CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/spec/lib/metasploit/framework/credential_collection_spec.rb
Views: 1904
require 'spec_helper'1require 'metasploit/framework/credential_collection'23RSpec.describe Metasploit::Framework::CredentialCollection do45subject(:collection) do6described_class.new(7nil_passwords: nil_passwords,8blank_passwords: blank_passwords,9pass_file: pass_file,10password: password,11user_as_pass: user_as_pass,12user_file: user_file,13username: username,14userpass_file: userpass_file,15prepended_creds: prepended_creds,16additional_privates: additional_privates,17additional_publics: additional_publics,18password_spray: password_spray19)20end2122before(:each) do23# The test suite overrides File.open(...) calls; fall back to the normal behavior for any File.open calls that aren't explicitly mocked24allow(File).to receive(:open).with(anything).and_call_original25allow(File).to receive(:open).with(anything, anything).and_call_original26allow(File).to receive(:open).with(anything, anything, anything).and_call_original27end2829let(:nil_passwords) { nil }30let(:blank_passwords) { nil }31let(:username) { "user" }32let(:password) { "pass" }33let(:user_file) { nil }34let(:pass_file) { nil }35let(:user_as_pass) { nil }36let(:userpass_file) { nil }37let(:prepended_creds) { [] }38let(:additional_privates) { [] }39let(:additional_publics) { [] }40let(:password_spray) { false }4142describe "#each" do43specify do44expect { |b| collection.each(&b) }.to yield_with_args(Metasploit::Framework::Credential)45end4647context "when given a user_file and password" do48let(:username) { nil }49let(:user_file) do50filename = "foo"51stub_file = StringIO.new("asdf\njkl\n")52allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file5354filename55end5657specify do58expect { |b| collection.each(&b) }.to yield_successive_args(59Metasploit::Framework::Credential.new(public: "asdf", private: password),60Metasploit::Framework::Credential.new(public: "jkl", private: password),61)62end63end6465context "when given a pass_file and username" do66let(:password) { nil }67let(:pass_file) do68filename = "foo"69stub_file = StringIO.new("asdf\njkl\n")70allow(File).to receive(:open).with(filename,/^r/).and_return stub_file7172filename73end7475specify do76expect { |b| collection.each(&b) }.to yield_successive_args(77Metasploit::Framework::Credential.new(public: username, private: "asdf"),78Metasploit::Framework::Credential.new(public: username, private: "jkl"),79)80end81end8283context "when given a userspass_file" do84let(:username) { nil }85let(:password) { nil }86let(:userpass_file) do87filename = "foo"88stub_file = StringIO.new("asdf jkl\nfoo bar\n")89allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file9091filename92end9394specify do95expect { |b| collection.each(&b) }.to yield_successive_args(96Metasploit::Framework::Credential.new(public: "asdf", private: "jkl"),97Metasploit::Framework::Credential.new(public: "foo", private: "bar"),98)99end100end101102context "when given a pass_file and user_file" do103let(:password) { nil }104let(:username) { nil }105let(:user_file) do106filename = "user_file"107stub_file = StringIO.new("asdf\njkl\n")108allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file109110filename111end112let(:pass_file) do113filename = "pass_file"114stub_file = StringIO.new("asdf\njkl\n")115allow(File).to receive(:open).with(filename,/^r/).and_return stub_file116117filename118end119120specify do121expect { |b| collection.each(&b) }.to yield_successive_args(122Metasploit::Framework::Credential.new(public: "asdf", private: "asdf"),123Metasploit::Framework::Credential.new(public: "asdf", private: "jkl"),124Metasploit::Framework::Credential.new(public: "jkl", private: "asdf"),125Metasploit::Framework::Credential.new(public: "jkl", private: "jkl"),126)127end128end129130context "when given a pass_file and user_file and password spray" do131let(:password) { nil }132let(:username) { nil }133let(:password_spray) { true }134let(:pass_file) do135filename = "pass_file"136stub_file = StringIO.new("password1\npassword2\n")137allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file138139filename140end141let(:user_file) do142filename = "user_file"143stub_file = StringIO.new("user1\nuser2\nuser3\n")144allow(File).to receive(:open).with(filename,/^r/).and_return stub_file145146filename147end148149specify do150expect { |b| collection.each(&b) }.to yield_successive_args(151Metasploit::Framework::Credential.new(public: "user1", private: "password1"),152Metasploit::Framework::Credential.new(public: "user2", private: "password1"),153Metasploit::Framework::Credential.new(public: "user3", private: "password1"),154Metasploit::Framework::Credential.new(public: "user1", private: "password2"),155Metasploit::Framework::Credential.new(public: "user2", private: "password2"),156Metasploit::Framework::Credential.new(public: "user3", private: "password2"),157)158end159end160161context 'when given a username and password' do162let(:password) { 'password' }163let(:username) { 'root' }164165specify do166expected = [167Metasploit::Framework::Credential.new(public: 'root', private: 'password'),168]169expect { |b| collection.each(&b) }.to yield_successive_args(*expected)170end171end172173context 'when given a pass_file, user_file, password spray and a default username' do174let(:password) { nil }175let(:username) { 'root' }176let(:password_spray) { true }177let(:pass_file) do178filename = "pass_file"179stub_file = StringIO.new("password1\npassword2\n")180allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file181182filename183end184let(:user_file) do185filename = "user_file"186stub_file = StringIO.new("user1\nuser2\nuser3\n")187allow(File).to receive(:open).with(filename,/^r/).and_return stub_file188189filename190end191192specify do193expected = [194Metasploit::Framework::Credential.new(public: "root", private: "password1"),195Metasploit::Framework::Credential.new(public: "user1", private: "password1"),196Metasploit::Framework::Credential.new(public: "user2", private: "password1"),197Metasploit::Framework::Credential.new(public: "user3", private: "password1"),198Metasploit::Framework::Credential.new(public: "root", private: "password2"),199Metasploit::Framework::Credential.new(public: "user1", private: "password2"),200Metasploit::Framework::Credential.new(public: "user2", private: "password2"),201Metasploit::Framework::Credential.new(public: "user3", private: "password2"),202]203expect { |b| collection.each(&b) }.to yield_successive_args(*expected)204end205end206207context 'when given a pass_file, user_file, password spray and additional privates' do208let(:password) { nil }209let(:username) { 'root' }210let(:password_spray) { true }211let(:additional_privates) { ['foo'] }212let(:pass_file) do213filename = "pass_file"214stub_file = StringIO.new("password1\npassword2\n")215allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file216217filename218end219let(:user_file) do220filename = "user_file"221stub_file = StringIO.new("user1\nuser2\nuser3\n")222allow(File).to receive(:open).with(filename,/^r/).and_return stub_file223224filename225end226227specify do228expected = [229Metasploit::Framework::Credential.new(public: "root", private: "password1"),230Metasploit::Framework::Credential.new(public: "user1", private: "password1"),231Metasploit::Framework::Credential.new(public: "user2", private: "password1"),232Metasploit::Framework::Credential.new(public: "user3", private: "password1"),233Metasploit::Framework::Credential.new(public: "root", private: "password2"),234Metasploit::Framework::Credential.new(public: "user1", private: "password2"),235Metasploit::Framework::Credential.new(public: "user2", private: "password2"),236Metasploit::Framework::Credential.new(public: "user3", private: "password2"),237Metasploit::Framework::Credential.new(public: "root", private: "foo"),238Metasploit::Framework::Credential.new(public: "user1", private: "foo"),239Metasploit::Framework::Credential.new(public: "user2", private: "foo"),240Metasploit::Framework::Credential.new(public: "user3", private: "foo"),241]242expect { |b| collection.each(&b) }.to yield_successive_args(*expected)243end244end245246context 'when given a username, user_file and pass_file' do247let(:password) { nil }248let(:username) { 'my_username' }249let(:user_file) do250filename = "user_file"251stub_file = StringIO.new("asdf\njkl\n")252allow(File).to receive(:open).with(filename, /^r/).and_yield stub_file253254filename255end256257let(:pass_file) do258filename = "pass_file"259stub_file = StringIO.new("asdf\njkl\n")260allow(File).to receive(:open).with(filename, /^r/).and_return stub_file261262filename263end264265it do266expect { |b| collection.each(&b) }.to yield_successive_args(267Metasploit::Framework::Credential.new(public: "my_username", private: "asdf"),268Metasploit::Framework::Credential.new(public: "my_username", private: "jkl"),269Metasploit::Framework::Credential.new(public: "asdf", private: "asdf"),270Metasploit::Framework::Credential.new(public: "asdf", private: "jkl"),271Metasploit::Framework::Credential.new(public: "jkl", private: "asdf"),272Metasploit::Framework::Credential.new(public: "jkl", private: "jkl")273)274end275end276277context "when :user_as_pass is true" do278let(:user_as_pass) { true }279specify do280expect { |b| collection.each(&b) }.to yield_successive_args(281Metasploit::Framework::Credential.new(public: username, private: password),282Metasploit::Framework::Credential.new(public: username, private: username),283)284end285end286287context "when :nil_passwords is true" do288let(:nil_passwords) { true }289specify do290expect { |b| collection.each(&b) }.to yield_successive_args(291Metasploit::Framework::Credential.new(public: username, private: nil),292Metasploit::Framework::Credential.new(public: username, private: password),293)294end295end296297context "when :blank_passwords is true" do298let(:blank_passwords) { true }299specify do300expect { |b| collection.each(&b) }.to yield_successive_args(301Metasploit::Framework::Credential.new(public: username, private: password),302Metasploit::Framework::Credential.new(public: username, private: ""),303)304end305end306307end308309describe "#empty?" do310context "when only :userpass_file is set" do311let(:username) { nil }312let(:password) { nil }313let(:userpass_file) { "test_file" }314specify do315expect(collection.empty?).to eq false316end317end318319context "when :username is set" do320context "and :password is set" do321specify do322expect(collection.empty?).to eq false323end324end325326context "and :password is not set" do327let(:password) { nil }328specify do329expect(collection.empty?).to eq true330end331332context "and :nil_passwords is true" do333let(:nil_passwords) { true }334specify do335expect(collection.empty?).to eq false336end337end338339context "and :blank_passwords is true" do340let(:blank_passwords) { true }341specify do342expect(collection.empty?).to eq false343end344end345end346end347348context "when :username is not set" do349context "and :password is not set" do350let(:username) { nil }351let(:password) { nil }352specify do353expect(collection.empty?).to eq true354end355356context "and :prepended_creds is not empty" do357let(:prepended_creds) { [ "test" ] }358specify do359expect(collection.empty?).to eq false360end361end362363context "and :additional_privates is not empty" do364let(:additional_privates) { [ "test_private" ] }365specify do366expect(collection.empty?).to eq true367end368end369370context "and :additional_publics is not empty" do371let(:additional_publics) { [ "test_public" ] }372specify do373expect(collection.empty?).to eq true374end375end376end377end378end379380describe "#prepend_cred" do381specify do382prep = Metasploit::Framework::Credential.new(public: "foo", private: "bar")383collection.prepend_cred(prep)384expect { |b| collection.each(&b) }.to yield_successive_args(385prep,386Metasploit::Framework::Credential.new(public: username, private: password),387)388end389end390391end392393394