adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/LaravelCryptoKiller.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1633 lines
54 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::LaravelCryptoKiller
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::LaravelCryptoKiller";
relpath = '../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../_index.html">Index (L)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span>
&raquo;
<span class="title">LaravelCryptoKiller</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::LaravelCryptoKiller
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/laravel_crypto_killer.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This mixin module provides methods to exploit bad implementations of decryption mechanisms in Laravel applications. This tool was firstly designed to craft payloads targeting the Laravel decrypt()` function from the package `IlluminateEncryption`. It can also be used to decrypt any data encrypted via `encrypt()` or `encryptString()`. The tool requires a valid `APP_KEY` to be used, you can also try to bruteforce them if you think there is a potential key reuse from a public project for example. Original authors of the tool: `@<em>remsio</em>` `@Kainx42` from SynActiv. Orignal python code can be found here: <a href="https://github.com/synacktiv/laravel-crypto-killer">github.com/synacktiv/laravel-crypto-killer</a> Recoded in Ruby by h00die-gr3y (<a href="at">h00die.gr3y</a>gmail.com)</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#aes_decrypt-instance_method" title="#aes_decrypt (instance method)">#<strong>aes_decrypt</strong>(encrypted_value, iv, key, cipher_mode) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Perform AES decryption in CBC mode (compatible with Laravel).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#aes_encrypt-instance_method" title="#aes_encrypt (instance method)">#<strong>aes_encrypt</strong>(value, iv, key, cipher_mode) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Perform AES encryption in CBC mode (compatible with Laravel).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#generate_mac-instance_method" title="#generate_mac (instance method)">#<strong>generate_mac</strong>(key, iv, value) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generate HMAC with SHA256.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#laravel_bruteforce_from_file-instance_method" title="#laravel_bruteforce_from_file (instance method)">#<strong>laravel_bruteforce_from_file</strong>(value, key_file, cipher_mode) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Uses an opened file containing a key on each line to perform a brute-force attack on a given value.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#laravel_decrypt-instance_method" title="#laravel_decrypt (instance method)">#<strong>laravel_decrypt</strong>(laravel_cipher, key, cipher_mode) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Decrypts a Laravel ciphered string.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#laravel_encrypt-instance_method" title="#laravel_encrypt (instance method)">#<strong>laravel_encrypt</strong>(value_to_encrypt, key, cipher_mode) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Encrypts a base64 string as a ciphered Laravel value.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#laravel_encrypt_session_cookie-instance_method" title="#laravel_encrypt_session_cookie (instance method)">#<strong>laravel_encrypt_session_cookie</strong>(value_to_encrypt, hash_value, key, cipher_mode) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Encrypts a base64 string as a Laravel session cookie.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#parse_laravel_cipher-instance_method" title="#parse_laravel_cipher (instance method)">#<strong>parse_laravel_cipher</strong>(laravel_cipher) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parses Laravel cipher data.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#retrieve_key-instance_method" title="#retrieve_key (instance method)">#<strong>retrieve_key</strong>(key) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse Laravel APP_KEY value.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#valid_cipher%3F-instance_method" title="#valid_cipher? (instance method)">#<strong>valid_cipher?</strong>(cipher_mode) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Check if cipher is valid.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="aes_decrypt-instance_method">
#<strong>aes_decrypt</strong>(encrypted_value, iv, key, cipher_mode) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Perform AES decryption in CBC mode (compatible with Laravel)</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;encrypted_value&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Encrypted value that will be decrypted</p>
</div>
</li>
<li>
<span class='name'>&lt;iv&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Random 16-byte IV parameter used for encryption</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key used for decryption</p>
</div>
</li>
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cipher_mode used for encryption (AES-256-CBC)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The decrypted value or nil if unsuccessful</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 61</span>
<span class='kw'>def</span> <span class='id identifier rubyid_aes_decrypt'>aes_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_encrypted_value'>encrypted_value</span><span class='comma'>,</span> <span class='id identifier rubyid_iv'>iv</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='comment'># Check cipher mode
</span> <span class='kw'>unless</span> <span class='id identifier rubyid_valid_cipher?'>valid_cipher?</span><span class='lparen'>(</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Cipher is not valid: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='comment'># Create AES cipher in CBC mode
</span> <span class='id identifier rubyid_cipher'>cipher</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_decrypt'>decrypt</span>
<span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span>
<span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_iv'>iv</span> <span class='op'>=</span> <span class='id identifier rubyid_iv'>iv</span>
<span class='comment'># Decrypt the value
</span> <span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='id identifier rubyid_encrypted_value'>encrypted_value</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_final'>final</span>
<span class='kw'>rescue</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='op'>::</span><span class='const'>CipherError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>AES decryption failed: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="aes_encrypt-instance_method">
#<strong>aes_encrypt</strong>(value, iv, key, cipher_mode) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Perform AES encryption in CBC mode (compatible with Laravel)</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;value&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The value that will be encrypted</p>
</div>
</li>
<li>
<span class='name'>&lt;iv&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The IV parameter used for encryption</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key used for encryption</p>
</div>
</li>
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cipher_mode used for encryption (AES-256-CBC)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The encrypted value or nil if unsuccessful</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 32</span>
<span class='kw'>def</span> <span class='id identifier rubyid_aes_encrypt'>aes_encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='id identifier rubyid_iv'>iv</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='comment'># Check cipher mode
</span> <span class='kw'>unless</span> <span class='id identifier rubyid_valid_cipher?'>valid_cipher?</span><span class='lparen'>(</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Cipher is not valid: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='comment'># Create a new AES cipher in CBC mode
</span> <span class='id identifier rubyid_cipher'>cipher</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_encrypt'>encrypt</span>
<span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span>
<span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_iv'>iv</span> <span class='op'>=</span> <span class='id identifier rubyid_iv'>iv</span>
<span class='comment'># Padding (similar to the pad lambda in Python)
</span> <span class='id identifier rubyid_pad_length'>pad_length</span> <span class='op'>=</span> <span class='int'>16</span> <span class='op'>-</span> <span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>%</span> <span class='int'>16</span><span class='rparen'>)</span>
<span class='id identifier rubyid_padded_value'>padded_value</span> <span class='op'>=</span> <span class='id identifier rubyid_value'>value</span> <span class='op'>+</span> <span class='lparen'>(</span><span class='id identifier rubyid_pad_length'>pad_length</span><span class='period'>.</span><span class='id identifier rubyid_chr'>chr</span> <span class='op'>*</span> <span class='id identifier rubyid_pad_length'>pad_length</span><span class='rparen'>)</span>
<span class='comment'># Encrypt the data
</span> <span class='id identifier rubyid_cipher'>cipher</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='id identifier rubyid_padded_value'>padded_value</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>StandardError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>AES encryption failed: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="generate_mac-instance_method">
#<strong>generate_mac</strong>(key, iv, value) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generate HMAC with SHA256</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;value&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The value that will be encrypted</p>
</div>
</li>
<li>
<span class='name'>&lt;iv&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Random 16-byte IV parameter</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The hmac digest.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
201
202
203</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 201</span>
<span class='kw'>def</span> <span class='id identifier rubyid_generate_mac'>generate_mac</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_iv'>iv</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>HMAC</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SHA256</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_iv'>iv</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_value'>value</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="laravel_bruteforce_from_file-instance_method">
#<strong>laravel_bruteforce_from_file</strong>(value, key_file, cipher_mode) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Uses an opened file containing a key on each line to perform a brute-force attack on a given value</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;value&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The encrypted Laravel value</p>
</div>
</li>
<li>
<span class='name'>&lt;key_file&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The file with Laravel APP_KEYs per line used for brute-force decryption</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key used for decryption</p>
</div>
</li>
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cipher_mode used for encryption (AES-256-CBC)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The valid key if it was identified with the value: "value":&lt;value&gt;</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 177</span>
<span class='kw'>def</span> <span class='id identifier rubyid_laravel_bruteforce_from_file'>laravel_bruteforce_from_file</span><span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='id identifier rubyid_key_file'>key_file</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='op'>!</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_file?'>file?</span><span class='lparen'>(</span><span class='id identifier rubyid_key_file'>key_file</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_foreach'>foreach</span><span class='lparen'>(</span><span class='id identifier rubyid_key_file'>key_file</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_line'>line</span><span class='op'>|</span>
<span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_line'>line</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='id identifier rubyid_decrypted_value'>decrypted_value</span> <span class='op'>=</span> <span class='id identifier rubyid_laravel_decrypt'>laravel_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-8</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_decrypted_value'>decrypted_value</span>
<span class='kw'>return</span> <span class='lbrace'>{</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>key</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>value</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_decrypted_value'>decrypted_value</span> <span class='rbrace'>}</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='const'>StandardError</span>
<span class='kw'>next</span>
<span class='kw'>end</span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="laravel_decrypt-instance_method">
#<strong>laravel_decrypt</strong>(laravel_cipher, key, cipher_mode) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Decrypts a Laravel ciphered string</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;laravel_cipher&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The Laravel cipher to be decrypted</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key used for decryption</p>
</div>
</li>
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cipher_mode used for encryption (AES-256-CBC)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The decrypted Laravel cipher or nil if unsuccessful</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
159
160
161
162
163
164
165
166
167
168</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 159</span>
<span class='kw'>def</span> <span class='id identifier rubyid_laravel_decrypt'>laravel_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_laravel_cipher'>laravel_cipher</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_parse_laravel_cipher'>parse_laravel_cipher</span><span class='lparen'>(</span><span class='id identifier rubyid_laravel_cipher'>laravel_cipher</span><span class='rparen'>)</span>
<span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_retrieve_key'>retrieve_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='kw'>return</span> <span class='id identifier rubyid_aes_decrypt'>aes_decrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>value</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>iv</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>StandardError</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Your key is probably malformed or incorrect.</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="laravel_encrypt-instance_method">
#<strong>laravel_encrypt</strong>(value_to_encrypt, key, cipher_mode) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Encrypts a base64 string as a ciphered Laravel value</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;value&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The base64-encode value that will be encrypted</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key used for decryption</p>
</div>
</li>
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cipher_mode used for encryption (AES-256-CBC)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The base64-encoded encrypted JSON.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 85</span>
<span class='kw'>def</span> <span class='id identifier rubyid_laravel_encrypt'>laravel_encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_value_to_encrypt'>value_to_encrypt</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_retrieve_key'>retrieve_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_iv'>iv</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Random</span><span class='period'>.</span><span class='id identifier rubyid_random_bytes'>random_bytes</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span> <span class='comment'># Random 16-byte IV
</span> <span class='id identifier rubyid_tmp_bytes'>tmp_bytes</span> <span class='op'>=</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_encode64'>strict_encode64</span><span class='lparen'>(</span><span class='id identifier rubyid_aes_encrypt'>aes_encrypt</span><span class='lparen'>(</span><span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_value_to_encrypt'>value_to_encrypt</span><span class='rparen'>)</span><span class='comma'>,</span> <span class='id identifier rubyid_iv'>iv</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='comment'># Base64-encode the IV
</span> <span class='id identifier rubyid_b64_iv'>b64_iv</span> <span class='op'>=</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_encode64'>strict_encode64</span><span class='lparen'>(</span><span class='id identifier rubyid_iv'>iv</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='comment'># Prepare data for output
</span> <span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>iv</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_b64_iv'>b64_iv</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>value</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_tmp_bytes'>tmp_bytes</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>mac</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_generate_mac'>generate_mac</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_b64_iv'>b64_iv</span><span class='comma'>,</span> <span class='id identifier rubyid_tmp_bytes'>tmp_bytes</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>tag</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='comment'># Assuming empty tag
</span> <span class='rbrace'>}</span>
<span class='comment'># Return the final encrypted value as Base64-encoded JSON
</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_encode64'>strict_encode64</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_to_json'>to_json</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="laravel_encrypt_session_cookie-instance_method">
#<strong>laravel_encrypt_session_cookie</strong>(value_to_encrypt, hash_value, key, cipher_mode) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Encrypts a base64 string as a Laravel session cookie.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;value_to_encrypt&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The value that will be encrypted</p>
</div>
</li>
<li>
<span class='name'>&lt;hash_value&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The decrypted value of the Laravel session cookie</p>
</div>
</li>
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The key used for decryption</p>
</div>
</li>
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cipher_mode used for encryption (AES-256-CBC)</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The base64-encoded encrypted Laravel session_cookie value</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
111
112
113
114
115
116</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 111</span>
<span class='kw'>def</span> <span class='id identifier rubyid_laravel_encrypt_session_cookie'>laravel_encrypt_session_cookie</span><span class='lparen'>(</span><span class='id identifier rubyid_value_to_encrypt'>value_to_encrypt</span><span class='comma'>,</span> <span class='id identifier rubyid_hash_value'>hash_value</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_decoded_value'>decoded_value</span> <span class='op'>=</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_value_to_encrypt'>value_to_encrypt</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-8</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_parsed_value'>parsed_value</span> <span class='op'>=</span> <span class='id identifier rubyid_decoded_value'>decoded_value</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\\\\\</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>&quot;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\&quot;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\00</span><span class='regexp_end'>/</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\u0000</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_session_json_to_encrypt'>session_json_to_encrypt</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_hash_value'>hash_value</span><span class='embexpr_end'>}</span><span class='tstring_content'>|{\&quot;data\&quot;:\&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_parsed_value'>parsed_value</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot;,\&quot;expires\&quot;:9999999999}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_laravel_encrypt'>laravel_encrypt</span><span class='lparen'>(</span><span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_encode64'>strict_encode64</span><span class='lparen'>(</span><span class='id identifier rubyid_session_json_to_encrypt'>session_json_to_encrypt</span><span class='rparen'>)</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="parse_laravel_cipher-instance_method">
#<strong>parse_laravel_cipher</strong>(laravel_cipher) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parses Laravel cipher data</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;laravel_cipher&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The base64-encoded Laravel cipher data</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The laravel parsed cipher data in JSON format or nil if unsuccessful</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 122</span>
<span class='kw'>def</span> <span class='id identifier rubyid_parse_laravel_cipher'>parse_laravel_cipher</span><span class='lparen'>(</span><span class='id identifier rubyid_laravel_cipher'>laravel_cipher</span><span class='rparen'>)</span>
<span class='id identifier rubyid_laravel_cipher'>laravel_cipher</span> <span class='op'>=</span> <span class='const'>CGI</span><span class='period'>.</span><span class='id identifier rubyid_unescape'>unescape</span><span class='lparen'>(</span><span class='id identifier rubyid_laravel_cipher'>laravel_cipher</span><span class='rparen'>)</span> <span class='comment'># Decoding URL encoded string
</span> <span class='kw'>begin</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='const'>JSON</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_laravel_cipher'>laravel_cipher</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>JSON</span><span class='op'>::</span><span class='const'>ParserError</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The JSON inside your base64 is malformed</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>rescue</span> <span class='const'>StandardError</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Your base64 laravel_cipher value is malformed</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>value</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>value</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>iv</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>iv</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="retrieve_key-instance_method">
#<strong>retrieve_key</strong>(key) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse Laravel APP_KEY value</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;key&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The Laravel APP_KEY</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The Laravel parsed APP_KEY</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
143
144
145
146
147
148
149
150
151</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 143</span>
<span class='kw'>def</span> <span class='id identifier rubyid_retrieve_key'>retrieve_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_start_with?'>start_with?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>base64:</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>:</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='int'>44</span>
<span class='const'>Base64</span><span class='period'>.</span><span class='id identifier rubyid_strict_decode64'>strict_decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-8</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="valid_cipher?-instance_method">
#<strong>valid_cipher?</strong>(cipher_mode) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Check if cipher is valid</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>&lt;cipher_mode&gt;</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The cipher_mode</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>true if mode is ok or false if mode is not valid</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
20
21
22
23</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/laravel_crypto_killer.rb', line 20</span>
<span class='kw'>def</span> <span class='id identifier rubyid_valid_cipher?'>valid_cipher?</span><span class='lparen'>(</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ciphers'>ciphers</span> <span class='op'>||=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_ciphers'>ciphers</span>
<span class='id identifier rubyid_ciphers'>ciphers</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_cipher_mode'>cipher_mode</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:12 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink