Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added assertions for testing, corrected beef tear-down

Browse Source 
Turned the exercise script into a limited test.
Added is password function to rest client
Corrected incorrect tear down in the Rakefile

	modified:   Rakefile
	modified:   test/api/1333_auth_rate.rb
	modified:   test/api/lib/beef_rest_client.rb
This commit is contained in:
Bucky Wilson
2017-12-12 14:35:22 +10:00
parent 5559e34baa
commit f52b13a6ee
3 changed files with 65 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Rakefile
View File

@@ -165,7 +165,7 @@ end
task :xserver_stop do
puts "\nShutting down X11 Server...\n"
sh "ps -ef|grep Xvfb|grep -v grep|awk '{print $2}'|xargs kill"
sh "ps -ef|grep Xvfb|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
end
################################
@@ -211,7 +211,7 @@ task :beef_stop do
# shutting down
puts "Shutting down BeEF...\n"
sh "ps -ef|grep beef|grep -v grep|awk '{print $2}'|xargs kill"
sh "ps -ef|grep beef|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
end
################################

75
test/api/1333_auth_rate.rb
View File

@@ -4,6 +4,8 @@
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require 'pry-byebug'
require 'rest-client'
require 'json'
@@ -13,28 +15,59 @@ require 'pp'
require '../common/test_constants'
require './lib/beef_rest_client'
passwds = (1..9).map { |i| "broken_pass"}
passwds.push BEEF_PASSWD
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
class TC_1333_auth_rate < Test::Unit::TestCase
#binding.pry
t0 = Time.now()
l = apis.length
def test_auth_rate
# tests rate of auth calls
# this takes some time - with no output
# beef must be running
passwds = (1..9).map { |i| "broken_pass"}
passwds.push BEEF_PASSWD
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
l = apis.length
# t0 = Time.now()
(0..2).each do |again| # multiple sets of auth attempts
# first pass -- apis in order, valid passwd on 9th attempt
# subsequent passes apis shuffled
# puts "speed requesets" # all should return 401
(0..50).each do |i|
# t = Time.now()
# puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
assert_match("401", test_api.auth()[:payload]) # all (unless the valid is first 1 in 10 chance)
# t0 = t
end
# again with more time between calls -- there should be success (1st iteration)
# puts "delayed requests"
(0..(l*2)).each do |i|
# t = Time.now()
# puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
if (test_api.is_pass?(BEEF_PASSWD))
assert(test_api.auth()[:payload]["success"]) # valid pass should succeed
else
assert_match("401", test_api.auth()[:payload])
end
sleep(0.5)
# t0 = t
end
apis.shuffle! # new order for next iteration
apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd
end # multiple sets of auth attempts
end # test_auth_rate
(0..2).each do |again|
puts "speed requesets"
(0..50).each do |i|
t = Time.now()
puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
t0 = t
end
# again with more time
puts "delayed requests"
(0..(l*2)).each do |i|
t = Time.now()
puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
sleep(0.5)
t0 = t
end
end

11
test/api/lib/beef_rest_client.rb
View File

@@ -12,6 +12,12 @@ class BeefRestClient
@token = nil
end
def is_pass?(passwd)
@pass == passwd
end
def auth
begin
response = RestClient.post "#{@url}admin/login",
@@ -24,9 +30,10 @@ class BeefRestClient
{:success => result['success'], :payload => result}
rescue => e
{:success => false, :payload => e.message }
end
end
end
def version
return {:success => false, :payload => 'no token'} if @token.nil?
begin
@@ -37,6 +44,6 @@ class BeefRestClient
rescue => e
print_error "Could not retrieve BeEF version: #{e.message}"
{:success => false, :payload => e.message}
end
end
end
end