|
| 1 | +# -*- coding:binary -*- |
| 2 | +require 'spec_helper' |
| 3 | + |
| 4 | +require 'rex/java/serialization' |
| 5 | +require 'rex/proto/rmi' |
| 6 | +require 'msf/java/rmi/client' |
| 7 | + |
| 8 | +describe Msf::Java::Rmi::Client::Jmx::Server::Parser do |
| 9 | + subject(:mod) do |
| 10 | + mod = ::Msf::Exploit.new |
| 11 | + mod.extend ::Msf::Java::Rmi::Client |
| 12 | + mod.send(:initialize) |
| 13 | + mod |
| 14 | + end |
| 15 | + |
| 16 | + let(:new_client_return) do |
| 17 | + raw = "\xac\xed\x00\x05\x77\x0f\x01\x82\x73\x92\x35\x00\x00\x01\x4c\x48" + |
| 18 | + "\x27\x84\x49\x80\xb8\x73\x72\x00\x32\x6a\x61\x76\x61\x78\x2e\x6d" + |
| 19 | + "\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2e\x72\x65\x6d\x6f\x74\x65" + |
| 20 | + "\x2e\x72\x6d\x69\x2e\x52\x4d\x49\x43\x6f\x6e\x6e\x65\x63\x74\x69" + |
| 21 | + "\x6f\x6e\x49\x6d\x70\x6c\x5f\x53\x74\x75\x62\x00\x00\x00\x00\x00" + |
| 22 | + "\x00\x00\x02\x02\x00\x00\x70\x78\x72\x00\x1a\x6a\x61\x76\x61\x2e" + |
| 23 | + "\x72\x6d\x69\x2e\x73\x65\x72\x76\x65\x72\x2e\x52\x65\x6d\x6f\x74" + |
| 24 | + "\x65\x53\x74\x75\x62\xe9\xfe\xdc\xc9\x8b\xe1\x65\x1a\x02\x00\x00" + |
| 25 | + "\x70\x78\x72\x00\x1c\x6a\x61\x76\x61\x2e\x72\x6d\x69\x2e\x73\x65" + |
| 26 | + "\x72\x76\x65\x72\x2e\x52\x65\x6d\x6f\x74\x65\x4f\x62\x6a\x65\x63" + |
| 27 | + "\x74\xd3\x61\xb4\x91\x0c\x61\x33\x1e\x03\x00\x00\x70\x78\x70\x77" + |
| 28 | + "\x37\x00\x0a\x55\x6e\x69\x63\x61\x73\x74\x52\x65\x66\x00\x0e\x31" + |
| 29 | + "\x37\x32\x2e\x31\x36\x2e\x31\x35\x38\x2e\x31\x33\x32\x00\x00\x13" + |
| 30 | + "\x26\x08\xd9\x72\x63\x38\x4c\x6b\x7c\x82\x73\x92\x35\x00\x00\x01" + |
| 31 | + "\x4c\x48\x27\x84\x49\x80\xb7\x01\x78" |
| 32 | + io = StringIO.new(raw, 'rb') |
| 33 | + rv = Rex::Proto::Rmi::Model::ReturnValue.new |
| 34 | + rv.decode(io) |
| 35 | + |
| 36 | + rv |
| 37 | + end |
| 38 | + |
| 39 | + let(:remote_object) { 'javax.management.remote.rmi.RMIConnectionImpl_Stub' } |
| 40 | + let(:remote_interface) do |
| 41 | + { |
| 42 | + address: '172.16.158.132', |
| 43 | + port: 4902, |
| 44 | + object_number: 637666592721496956 |
| 45 | + } |
| 46 | + end |
| 47 | + |
| 48 | + describe "#parse_jmx_new_client_endpoint" do |
| 49 | + it "returns the remote reference information in a Hash" do |
| 50 | + expect(mod.parse_jmx_new_client_endpoint(new_client_return)).to be_a(Hash) |
| 51 | + end |
| 52 | + |
| 53 | + it "returns the remote address" do |
| 54 | + ref = mod.parse_jmx_new_client_endpoint(new_client_return) |
| 55 | + expect(ref[:address]).to eq(remote_interface[:address]) |
| 56 | + end |
| 57 | + |
| 58 | + it "returns the remote port" do |
| 59 | + ref = mod.parse_jmx_new_client_endpoint(new_client_return) |
| 60 | + expect(ref[:port]).to eq(remote_interface[:port]) |
| 61 | + end |
| 62 | + |
| 63 | + it "returns the remote object number" do |
| 64 | + ref = mod.parse_jmx_new_client_endpoint(new_client_return) |
| 65 | + expect(ref[:object_number]).to eq(remote_interface[:object_number]) |
| 66 | + end |
| 67 | + |
| 68 | + it "returns the remote object unique identifier" do |
| 69 | + ref = mod.parse_jmx_new_client_endpoint(new_client_return) |
| 70 | + expect(ref[:uid]).to be_a(Rex::Proto::Rmi::Model::UniqueIdentifier) |
| 71 | + end |
| 72 | + end |
| 73 | +end |
| 74 | + |
0 commit comments