
160 | 201 | end
|
161 | 202 |
|
|
0 commit comments