Skip to content

Commit

Permalink
Adds support to test custom payload branches
Browse files Browse the repository at this point in the history
  • Loading branch information
cgranleese-r7 committed Aug 13, 2024
1 parent 3589f54 commit 04b609b
Show file tree
Hide file tree
Showing 9 changed files with 204 additions and 7 deletions.
160 changes: 154 additions & 6 deletions .github/workflows/acceptance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,16 @@ permissions:
statuses: none

on:
workflow_dispatch:
inputs:
metasploitPayloadsCommit:
description: 'metasploit-payloads branch would like to test'
required: true
default: 'master'
mettleCommit:
description: 'mettle branch you would like to test'
required: true
default: 'master'
push:
branches-ignore:
- gh-pages
Expand Down Expand Up @@ -81,10 +91,12 @@ jobs:

runs-on: ${{ matrix.os }}

timeout-minutes: 25
timeout-minutes: 50

env:
RAILS_ENV: test
metasploitPayloadsCommit: ${{ github.event.inputs.metasploitPayloadsCommit || 'master' }}
mettleCommit: ${{ github.event.inputs.mettleCommit|| 'master' }}
HOST_RUNNER_IMAGE: ${{ matrix.os }}
METERPRETER: ${{ matrix.meterpreter.name }}
METERPRETER_RUNTIME_VERSION: ${{ matrix.meterpreter.runtime_version }}
Expand All @@ -96,7 +108,7 @@ jobs:
if: runner.os == 'Linux'
run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

- uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761
- uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d
if: ${{ matrix.meterpreter.name == 'php' }}
with:
php-version: ${{ matrix.meterpreter.runtime_version }}
Expand Down Expand Up @@ -129,8 +141,71 @@ jobs:
dir %WINDIR%
type %WINDIR%\\system32\\drivers\\etc\\hosts
- name: Checkout code
# The job checkout structure is:
# .
# ├── metasploit-framework
# └── metasploit-payloads (Only if metasploit-payloads-testing-branch is applied)
# └── mettle (Only if mettle-testing-branch is applied)

# Install Docker if on MACOS
- name: Install Docker - macOS
if: ${{ ( matrix.meterpreter.name == 'java') && (runner.os == 'macos' ) && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
brew install docker
colima delete
colima start --arch x86_64
# Checkout mettle
# TODO: Mettle and Metasploit payloads labels
- name: Checkout mettle
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
uses: actions/checkout@v4
with:
repository: rapid7/mettle
path: mettle
ref: ${{ env.mettleCommit }}

- name: Get mettle version
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
echo "METTLE_VERSION=$(grep -oh '[0-9].[0-9].[0-9]*' lib/metasploit_payloads/mettle/version.rb)" >> $GITHUB_ENV
working-directory: mettle

- name: Use mettle version
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
echo "${{ env.METTLE_VERSION }}"
working-directory: mettle

# Prerequisite mettle gem setup
- name: Build mettle payloads
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
set -x
ruby -pi.bak -e "gsub(/${{ env.METTLE_VERSION }}/, '${{ env.METTLE_VERSION }}-dev')" lib/metasploit_payloads/mettle/version.rb
working-directory: mettle

# Compile mettle payload
- name: Compile mettle payloads
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os != 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
docker run --rm=true --tty --volume=$(pwd):/mettle --workdir=/mettle rapid7/build:mettle rake mettle:build mettle:check
rake build
working-directory: mettle

# Compile mettle payload - macOS
- name: Compile mettle payloads - macOS
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os == 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
make TARGET=x86_64-apple-darwin
rake build
working-directory: mettle

# Checkout metasploit-framework
- name: Checkout metasploit-framework code
uses: actions/checkout@v4
with:
path: metasploit-framework

- name: Setup Ruby
env:
Expand All @@ -139,12 +214,84 @@ jobs:
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
cache-version: 4
working-directory: metasploit-framework
cache-version: 5
# Github actions with Ruby requires Bundler 2.2.18+
# https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
bundler: 2.2.33

- name: acceptance
# Copying mettle gem into framework - macOS
- name: Move mettle gem - macOS
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os == 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
cp /Users/runner/work/metasploit-framework/metasploit-framework/mettle/pkg/metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem /Users/runner/work/metasploit-framework/metasploit-framework/metasploit-framework
working-directory: metasploit-framework

# Copying mettle gem into framework
- name: Move mettle gem
if: ${{ matrix.meterpreter.name == 'mettle' && runner.os != 'macos' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
cp /home/runner/work/metasploit-framework/metasploit-framework/mettle/pkg/metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem /home/runner/work/metasploit-framework/metasploit-framework/metasploit-framework
working-directory: metasploit-framework

# Copying mettle gem into framework
- name: Install mettle gem
if: ${{ matrix.meterpreter.name == 'mettle' && (contains(github.event.issue.labels.*.name, 'mettle-testing-branch')) }}
run: |
set -x
bundle exec gem install metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem
gem list metasploit_payloads-mettle
ruby -pi.bak -e "gsub(/'metasploit_payloads-mettle', '1.0.31'/, '\'metasploit_payloads-mettle\', \'${{ env.METTLE_VERSION }}.pre.dev\'')" metasploit-framework.gemspec
cat Gemfile.lock
bundle config
bundle config unset deployment
bundle update metasploit_payloads-mettle
bundle install
working-directory: metasploit-framework

# Checkout metasploit-payloads
- name: Checkout metasploit-payloads
if: contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch')
uses: actions/checkout@v4
with:
repository: rapid7/metasploit-payloads
path: metasploit-payloads
ref: ${{ env.metasploitPayloadsCommit }}

# Build Java and Android payloads, Docker command needs to be ran from the directory up from metasploit-payloads
- name: Build Java & Android payloads
if: ${{ (matrix.meterpreter.name == 'java') && (runner.os != 'Windows') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch')) }}
run: |
cd ..
docker run --rm -w "$(pwd)" -v "$(pwd):$(pwd)" rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "cd metasploit-payloads/java && make clean && make android && mvn -P deploy package"
working-directory: metasploit-payloads

- name: Build Windows payloads via Visual Studio 2019 Build (Windows)
shell: cmd
if: ${{ (runner.os == 'Windows') && (matrix.os == 'windows-2019') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch')) }}
run: |
cd c/meterpreter
git submodule init && git submodule update
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" && make.bat
working-directory: metasploit-payloads

- name: Build Windows payloads via Visual Studio 2022 Build (Windows)
shell: cmd
if: ${{ (runner.os == 'Windows') && (matrix.os == 'windows-2022') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch'))}}
run: |
cd c/meterpreter
git submodule init && git submodule update
make.bat
working-directory: metasploit-payloads

# Run makefile within metasploit-payloads
- name: Build PHP, Python and Windows payloads
if: ${{ (matrix.meterpreter.name == 'php') || (matrix.meterpreter.name == 'python') || (runner.os == 'Windows') && (contains(github.event.issue.labels.*.name, 'metasploit-payloads-testing-branch'))}}
run: |
make install-php install-python install-windows
working-directory: metasploit-payloads

- name: Acceptance
env:
SPEC_HELPER_LOAD_METASPLOIT: false
SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
Expand All @@ -157,14 +304,15 @@ jobs:
# Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
run: |
bundle exec rspec spec/acceptance/meterpreter_spec.rb
working-directory: metasploit-framework

- name: Archive results
if: always()
uses: actions/upload-artifact@v4
with:
# Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
name: raw-data-${{ matrix.meterpreter.name }}-${{ matrix.meterpreter.runtime_version }}-${{ matrix.os }}
path: tmp/allure-raw-data
path: metasploit-framework/tmp/allure-raw-data

# Generate a final report from the previous test results
report:
Expand Down
Empty file added Gemfile.lock.remote
Empty file.
31 changes: 31 additions & 0 deletions data/cmd_exec/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
## Setup

This contains setup steps used for acceptance testing of the `cmd_exec` API. We will make use of the gcc docker image to
build out the C binaries to then be uploaded to the host machine, so they can be used as part of the `cmd_exec`
create process API.

This directory contains:
- C executable `show_args.c`
This file is used as part of the `cmd_exec` testing as it requires a file to take args, then loop over them and output
those args back to the user.

- Makefile to build the binaries `makefile.mk`
This file is used to create the binaries for both Windows and Linux that the docker command below will make use of.

- Precompiled binaries for Windows
- `show_args.exe`

- Precompiled binaries for Linux and Mettle
- `show_args`

- Precompiled binaries for macOS
- `show_args_macos`

## Compile binaries locally

We make use of gcc for this: https://hub.docker.com/_/gcc

- Run:
```shell
docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:11.4.0 /bin/bash -c "apt update && apt install -y gcc-mingw-w64 && make all -f makefile.mk"
```
5 changes: 5 additions & 0 deletions data/cmd_exec/makefile.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
all: show_args_linux show_args_windows
show_args_linux: show_args.c
cc show_args.c -o show_args
show_args_windows: show_args.c
x86_64-w64-mingw32-gcc show_args.c -o show_args.exe
Binary file added data/cmd_exec/show_args
Binary file not shown.
8 changes: 8 additions & 0 deletions data/cmd_exec/show_args.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
int printf(const char *format, ...);

int main(int argc, char *argv[]) {

for (int i = 0; i < argc; i++) {
printf("%s\n", argv[i]);
}
}
Binary file added data/cmd_exec/show_args.exe
Binary file not shown.
Binary file added data/cmd_exec/show_args_macos
Binary file not shown.
7 changes: 6 additions & 1 deletion spec/acceptance/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,14 @@ SPEC_OPTS='--tag acceptance' SPEC_HELPER_LOAD_METASPLOIT=false bundle exec rspec
```

Run a specific Meterpreter/module test Unix / Windows:

# Bash command:
```
SPEC_OPTS='--tag acceptance' METERPRETER=php METERPRETER_MODULE_TEST=post/test/unix bundle exec rspec './spec/acceptance/meterpreter_spec.rb'
```
SPEC_OPTS='--tag acceptance' METERPRETER=php METERPRETER_MODULE_TEST=test/unix bundle exec rspec './spec/acceptance/meterpreter_spec.rb'

# Powershell command:
```
$env:SPEC_OPTS='--tag acceptance'; $env:SPEC_HELPER_LOAD_METASPLOIT=$false; $env:METERPRETER = 'php'; bundle exec rspec './spec/acceptance/meterpreter_spec.rb'
```

Expand Down

0 comments on commit 04b609b

Please sign in to comment.