Rspec

Author: wchen-r7

spec/lib/msf/core/exploit/browser_autopwnv2_spec.rb

@@ -11,7 +11,7 @@
 
 
   def mock_note_destroy
-    # The destory method doesn't pass the note as an argument like framework.jobs_stop_job.
+    # The destory method doesn't pass the note as an argument startlike framework.jobs_stop_job.
     # So here's I'm just gonna clear them all, and that sort of mimics #destroy.
     framework = double('Msf::Framework', datastore: {})
 
@@ -91,6 +91,19 @@ def create_fake_exploit(opts={})
     mod
   end
 
+  def create_fake_multi_handler
+    compat_payloads = [
+      [windows_meterpreter_reverse_tcp, create_fake_windows_meterpreter]
+    ]
+
+    create_fake_exploit(
+      full_name: 'multi/handler',
+      short_name: 'multi/handler',
+      compat_payloads: compat_payloads,
+      job_id: 0,
+    )
+  end
+
   def create_fake_ms14_064
     compat_payloads = [
       [windows_meterpreter_reverse_tcp, create_fake_windows_meterpreter]
@@ -168,6 +181,7 @@ def create_fake_payload(opts={})
     allow(p).to receive(:fullname).and_return(fullname)
     allow(p).to receive(:shoftname).and_return(shortname)
     allow(p).to receive(:workspace).and_return(workspace)
+    allow(p).to receive(:exploit_simple)
 
     p
   end
@@ -238,6 +252,7 @@ def mock_exploit_create(full_name)
       exploits << create_fake_ms14_064
       exploits << create_fake_flash_uncompress_zlib_uaf
       exploits << create_fake_flash_net_connection_confusion
+      exploits << create_fake_multi_handler
 
       exploits
     }.call
@@ -382,6 +397,7 @@ def mock_exploit_create(full_name)
     mod.send(:initialize)
     mod.send(:datastore=, autopwn_datastore_options)
     allow(mod).to receive(:fullname).and_return('multi/browser/autopwn')
+    allow(mod).to receive(:datastore).and_return(autopwn_datastore_options)
     mod
   end
 
@@ -561,7 +577,30 @@ def mock_exploit_create(full_name)
     end
   end
 
-  skip '#start_payload_listeners' do
+  describe '#start_payload_listeners' do
+    let(:active_payload) do
+      create_fake_windows_meterpreter
+    end
+
+    let(:wanted_payloads) do
+      [{
+        payload_name: active_payload.fullname,
+        payload_lport: active_payload.datastore['LPORT']
+      }]
+    end
+
+    before(:each) do
+      subject.instance_variable_set(:@wanted_payloads, wanted_payloads)
+      subject.instance_variable_set(:@payload_job_ids, [])
+    end
+
+    context 'when a payload is listening' do
+      it 'adds the job ID to the payload job ID list' do
+        expect(subject.instance_variable_get(:@payload_job_ids).length).to eq(0)
+        subject.start_payload_listeners
+        expect(subject.instance_variable_get(:@payload_job_ids).length).to eq(1)
+      end
+    end
   end
 
   describe '#parse_rank' do
@@ -656,8 +695,20 @@ def mock_exploit_create(full_name)
     end
   end
 
-  skip '#select_payload' do
-    
+  describe '#select_payload' do
+    before(:each) do
+      subject.instance_variable_set(:@wanted_payloads, [])
+    end
+
+    context 'when a ms14_064 is given' do
+      it 'returns a windows payload' do
+        m = create_fake_ms14_064
+        expected_payload = m.compatible_payloads.first.first
+        selected_payload = subject.select_payload(m)
+        expect(selected_payload.length).to eq(1)
+        expect(selected_payload.first[:payload_name]).to eq(expected_payload)
+      end
+    end
   end
 
   describe '#start_exploits' do
@@ -724,7 +775,14 @@ def get_stdout(&block)
     end
 
     skip '#start_service' do
-      # You got me, I don't know how to implement this one because the super"
+      it 'prints the BrowserAutopwn URL' do
+        # This code blows up, por que??
+        # 3 threads exist(s) when only 1 thread expected after suite runs
+        allow_any_instance_of(Msf::Exploit::Remote::BrowserExploitServer).to receive(:super)
+        allow(subject).to receive(:show_ready_exploits)
+        allow_any_instance_of(Rex::Socket).to receive(:source_address).and_return(nil)
+        subject.start_service
+      end
     end
 
   end