adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

change minor syntax and raise exception for rsa keylength mismatch

Browse Source
This commit is contained in:
bwatters-r7
2026-04-06 13:12:47 -05:00
parent d10341befd
commit 06edc3d08f
5 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/msf/core/exploit/remote/cert_request.rb
+2 -2
View File
@@ -16,7 +16,7 @@ module Msf
private_key = (opts[:private_key] || OpenSSL::PKey::RSA.new(rsa_key_size))
if private_key.n.num_bits != rsa_key_size
elog("RSA key size mismatch")
return nil
raise ArgumentError, "RSA key size mismatch in create_csr()"
end
vprint_status("RSA key size: #{rsa_key_size}")
user = opts[:username]
@@ -29,7 +29,6 @@ module Msf
status_msg << " - alternate DNS: #{alt_dns}" if alt_dns
status_msg << " - alternate UPN: #{alt_upn}" if alt_upn
status_msg << " - digest algorithm: #{algorithm}" if algorithm
vprint_status status_msg
csr = Rex::Proto::X509::Request.build_csr(
cn: user,
private_key: private_key,
@@ -59,6 +58,7 @@ module Msf
algorithm: algorithm
)
end
vprint_status status_msg
csr
end
end
lib/msf/core/exploit/remote/ms_icpr.rb
+1 -1
View File
@@ -104,7 +104,7 @@ module Exploit::Remote::MsIcpr
private_key = opts[:private_key] || OpenSSL::PKey::RSA.new(rsa_key_size)
if private_key.n.num_bits != rsa_key_size
elog("RSA key size mismatch")
return nil
raise ArgumentError, "RSA key size mismatch in do_request_cert"
end
opts[:private_key] = private_key
opts[:username] = user
modules/auxiliary/admin/http/web_enrollment_cert.rb
+1 -1
View File
@@ -129,7 +129,7 @@ class MetasploitModule < Msf::Auxiliary
if datastore['DOMAIN'] != 'WORKSTATION' && queried_domain != datastore_domain
fail_with(Failure::UnexpectedReply, "Server claims to be a member of #{queried_domain} domain and does not match the datastore domain entry #{datastore['DOMAIN']}")
end
connection_identity = queried_domain + '\\\\' + datastore['HttpUsername']
connection_identity = queried_domain + '\\' + datastore['HttpUsername']
end
http_client = connect(
{
spec/lib/msf/core/exploit/remote/cert_request_spec.rb
+8 -8
View File
@@ -125,26 +125,24 @@ RSpec.describe Msf::Exploit::Remote::CertRequest do
context 'when the key size does not match the expected rsa_key_size' do
it 'logs an error' do
expect(subject).to receive(:elog).with('RSA key size mismatch')
subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096)
expect { subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096) }.to raise_error(ArgumentError)
end
it 'returns nil' do
result = subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096)
expect(result).to be_nil
it 'raises ArgumentError' do
expect { subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096) }.to raise_error(ArgumentError, /RSA key size mismatch/)
end
it 'does not build a CSR' do
expect(Rex::Proto::X509::Request).not_to receive(:build_csr)
subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096)
expect { subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096) }.to raise_error(ArgumentError)
end
end
context 'when the key size does not match the datastore rsa_key_size' do
before { subject.datastore['RSAKeySize'] = '4096' }
it 'returns nil' do
result = subject.create_csr(username: 'alice', private_key: rsa_key)
expect(result).to be_nil
it 'raises ArgumentError' do
expect { subject.create_csr(username: 'alice', private_key: rsa_key) }.to raise_error(ArgumentError, /RSA key size mismatch/)
end
end
end
@@ -163,6 +161,7 @@ RSpec.describe Msf::Exploit::Remote::CertRequest do
context 'with rsa_key_size supplied via opts' do
it 'generates a key with the specified size' do
allow(rsa_key).to receive(:n).and_return(double('OpenSSL::BN', num_bits: 4096))
expect(OpenSSL::PKey::RSA).to receive(:new).with(4096).and_return(rsa_key)
subject.create_csr(username: 'alice', rsa_key_size: 4096)
end
@@ -172,6 +171,7 @@ RSpec.describe Msf::Exploit::Remote::CertRequest do
before { subject.datastore['RSAKeySize'] = '4096' }
it 'generates a key with the datastore size' do
allow(rsa_key).to receive(:n).and_return(double('OpenSSL::BN', num_bits: 4096))
expect(OpenSSL::PKey::RSA).to receive(:new).with(4096).and_return(rsa_key)
subject.create_csr(username: 'alice')
end
spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb
+5 -5
View File
@@ -309,6 +309,7 @@ RSpec.describe Msf::Exploit::Remote::MsIcpr do
it 'uses the RSAKeySize from the datastore' do
subject.datastore['RSAKeySize'] = '4096'
allow(rsa_key).to receive(:n).and_return(double('OpenSSL::BN', num_bits: 4096))
expect(OpenSSL::PKey::RSA).to receive(:new).with(4096).and_return(rsa_key)
subject.send(:do_request_cert, icpr, { username: 'alice' })
end
@@ -329,19 +330,18 @@ RSpec.describe Msf::Exploit::Remote::MsIcpr do
context 'key size mismatch' do
let(:wrong_size_key) { OpenSSL::PKey::RSA.new(1024) }
it 'returns nil' do
result = subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key })
expect(result).to be_nil
it 'raises ArgumentError' do
expect { subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key }) }.to raise_error(ArgumentError, /RSA key size mismatch/)
end
it 'logs an RSA key size mismatch error' do
expect(subject).to receive(:elog).with('RSA key size mismatch')
subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key })
expect { subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key }) }.to raise_error(ArgumentError)
end
it 'does not call create_csr' do
expect(subject).not_to receive(:create_csr)
subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key })
expect { subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key }) }.to raise_error(ArgumentError)
end
end