require 'ronin/exploits/exploit' require 'spec_helper' require 'helpers/objects' describe Exploits::Exploit do before(:each) do @exploit = load_exploit('test') @payload = load_payload('example') end it "should require a name attribute" do exp2 = Exploits::Exploit.new exp2.should_not be_valid exp2.name = 'test' exp2.should be_valid end it "should have a unique name and version" do first_exp = Exploits::Exploit.create( :name => 'test2', :version => '0.0.1' ) first_exp.should be_valid second_exp = Exploits::Exploit.new( :name => 'test2', :version => '0.0.1' ) second_exp.should_not be_valid third_exp = Exploits::Exploit.new( :name => 'test2', :version => '0.0.2' ) third_exp.should be_valid end it "should not have any allowances by default" do @exploit.allows.should be_empty end it "should specify the behaviors allowed by the exploit" do @exploit.allowing :memory_read @exploit.behaviors.first.should == Vuln::Behavior[:memory_read] end it "should allow for the extending of Helper modules" do @exploit.instance_eval { helper :padding }.should == true end it "should raise an UnknownHelper when extending an unknown helper" do lambda { @exploit.instance_eval { helper :obvious_not_there } }.should raise_error(Exploits::UnknownHelper) end it "should have targeted Archs" do @exploit.targeted_archs.should == [Arch.i686, Arch.i386] end it "should have targeted OSes" do @exploit.targeted_oses.should == [ OS.linux_version('2.6.23'), OS.windows_version('7.1') ] end it "should have targeted products" do @exploit.targeted_products.all? { |product| product.name == 'ExampleWare' && product.version == '1.5' }.should == true end it "should allow the explicit selection of a target" do @exploit.select_target { |target| target.arch == Arch.i686 } @exploit.target.arch.should == Arch.i686 end it "should have a default target" do @exploit.target.should_not be_nil @exploit.target.arch.should == Arch.i686 @exploit.target.os.name.should == 'Linux' @exploit.target.os.version.should == '2.6.23' end it "should have a default targeted Arch" do @exploit.arch.should == Arch.i686 end it "should have a default targeted OS" do @exploit.os.should == OS.linux_version('2.6.23') end it "should have a default targeted Product" do @exploit.product.name.should == 'ExampleWare' @exploit.product.version.should == '1.5' end it "should be able to switch between payloads" do @exploit.payload = @payload @exploit.switch_payload('other_payload') do @exploit.payload.should == 'other_payload' end @exploit.payload.should == @payload end it "should build the payload if it is a kind of Payloads::Payload" do @exploit.payload = @payload @exploit.encode_payload! @exploit.payload.should be_built end it "should share parameters with the payload if it is a kind of Payloads::Payload" do @exploit.payload = @payload @exploit.encode_payload! @payload.var.should == @exploit.var end it "should encode a String payload" do @exploit.payload = 'data' @exploit.encode_payload! @exploit.encoded_payload.should == 'data' end it "should encode a String using encoders" do @exploit.payload = 'data' @exploit.encoders << lambda { |payload| payload.upcase } @exploit.encode_payload! @exploit.encoded_payload.should == 'DATA' end it "should ignore payload encoders which return nil" do @exploit.payload = 'data' @exploit.encoders << lambda { |payload| nil } @exploit.encode_payload! @exploit.encoded_payload.should == 'data' end it "should have 'unbuilt' and 'built' states" do @exploit.should_not be_built @exploit.build! @exploit.should be_built end it "should return the result of the builder" do @exploit.build!.should == 'result' end it "should require the exploit is built before being deployed" do lambda { @exploit.deploy! }.should raise_error(Exploits::ExploitNotBuilt) end it "should have a default deployer method" do @exploit.build! @exploit.deploy! do |exploit| @exploit.should == exploit end end it "should return the name and the version when calling to_s" do @exploit.to_s.should == 'test 0.2' end end