BruteForcer moved in WpUser as a module

2013-04-12 21:52:33 +02:00
parent 777f06608b
commit 7db63bb3e0
16 changed files with 280 additions and 173 deletions
--- a/spec/shared_examples/wp_target/brute_force.rb
+++ b/spec/shared_examples/wp_target/brute_force.rb
@@ -1,57 +0,0 @@
-# encoding: UTF-8
-
-shared_examples 'WpTarget::BruteForce' do
-
-  let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + '/bruteforce' }
-  let(:wordlist)     { fixtures_dir + '/wordlist.txt' }
-
-  before :each do
-    wp_target.stub(:login_url).and_return('http://example.localhost/wp-login.php')
-
-    Browser.instance.max_threads = 1
-  end
-
-  describe '#lines_in_file' do
-    it 'returns 6' do
-      lines = WpTarget::BruteForce.lines_in_file(wordlist)
-      lines.should == 6
-    end
-  end
-
-  describe '#brute_force' do
-
-    it 'gets the correct password' do
-      passwords = []
-      File.open(wordlist, 'r').each do |password|
-        # ignore comments
-        passwords << password.strip unless password.strip[0, 1] == '#'
-      end
-      # Last status must be 302 to get full code coverage
-      passwords.each do |password|
-        stub_request(:post, wp_target.login_url).
-          to_return(
-            { status: 200, body: 'login_error' },
-            { status: 0,   body: 'no reponse' },
-            { status: 500, body: 'server error' },
-            { status: 999, body: 'invalid' },
-            { status: 302, body: 'FOUND!' }
-          )
-      end
-
-      user   = WpUser.new(wp_target.uri, login: 'admin')
-      result = wp_target.brute_force([user], wordlist)
-
-      result.length.should == 1
-      result.should === [{ name: 'admin', password: 'root' }]
-    end
-
-    it 'covers the timeout branch and return an empty array' do
-      stub_request(:post, wp_target.login_url).to_timeout
-
-      user          = WpUser.new(wp_target.uri, login: 'admin')
-      result        = wp_target.brute_force([user], wordlist)
-      result.should == []
-    end
-  end
-
-end
--- a/spec/shared_examples/wp_user/brute_forcable.rb
+++ b/spec/shared_examples/wp_user/brute_forcable.rb
@@ -0,0 +1,116 @@
+# encoding: UTF-8
+
+shared_examples 'WpUser::BruteForcable' do
+  let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/brute_forcable' }
+  let(:wordlist)     { fixtures_dir + '/wordlist.txt' }
+  let(:mod)          { WpUser::BruteForcable }
+  let(:login_url)    { uri.merge('wp-login.php').to_s }
+
+  before { Browser.instance.max_threads = 1 }
+
+  describe '::lines_in_file' do
+    it 'returns 5 (1 line is a comment)' do
+      lines = mod.lines_in_file(wordlist)
+      lines.should == 5
+    end
+  end
+
+  describe '#valid_password?' do
+    let(:response) { Typhoeus::Response.new(resp_options) }
+    let(:resp_options) { {} }
+
+    after do
+      wp_user.valid_password?(response, 'password').should == @expected
+    end
+
+    context 'when 302' do
+      let(:resp_options) { { code: 302 } }
+
+      it 'returns true' do
+        @expected = true
+      end
+    end
+
+    context 'when login_error' do
+      let(:resp_options) { { body: '<div id="login_error">' } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when timeout' do
+      let(:resp_options) { { return_code: :operation_timedout } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when no response from server (status = 0)' do
+      let(:resp_options) { { code: 0 } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when error 50x' do
+      let(:resp_options) { { code: 500 } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+
+    context 'when unknown response' do
+      let(:resp_options) { { code: 202 } }
+
+      it 'returns false' do
+        @expected = false
+      end
+    end
+  end
+
+  describe '#brute_force' do
+    let(:passwords) {
+      passwords = []
+      File.open(wordlist, 'r').each do |line|
+        line.strip!
+        passwords << line unless line[0,1] == '#'
+      end
+      passwords
+    }
+    let(:login) { 'someuser' }
+
+    after do
+      wp_user.login = login
+      wp_user.brute_force(wordlist)
+      wp_user.password.should == @expected
+    end
+
+    context 'when no password is valid' do
+      before do
+        stub_request(:post, login_url).
+          #with(body: { log: login }). # produces an error : undefined method `split' for {:log=>"someuser", :pwd=>"password1"}:Hash
+          to_return(body: 'login_error')
+      end
+
+      it 'does not set @password' do
+        @expected = nil
+      end
+    end
+
+    context 'when a password is valid' do
+      # Due to the error with .with(body: { log: login }) above
+      # We can't use it to stub the request for a specific password
+      # So, the first one will be valid
+      before { stub_request(:post, login_url).to_return(status: 302) }
+
+      it 'sets the @password' do
+        @expected = passwords[0]
+      end
+    end
+  end
+
+end
--- a/spec/shared_examples/wp_user/existable.rb
+++ b/spec/shared_examples/wp_user/existable.rb
--- a/spec/shared_examples/wp_users/brute_forcable.rb
+++ b/spec/shared_examples/wp_users/brute_forcable.rb
@@ -0,0 +1,22 @@
+# encoding: UTF-8
+
+shared_examples 'WpUsers::BruteForcable' do
+
+  describe '#brute_force' do
+    let(:range)           { (1..10) }
+    let(:wordlist)        { 'somefile.txt'}
+    let(:brute_force_opt) { {} }
+
+    it 'calls #brute_force on each wp_user' do
+      range.each do |id|
+        wp_user = WpUser.new(uri, id: id)
+        wp_user.should_receive(:brute_force).with(wordlist, brute_force_opt)
+
+        wp_users << wp_user
+      end
+
+      wp_users.brute_force(wordlist, brute_force_opt)
+    end
+  end
+
+end