#!/usr/bin/perl # Copyright 2003, Bruce Ediger # This file is part of NWS. # # NWS is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # NWS is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with NWS; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # $Id: worm_exploit.pl,v 1.2 2003/08/29 04:03:09 bediger Exp $ use strict; use diagnostics; # Test that exploitation takes place when it should, that # worm code formal arguments all get passed appropriately, # and that Host::Init2 phase (initialize after exploitation) # gets executed. Slightly trickier than the stuff tested by # worm_execution.pl use NWS::Network; use NWS::Host; use NWS::Message; use NWS::Software; $main::exitcode = 0; $main::init2 = 0; my $exploited_code = q{ my ($host, $software, $phase, $msg) = @_; if (!$host) { print STDERR "No NWS::Host reference passed to function\n"; ++$main::exitcode; return; } if (!$software) { print STDERR "No NWS::Software reference passed to function\n"; ++$main::exitcode; return; } if (!$phase) { print STDERR "No phase code passed to function\n"; ++$main::exitcode; return; } if (($phase == $Host::Init2 || $phase == $Host::Recv) && !$msg) { print STDERR "No message passed to function\n"; ++$main::exitcode; return; } if ($phase == $Host::Init2) { print STDERR "Exploited code ran with Host::Init2, when it should not\n"; ++$main::exitcode; return; } }; my $exploiting_code = q{ my ($host, $software, $phase, $msg) = @_; if (!$host) { print STDERR "No NWS::Host reference passed to function\n"; ++$main::exitcode; return; } if (!$software) { print STDERR "No NWS::Software reference passed to function\n"; ++$main::exitcode; return; } if (!$phase) { print STDERR "No phase code passed to function\n"; ++$main::exitcode; return; } if (($phase == $Host::Init2 || $phase == $Host::Recv) && !$msg) { print STDERR "No message passed to function\n"; ++$main::exitcode; return; } $host->SendMsg( Message->new( 1, 'OS-CPU', 'Exploited', $software->{function} ) ) if $phase == $Host::Run; if ($phase == $Host::Init2) { $software->{exploitable} = 0; $software->{true_name} = 'Exploiting'; ++$main::init2; } }; my $network = Network->new(100, 0); my $host = Host->new('OS-CPU', 1, Software->new('Exploited', $exploited_code, 1)); my $addr = $network->AddHost($host); $host = Host->new('OS-CPU', 99, Software->new('Exploiting', $exploiting_code, 0)); $addr = $network->AddHost($host); $network->Run(0, 1); $network->Run(1, 1); my $exploited_count = $network->{software_count}->{Exploited}; my $exploiting_count = $network->{software_count}->{Exploiting}; if ($exploited_count) { print STDERR "Did not exploit exploitable software\n"; } if ($exploiting_count != 2) { print STDERR "Did not exploit exploitable software\n"; } if (!$main::init2) { print STDERR "Never did run worm function with Host::Init2 code\n"; } exit $main::exitcode;