Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
load Metasploit::Framework.root.join('tools/password/md5_lookup.rb').to_path
2
require 'spec_helper'
3

4
require 'stringio'
5

6
RSpec.describe Md5LookupUtility do
7

8
  #
9
  # Init some data
10
  #
11

12
  let(:input_data) do
13
    '098f6bcd4621d373cade4e832627b4f6'
14
  end
15

16
  let(:bad_input_data) do
17
    ''
18
  end
19

20
  let(:good_result) do
21
    'test'
22
  end
23

24
  let(:empty_result) do
25
    ''
26
  end
27

28
  let(:good_json_response) do
29
    %Q|{ "status":true, "result":"test", "message":"" }|
30
  end
31

32
  let(:bad_json_response) do
33
    %Q|{ "status":false, "result":"", "message":"not found" }|
34
  end
35

36
  let(:db_source) do
37
    'i337.net'
38
  end
39

40
  let(:input_file) do
41
    'input.txt'
42
  end
43

44
  let(:output_file) do
45
    'output.txt'
46
  end
47

48
  let(:options) do
49
    {
50
      :databases => [db_source],
51
      :outfile   => output_file,
52
      :input     => input_file
53
    }
54
  end
55

56
  subject do
57
    Md5LookupUtility::Md5Lookup.new
58
  end
59

60
  def set_expected_response(body)
61
    res = Rex::Proto::Http::Response.new
62
    res.code = 200
63
    res.body = body
64
    res
65
  end
66

67
  def set_send_request_cgi(body)
68
    allow(subject).to receive(:send_request_cgi) do |opts|
69
      set_expected_response(body)
70
    end
71
  end
72

73
  #
74
  # Tests start here
75
  #
76

77

78
  describe Md5LookupUtility::Disclaimer do
79

80
    let(:group_name)   { 'MD5Lookup' }
81
    let(:setting_name) { 'waiver' }
82
    let(:data)         { true }
83
    let(:t_path)       { 'filepath' }
84

85
    def stub_save
86
      ini = Rex::Parser::Ini.new(t_path)
87
      allow(ini).to receive(:to_file).with(any_args)
88
      allow(Rex::Parser::Ini).to receive(:new).and_return(ini)
89
      return ini
90
    end
91

92
    def stub_load(with_setting=true)
93
      if with_setting
94
        ini = stub_save
95
        disclaimer.save_waiver
96
      else
97
        ini = Rex::Parser::Ini.new(t_path)
98
      end
99

100
      allow(Rex::Parser::Ini).to receive(:new).and_return(ini)
101
      return ini
102
    end
103

104
    subject(:disclaimer) do
105
      Md5LookupUtility::Disclaimer.new
106
    end
107

108
    describe '#ack' do
109
      context 'When \'Y\' is entered' do
110
        it 'returns true' do
111
          agree = "Y\n"
112
          allow($stdin).to receive(:gets).and_return(agree)
113
          get_stdout { expect(disclaimer.ack).to be_truthy }
114
        end
115
      end
116
    end
117

118
    describe '#save_waiver' do
119
      context 'when waiver is true' do
120
        it 'saves the wavier setting' do
121
          ini = stub_save
122
          disclaimer.save_waiver
123
          expect(ini[group_name]).to eq({setting_name=>true})
124
        end
125
      end
126
    end
127

128
    describe '#has_waiver?' do
129
      context 'when there is a waiver' do
130
        it 'returns true' do
131
          ini = stub_load(true)
132
          expect(disclaimer.send(:has_waiver?)).to be_truthy
133
        end
134
      end
135

136
      context 'when there is no waiver' do
137
        it 'returns false' do
138
          ini = stub_load(false)
139
          expect(disclaimer.send(:has_waiver?)).to be_falsey
140
        end
141
      end
142
    end
143

144
    describe '#save_setting' do
145
      context 'when a setting is given' do
146
        it 'saves the setting' do
147
          ini = stub_save
148
          disclaimer.send(:save_setting, setting_name, data)
149
          expect(ini[group_name]).to eq({setting_name=>true})
150
        end
151
      end
152
    end
153

154
    describe '#load_setting' do
155
    end
156

157
  end
158

159

160
  describe Md5LookupUtility::Md5Lookup do
161

162
    describe '.new' do
163
      it 'returns a Md5LookupUtility::Md5Lookup instance' do
164
        expect(subject).to be_a(Md5LookupUtility::Md5Lookup)
165
      end
166
    end
167

168
    describe '#lookup' do
169

170
      context 'when a hash is found' do
171
        it 'returns the cracked result' do
172
          set_send_request_cgi(good_json_response)
173
          expect(subject.lookup(input_data, db_source)).to eq(good_result)
174
        end
175
      end
176

177
      context 'when a hash is not found' do
178
        it 'returns an empty result' do
179
          set_send_request_cgi(bad_json_response)
180
          expect(subject.lookup(input_data, db_source)).to eq(empty_result)
181
        end
182
      end
183
    end
184

185
    describe '#get_json_results' do
186
      context 'when JSON contains the found result' do
187
        it 'returns the cracked result' do
188
          res = set_expected_response(good_json_response)
189
          expect(subject.send(:get_json_result, res)).to eq(good_result)
190
        end
191
      end
192

193
      context 'when there is no JSON data' do
194
        it 'returns an empty result' do
195
          res = set_expected_response('')
196
          expect(subject.send(:get_json_result, res)).to eq(empty_result)
197
        end
198
      end
199
    end
200

201
  end
202

203

204
  describe Md5LookupUtility::Driver do
205

206
    let(:expected_result) {
207
      {
208
        :hash         => input_data,
209
        :cracked_hash => good_result,
210
        :credit       => db_source
211
      }
212
    }
213

214
    before(:example) do
215
      expect(Md5LookupUtility::OptsConsole).to receive(:parse).with(any_args).and_return(options)
216
      allow(File).to receive(:open).with(input_file, 'rb').and_yield(StringIO.new(input_data))
217
      allow(File).to receive(:new).with(output_file, 'wb').and_return(StringIO.new)
218
    end
219

220
    subject do
221
      Md5LookupUtility::Driver.new
222
    end
223

224
    describe '.new' do
225
      it 'returns a Md5LookupUtility::Driver instance' do
226
        expect(subject).to be_a(Md5LookupUtility::Driver)
227
      end
228
    end
229

230
    describe '#run' do
231
      context 'when a hash is found' do
232
        it 'prints a \'found\' message' do
233
          disclaimer = Md5LookupUtility::Disclaimer.new
234
          allow(disclaimer).to receive(:has_waiver?).and_return(true)
235
          allow(Md5LookupUtility::Disclaimer).to receive(:new).and_return(disclaimer)
236
          allow(subject).to receive(:get_hash_results).and_yield(expected_result)
237
          output = get_stdout { subject.run }
238
          expect(output).to include('Found:')
239
        end
240
      end
241
    end
242

243
    describe '#save_result' do
244
      context 'when a result is given' do
245
        it 'writes the result to file' do
246
          subject.send(:save_result, expected_result)
247
          expect(subject.instance_variable_get(:@output_handle).string).to include(good_result)
248
        end
249
      end
250
    end
251

252
    describe '#get_hash_results' do
253
      context 'when a hash is found' do
254
        it 'yields a result' do
255
          search_engine = Md5LookupUtility::Md5Lookup.new
256
          allow(search_engine).to receive(:lookup).and_return(good_result)
257
          allow(Md5LookupUtility::Md5Lookup).to receive(:new).and_return(search_engine)
258

259
          expect{ |b| subject.send(:get_hash_results, input_file, [db_source], &b) }.to yield_with_args(expected_result)
260
        end
261
      end
262
    end
263

264
    describe '#extract_hashes' do
265
      context 'when a MD5 file is supplied' do
266
        it 'yields the MD5 hash' do
267
          expect{ |b| subject.send(:extract_hashes, input_file, &b) }.to yield_with_args(input_data)
268
        end
269
      end
270

271
      context 'when an empty file is supplied' do
272
        before do
273
          allow(File).to receive(:open).with(input_file, 'rb').and_yield(StringIO.new(''))
274
        end
275

276
        it 'yields nothing' do
277
          expect{ |b| subject.send(:extract_hashes, input_file, &b) }.not_to yield_control
278
        end
279
      end
280
    end
281

282
    describe '#is_md5_format?' do
283
      context 'when a valid MD5 is given' do
284
        it 'returns true' do
285
          expect(subject.send(:is_md5_format?,input_data)).to be_truthy
286
        end
287
      end
288

289
      context 'when a non-MD5 value is given' do
290
        it 'returns false' do
291
          expect(subject.send(:is_md5_format?, bad_input_data)).to be_falsey
292
        end
293
      end
294
    end
295

296
  end
297

298

299
  describe Md5LookupUtility::OptsConsole do
300
    let(:valid_argv) { "-i #{input_file} -d all -o #{output_file}".split }
301

302
    let(:invalid_argv) { "".split }
303

304
    subject do
305
      Md5LookupUtility::OptsConsole
306
    end
307

308
    describe '.parse' do
309
      context 'when valid arguments are passed' do
310
        let(:opts) { subject.parse(valid_argv) }
311

312
        before(:example) do
313
          allow(File).to receive(:exist?).and_return(true)
314
        end
315

316
        it 'returns the input file path' do
317
          expect(opts[:input]).to eq(input_file)
318
        end
319

320
        it 'returns the output file path' do
321
          expect(opts[:outfile]).to eq(output_file)
322
        end
323

324
        it 'returns the databases in an array' do
325
          expect(opts[:databases]).to be_a(Array)
326
          expect(opts[:databases]).to include(db_source)
327
        end
328
      end
329

330
      context 'when the required input file is not set' do
331
        before(:example) do
332
          allow(File).to receive(:exist?).and_return(false)
333
        end
334

335
        it 'raises an OptionParser::MissingArgument error' do
336
          expect{subject.parse(invalid_argv)}.to raise_error(OptionParser::MissingArgument)
337
        end
338
      end
339

340
    end
341

342

343
    describe '.extract_db_names' do
344
      let(:list) {'i337,invalid'}
345
      context 'when database symbols \'i337\' and \'invalid\' are given' do
346
        it 'returns i337.net in an array' do
347
          db_names = subject.extract_db_names(list)
348
          expect(db_names).to be_a(Array)
349
          expect(db_names).to include(db_source)
350
        end
351
      end
352
    end
353

354
    describe '.get_database_symbols' do
355
      it 'returns an array' do
356
        expect(subject.get_database_symbols).to be_a(Array)
357
      end
358
    end
359

360
    describe '.get_database_names' do
361
      it 'returns an array' do
362
        expect(subject.get_database_names).to be_a(Array)
363
      end
364
    end
365
  end
366

367
end
368

369