Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MySQL session type acceptance tests #19014

Merged
merged 1 commit into from
Mar 28, 2024
Merged

Add MySQL session type acceptance tests #19014

merged 1 commit into from
Mar 28, 2024

Conversation

cgranleese-r7
Copy link
Contributor

@cgranleese-r7 cgranleese-r7 commented Mar 26, 2024
edited
Loading

This PR adds MySQL session type acceptance tests.

Test local module

Creating session

msf6 auxiliary(scanner/mysql/mysql_login) > use mysql_login

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  auxiliary/scanner/mysql/mysql_login  .                normal  No     MySQL Login Utility


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/mysql/mysql_login

[*] Using auxiliary/scanner/mysql/mysql_login
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
msf6 auxiliary(scanner/mysql/mysql_login) > run rhost=127.0.0.1 rport=3306 username=root password=password createsession=true

[+] 127.0.0.1:3306        - 127.0.0.1:3306 - Found remote MySQL version 11.2.2
[+] 127.0.0.1:3306        - 127.0.0.1:3306 - Success: 'root:password'
[*] MySQL session 1 opened (127.0.0.1:56810 -> 127.0.0.1:3306) at 2024-03-26 12:01:34 +0000
[*] 127.0.0.1:3306        - Scanned 1 of 1 hosts (100% complete)
[*] 127.0.0.1:3306        - Bruteforce completed, 1 credential was successful.
[*] 127.0.0.1:3306        - 1 MySQL session was opened successfully.
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/mysql/mysql_login) >

Loading test module

msf6 auxiliary(scanner/mysql/mysql_login) > loadpath test/modules
Loaded 41 modules:
    14 auxiliary modules
    13 exploit modules
    14 post modules
msf6 auxiliary(scanner/mysql/mysql_login) >

Running test module

msf6 auxiliary(scanner/mysql/mysql_login) > use post/test/mysql
msf6 post(test/mysql) > run session=-1

[!] SESSION may not be compatible with this module:
[!]  * Unknown session platform. This module works with: Windows, Unknown, Multi, Mainframe, Firefox, NodeJS, Python, JavaScript, PHP, Unix, Irix, HPUX, AIX, FreeBSD, NetBSD, BSDi, OpenBSD, BSD, OSX, Solaris, Arista, Mikrotik, Brocade, Unifi, Juniper, Cisco, Linux, Ruby, R, Java, Android, Netware, Apple_iOS, Hardware.
[*] Running against session -1
[*] Session type is mysql and platform is
[+] should return a version
[+] should support the help command
[*] Testing complete in 0.07 seconds
[*] Passed: 2; Failed: 0; Skipped: 0
[*] Post module execution completed
msf6 post(test/mysql) >

Verification

  • Ensure CI passes
  • Ensure local replication docs work

@cgranleese-r7 cgranleese-r7 added the rn-enhancement release notes enhancement label Mar 26, 2024
@cgranleese-r7 cgranleese-r7 force-pushed the add-mysql-acceptance-tests branch 18 times, most recently from 46cef0e to 11acd6e Compare March 27, 2024 15:29
@cgranleese-r7 cgranleese-r7 force-pushed the add-mysql-acceptance-tests branch 8 times, most recently from 70c5c2c to b6b53e8 Compare March 27, 2024 17:30
@cgranleese-r7 cgranleese-r7 force-pushed the add-mysql-acceptance-tests branch from b6b53e8 to b3911ed Compare March 27, 2024 17:32
@cgranleese-r7 cgranleese-r7 marked this pull request as ready for review March 28, 2024 09:07
@cgranleese-r7 cgranleese-r7 force-pushed the add-mysql-acceptance-tests branch 5 times, most recently from c4b2516 to b3b3ff2 Compare March 28, 2024 09:27
@cgranleese-r7 cgranleese-r7 added the blocked Blocked by one or more additional tasks label Mar 28, 2024
@cgranleese-r7 cgranleese-r7 force-pushed the add-mysql-acceptance-tests branch 2 times, most recently from 6532a94 to d32aee2 Compare March 28, 2024 11:06
@cgranleese-r7 cgranleese-r7 mentioned this pull request Mar 28, 2024
Merged
4 tasks
@cgranleese-r7 cgranleese-r7 marked this pull request as draft March 28, 2024 12:41
@cgranleese-r7 cgranleese-r7 force-pushed the add-mysql-acceptance-tests branch from d32aee2 to f9b20d8 Compare March 28, 2024 16:39
@cgranleese-r7 cgranleese-r7 marked this pull request as ready for review March 28, 2024 16:42
@cgranleese-r7 cgranleese-r7 removed the blocked Blocked by one or more additional tasks label Mar 28, 2024
adfoster-r7
adfoster-r7 reviewed Mar 28, 2024
View reviewed changes
spec/acceptance/mysql_spec.rb
}
}
},
module_tests: [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there more modules we should be adding here? 🤔

Or do the other modules require option configuration to run successfully

@adfoster-r7 adfoster-r7 merged commit 0580068 into rapid7:master Mar 28, 2024
56 checks passed
@adfoster-r7
Copy link
Contributor

Release Notes

Adds an initial set of acceptance tests for MySQL modules and session types

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

Assignees
No one assigned
Labels
rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cgranleese-r7 @adfoster-r7