Fixed spec for lib/msf/http/jboss

us3r777 · us3r777 · commit cc5b8525170a · 2014-09-08T17:42:04.000+02:00
Revert commit abdd72e. Added some spec for lib/msf/http/jboss/deployment_file_repository_scripts
diff --git a/lib/msf/http/jboss/deployment_file_repository_scripts.rb b/lib/msf/http/jboss/deployment_file_repository_scripts.rb
@@ -42,7 +42,7 @@ def head_stager_jsp(stager_base, stager_jsp_name)
   #
   # @param app_base [String] The name of the WAR app to write.
   # @return [String] The JSP stager.
-  def stager_jsp(app_base, encoded_payload)
+  def stager_jsp_with_payload(app_base, encoded_payload)
     decoded_var = Rex::Text.rand_text_alpha(8+rand(8))
     file_path_var = Rex::Text.rand_text_alpha(8+rand(8))
     jboss_home_var = Rex::Text.rand_text_alpha(8+rand(8))
diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb
@@ -120,7 +120,7 @@ def exploit
     }).to_s
 
     encoded_payload = Rex::Text.encode_base64(war_data).gsub(/\n/, '')
-    stager_contents = stager_jsp(app_base, encoded_payload)
+    stager_contents = stager_jsp_with_payload(app_base, encoded_payload)
     # Depending on the type on the verb we might use a second stager
     if http_verb == "POST" then
       print_status("Deploying stager for the WAR file")
diff --git a/spec/lib/msf/http/jboss/bean_shell_scripts_spec.rb b/spec/lib/msf/http/jboss/bean_shell_scripts_spec.rb
@@ -4,7 +4,7 @@
 require 'msf/core'
 require 'msf/http/jboss'
 
-describe Msf::HTTP::JBoss::Scripts do
+describe Msf::HTTP::JBoss::BeanShellScripts do
   subject do
     mod = ::Msf::Exploit.new
     mod.extend Msf::HTTP::JBoss
diff --git a/spec/lib/msf/http/jboss/deployment_file_repository_scripts.spec.rb b/spec/lib/msf/http/jboss/deployment_file_repository_scripts.spec.rb
@@ -0,0 +1,39 @@
+#-*- coding:binary -*-
+require 'spec_helper'
+
+require 'msf/core'
+require 'msf/http/jboss'
+
+describe Msf::HTTP::JBoss::DeploymentFileRepositoryScripts do
+  subject do
+    mod = ::Msf::Exploit.new
+    mod.extend Msf::HTTP::JBoss
+    mod.send(:initialize)
+    mod
+  end
+
+  describe "#stager_jsp_with_payload" do
+    it "returns the JSP stager" do
+      expect(subject.stager_jsp_with_payload('metasploit', 'payload')).to include('System.getProperty("jboss.server.home.dir");')
+    end
+
+    it "uses the provided application name" do
+      expect(subject.stager_jsp_with_payload('metasploit', 'payload')).to include('"/deploy/" + "metasploit.war";')
+    end
+
+    it "uses the provided payload" do
+      expect(subject.stager_jsp_with_payload('metasploit', 'payload')).to include('"payload";')
+    end
+  end
+
+  describe "#head_stager_jsp" do
+    it "returns the head JSP stager" do
+      expect(subject.head_stager_jsp('stager_base', 'jsp_name')).to include('System.getProperty("jboss.server.home.dir");')
+    end
+
+    it "uses the provided base name" do
+      expect(subject.head_stager_jsp('stager_base', 'jsp_name')).to include('"/deploy/management/" + "stager_base.war/"')
+    end
+  end
+
+end

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ def head_stager_jsp(stager_base, stager_jsp_name)`
`42`	`42`	`#`
`43`	`43`	`# @param app_base [String] The name of the WAR app to write.`
`44`	`44`	`# @return [String] The JSP stager.`
`45`		`- def stager_jsp(app_base, encoded_payload)`
	`45`	`+ def stager_jsp_with_payload(app_base, encoded_payload)`
`46`	`46`	`decoded_var = Rex::Text.rand_text_alpha(8+rand(8))`
`47`	`47`	`file_path_var = Rex::Text.rand_text_alpha(8+rand(8))`
`48`	`48`	`jboss_home_var = Rex::Text.rand_text_alpha(8+rand(8))`