/spec/lib/rex/parser/group_policy_preferences_spec.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 165 lines · 133 code · 19 blank · 13 comment · 8 complexity · d0dadf2d6bfc870919c99a2e327e685f MD5 · raw file 

    

  1. # encoding: binary
    2. 

  2. require 'rex/parser/group_policy_preferences'
    3. 

  3. 

  4. xml_group = '
    5. 

  5. <?xml version="1.0" encoding="utf-8"?>
    6. 

  6. <Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" name="SuperSecretBackdoor" image="0" changed="2013-04-25 18:36:07" uid="{B5EDB865-34F5-4BD7-9C59-3AEB1C7A68C3}"><Properties action="C" fullName="" description="" cpassword="VBQUNbDhuVti3/GHTGHPvcno2vH3y8e8m1qALVO1H3T0rdkr2rub1smfTtqRBRI3" changeLogon="0" noChange="0" neverExpires="1" acctDisabled="0" userName="SuperSecretBackdoor"/></User>
    7. 

  7. </Groups>
    8. 

  8. '
    9. 

    10. 

  10. xml_datasrc = '
    11. 

  11. <?xml version="1.0" encoding="utf-8"?>
    12. 

  12. <DataSources clsid="{380F820F-F21B-41ac-A3CC-24D4F80F067B}"><DataSource clsid="{5C209626-D820-4d69-8D50-1FACD6214488}" userContext="1" name="test" image="0" changed="2013-04-25 20:39:08" uid="{3513F923-9661-4819-9995-91A63C7D7A65}"><Properties action="C" userDSN="0" dsn="test" driver="test" description="" username="test" cpassword="eYbbv1GZI4DZEgTXPUDspw"><Attributes><Attribute name="test" value="test"/><Attribute name="test2" value="test2"/></Attributes></Properties></DataSource>
    13. 

  13. </DataSources>
    14. 

  14. '
    15. 

    16. 

  16. xml_drive = '
    17. 

  17. <?xml version="1.0" encoding="utf-8"?>
    18. 

  18. <Drives clsid="{8FDDCC1A-0C3C-43cd-A6B4-71A6DF20DA8C}"><Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="E:" status="E:" image="0" changed="2013-04-25 20:33:02" uid="{016E2095-EAB5-43C0-8BCF-4C2655F709F5}"><Properties action="C" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="drivemap" path="drivemap" label="" persistent="0" useLetter="1" letter="E" cpassword="Lj3fkZ8E3AFAJPTSoBitKw"/></Drive>
    19. 

  19. </Drives>
    20. 

  20. '
    21. 

    22. 

  22. xml_schd = '
    23. 

  23. <?xml version="1.0" encoding="utf-8"?>
    24. 

  24. <ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}"><Task clsid="{2DEECB1C-261F-4e13-9B21-16FB83BC03BD}" name="test1" image="2" changed="2013-04-25 20:30:13" uid="{41059D76-C7B4-4D05-9679-AE7510247B1F}"><Properties action="U" name="test1" appName="notepad.exe" args="" startIn="" comment="" runAs="test1" cpassword="DdGgLn/bpUNU/QjjcNvn4A" enabled="0"><Triggers><Trigger type="DAILY" startHour="8" startMinutes="0" beginYear="2013" beginMonth="4" beginDay="25" hasEndDate="0" repeatTask="0" interval="1"/></Triggers></Properties></Task>
    25. 

  25. </ScheduledTasks>
    26. 

  26. '
    27. 

    28. 

  28. xml_serv = '
    29. 

  29. <?xml version="1.0" encoding="utf-8"?>
    30. 

  30. <NTServices clsid="{2CFB484A-4E96-4b5d-A0B6-093D2F91E6AE}"><NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="Blah" image="0" changed="2013-04-25 20:29:49" uid="{C6AE4201-9F99-46AB-93C2-9D734D87D343}"><Properties startupType="NOCHANGE" serviceName="Blah" timeout="30" accountName="bob" cpassword="OQWR9sf5FTlGgh8SJX31ug"/></NTService>
    31. 

  31. </NTServices>
    32. 

  32. '
    33. 

    34. 

  34. xml_ms = '
    35. 

  35. <?xml version="1.0" encoding="utf-8"?>
    36. 

  36. <Groups   clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}" 
    37. 

  37.           disabled="1">
    38. 

  38.   <User   clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" 
    39. 

  39.           name="DbAdmin" 
    40. 

  40.           image="2" 
    41. 

  41.           changed="2007-07-06 20:45:20" 
    42. 

  42.           uid="{253F4D90-150A-4EFB-BCC8-6E894A9105F7}">
    43. 

  43.     <Properties 
    44. 

  44.           action="U" 
    45. 

  45.           newName="" 
    46. 

  46.           fullName="Database Admin" 
    47. 

  47.           description="Local Database Admin" 
    48. 

  48.           cpassword="demo" 
    49. 

  49.           changeLogon="0" 
    50. 

  50.           noChange="0" 
    51. 

  51.           neverExpires="0" 
    52. 

  52.           acctDisabled="1" 
    53. 

  53.           userName="DbAdmin"/>
    54. 

  54.   </User>
    55. 

  55.   <Group  clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" 
    56. 

  56.           name="Database Admins" 
    57. 

  57.           image="2" 
    58. 

  58.           changed="2007-07-06 20:46:21" 
    59. 

  59.           uid="{C5FB3901-508A-4A9E-9171-60D4FC2B404B}">
    60. 

  60.     <Properties 
    61. 

  61.           action="U" 
    62. 

  62.           newName="" 
    63. 

  63.           description="Local Database Admins" 
    64. 

  64.           userAction="REMOVE" 
    65. 

  65.           deleteAllUsers="1" 
    66. 

  66.           deleteAllGroups="1" 
    67. 

  67.           removeAccounts="0" 
    68. 

  68.           groupName="Database Admins">
    69. 

  69.       <Members>
    70. 

  70.         <Member 
    71. 

  71.           name="domain\sampleuser" 
    72. 

  72.           action="ADD" 
    73. 

  73.           sid=""/>
    74. 

  74.       </Members>
    75. 

  75.     </Properties>
    76. 

  76.   </Group>
    77. 

  77. </Groups>
    78. 

  78. '
    79. 

    80. 

  80. # Win2k8 appears to append some junk padding in some cases
    81. 

  81. cpassword_win2k8 = []
    82. 

  82. # Win2k8R2 -          EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wEMON8tIIslS6707RU1F7Bh
    83. 

  83. cpassword_win2k8 << ['EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wEMON8tIIslS6707RU1F7BhTµkp', 'N3v3rGunnaG!veYo']
    84. 

  84. cpassword_win2k8 << ['EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wGSwOI7Be//GJdxd5YYXUQHTµkp', 'N3v3rGunnaG!veYou']
    85. 

  85. # Win2k8R2 -          EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wFSuDccBEp/4l5EuKnwF0WS
    86. 

  86. cpassword_win2k8 << ['EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wFSuDccBEp/4l5EuKnwF0WS»YÂVAA', 'N3v3rGunnaG!veYouUp']
    87. 

  87. cpassword_normal = "j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw"
    88. 

  88. cpassword_bad = "blah"
    89. 

  89. 

  90. describe Rex::Parser::GPP do
    91. 

  91.   GPP = Rex::Parser::GPP
    92. 

  92.   
    93. 

  93.   ##
    94. 

  94.   # Decrypt
    95. 

  95.   ##
    96. 

  96.   it "Decrypt returns Local*P4ssword! for normal cpassword" do
    97. 

  97.     result = GPP.decrypt(cpassword_normal) 
    98. 

  98.     result.should eq("Local*P4ssword!")
    99. 

  99.   end
    100. 

  100. 

  101.   it "Decrypt returns blank for bad cpassword" do
    102. 

  102.     result = GPP.decrypt(cpassword_bad)
    103. 

  103.     result.should eq("")
    104. 

  104.   end
    105. 

  105.   
    106. 

  106.   it "Decrypt returns blank for nil cpassword" do
    107. 

  107.     result = GPP.decrypt(nil)
    108. 

  108.     result.should eq("")
    109. 

  109.   end
    110. 

  110. 

  111.   it 'Decrypts a cpassword containing junk padding' do
    112. 

  112.     cpassword_win2k8.each do |encrypted, expected|
    113. 

  113.       result = GPP.decrypt(encrypted)
    114. 

  114.       result.should eq(expected)
    115. 

  115.     end
    116. 

  116.   end
    117. 

  117. 

  118.   ##
    119. 

  119.   # Parse
    120. 

  120.   ##
    121. 

  121. 

  122.   it "Parse returns empty [] for nil" do
    123. 

  123.     GPP.parse(nil).should be_empty
    124. 

  124.   end
    125. 

  125. 

  126.   it "Parse returns results for xml_ms and password is empty" do
    127. 

  127.     results = GPP.parse(xml_ms)
    128. 

  128.     results.should_not be_empty
    129. 

  129.     results[0][:PASS].should be_empty
    130. 

  130.   end
    131. 

  131. 

  132.   it "Parse returns results for xml_datasrc, and attributes, and password is test1" do
    133. 

  133.     results = GPP.parse(xml_datasrc)
    134. 

  134.     results.should_not be_empty
    135. 

  135.     results[0].include?(:ATTRIBUTES).should be_true
    136. 

  136.     results[0][:ATTRIBUTES].should_not be_empty
    137. 

  137.     results[0][:PASS].should eq("test")
    138. 

  138.   end
    139. 

  139. 

  140.   xmls = []
    141. 

  141.   xmls << xml_group
    142. 

  142.   xmls << xml_drive
    143. 

  143.   xmls << xml_schd
    144. 

  144.   xmls << xml_serv
    145. 

  145.   xmls << xml_datasrc
    146. 

  146. 

  147.   it "Parse returns results for all good xmls and passwords" do
    148. 

  148.     xmls.each do |xml|
    149. 

  149.       results = GPP.parse(xml)
    150. 

  150.       results.should_not be_empty
    151. 

  151.       results[0][:PASS].should_not be_empty
    152. 

  152.     end
    153. 

  153.   end
    154. 

  154. 

  155.   ##
    156. 

  156.   # Create_Tables
    157. 

  157.   ##
    158. 

  158.   it "Create_tables returns tables for all good xmls" do
    159. 

  159.     xmls.each do |xml|
    160. 

  160.       results = GPP.parse(xml)
    161. 

  161.       tables = GPP.create_tables(results, "test")
    162. 

  162.       tables.should_not be_empty
    163. 

  163.     end
    164. 

  164.   end
    165. 

  165. end
    166.