adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/TincdExploitClient.html
T

1643 lines
79 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::TincdExploitClient
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::TincdExploitClient";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (T)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">TincdExploitClient</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::TincdExploitClient
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/tincd_exploit_client.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>Author: Tobias Ospelt @floyd_ch</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="BF_BLOCKSIZE-constant" class="">BF_BLOCKSIZE =
</dt>
<dd><pre class="code"><span class='int'>64</span> <span class='op'>/</span> <span class='int'>8</span></pre></dd>
<dt id="BF_KEY_LEN-constant" class="">BF_KEY_LEN =
</dt>
<dd><pre class="code"><span class='int'>16</span></pre></dd>
<dt id="BF_IV_LEN-constant" class="">BF_IV_LEN =
</dt>
<dd><pre class="code"><span class='int'>8</span></pre></dd>
</dl>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#sock-instance_method" title="Msf::Exploit::Remote::Tcp#sock (method)">#sock</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#ack-instance_method" title="#ack (instance method)">#<strong>ack</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Ack state to signalize challenge/response was successful.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#challenge-instance_method" title="#challenge (instance method)">#<strong>challenge</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Send challenge random bytes.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#challenge_reply-instance_method" title="#challenge_reply (instance method)">#<strong>challenge_reply</strong>(challenge2) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Reply to challenge that was sent by server.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#handle_write-instance_method" title="#handle_write (instance method)">#<strong>handle_write</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Encryption queue where waiting data gets encrypted and afterwards the remaining messages get sent.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#id-instance_method" title="#id (instance method)">#<strong>id</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Start message method after TCP handshake.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#init_ciphers-instance_method" title="#init_ciphers (instance method)">#<strong>init_ciphers</strong>(server_file, client_file) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Reading of certificate files and parsing them, generation of random keys and initialization of OFB mode blowfish cipher.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Module options.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#line%3F-instance_method" title="#line? (instance method)">#<strong>line?</strong> &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Check if we already received a newline, meaning we got an entire message for the next protocol step.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#metakey-instance_method" title="#metakey (instance method)">#<strong>metakey</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Sending metakey (transferring a symmetric key that will get encrypted with public key before being sent to the server).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pop_inbuffer_and_decrypt-instance_method" title="#pop_inbuffer_and_decrypt (instance method)">#<strong>pop_inbuffer_and_decrypt</strong>(size) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Decryption method to process data sent by server.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#process_data-instance_method" title="#process_data (instance method)">#<strong>process_data</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Depending on the state of the protocol handshake and the data we get back from the server, this method will decide which message has to be sent next.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#read_line-instance_method" title="#read_line (instance method)">#<strong>read_line</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Read up to the next newline from the data the server sent.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#send_data-instance_method" title="#send_data (instance method)">#<strong>send_data</strong>(buf) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Simple socket put/write.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#send_packet-instance_method" title="#send_packet (instance method)">#<strong>send_packet</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Sending a packet inside the VPN connection after successful protocol setup.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#send_recv-instance_method" title="#send_recv (instance method)">#<strong>send_recv</strong>(packet_payload) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The main method that will be called that will call other methods to send first message and continuously read from socket and ensures TCP disconnect at the end.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#setup_ciphers-instance_method" title="#setup_ciphers (instance method)">#<strong>setup_ciphers</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Setting up variables and calling cipher inits with file paths from configuration.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#chost-instance_method" title="Msf::Exploit::Remote::Tcp#chost (method)">#chost</a></span>, <span class='object_link'><a href="Tcp.html#cleanup-instance_method" title="Msf::Exploit::Remote::Tcp#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="Tcp.html#connect-instance_method" title="Msf::Exploit::Remote::Tcp#connect (method)">#connect</a></span>, <span class='object_link'><a href="Tcp.html#connect_timeout-instance_method" title="Msf::Exploit::Remote::Tcp#connect_timeout (method)">#connect_timeout</a></span>, <span class='object_link'><a href="Tcp.html#cport-instance_method" title="Msf::Exploit::Remote::Tcp#cport (method)">#cport</a></span>, <span class='object_link'><a href="Tcp.html#disconnect-instance_method" title="Msf::Exploit::Remote::Tcp#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="Tcp.html#handler-instance_method" title="Msf::Exploit::Remote::Tcp#handler (method)">#handler</a></span>, <span class='object_link'><a href="Tcp.html#lhost-instance_method" title="Msf::Exploit::Remote::Tcp#lhost (method)">#lhost</a></span>, <span class='object_link'><a href="Tcp.html#lport-instance_method" title="Msf::Exploit::Remote::Tcp#lport (method)">#lport</a></span>, <span class='object_link'><a href="Tcp.html#peer-instance_method" title="Msf::Exploit::Remote::Tcp#peer (method)">#peer</a></span>, <span class='object_link'><a href="Tcp.html#print_prefix-instance_method" title="Msf::Exploit::Remote::Tcp#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="Tcp.html#proxies-instance_method" title="Msf::Exploit::Remote::Tcp#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="Tcp.html#replicant-instance_method" title="Msf::Exploit::Remote::Tcp#replicant (method)">#replicant</a></span>, <span class='object_link'><a href="Tcp.html#rhost-instance_method" title="Msf::Exploit::Remote::Tcp#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="Tcp.html#rport-instance_method" title="Msf::Exploit::Remote::Tcp#rport (method)">#rport</a></span>, <span class='object_link'><a href="Tcp.html#set_tcp_evasions-instance_method" title="Msf::Exploit::Remote::Tcp#set_tcp_evasions (method)">#set_tcp_evasions</a></span>, <span class='object_link'><a href="Tcp.html#shutdown-instance_method" title="Msf::Exploit::Remote::Tcp#shutdown (method)">#shutdown</a></span>, <span class='object_link'><a href="Tcp.html#ssl-instance_method" title="Msf::Exploit::Remote::Tcp#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="Tcp.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="Tcp.html#ssl_verify_mode-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_verify_mode (method)">#ssl_verify_mode</a></span>, <span class='object_link'><a href="Tcp.html#ssl_version-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="Tcp.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::Tcp#sslkeylogfile (method)">#sslkeylogfile</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="ack-instance_method">
#<strong>ack</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Ack state to signalize challenge/response was successful</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
317
318
319
320
321
322</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 317</span>
<span class='kw'>def</span> <span class='id identifier rubyid_ack'>ack</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Sending ack (signalise server that we accept challenge</span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>reply, ciphertext)</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='ivar'>@encryption_queue</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>4 </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> 123 0 \n</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="challenge-instance_method">
#<strong>challenge</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Send challenge random bytes</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
295
296
297
298
299
300
301</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 295</span>
<span class='kw'>def</span> <span class='id identifier rubyid_challenge'>challenge</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Sending challenge (ciphertext)</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_challenge'>challenge</span> <span class='op'>=</span> <span class='const'>SecureRandom</span><span class='period'>.</span><span class='id identifier rubyid_random_bytes'>random_bytes</span><span class='lparen'>(</span><span class='ivar'>@server_key_len</span><span class='rparen'>)</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>2 </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_challenge'>challenge</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span>
<span class='ivar'>@encryption_queue</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='rparen'>)</span>
<span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="challenge_reply-instance_method">
#<strong>challenge_reply</strong>(challenge2) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Reply to challenge that was sent by server</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
306
307
308
309
310
311
312</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 306</span>
<span class='kw'>def</span> <span class='id identifier rubyid_challenge_reply'>challenge_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_challenge2'>challenge2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Sending challenge reply (ciphertext)</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_h'>h</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='lparen'>(</span><span class='id identifier rubyid_challenge2'>challenge2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>3 </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_h'>h</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span><span class='embexpr_end'>}</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span>
<span class='ivar'>@encryption_queue</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='rparen'>)</span>
<span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="handle_write-instance_method">
#<strong>handle_write</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Encryption queue where waiting data gets encrypted and afterwards the remaining messages get sent</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 214</span>
<span class='kw'>def</span> <span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='comment'># handle encryption queue first
</span> <span class='kw'>unless</span> <span class='ivar'>@encryption_queue</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='ivar'>@encryption_queue</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='ivar'>@encryption_queue</span><span class='period'>.</span><span class='id identifier rubyid_delete_at'>delete_at</span><span class='lparen'>(</span><span class='int'>0</span><span class='rparen'>)</span>
<span class='ivar'>@buffer</span> <span class='op'>=</span> <span class='ivar'>@bf_enc_cipher</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='rparen'>)</span>
<span class='ivar'>@buffer</span> <span class='op'>&lt;&lt;</span> <span class='ivar'>@bf_enc_cipher</span><span class='period'>.</span><span class='id identifier rubyid_final'>final</span>
<span class='comment'># DON&#39;T DO A @bf_enc_cipher.reset, we&#39;re in OFB mode and
</span> <span class='comment'># the resulting block is used to encrypt the next block.
</span> <span class='kw'>end</span>
<span class='kw'>unless</span> <span class='ivar'>@buffer</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_sent'>sent</span> <span class='op'>=</span> <span class='id identifier rubyid_send_data'>send_data</span><span class='lparen'>(</span><span class='ivar'>@buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sent </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sent'>sent</span><span class='embexpr_end'>}</span><span class='tstring_content'> bytes: </span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>[</span><span class='embexpr_beg'>#{</span><span class='ivar'>@buffer</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@buffer</span> <span class='op'>=</span> <span class='ivar'>@buffer</span><span class='lbracket'>[</span><span class='id identifier rubyid_sent'>sent</span><span class='op'>..</span><span class='ivar'>@buffer</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="id-instance_method">
#<strong>id</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Start message method after TCP handshake</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
274
275
276
277
278
279</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 274</span>
<span class='kw'>def</span> <span class='id identifier rubyid_id'>id</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0 </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CLIENT_NAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> 17.0\n</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending ID (cleartext): [</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_msg'>msg</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@buffer</span> <span class='op'>+=</span> <span class='id identifier rubyid_msg'>msg</span>
<span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="init_ciphers-instance_method">
#<strong>init_ciphers</strong>(server_file, client_file) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Reading of certificate files and parsing them, generation of random keys and initialization of OFB mode blowfish cipher</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 97</span>
<span class='kw'>def</span> <span class='id identifier rubyid_init_ciphers'>init_ciphers</span><span class='lparen'>(</span><span class='id identifier rubyid_server_file'>server_file</span><span class='comma'>,</span> <span class='id identifier rubyid_client_file'>client_file</span><span class='rparen'>)</span>
<span class='id identifier rubyid_server_public_key_cipher'>server_public_key_cipher</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_server_file'>server_file</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='ivar'>@server_key_len</span> <span class='op'>=</span> <span class='id identifier rubyid_server_public_key_cipher'>server_public_key_cipher</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bytes'>num_bytes</span>
<span class='ivar'>@client_private_key_cipher</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_client_file'>client_file</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='ivar'>@client_key_len</span> <span class='op'>=</span> <span class='ivar'>@client_private_key_cipher</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bytes'>num_bytes</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Our private key length is </span><span class='embexpr_beg'>#{</span><span class='ivar'>@client_key_len</span><span class='embexpr_end'>}</span><span class='tstring_content'>, expecting same length for metakey and challenge</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Server&#39;s public key length is </span><span class='embexpr_beg'>#{</span><span class='ivar'>@server_key_len</span><span class='embexpr_end'>}</span><span class='tstring_content'>, sending same metakey and challenge length</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># we don&#39;t want this to happen here:
</span> <span class='comment'># `public_encrypt&#39;: data too large for modulus (OpenSSL::PKey::RSAError)
</span> <span class='comment'># simple solution: choose the key_s1 with a leading zero byte
</span> <span class='id identifier rubyid_key_s1'>key_s1</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='op'>+</span><span class='const'>SecureRandom</span><span class='period'>.</span><span class='id identifier rubyid_random_bytes'>random_bytes</span><span class='lparen'>(</span><span class='ivar'>@server_key_len</span><span class='op'>-</span><span class='int'>1</span><span class='rparen'>)</span>
<span class='id identifier rubyid_enc_key_s1'>enc_key_s1</span> <span class='op'>=</span> <span class='id identifier rubyid_server_public_key_cipher'>server_public_key_cipher</span><span class='period'>.</span><span class='id identifier rubyid_public_encrypt'>public_encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_key_s1'>key_s1</span><span class='comma'>,</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='op'>::</span><span class='const'>NO_PADDING</span><span class='rparen'>)</span>
<span class='ivar'>@hex_enc_key_s1</span> <span class='op'>=</span> <span class='id identifier rubyid_enc_key_s1'>enc_key_s1</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_offset_key'>offset_key</span> <span class='op'>=</span> <span class='ivar'>@server_key_len</span> <span class='op'>-</span> <span class='const'><span class='object_link'><a href="#BF_KEY_LEN-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_KEY_LEN (constant)">BF_KEY_LEN</a></span></span>
<span class='id identifier rubyid_offset_iv'>offset_iv</span> <span class='op'>=</span> <span class='ivar'>@server_key_len</span> <span class='op'>-</span> <span class='const'><span class='object_link'><a href="#BF_KEY_LEN-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_KEY_LEN (constant)">BF_KEY_LEN</a></span></span> <span class='op'>-</span> <span class='const'><span class='object_link'><a href="#BF_IV_LEN-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_IV_LEN (constant)">BF_IV_LEN</a></span></span>
<span class='id identifier rubyid_bf_enc_key'>bf_enc_key</span> <span class='op'>=</span> <span class='id identifier rubyid_key_s1'>key_s1</span><span class='lbracket'>[</span><span class='id identifier rubyid_offset_key'>offset_key</span><span class='op'>...</span><span class='ivar'>@server_key_len</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_bf_enc_iv'>bf_enc_iv</span> <span class='op'>=</span> <span class='id identifier rubyid_key_s1'>key_s1</span><span class='lbracket'>[</span><span class='id identifier rubyid_offset_iv'>offset_iv</span><span class='op'>...</span><span class='id identifier rubyid_offset_key'>offset_key</span><span class='rbracket'>]</span>
<span class='ivar'>@bf_enc_cipher</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BF-OFB</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='ivar'>@bf_enc_cipher</span><span class='period'>.</span><span class='id identifier rubyid_encrypt'>encrypt</span>
<span class='ivar'>@bf_enc_cipher</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_bf_enc_key'>bf_enc_key</span>
<span class='ivar'>@bf_enc_cipher</span><span class='period'>.</span><span class='id identifier rubyid_iv'>iv</span> <span class='op'>=</span> <span class='id identifier rubyid_bf_enc_iv'>bf_enc_iv</span>
<span class='comment'># #Looks like ruby openssl supports other lengths than multiple of 8!
</span> <span class='comment'># test = @bf_enc_cipher.update(&#39;A&#39;*10)
</span> <span class='comment'># test &lt;&lt; @bf_enc_cipher.final
</span> <span class='comment'># puts &quot;Testing cipher: &quot;+test.unpack(&#39;H*&#39;)[0]
</span><span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Module options</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 18</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span><span class='const'><span class='object_link'><a href="../../Opt.html" title="Msf::Opt (module)">Opt</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Opt.html#RPORT-constant" title="Msf::Opt::RPORT (constant)">RPORT</a></span></span><span class='lparen'>(</span><span class='int'>655</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='comment'># As this is only for post-auth exploits, you should know the value of the
</span> <span class='comment'># following variables by simply checking
</span> <span class='comment'># your configuration.
</span> <span class='const'><span class='object_link'><a href="../../OptPath.html" title="Msf::OptPath (class)">OptPath</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBase.html#initialize-instance_method" title="Msf::OptBase#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SERVER_PUBLIC_KEY_FILE</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Server\&#39;s public key</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptPath.html" title="Msf::OptPath (class)">OptPath</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBase.html#initialize-instance_method" title="Msf::OptBase#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CLIENT_PRIVATE_KEY_FILE</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Client private key</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='comment'># You should see CLIENT_NAME in cleartext in the first message to the
</span> <span class='comment'># server by your usual tinc client (tcpdump or
</span> <span class='comment'># wireshark it: e.g. &quot;0 home 17.0&quot;, so it&#39;s &quot;home&quot;). On the server,
</span> <span class='comment'># this is located in the config folder, e.g. in FreeBSD
</span> <span class='comment'># there is the client public key file /usr/local/etc/tinc/hosts/home
</span> <span class='comment'># for the client &quot;home&quot;
</span> <span class='comment'># If you don&#39;t have a clue, maybe just try the filename of your private
</span> <span class='comment'># key without file extension
</span> <span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CLIENT_NAME</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Your client name (pre-shared with server)</span><span class='tstring_end'>&#39;</span></span> <span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='kw'>self</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="line?-instance_method">
#<strong>line?</strong> &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Check if we already received a newline, meaning we got an entire message for the next protocol step</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
267
268
269</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 267</span>
<span class='kw'>def</span> <span class='id identifier rubyid_line?'>line?</span>
<span class='op'>!</span><span class='op'>!</span><span class='lparen'>(</span><span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="metakey-instance_method">
#<strong>metakey</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Sending metakey (transferring a symmetric key that will get encrypted with public key before being sent to the server)</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
285
286
287
288
289
290</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 285</span>
<span class='kw'>def</span> <span class='id identifier rubyid_metakey'>metakey</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>1 94 64 0 0 </span><span class='embexpr_beg'>#{</span><span class='ivar'>@hex_enc_key_s1</span><span class='embexpr_end'>}</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending metakey (cleartext): [</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_msg'>msg</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@buffer</span> <span class='op'>+=</span> <span class='id identifier rubyid_msg'>msg</span>
<span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pop_inbuffer_and_decrypt-instance_method">
#<strong>pop_inbuffer_and_decrypt</strong>(size) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Decryption method to process data sent by server</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
243
244
245
246
247
248
249
250
251</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 243</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pop_inbuffer_and_decrypt'>pop_inbuffer_and_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_size'>size</span><span class='rparen'>)</span>
<span class='comment'># In ruby openssl OFM works not only on full blocks, but also on
</span> <span class='comment'># parts. Therefore no worries like in pycrypto and no
</span> <span class='comment'># modified decrypt routine, simply use the cipher as is.
</span> <span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='ivar'>@bf_dec_cipher</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_slice!'>slice!</span><span class='lparen'>(</span><span class='int'>0</span><span class='comma'>,</span> <span class='id identifier rubyid_size'>size</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>&lt;&lt;</span> <span class='ivar'>@bf_dec_cipher</span><span class='period'>.</span><span class='id identifier rubyid_final'>final</span>
<span class='comment'># DON&#39;T DO A @bf_enc_cipher.reset, we&#39;re in OFB mode and
</span> <span class='comment'># the resulting block is used to decrypt the next block.
</span><span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="process_data-instance_method">
#<strong>process_data</strong>(data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Depending on the state of the protocol handshake and the data we get back from the server, this method will decide which message has to be sent next</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 133</span>
<span class='kw'>def</span> <span class='id identifier rubyid_process_data'>process_data</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='ivar'>@inbuffer</span> <span class='op'>+=</span> <span class='id identifier rubyid_data'>data</span> <span class='kw'>if</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>case</span> <span class='ivar'>@state</span>
<span class='kw'>when</span> <span class='symbol'>:id_state</span>
<span class='kw'>if</span> <span class='id identifier rubyid_line?'>line?</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_read_line'>read_line</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received ID from server: [</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@state</span> <span class='op'>=</span> <span class='symbol'>:metakey_state</span>
<span class='comment'># next expected state
</span> <span class='id identifier rubyid_metakey'>metakey</span>
<span class='kw'>end</span>
<span class='kw'>when</span> <span class='symbol'>:metakey_state</span>
<span class='kw'>if</span> <span class='id identifier rubyid_line?'>line?</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_read_line'>read_line</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received Metakey from server: [</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'> </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_fail'>fail</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Error in protocol. The first byte should be an ASCII 1.</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>1</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_hexkey_s2'>hexkey_s2</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>5</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_rstrip'>rstrip</span> <span class='comment'># (&quot;\n&quot;)
</span> <span class='id identifier rubyid_fail'>fail</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Error in protocol. metakey length should be </span><span class='embexpr_beg'>#{</span><span class='ivar'>@client_key_len</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_hexkey_s2'>hexkey_s2</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='ivar'>@client_key_len</span> <span class='op'>*</span> <span class='int'>2</span>
<span class='ivar'>@enckey_s2</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_hexkey_s2'>hexkey_s2</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_key_s2'>key_s2</span> <span class='op'>=</span> <span class='ivar'>@client_private_key_cipher</span><span class='period'>.</span><span class='id identifier rubyid_private_decrypt'>private_decrypt</span><span class='lparen'>(</span><span class='ivar'>@enckey_s2</span><span class='comma'>,</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='op'>::</span><span class='const'>NO_PADDING</span><span class='rparen'>)</span>
<span class='comment'># metakey setup according to protocol_auth.c
</span> <span class='comment'># if(!EVP_DecryptInit(c-&gt;inctx, c-&gt;incipher,
</span> <span class='comment'># (unsigned char *)c-&gt;inkey + len - c-&gt;incipher-&gt;key_len, # &lt;--- KEY pointer
</span> <span class='comment'># (unsigned char *)c-&gt;inkey + len - c-&gt;incipher-&gt;key_len - c-&gt;incipher-&gt;iv_len # &lt;--- IV pointer
</span> <span class='comment'># ))
</span> <span class='id identifier rubyid_offset_key'>offset_key</span> <span class='op'>=</span> <span class='ivar'>@client_key_len</span> <span class='op'>-</span> <span class='const'><span class='object_link'><a href="#BF_KEY_LEN-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_KEY_LEN (constant)">BF_KEY_LEN</a></span></span>
<span class='id identifier rubyid_offset_iv'>offset_iv</span> <span class='op'>=</span> <span class='ivar'>@client_key_len</span> <span class='op'>-</span> <span class='const'><span class='object_link'><a href="#BF_KEY_LEN-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_KEY_LEN (constant)">BF_KEY_LEN</a></span></span> <span class='op'>-</span> <span class='const'><span class='object_link'><a href="#BF_IV_LEN-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_IV_LEN (constant)">BF_IV_LEN</a></span></span>
<span class='id identifier rubyid_bf_dec_key'>bf_dec_key</span> <span class='op'>=</span> <span class='id identifier rubyid_key_s2'>key_s2</span><span class='lbracket'>[</span><span class='id identifier rubyid_offset_key'>offset_key</span><span class='op'>...</span><span class='ivar'>@client_key_len</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_bf_dec_iv'>bf_dec_iv</span> <span class='op'>=</span> <span class='id identifier rubyid_key_s2'>key_s2</span><span class='lbracket'>[</span><span class='id identifier rubyid_offset_iv'>offset_iv</span><span class='op'>...</span><span class='id identifier rubyid_offset_key'>offset_key</span><span class='rbracket'>]</span>
<span class='ivar'>@bf_dec_cipher</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BF-OFB</span><span class='tstring_end'>&#39;</span></span>
<span class='ivar'>@bf_dec_cipher</span><span class='period'>.</span><span class='id identifier rubyid_encrypt'>encrypt</span>
<span class='ivar'>@bf_dec_cipher</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_bf_dec_key'>bf_dec_key</span>
<span class='ivar'>@bf_dec_cipher</span><span class='period'>.</span><span class='id identifier rubyid_iv'>iv</span> <span class='op'>=</span> <span class='id identifier rubyid_bf_dec_iv'>bf_dec_iv</span>
<span class='comment'># don&#39;t forget, it *does* matter if you do a
</span> <span class='comment'># @bf_dec_cipher.reset or not, we&#39;re in OFB mode. DON&#39;T.
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Metakey handshake/exchange completed</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='ivar'>@state</span> <span class='op'>=</span> <span class='symbol'>:challenge_state</span>
<span class='id identifier rubyid_challenge'>challenge</span>
<span class='kw'>end</span>
<span class='kw'>when</span> <span class='symbol'>:challenge_state</span>
<span class='id identifier rubyid_need_len'>need_len</span> <span class='op'>=</span> <span class='int'>2</span> <span class='op'>*</span> <span class='ivar'>@client_key_len</span> <span class='op'>+</span> <span class='int'>3</span>
<span class='kw'>if</span> <span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;=</span> <span class='id identifier rubyid_need_len'>need_len</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_pop_inbuffer_and_decrypt'>pop_inbuffer_and_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_need_len'>need_len</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received challenge from server: </span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>[</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'> </span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='int'>2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_fail'>fail</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Error in protocol. The first byte should be an ASCII 2. Got #{data[0]}.</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>2</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_challenge2'>challenge2</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>...</span><span class='int'>2</span> <span class='op'>*</span> <span class='ivar'>@client_key_len</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_challenge2'>challenge2</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_challenge2'>challenge2</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_fail'>fail</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Error in protocol. challenge2 length should be </span><span class='embexpr_beg'>#{</span><span class='ivar'>@client_key_len</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_challenge2'>challenge2</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='ivar'>@client_key_len</span>
<span class='ivar'>@state</span> <span class='op'>=</span> <span class='symbol'>:challenge_reply_state</span>
<span class='id identifier rubyid_challenge_reply'>challenge_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_challenge2'>challenge2</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>when</span> <span class='symbol'>:challenge_reply_state</span>
<span class='id identifier rubyid_need_len'>need_len</span> <span class='op'>=</span> <span class='int'>43</span>
<span class='kw'>if</span> <span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;=</span> <span class='id identifier rubyid_need_len'>need_len</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_pop_inbuffer_and_decrypt'>pop_inbuffer_and_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_need_len'>need_len</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received challenge reply from server:</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> [</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@state</span> <span class='op'>=</span> <span class='symbol'>:ack_state</span>
<span class='id identifier rubyid_ack'>ack</span>
<span class='kw'>end</span>
<span class='kw'>when</span> <span class='symbol'>:ack_state</span>
<span class='id identifier rubyid_need_len'>need_len</span> <span class='op'>=</span> <span class='int'>12</span>
<span class='kw'>if</span> <span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;=</span> <span class='id identifier rubyid_need_len'>need_len</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_pop_inbuffer_and_decrypt'>pop_inbuffer_and_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_need_len'>need_len</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received ack (server accepted challenge response):</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>[</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>30</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@state</span> <span class='op'>=</span> <span class='symbol'>:done_state</span>
<span class='id identifier rubyid_send_packet'>send_packet</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="read_line-instance_method">
#<strong>read_line</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Read up to the next newline from the data the server sent</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
256
257
258
259
260
261</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 256</span>
<span class='kw'>def</span> <span class='id identifier rubyid_read_line'>read_line</span>
<span class='id identifier rubyid_idx'>idx</span> <span class='op'>=</span> <span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_index'>index</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_slice!'>slice!</span><span class='lparen'>(</span><span class='int'>0</span><span class='comma'>,</span> <span class='id identifier rubyid_idx'>idx</span><span class='rparen'>)</span>
<span class='ivar'>@inbuffer</span><span class='period'>.</span><span class='id identifier rubyid_lstrip!'>lstrip!</span>
<span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="send_data-instance_method">
#<strong>send_data</strong>(buf) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Simple socket put/write</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
236
237
238</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 236</span>
<span class='kw'>def</span> <span class='id identifier rubyid_send_data'>send_data</span><span class='lparen'>(</span><span class='id identifier rubyid_buf'>buf</span><span class='rparen'>)</span>
<span class='id identifier rubyid_sock'>sock</span><span class='period'>.</span><span class='id identifier rubyid_put'>put</span><span class='lparen'>(</span><span class='id identifier rubyid_buf'>buf</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="send_packet-instance_method">
#<strong>send_packet</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Sending a packet inside the VPN connection after successful protocol setup</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
327
328
329
330
331
332
333
334
335
336</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 327</span>
<span class='kw'>def</span> <span class='id identifier rubyid_send_packet'>send_packet</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Protocol finished setup. Going to send packet.</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>17 </span><span class='embexpr_beg'>#{</span><span class='ivar'>@packet_payload</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='embexpr_end'>}</span><span class='tstring_content'>\n</span><span class='embexpr_beg'>#{</span><span class='ivar'>@packet_payload</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_plen'>plen</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="#BF_BLOCKSIZE-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_BLOCKSIZE (constant)">BF_BLOCKSIZE</a></span></span> <span class='op'>-</span> <span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>%</span> <span class='const'><span class='object_link'><a href="#BF_BLOCKSIZE-constant" title="Msf::Exploit::Remote::TincdExploitClient::BF_BLOCKSIZE (constant)">BF_BLOCKSIZE</a></span></span><span class='rparen'>)</span>
<span class='comment'># padding
</span> <span class='id identifier rubyid_msg'>msg</span> <span class='op'>+=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>B</span><span class='tstring_end'>&#39;</span></span> <span class='op'>*</span> <span class='id identifier rubyid_plen'>plen</span>
<span class='ivar'>@encryption_queue</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='rparen'>)</span>
<span class='ivar'>@keep_reading_socket</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='id identifier rubyid_handle_write'>handle_write</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="send_recv-instance_method">
#<strong>send_recv</strong>(packet_payload) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>The main method that will be called that will call other methods to send first message and continuously read from socket and ensures TCP disconnect at the end</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 66</span>
<span class='kw'>def</span> <span class='id identifier rubyid_send_recv'>send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_packet_payload'>packet_payload</span><span class='rparen'>)</span>
<span class='ivar'>@packet_payload</span> <span class='op'>=</span> <span class='id identifier rubyid_packet_payload'>packet_payload</span>
<span class='ivar'>@keep_reading_socket</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='id identifier rubyid_connect'>connect</span>
<span class='kw'>begin</span>
<span class='comment'># send the first message
</span> <span class='id identifier rubyid_id'>id</span>
<span class='comment'># Condition to get out of the while loop: ack_state to false. Unsafe? Maybe a timeout?
</span> <span class='kw'>while</span> <span class='ivar'>@keep_reading_socket</span>
<span class='id identifier rubyid_process_data'>process_data</span><span class='lparen'>(</span><span class='id identifier rubyid_sock'>sock</span><span class='period'>.</span><span class='id identifier rubyid_get_once'>get_once</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='const'>Errno</span><span class='op'>::</span><span class='const'>ECONNRESET</span>
<span class='kw'>if</span> <span class='ivar'>@state</span> <span class='op'>==</span> <span class='symbol'>:metakey_state</span>
<span class='id identifier rubyid_fail'>fail</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Server reset the connection. Probably rejecting </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>the private key and/or client name (e.g. client name not associated </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>with client public key on server side). </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Wrong server public key possible too. </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Please recheck client name, client private key and </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>server public key.</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_fail'>fail</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Server reset the connection, reason unknown.</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='kw'>ensure</span>
<span class='id identifier rubyid_disconnect'>disconnect</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="setup_ciphers-instance_method">
#<strong>setup_ciphers</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Setting up variables and calling cipher inits with file paths from configuration</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/tincd_exploit_client.rb', line 43</span>
<span class='kw'>def</span> <span class='id identifier rubyid_setup_ciphers'>setup_ciphers</span>
<span class='ivar'>@state</span> <span class='op'>=</span> <span class='symbol'>:id_state</span>
<span class='ivar'>@buffer</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='ivar'>@inbuffer</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='ivar'>@encryption_queue</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='ivar'>@packet_payload</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='ivar'>@keep_reading_socket</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='ivar'>@server_key_len</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='ivar'>@client_key_len</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='ivar'>@client_private_key_cipher</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='ivar'>@hex_enc_key_s1</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='ivar'>@bf_enc_cipher</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_init_ciphers'>init_ciphers</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SERVER_PUBLIC_KEY_FILE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CLIENT_PRIVATE_KEY_FILE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Ciphers locally initialized, private key and public key files seem to be ok</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='ivar'>@bf_dec_cipher</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:32 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink