/spec/lib/rex/parser/group_policy_preferences_spec.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 165 lines · 133 code · 19 blank · 13 comment · 8 complexity · d0dadf2d6bfc870919c99a2e327e685f MD5 · raw file

  1. # encoding: binary
  2. require 'rex/parser/group_policy_preferences'
  3. xml_group = '
  4. <?xml version="1.0" encoding="utf-8"?>
  5. <Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" name="SuperSecretBackdoor" image="0" changed="2013-04-25 18:36:07" uid="{B5EDB865-34F5-4BD7-9C59-3AEB1C7A68C3}"><Properties action="C" fullName="" description="" cpassword="VBQUNbDhuVti3/GHTGHPvcno2vH3y8e8m1qALVO1H3T0rdkr2rub1smfTtqRBRI3" changeLogon="0" noChange="0" neverExpires="1" acctDisabled="0" userName="SuperSecretBackdoor"/></User>
  6. </Groups>
  7. '
  8. xml_datasrc = '
  9. <?xml version="1.0" encoding="utf-8"?>
  10. <DataSources clsid="{380F820F-F21B-41ac-A3CC-24D4F80F067B}"><DataSource clsid="{5C209626-D820-4d69-8D50-1FACD6214488}" userContext="1" name="test" image="0" changed="2013-04-25 20:39:08" uid="{3513F923-9661-4819-9995-91A63C7D7A65}"><Properties action="C" userDSN="0" dsn="test" driver="test" description="" username="test" cpassword="eYbbv1GZI4DZEgTXPUDspw"><Attributes><Attribute name="test" value="test"/><Attribute name="test2" value="test2"/></Attributes></Properties></DataSource>
  11. </DataSources>
  12. '
  13. xml_drive = '
  14. <?xml version="1.0" encoding="utf-8"?>
  15. <Drives clsid="{8FDDCC1A-0C3C-43cd-A6B4-71A6DF20DA8C}"><Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="E:" status="E:" image="0" changed="2013-04-25 20:33:02" uid="{016E2095-EAB5-43C0-8BCF-4C2655F709F5}"><Properties action="C" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="drivemap" path="drivemap" label="" persistent="0" useLetter="1" letter="E" cpassword="Lj3fkZ8E3AFAJPTSoBitKw"/></Drive>
  16. </Drives>
  17. '
  18. xml_schd = '
  19. <?xml version="1.0" encoding="utf-8"?>
  20. <ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}"><Task clsid="{2DEECB1C-261F-4e13-9B21-16FB83BC03BD}" name="test1" image="2" changed="2013-04-25 20:30:13" uid="{41059D76-C7B4-4D05-9679-AE7510247B1F}"><Properties action="U" name="test1" appName="notepad.exe" args="" startIn="" comment="" runAs="test1" cpassword="DdGgLn/bpUNU/QjjcNvn4A" enabled="0"><Triggers><Trigger type="DAILY" startHour="8" startMinutes="0" beginYear="2013" beginMonth="4" beginDay="25" hasEndDate="0" repeatTask="0" interval="1"/></Triggers></Properties></Task>
  21. </ScheduledTasks>
  22. '
  23. xml_serv = '
  24. <?xml version="1.0" encoding="utf-8"?>
  25. <NTServices clsid="{2CFB484A-4E96-4b5d-A0B6-093D2F91E6AE}"><NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="Blah" image="0" changed="2013-04-25 20:29:49" uid="{C6AE4201-9F99-46AB-93C2-9D734D87D343}"><Properties startupType="NOCHANGE" serviceName="Blah" timeout="30" accountName="bob" cpassword="OQWR9sf5FTlGgh8SJX31ug"/></NTService>
  26. </NTServices>
  27. '
  28. xml_ms = '
  29. <?xml version="1.0" encoding="utf-8"?>
  30. <Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"
  31. disabled="1">
  32. <User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}"
  33. name="DbAdmin"
  34. image="2"
  35. changed="2007-07-06 20:45:20"
  36. uid="{253F4D90-150A-4EFB-BCC8-6E894A9105F7}">
  37. <Properties
  38. action="U"
  39. newName=""
  40. fullName="Database Admin"
  41. description="Local Database Admin"
  42. cpassword="demo"
  43. changeLogon="0"
  44. noChange="0"
  45. neverExpires="0"
  46. acctDisabled="1"
  47. userName="DbAdmin"/>
  48. </User>
  49. <Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}"
  50. name="Database Admins"
  51. image="2"
  52. changed="2007-07-06 20:46:21"
  53. uid="{C5FB3901-508A-4A9E-9171-60D4FC2B404B}">
  54. <Properties
  55. action="U"
  56. newName=""
  57. description="Local Database Admins"
  58. userAction="REMOVE"
  59. deleteAllUsers="1"
  60. deleteAllGroups="1"
  61. removeAccounts="0"
  62. groupName="Database Admins">
  63. <Members>
  64. <Member
  65. name="domain\sampleuser"
  66. action="ADD"
  67. sid=""/>
  68. </Members>
  69. </Properties>
  70. </Group>
  71. </Groups>
  72. '
  73. # Win2k8 appears to append some junk padding in some cases
  74. cpassword_win2k8 = []
  75. # Win2k8R2 - EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wEMON8tIIslS6707RU1F7Bh
  76. cpassword_win2k8 << ['EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wEMON8tIIslS6707RU1F7BhTµkp', 'N3v3rGunnaG!veYo']
  77. cpassword_win2k8 << ['EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wGSwOI7Be//GJdxd5YYXUQHTµkp', 'N3v3rGunnaG!veYou']
  78. # Win2k8R2 - EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wFSuDccBEp/4l5EuKnwF0WS
  79. cpassword_win2k8 << ['EqWFlA4kn2T6PHvGi09M7seHuqCYK/slkJWIl7mK+wFSuDccBEp/4l5EuKnwF0WS»YÂVAA', 'N3v3rGunnaG!veYouUp']
  80. cpassword_normal = "j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw"
  81. cpassword_bad = "blah"
  82. describe Rex::Parser::GPP do
  83. GPP = Rex::Parser::GPP
  84. ##
  85. # Decrypt
  86. ##
  87. it "Decrypt returns Local*P4ssword! for normal cpassword" do
  88. result = GPP.decrypt(cpassword_normal)
  89. result.should eq("Local*P4ssword!")
  90. end
  91. it "Decrypt returns blank for bad cpassword" do
  92. result = GPP.decrypt(cpassword_bad)
  93. result.should eq("")
  94. end
  95. it "Decrypt returns blank for nil cpassword" do
  96. result = GPP.decrypt(nil)
  97. result.should eq("")
  98. end
  99. it 'Decrypts a cpassword containing junk padding' do
  100. cpassword_win2k8.each do |encrypted, expected|
  101. result = GPP.decrypt(encrypted)
  102. result.should eq(expected)
  103. end
  104. end
  105. ##
  106. # Parse
  107. ##
  108. it "Parse returns empty [] for nil" do
  109. GPP.parse(nil).should be_empty
  110. end
  111. it "Parse returns results for xml_ms and password is empty" do
  112. results = GPP.parse(xml_ms)
  113. results.should_not be_empty
  114. results[0][:PASS].should be_empty
  115. end
  116. it "Parse returns results for xml_datasrc, and attributes, and password is test1" do
  117. results = GPP.parse(xml_datasrc)
  118. results.should_not be_empty
  119. results[0].include?(:ATTRIBUTES).should be_true
  120. results[0][:ATTRIBUTES].should_not be_empty
  121. results[0][:PASS].should eq("test")
  122. end
  123. xmls = []
  124. xmls << xml_group
  125. xmls << xml_drive
  126. xmls << xml_schd
  127. xmls << xml_serv
  128. xmls << xml_datasrc
  129. it "Parse returns results for all good xmls and passwords" do
  130. xmls.each do |xml|
  131. results = GPP.parse(xml)
  132. results.should_not be_empty
  133. results[0][:PASS].should_not be_empty
  134. end
  135. end
  136. ##
  137. # Create_Tables
  138. ##
  139. it "Create_tables returns tables for all good xmls" do
  140. xmls.each do |xml|
  141. results = GPP.parse(xml)
  142. tables = GPP.create_tables(results, "test")
  143. tables.should_not be_empty
  144. end
  145. end
  146. end