adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/MsGkdi.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

848 lines
55 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::MsGkdi
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::MsGkdi";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (M)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">MsGkdi</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::MsGkdi
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/ms_gkdi.rb</dd>
</dl>
</div>
<h2>Defined Under Namespace</h2>
<p class="children">
<strong class="classes">Classes:</strong> <span class='object_link'><a href="MsGkdi/GkdiGroupKeyIdentifier.html" title="Msf::Exploit::Remote::MsGkdi::GkdiGroupKeyIdentifier (class)">GkdiGroupKeyIdentifier</a></span>
</p>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="KDS_SERVICE_LABEL-constant" class="">KDS_SERVICE_LABEL =
</dt>
<dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>KDS service\0</span><span class='tstring_end'>&quot;</span></span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>UTF-16LE</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ASCII-8BIT</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span></pre></dd>
<dt id="KDS_PUBLIC_KEY_LABEL-constant" class="">KDS_PUBLIC_KEY_LABEL =
</dt>
<dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>KDS public key\0</span><span class='tstring_end'>&quot;</span></span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>UTF-16LE</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ASCII-8BIT</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span></pre></dd>
</dl>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#bind_gkdi-instance_method" title="#bind_gkdi (instance method)">#<strong>bind_gkdi</strong>(dcerpc_client) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#connect_gkdi-instance_method" title="#connect_gkdi (instance method)">#<strong>connect_gkdi</strong>(opts = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gkdi_compute_kek-instance_method" title="#gkdi_compute_kek (instance method)">#<strong>gkdi_compute_kek</strong>(gke, key_identifier) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gkdi_compute_kek_pkey-instance_method" title="#gkdi_compute_kek_pkey (instance method)">#<strong>gkdi_compute_kek_pkey</strong>(gke, key_identifier, l2_key) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gkdi_compute_l2_key-instance_method" title="#gkdi_compute_l2_key (instance method)">#<strong>gkdi_compute_l2_key</strong>(gke, key_identifier) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gkdi_get_endpoints-instance_method" title="#gkdi_get_endpoints (instance method)">#<strong>gkdi_get_endpoints</strong>(opts = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gkdi_get_kek-instance_method" title="#gkdi_get_kek (instance method)">#<strong>gkdi_get_kek</strong>(opts = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gkdi_kdf_counter-instance_method" title="#gkdi_kdf_counter (instance method)">#<strong>gkdi_kdf_counter</strong>(length, key_material, other_info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>this is mostly a variation on NIST SP 800-108.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="bind_gkdi-instance_method">
#<strong>bind_gkdi</strong>(dcerpc_client) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
67
68
69
70
71
72
73
74
75
76</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 67</span>
<span class='kw'>def</span> <span class='id identifier rubyid_bind_gkdi'>bind_gkdi</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='rparen'>)</span>
<span class='id identifier rubyid_tower'>tower</span> <span class='op'>=</span> <span class='id identifier rubyid_gkdi_get_endpoints'>gkdi_get_endpoints</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='label'>port:</span> <span class='id identifier rubyid_tower'>tower</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Binding to GKDI via </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tower'>tower</span><span class='lbracket'>[</span><span class='symbol'>:endpoint</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='period'>.</span><span class='id identifier rubyid_bind'>bind</span><span class='lparen'>(</span>
<span class='label'>auth_level:</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>RPC_C_AUTHN_LEVEL_PKT_PRIVACY</span><span class='comma'>,</span>
<span class='label'>auth_type:</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>RPC_C_AUTHN_WINNT</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Bound to GKDI</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="connect_gkdi-instance_method">
#<strong>connect_gkdi</strong>(opts = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
54
55
56
57
58
59
60
61
62
63
64
65</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 54</span>
<span class='kw'>def</span> <span class='id identifier rubyid_connect_gkdi'>connect_gkdi</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Connecting to Group Key Distribution (GKDI) Protocol</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Client</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:rhost</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_rhost'>rhost</span> <span class='rbrace'>}</span><span class='comma'>,</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Gkdi</span><span class='comma'>,</span>
<span class='label'>username:</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:username</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>password:</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:password</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_bind_gkdi'>bind_gkdi</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gkdi_compute_kek-instance_method">
#<strong>gkdi_compute_kek</strong>(gke, key_identifier) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 94</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gkdi_compute_kek'>gkdi_compute_kek</span><span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='comma'>,</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='rparen'>)</span>
<span class='id identifier rubyid_l2_key'>l2_key</span> <span class='op'>=</span> <span class='id identifier rubyid_gkdi_compute_l2_key'>gkdi_compute_l2_key</span><span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='comma'>,</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_dw_flags'>dw_flags</span> <span class='op'>&amp;</span> <span class='int'>1</span><span class='rparen'>)</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>only public-private key pairs are supported</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_secret'>secret</span> <span class='op'>=</span> <span class='id identifier rubyid_gkdi_compute_kek_pkey'>gkdi_compute_kek_pkey</span><span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='comma'>,</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='comma'>,</span> <span class='id identifier rubyid_l2_key'>l2_key</span><span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='id identifier rubyid_secret'>secret</span><span class='comma'>,</span>
<span class='int'>32</span><span class='comma'>,</span>
<span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_kdf_parameters'>kdf_parameters</span><span class='period'>.</span><span class='id identifier rubyid_hash_algorithm_name'>hash_algorithm_name</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='const'><span class='object_link'><a href="#KDS_SERVICE_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_SERVICE_LABEL (constant)">KDS_SERVICE_LABEL</a></span></span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='const'><span class='object_link'><a href="#KDS_PUBLIC_KEY_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_PUBLIC_KEY_LABEL (constant)">KDS_PUBLIC_KEY_LABEL</a></span></span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gkdi_compute_kek_pkey-instance_method">
#<strong>gkdi_compute_kek_pkey</strong>(gke, key_identifier, l2_key) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 111</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gkdi_compute_kek_pkey'>gkdi_compute_kek_pkey</span><span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='comma'>,</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='comma'>,</span> <span class='id identifier rubyid_l2_key'>l2_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_private_key'>private_key</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='id identifier rubyid_l2_key'>l2_key</span><span class='comma'>,</span>
<span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_private_key_length'>private_key_length</span> <span class='op'>/</span> <span class='float'>8.0</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_ceil'>ceil</span><span class='comma'>,</span>
<span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_kdf_parameters'>kdf_parameters</span><span class='period'>.</span><span class='id identifier rubyid_hash_algorithm_name'>hash_algorithm_name</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_secret_agreement_algorithm'>secret_agreement_algorithm</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='const'><span class='object_link'><a href="#KDS_SERVICE_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_SERVICE_LABEL (constant)">KDS_SERVICE_LABEL</a></span></span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span> <span class='op'>=</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_secret_agreement_algorithm'>secret_agreement_algorithm</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='rparen'>)</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DH</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>unsupported secret agreement algorithm: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ffc_dh_key'>ffc_dh_key</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Gkdi</span><span class='op'>::</span><span class='const'>GkdiFfcDhKey</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_context'>context</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_base'>base</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='period'>.</span><span class='id identifier rubyid_bytes_to_int'><span class='object_link'><a href="../../../Rex/Crypto.html#bytes_to_int-class_method" title="Rex::Crypto.bytes_to_int (method)">bytes_to_int</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_ffc_dh_key'>ffc_dh_key</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_exp'>exp</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='period'>.</span><span class='id identifier rubyid_bytes_to_int'><span class='object_link'><a href="../../../Rex/Crypto.html#bytes_to_int-class_method" title="Rex::Crypto.bytes_to_int (method)">bytes_to_int</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_private_key'>private_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_mod'>mod</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='period'>.</span><span class='id identifier rubyid_bytes_to_int'><span class='object_link'><a href="../../../Rex/Crypto.html#bytes_to_int-class_method" title="Rex::Crypto.bytes_to_int (method)">bytes_to_int</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_ffc_dh_key'>ffc_dh_key</span><span class='period'>.</span><span class='id identifier rubyid_field_order'>field_order</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_key_material'>key_material</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='period'>.</span><span class='id identifier rubyid_int_to_bytes'><span class='object_link'><a href="../../../Rex/Crypto.html#int_to_bytes-class_method" title="Rex::Crypto.int_to_bytes (method)">int_to_bytes</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_base'>base</span><span class='period'>.</span><span class='id identifier rubyid_pow'>pow</span><span class='lparen'>(</span><span class='id identifier rubyid_exp'>exp</span><span class='comma'>,</span> <span class='id identifier rubyid_mod'>mod</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_gkdi_kdf_counter'>gkdi_kdf_counter</span><span class='lparen'>(</span><span class='int'>32</span><span class='comma'>,</span> <span class='id identifier rubyid_key_material'>key_material</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SHA512\0</span><span class='tstring_end'>&quot;</span></span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>UTF-16LE</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ASCII-8BIT</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='const'><span class='object_link'><a href="#KDS_PUBLIC_KEY_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_PUBLIC_KEY_LABEL (constant)">KDS_PUBLIC_KEY_LABEL</a></span></span> <span class='op'>+</span> <span class='const'><span class='object_link'><a href="#KDS_SERVICE_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_SERVICE_LABEL (constant)">KDS_SERVICE_LABEL</a></span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gkdi_compute_l2_key-instance_method">
#<strong>gkdi_compute_l2_key</strong>(gke, key_identifier) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 133</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gkdi_compute_l2_key'>gkdi_compute_l2_key</span><span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='comma'>,</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span> <span class='op'>=</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_kdf_algorithm'>kdf_algorithm</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='rparen'>)</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SP800_108_CTR_HMAC</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gkdi/5d373568-dd68-499b-bd06-a3ce16ca7117
</span> <span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>unsupported key derivation function algorithm: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_l1'>l1</span> <span class='op'>=</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l1_index'>l1_index</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_l1_key'>l1_key</span> <span class='op'>=</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l1_key'>l1_key</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_l2'>l2</span> <span class='op'>=</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l2_index'>l2_index</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_l2_key'>l2_key</span> <span class='op'>=</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l2_key'>l2_key</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_reseed_l2'>reseed_l2</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_l2'>l2</span> <span class='op'>==</span> <span class='int'>31</span> <span class='op'>||</span> <span class='id identifier rubyid_l1'>l1</span> <span class='op'>!=</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_l1_index'>l1_index</span><span class='rparen'>)</span>
<span class='id identifier rubyid_l1'>l1</span> <span class='op'>-=</span> <span class='int'>1</span> <span class='kw'>if</span> <span class='id identifier rubyid_l2'>l2</span> <span class='op'>!=</span> <span class='int'>31</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_l1'>l1</span> <span class='op'>!=</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_l1_index'>l1_index</span>
<span class='kw'>while</span> <span class='id identifier rubyid_l1'>l1</span> <span class='op'>!=</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_l1_index'>l1_index</span>
<span class='id identifier rubyid_reseed_l2'>reseed_l2</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='id identifier rubyid_l1'>l1</span> <span class='op'>-=</span> <span class='int'>1</span>
<span class='id identifier rubyid_l1_key'>l1_key</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='id identifier rubyid_l1_key'>l1_key</span><span class='comma'>,</span>
<span class='int'>64</span><span class='comma'>,</span>
<span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_kdf_parameters'>kdf_parameters</span><span class='period'>.</span><span class='id identifier rubyid_hash_algorithm_name'>hash_algorithm_name</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_root_key_identifier'>root_key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span> <span class='op'>+</span> <span class='lbracket'>[</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l0_index'>l0_index</span><span class='comma'>,</span> <span class='id identifier rubyid_l1'>l1</span><span class='comma'>,</span> <span class='op'>-</span><span class='int'>1</span> <span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>l&lt;l&lt;l&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='const'><span class='object_link'><a href="#KDS_SERVICE_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_SERVICE_LABEL (constant)">KDS_SERVICE_LABEL</a></span></span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_reseed_l2'>reseed_l2</span>
<span class='id identifier rubyid_l2'>l2</span> <span class='op'>=</span> <span class='int'>31</span>
<span class='id identifier rubyid_l2_key'>l2_key</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='id identifier rubyid_l1_key'>l1_key</span><span class='comma'>,</span>
<span class='int'>64</span><span class='comma'>,</span>
<span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_kdf_parameters'>kdf_parameters</span><span class='period'>.</span><span class='id identifier rubyid_hash_algorithm_name'>hash_algorithm_name</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_root_key_identifier'>root_key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span> <span class='op'>+</span> <span class='lbracket'>[</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l0_index'>l0_index</span><span class='comma'>,</span> <span class='id identifier rubyid_l1'>l1</span><span class='comma'>,</span> <span class='id identifier rubyid_l2'>l2</span> <span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>l&lt;l&lt;l&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='const'><span class='object_link'><a href="#KDS_SERVICE_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_SERVICE_LABEL (constant)">KDS_SERVICE_LABEL</a></span></span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span>
<span class='kw'>while</span> <span class='id identifier rubyid_l2'>l2</span> <span class='op'>!=</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_l2_index'>l2_index</span>
<span class='id identifier rubyid_l2'>l2</span> <span class='op'>-=</span> <span class='int'>1</span>
<span class='id identifier rubyid_l2_key'>l2_key</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='id identifier rubyid_l2_key'>l2_key</span><span class='comma'>,</span>
<span class='int'>64</span><span class='comma'>,</span>
<span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_kdf_parameters'>kdf_parameters</span><span class='period'>.</span><span class='id identifier rubyid_hash_algorithm_name'>hash_algorithm_name</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_root_key_identifier'>root_key_identifier</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span> <span class='op'>+</span> <span class='lbracket'>[</span> <span class='id identifier rubyid_gke'>gke</span><span class='period'>.</span><span class='id identifier rubyid_l0_index'>l0_index</span><span class='comma'>,</span> <span class='id identifier rubyid_l1'>l1</span><span class='comma'>,</span> <span class='id identifier rubyid_l2'>l2</span> <span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>l&lt;l&lt;l&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='const'><span class='object_link'><a href="#KDS_SERVICE_LABEL-constant" title="Msf::Exploit::Remote::MsGkdi::KDS_SERVICE_LABEL (constant)">KDS_SERVICE_LABEL</a></span></span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_l2_key'>l2_key</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gkdi_get_endpoints-instance_method">
#<strong>gkdi_get_endpoints</strong>(opts = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 78</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gkdi_get_endpoints'>gkdi_get_endpoints</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Mapping GKDI endpoints...</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Client</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:rhost</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_rhost'>rhost</span> <span class='rbrace'>}</span><span class='comma'>,</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Epm</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='period'>.</span><span class='id identifier rubyid_bind'>bind</span>
<span class='comment'># This works around an odd error where if the target has just booted, then no towers (endpoint connection infos)
</span> <span class='comment'># will be returned if max_towers is set to 1. Here we map it our self and set max_towers to a higher number to work
</span> <span class='comment'># around the behavior. Subsequent mapping attempts will work with max_towers set to 1, but 4 will always work.
</span> <span class='id identifier rubyid_towers'>towers</span> <span class='op'>=</span> <span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='period'>.</span><span class='id identifier rubyid_ept_map_endpoint'>ept_map_endpoint</span><span class='lparen'>(</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Gkdi</span><span class='comma'>,</span> <span class='label'>max_towers:</span> <span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dcerpc_client'>dcerpc_client</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
<span class='id identifier rubyid_towers'>towers</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gkdi_get_kek-instance_method">
#<strong>gkdi_get_kek</strong>(opts = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
39
40
41
42
43
44
45
46
47
48
49
50
51
52</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 39</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gkdi_get_kek'>gkdi_get_kek</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_gkdi'>gkdi</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:client</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_connect_gkdi'>connect_gkdi</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_key_identifier'>key_identifier</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:key_identifier</span><span class='rparen'>)</span>
<span class='id identifier rubyid_gke'>gke</span> <span class='op'>=</span> <span class='id identifier rubyid_gkdi'>gkdi</span><span class='period'>.</span><span class='id identifier rubyid_gkdi_get_key'>gkdi_get_key</span><span class='lparen'>(</span>
<span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:security_descriptor</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='lbracket'>[</span><span class='symbol'>:root_key_identifier</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='comma'>,</span>
<span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='lbracket'>[</span><span class='symbol'>:l0_index</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='lbracket'>[</span><span class='symbol'>:l1_index</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='lbracket'>[</span><span class='symbol'>:l2_index</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_gkdi_compute_kek'>gkdi_compute_kek</span><span class='lparen'>(</span><span class='id identifier rubyid_gke'>gke</span><span class='comma'>,</span> <span class='id identifier rubyid_key_identifier'>key_identifier</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gkdi_kdf_counter-instance_method">
#<strong>gkdi_kdf_counter</strong>(length, key_material, other_info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>this is mostly a variation on NIST SP 800-108</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/ms_gkdi.rb', line 189</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gkdi_kdf_counter'>gkdi_kdf_counter</span><span class='lparen'>(</span><span class='id identifier rubyid_length'>length</span><span class='comma'>,</span> <span class='id identifier rubyid_key_material'>key_material</span><span class='comma'>,</span> <span class='id identifier rubyid_other_info'>other_info</span><span class='rparen'>)</span>
<span class='id identifier rubyid_prf'>prf</span> <span class='op'>=</span> <span class='tlambda'>-&gt;</span> <span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span> <span class='tlambeg'>{</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Digest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SHA256</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_key_block'>key_block</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_counter'>counter</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='kw'>while</span> <span class='id identifier rubyid_key_block'>key_block</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_length'>length</span>
<span class='id identifier rubyid_counter'>counter</span> <span class='op'>+=</span> <span class='int'>1</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>RangeError</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>counter overflow</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_counter'>counter</span> <span class='op'>&gt;</span> <span class='int'>0xffffffff</span>
<span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbracket'>[</span> <span class='id identifier rubyid_counter'>counter</span> <span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='id identifier rubyid_key_material'>key_material</span> <span class='op'>+</span> <span class='id identifier rubyid_other_info'>other_info</span>
<span class='id identifier rubyid_key_block'>key_block</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_prf'>prf</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_key_block'>key_block</span><span class='lbracket'>[</span><span class='op'>...</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:45 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink