|
98 | 98 | Metasploit::Framework::Credential.new(public: "foo", private: "bar"), |
99 | 99 | ) |
100 | 100 | end |
| 101 | + |
| 102 | + # REMOVE BEFORE COMMIT: question for the userpass file: do we want to make options work with it or not? |
101 | 103 | end |
102 | 104 |
|
103 | 105 | context "when given a pass_file and user_file" do |
|
311 | 313 | Metasploit::Framework::Credential.new(public: username, private: password), |
312 | 314 | ) |
313 | 315 | end |
| 316 | + |
| 317 | + context "when using password spraying" do |
| 318 | + let(:password_spray) { true } |
| 319 | + |
| 320 | + # REMOVE BEFORE COMMIT: yields nothings, fails because of bug in method |
| 321 | + context "without password" do |
| 322 | + let(:password) { nil } |
| 323 | + specify do |
| 324 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 325 | + Metasploit::Framework::Credential.new(public: username, private: nil), |
| 326 | + ) |
| 327 | + end |
| 328 | + end |
| 329 | + end |
314 | 330 | end |
315 | 331 |
|
316 | 332 | context "when :blank_passwords is true" do |
|
323 | 339 | end |
324 | 340 | end |
325 | 341 |
|
| 342 | + context "when given additional_publics" do |
| 343 | + let(:username) { nil } |
| 344 | + let(:password) { nil } |
| 345 | + let(:additional_publics) { [ "test_public" ] } |
| 346 | + |
| 347 | + context "when :user_as_pass is true" do |
| 348 | + let(:user_as_pass) { true } |
| 349 | + |
| 350 | + # REMOVE BEFORE COMMIT currently failing |
| 351 | + specify do |
| 352 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 353 | + Metasploit::Framework::Credential.new(public: "test_public", private: "test_public"), |
| 354 | + ) |
| 355 | + end |
| 356 | + |
| 357 | + |
| 358 | + context "when using password spraying" do |
| 359 | + let(:password_spray) { true } |
| 360 | + |
| 361 | + # REMOVE BEFORE COMMIT currently failing |
| 362 | + specify do |
| 363 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 364 | + Metasploit::Framework::Credential.new(public: "test_public", private: "test_public"), |
| 365 | + ) |
| 366 | + end |
| 367 | + end |
| 368 | + end |
| 369 | + |
| 370 | + context "when :nil_passwords is true" do |
| 371 | + let(:nil_passwords) { true } |
| 372 | + |
| 373 | + # REMOVE BEFORE COMMIT: this option is ignored currently for additional_publics |
| 374 | + specify do |
| 375 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 376 | + Metasploit::Framework::Credential.new(public: "test_public", private: nil), |
| 377 | + ) |
| 378 | + end |
| 379 | + end |
| 380 | + |
| 381 | + context "when using password spraying" do |
| 382 | + let(:password_spray) { true } |
| 383 | + |
| 384 | + context "when :blank_passwords and :nil_password are true" do |
| 385 | + let(:blank_passwords) { true } |
| 386 | + let(:nil_passwords) { true } |
| 387 | + |
| 388 | + context "with 2 additional_publics" do |
| 389 | + let(:additional_publics) { [ "test_public1", "test_public2" ] } |
| 390 | + |
| 391 | + # REMOVE BEFORE COMMIT: fails because no pwd spraying |
| 392 | + specify do |
| 393 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 394 | + Metasploit::Framework::Credential.new(public: "test_public1", private: ""), |
| 395 | + Metasploit::Framework::Credential.new(public: "test_public2", private: ""), |
| 396 | + Metasploit::Framework::Credential.new(public: "test_public1", private: nil), |
| 397 | + Metasploit::Framework::Credential.new(public: "test_public2", private: nil), |
| 398 | + ) |
| 399 | + end |
| 400 | + end |
| 401 | + end |
| 402 | + |
| 403 | + context "when given a user file" do |
| 404 | + let(:user_file) do |
| 405 | + filename = "user_file" |
| 406 | + stub_file = StringIO.new("asdf\njkl\n") |
| 407 | + allow(File).to receive(:open).with(filename, /^r/).and_return stub_file |
| 408 | + |
| 409 | + filename |
| 410 | + end |
| 411 | + |
| 412 | + # REMOVE BEFORE COMMIT: this also yields the usernames as passwords for the additional_public |
| 413 | + context "when given a password" do |
| 414 | + let(:password) { "password" } |
| 415 | + |
| 416 | + specify do |
| 417 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 418 | + Metasploit::Framework::Credential.new(public: "adsf", private: "password"), |
| 419 | + Metasploit::Framework::Credential.new(public: "jkl", private: "password"), |
| 420 | + Metasploit::Framework::Credential.new(public: "test_public", private: "password"), |
| 421 | + ) |
| 422 | + end |
| 423 | + end |
| 424 | + end |
| 425 | + end |
| 426 | + end |
| 427 | + |
| 428 | + context "when using password spraying" do |
| 429 | + let(:password_spray) { true } |
| 430 | + let(:username) { nil } |
| 431 | + let(:password) { nil } |
| 432 | + |
| 433 | + context "when :blank_passwords is true" do |
| 434 | + let(:blank_passwords) { true } |
| 435 | + |
| 436 | + context "with password (but no username)" do |
| 437 | + let(:password) { "pass" } |
| 438 | + |
| 439 | + # REMOVE BEFORE COMMIT: this yields empty creds (no username, no pass) |
| 440 | + specify do |
| 441 | + expect { |b| collection.each(&b) }.to yield_successive_args() |
| 442 | + end |
| 443 | + end |
| 444 | + |
| 445 | + # REMOVE BEFORE COMMIT: yields nothings, fails because of bug in method |
| 446 | + context "with username (but no password)" do |
| 447 | + let(:username) { "user" } |
| 448 | + |
| 449 | + specify do |
| 450 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 451 | + Metasploit::Framework::Credential.new(public: username, private: ''), |
| 452 | + ) |
| 453 | + end |
| 454 | + end |
| 455 | + |
| 456 | + context "when given a user_file" do |
| 457 | + let(:user_file) do |
| 458 | + filename = "foo" |
| 459 | + stub_file = StringIO.new("asdf\njkl\n") |
| 460 | + allow(File).to receive(:open).with(filename,/^r/).and_return stub_file |
| 461 | + |
| 462 | + filename |
| 463 | + end |
| 464 | + |
| 465 | + # REMOVE BEFORE COMMIT: yields nothing, same for blank passwords option |
| 466 | + specify do |
| 467 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 468 | + Metasploit::Framework::Credential.new(public: "asdf", private: ''), |
| 469 | + Metasploit::Framework::Credential.new(public: "jkl", private: ''), |
| 470 | + ) |
| 471 | + end |
| 472 | + end |
| 473 | + end |
| 474 | + end |
| 475 | + |
| 476 | + context "when every possible option is used" do |
| 477 | + let(:nil_passwords) { true } |
| 478 | + let(:blank_passwords) { true } |
| 479 | + let(:username) { "user" } |
| 480 | + let(:password) { "pass" } |
| 481 | + let(:user_file) do |
| 482 | + filename = "user_file" |
| 483 | + stub_file = StringIO.new("userfile") |
| 484 | + allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file |
| 485 | + |
| 486 | + filename |
| 487 | + end |
| 488 | + let(:pass_file) do |
| 489 | + filename = "pass_file" |
| 490 | + stub_file = StringIO.new("passfile\n") |
| 491 | + allow(File).to receive(:open).with(filename,/^r/).and_return stub_file |
| 492 | + |
| 493 | + filename |
| 494 | + end |
| 495 | + let(:user_as_pass) { false } |
| 496 | + let(:userpass_file) do |
| 497 | + filename = "userpass_file" |
| 498 | + stub_file = StringIO.new("userpass_user userpass_pass\n") |
| 499 | + allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file |
| 500 | + |
| 501 | + filename |
| 502 | + end |
| 503 | + let(:prepended_creds) { ['test_prepend'] } |
| 504 | + let(:additional_privates) { ['test_private'] } |
| 505 | + let(:additional_publics) { ['test_public'] } |
| 506 | + |
| 507 | + # REMOVE BEFORE COMMIT: fails because of the useraspass error, then fails because of the nil value for addiitonal publics and should be ok then |
| 508 | + specify do |
| 509 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 510 | + "test_prepend", |
| 511 | + Metasploit::Framework::Credential.new(public: "user", private: nil), |
| 512 | + Metasploit::Framework::Credential.new(public: "user", private: "pass"), |
| 513 | + Metasploit::Framework::Credential.new(public: "user", private: "user"), |
| 514 | + Metasploit::Framework::Credential.new(public: "user", private: ""), |
| 515 | + Metasploit::Framework::Credential.new(public: "user", private: "passfile"), |
| 516 | + Metasploit::Framework::Credential.new(public: "user", private: "test_private"), |
| 517 | + Metasploit::Framework::Credential.new(public: "userfile", private: nil), |
| 518 | + Metasploit::Framework::Credential.new(public: "userfile", private: "pass"), |
| 519 | + Metasploit::Framework::Credential.new(public: "userfile", private: "userfile"), |
| 520 | + Metasploit::Framework::Credential.new(public: "userfile", private: ""), |
| 521 | + Metasploit::Framework::Credential.new(public: "userfile", private: "passfile"), |
| 522 | + Metasploit::Framework::Credential.new(public: "userfile", private: "test_private"), |
| 523 | + Metasploit::Framework::Credential.new(public: "userpass_user", private: "userpass_pass"), |
| 524 | + Metasploit::Framework::Credential.new(public: "test_public", private: nil), # missing this case |
| 525 | + Metasploit::Framework::Credential.new(public: "test_public", private: "pass"), |
| 526 | + Metasploit::Framework::Credential.new(public: "test_public", private: "test_public"), |
| 527 | + Metasploit::Framework::Credential.new(public: "test_public", private: ""), |
| 528 | + Metasploit::Framework::Credential.new(public: "test_public", private: "passfile"), |
| 529 | + Metasploit::Framework::Credential.new(public: "test_public", private: "test_private") |
| 530 | + ) |
| 531 | + end |
| 532 | + |
| 533 | + context "when using password spraying" do |
| 534 | + let(:password_spray) { true } |
| 535 | + let(:user_file) do |
| 536 | + filename = "user_file" |
| 537 | + stub_file = StringIO.new("userfile") |
| 538 | + allow(File).to receive(:open).with(filename,/^r/).and_return stub_file |
| 539 | + |
| 540 | + filename |
| 541 | + end |
| 542 | + let(:pass_file) do |
| 543 | + filename = "pass_file" |
| 544 | + stub_file = StringIO.new("passfile\n") |
| 545 | + allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file |
| 546 | + |
| 547 | + filename |
| 548 | + end |
| 549 | + |
| 550 | + specify do |
| 551 | + expect { |b| collection.each(&b) }.to yield_successive_args( |
| 552 | + "test_prepend", |
| 553 | + Metasploit::Framework::Credential.new(public: "user", private: nil), |
| 554 | + Metasploit::Framework::Credential.new(public: "userfile", private: nil), |
| 555 | + Metasploit::Framework::Credential.new(public: "test_public", private: nil), |
| 556 | + Metasploit::Framework::Credential.new(public: "user", private: "pass"), |
| 557 | + Metasploit::Framework::Credential.new(public: "userfile", private: "pass"), |
| 558 | + Metasploit::Framework::Credential.new(public: "test_public", private: "pass"), |
| 559 | + Metasploit::Framework::Credential.new(public: "user", private: "user"), |
| 560 | + Metasploit::Framework::Credential.new(public: "userfile", private: "userfile"), |
| 561 | + Metasploit::Framework::Credential.new(public: "test_public", private: "test_public"), |
| 562 | + Metasploit::Framework::Credential.new(public: "user", private: ""), |
| 563 | + Metasploit::Framework::Credential.new(public: "userfile", private: ""), |
| 564 | + Metasploit::Framework::Credential.new(public: "test_public", private: ""), |
| 565 | + Metasploit::Framework::Credential.new(public: "user", private: "passfile"), |
| 566 | + Metasploit::Framework::Credential.new(public: "userfile", private: "passfile"), |
| 567 | + Metasploit::Framework::Credential.new(public: "test_public", private: "passfile"), |
| 568 | + Metasploit::Framework::Credential.new(public: "userpass_user", private: "userpass_pass"), |
| 569 | + Metasploit::Framework::Credential.new(public: "user", private: "test_private"), |
| 570 | + Metasploit::Framework::Credential.new(public: "userfile", private: "test_private"), |
| 571 | + Metasploit::Framework::Credential.new(public: "test_public", private: "test_private"), |
| 572 | + ) |
| 573 | + end |
| 574 | + end |
| 575 | + end |
326 | 576 | end |
327 | 577 |
|
328 | 578 | describe "#empty?" do |
|
0 commit comments