r3set
/
MetaSploitFraemwork
镜像来自 https://github.com/rapid7/metasploit-framework


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
							require 'spec_helper'
require 'msf/core/encoded_payload'

RSpec.describe Msf::EncodedPayload do
  include_context 'Msf::Simple::Framework#modules loading'

  before do
    ancestor_reference_names = [
      # Excellent rank
      'x86/shikata_ga_nai',
      # Great rank
      'x86/call4_dword_xor',
      'x86/xor_dynamic',
      'generic/none',
    ]
    expect_to_load_module_ancestors(
      ancestor_reference_names: ancestor_reference_names,
      module_type: 'encoder',
      modules_path: modules_path,
    )

    # Improve test performance - return only the test modules that we're interested in
    allow(framework.encoders).to receive(:rank_modules).and_wrap_original do |original, *args|
      ranked_modules = original.call(*args)

      ranked_modules.select do |ref_name, _metadata|
        ancestor_reference_names.include?(ref_name)
      end
    end
  end

  let(:ancestor_reference_names) {
    # A module that doesn't require any datastore junk to generate
    %w{singles/linux/x86/shell_bind_tcp}
  }

  let(:module_type) {
    'payload'
  }

  let(:reference_name) {
    'linux/x86/shell_bind_tcp'
  }

  let(:payload) {
    load_and_create_module(
        ancestor_reference_names: ancestor_reference_names,
        module_type: module_type,
        reference_name: reference_name
    )
  }

  subject(:encoded_payload) do
    described_class.new(framework, payload, reqs)
  end

  let(:badchars) { nil }
  let(:reqs) { { 'BadChars' => badchars } }

  it 'is an Msf::EncodedPayload' do
    expect(encoded_payload).to be_a(described_class)
  end

  describe '.create' do
    subject(:encoded_payload) do
      described_class.create(payload, { 'BadChars' => badchars } )
    end

    specify { expect(encoded_payload).to respond_to(:encoded) }

    it 'is an Msf::EncodedPayload' do
      expect(encoded_payload).to be_a(described_class)
    end

    context 'when passed a valid payload instance' do
      # don't ever actually generate payload bytes
      before(:example) do
        allow_any_instance_of(described_class).to receive(:generate)
      end

      it 'returns an Msf::EncodedPayload instance' do
        expect(encoded_payload).to be_a(described_class)
      end

    end

  end

  describe '#arch' do
    context 'when payload is linux/x86 reverse tcp' do
      let(:ancestor_reference_names) {
        %w{singles/linux/x86/shell_reverse_tcp}
      }

      let(:reference_name) {
        'linux/x86/shell_reverse_tcp'
      }

      it 'returns ["X86"]' do
        expect(encoded_payload.arch).to eq [ARCH_X86]
      end
    end

    context 'when payload is linux/x64 reverse tcp' do
      let(:ancestor_reference_names) {
        %w{singles/linux/x64/shell_reverse_tcp}
      }

      let(:reference_name) {
        'linux/x64/shell_reverse_tcp'
      }

      it 'returns ["X86_64"]' do
        expect(encoded_payload.arch).to eq [ARCH_X64]
      end
    end
  end

  describe '#generate' do
    let!(:generate) { encoded_payload.generate }

    context 'with no badchars' do
      let(:badchars) { nil }

      specify 'returns the raw value' do
        expect(encoded_payload.generate("RAW")).to eql("RAW")
      end

    end

    context 'with bad characters: "\\0"' do
      let(:badchars) { "\0".force_encoding('binary') }

      context 'when the payload contains the bad characters' do
        specify 'chooses x86/shikata_ga_nai' do
          expect(encoded_payload.encoder.refname).to eq("x86/shikata_ga_nai")
        end

        specify do
          expect(encoded_payload.encoded).not_to include(badchars)
        end
      end

      context 'when the payload does not contain the bad characters' do
        specify 'returns the raw value' do
          expect(encoded_payload.generate("RAW")).to eql("RAW")
        end
      end

    end
    context 'with bad characters: "\\xD9\\x00"' do
      let(:badchars) { "\xD9\x00".force_encoding('binary') }

      specify 'chooses x86/xor_dynamic' do
        expect(encoded_payload.encoder.refname).to eq("x86/xor_dynamic")
      end

      specify do
        expect(encoded_payload.encoded).not_to include(badchars)
      end

    end
    context 'with windows/meterpreter_bind_tcp and bad characters: "\\x00\\x0a\\x0d"' do
      let(:badchars) { "\x00\x0a\x0d".force_encoding('binary') }
      let(:ancestor_reference_names) {
        %w{singles/windows/meterpreter_bind_tcp}
      }

      let(:reference_name) {
        'windows/meterpreter_bind_tcp'
      }

      specify 'chooses x86/xor_dynamic' do
        expect(encoded_payload.encoder.refname).to eq("x86/xor_dynamic")
      end

      specify do
        expect(encoded_payload.encoded).not_to include(badchars)
      end

    end

  end

end