adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Util/WindowsRegistry/Security.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

917 lines
44 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Util::WindowsRegistry::Security
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Util::WindowsRegistry::Security";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (S)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Util.html" title="Msf::Util (module)">Util</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../WindowsRegistry.html" title="Msf::Util::WindowsRegistry (module)">WindowsRegistry</a></span></span>
&raquo;
<span class="title">Security</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Util::WindowsRegistry::Security
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../WindowsCryptoHelpers.html" title="Msf::Util::WindowsCryptoHelpers (module)">Msf::Util::WindowsCryptoHelpers</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/util/windows_registry/security.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module include helpers for the SECURITY hive</p>
</div>
</div>
<div class="tags">
</div><h2>Defined Under Namespace</h2>
<p class="children">
<strong class="classes">Classes:</strong> <span class='object_link'><a href="Security/CacheData.html" title="Msf::Util::WindowsRegistry::Security::CacheData (class)">CacheData</a></span>, <span class='object_link'><a href="Security/CacheEntry.html" title="Msf::Util::WindowsRegistry::Security::CacheEntry (class)">CacheEntry</a></span>, <span class='object_link'><a href="Security/CacheInfo.html" title="Msf::Util::WindowsRegistry::Security::CacheInfo (class)">CacheInfo</a></span>
</p>
<h2>Constant Summary</h2>
<h3 class="inherited">Constants included
from <span class='object_link'><a href="../WindowsCryptoHelpers.html" title="Msf::Util::WindowsCryptoHelpers (module)">Msf::Util::WindowsCryptoHelpers</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../WindowsCryptoHelpers.html#EMPTY_LM-constant" title="Msf::Util::WindowsCryptoHelpers::EMPTY_LM (constant)">Msf::Util::WindowsCryptoHelpers::EMPTY_LM</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#EMPTY_NT-constant" title="Msf::Util::WindowsCryptoHelpers::EMPTY_NT (constant)">Msf::Util::WindowsCryptoHelpers::EMPTY_NT</a></span></p>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#lsa_vista_style-instance_method" title="#lsa_vista_style (instance method)">#<strong>lsa_vista_style</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute lsa_vista_style.</p>
</div></span>
</li>
</ul>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#cached_infos-instance_method" title="#cached_infos (instance method)">#<strong>cached_infos</strong>(nlkm_key) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the decrypted Cache data and information from HKLMCache.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_secret_key-instance_method" title="#lsa_secret_key (instance method)">#<strong>lsa_secret_key</strong>(boot_key) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Retrieve the decrypted LSA secret key from a given BootKey.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_secrets-instance_method" title="#lsa_secrets (instance method)">#<strong>lsa_secrets</strong>(lsa_key) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the decrypted LSA secrets under HKLMSECURITYPolicySecrets.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#nlkm_secret_key-instance_method" title="#nlkm_secret_key (instance method)">#<strong>nlkm_secret_key</strong>(lsa_key) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the decrypted NLKM secret key from HKLMSECURITYPolicySecretsNL$KMCurrVal.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#normalize_key-instance_method" title="#normalize_key (instance method)">#<strong>normalize_key</strong>(key) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../WindowsCryptoHelpers.html" title="Msf::Util::WindowsCryptoHelpers (module)">Msf::Util::WindowsCryptoHelpers</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../WindowsCryptoHelpers.html#add_parity-instance_method" title="Msf::Util::WindowsCryptoHelpers#add_parity (method)">#add_parity</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#aes128_cts_hmac_sha1_96-instance_method" title="Msf::Util::WindowsCryptoHelpers#aes128_cts_hmac_sha1_96 (method)">#aes128_cts_hmac_sha1_96</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#aes256_cts_hmac_sha1_96-instance_method" title="Msf::Util::WindowsCryptoHelpers#aes256_cts_hmac_sha1_96 (method)">#aes256_cts_hmac_sha1_96</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#aes_cts_hmac_sha1_96-instance_method" title="Msf::Util::WindowsCryptoHelpers#aes_cts_hmac_sha1_96 (method)">#aes_cts_hmac_sha1_96</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#convert_des_56_to_64-instance_method" title="Msf::Util::WindowsCryptoHelpers#convert_des_56_to_64 (method)">#convert_des_56_to_64</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#decrypt_aes-instance_method" title="Msf::Util::WindowsCryptoHelpers#decrypt_aes (method)">#decrypt_aes</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#decrypt_hash-instance_method" title="Msf::Util::WindowsCryptoHelpers#decrypt_hash (method)">#decrypt_hash</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#decrypt_lsa_data-instance_method" title="Msf::Util::WindowsCryptoHelpers#decrypt_lsa_data (method)">#decrypt_lsa_data</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#decrypt_secret_data-instance_method" title="Msf::Util::WindowsCryptoHelpers#decrypt_secret_data (method)">#decrypt_secret_data</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#decrypt_user_hash-instance_method" title="Msf::Util::WindowsCryptoHelpers#decrypt_user_hash (method)">#decrypt_user_hash</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#decrypt_user_key-instance_method" title="Msf::Util::WindowsCryptoHelpers#decrypt_user_key (method)">#decrypt_user_key</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#des_cbc_md5-instance_method" title="Msf::Util::WindowsCryptoHelpers#des_cbc_md5 (method)">#des_cbc_md5</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#fix_parity-instance_method" title="Msf::Util::WindowsCryptoHelpers#fix_parity (method)">#fix_parity</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#rc4_hmac-instance_method" title="Msf::Util::WindowsCryptoHelpers#rc4_hmac (method)">#rc4_hmac</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#rid_to_key-instance_method" title="Msf::Util::WindowsCryptoHelpers#rid_to_key (method)">#rid_to_key</a></span>, <span class='object_link'><a href="../WindowsCryptoHelpers.html#weak_des_key%3F-instance_method" title="Msf::Util::WindowsCryptoHelpers#weak_des_key? (method)">#weak_des_key?</a></span></p>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="lsa_vista_style=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="lsa_vista_style-instance_method">
#<strong>lsa_vista_style</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute lsa_vista_style.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
80
81
82</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/security.rb', line 80</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_vista_style'>lsa_vista_style</span>
<span class='ivar'>@lsa_vista_style</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="cached_infos-instance_method">
#<strong>cached_infos</strong>(nlkm_key) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the decrypted Cache data and information from HKLMCache. For this, the NLKM secret key must be provided, which can be retrieved with the #nlkm_secret_key method.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>nlkm_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The NLKM secret key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>An array of CacheInfo structures containing the Cache information</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/security.rb', line 193</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cached_infos'>cached_infos</span><span class='lparen'>(</span><span class='id identifier rubyid_nlkm_key'>nlkm_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_values'>values</span> <span class='op'>=</span> <span class='id identifier rubyid_enum_values'>enum_values</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Cache</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_values'>values</span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>[Msf::Util::WindowsRegistry::Sam::cached_hashes] No cashed entries</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_values'>values</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NL$Control</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='id identifier rubyid_values'>values</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NL$IterationCount</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid__value_type'>_value_type</span><span class='comma'>,</span> <span class='id identifier rubyid_value_data'>value_data</span> <span class='op'>=</span> <span class='id identifier rubyid_reg_parser'>reg_parser</span><span class='period'>.</span><span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Cache</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NL$IterationCount</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>=</span> <span class='id identifier rubyid_value_data'>value_data</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_values'>values</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_value'>value</span><span class='op'>|</span>
<span class='id identifier rubyid__value_type'>_value_type</span><span class='comma'>,</span> <span class='id identifier rubyid_value_data'>value_data</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Cache</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cache'>cache</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Security/CacheEntry.html" title="Msf::Util::WindowsRegistry::Security::CacheEntry (class)">CacheEntry</a></span></span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_value_data'>value_data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cache_info'>cache_info</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Security/CacheInfo.html" title="Msf::Util::WindowsRegistry::Security::CacheInfo (class)">CacheInfo</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>name:</span> <span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='label'>entry:</span> <span class='id identifier rubyid_cache'>cache</span><span class='rparen'>)</span>
<span class='kw'>next</span> <span class='id identifier rubyid_cache_info'>cache_info</span> <span class='kw'>unless</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_user_name_length'>user_name_length</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_enc_data'>enc_data</span> <span class='op'>=</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_enc_data'>enc_data</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='symbol'>:chr</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span>
<span class='kw'>if</span> <span class='ivar'>@lsa_vista_style</span>
<span class='id identifier rubyid_dec_data'>dec_data</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_aes'>decrypt_aes</span><span class='lparen'>(</span><span class='id identifier rubyid_enc_data'>enc_data</span><span class='comma'>,</span> <span class='id identifier rubyid_nlkm_key'>nlkm_key</span><span class='lbracket'>[</span><span class='int'>16</span><span class='op'>...</span><span class='int'>32</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_iv'>iv</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_dec_data'>dec_data</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_hash'>decrypt_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_enc_data'>enc_data</span><span class='comma'>,</span> <span class='id identifier rubyid_nlkm_key'>nlkm_key</span><span class='comma'>,</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_iv'>iv</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_params'>params</span> <span class='op'>=</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_snapshot'>snapshot</span><span class='period'>.</span><span class='id identifier rubyid_to_h'>to_h</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid__v'>_v</span><span class='op'>|</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_end_with?'>end_with?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>_length</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_params'>params</span><span class='lbracket'>[</span><span class='symbol'>:group_count</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_group_count'>group_count</span>
<span class='id identifier rubyid_cache_data'>cache_data</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Security/CacheData.html" title="Msf::Util::WindowsRegistry::Security::CacheData (class)">CacheData</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_params'>params</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_dec_data'>dec_data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_cache_data'>cache_data</span>
<span class='kw'>if</span> <span class='ivar'>@lsa_vista_style</span>
<span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>=</span> <span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>?</span> <span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>:</span> <span class='id identifier rubyid_cache'>cache</span><span class='period'>.</span><span class='id identifier rubyid_iteration_count'>iteration_count</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>&gt;</span> <span class='int'>10240</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_real_iteration_count'>real_iteration_count</span> <span class='op'>=</span> <span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>&amp;</span> <span class='int'>0xfffffc00</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_real_iteration_count'>real_iteration_count</span> <span class='op'>=</span> <span class='id identifier rubyid_cache_info'>cache_info</span><span class='period'>.</span><span class='id identifier rubyid_iteration_count'>iteration_count</span> <span class='op'>*</span> <span class='int'>1024</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_cache_info'>cache_info</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_secret_key-instance_method">
#<strong>lsa_secret_key</strong>(boot_key) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Retrieve the decrypted LSA secret key from a given BootKey. This also sets the @lsa_vista_style attributes according to the registry keys found under HKLMSECURITYPolicy`. If set to `true`, the system version is Windows Vista and above, otherwise it is Windows XP or below.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>boot_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The BootKey</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The decrypted LSA secret key</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/security.rb', line 93</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_secret_key'>lsa_secret_key</span><span class='lparen'>(</span><span class='id identifier rubyid_boot_key'>boot_key</span><span class='rparen'>)</span>
<span class='comment'># vprint_status(&#39;Getting PolEKList...&#39;)
</span> <span class='id identifier rubyid__value_type'>_value_type</span><span class='comma'>,</span> <span class='id identifier rubyid_value_data'>value_data</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Policy\\PolEKList</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_value_data'>value_data</span>
<span class='comment'># Vista or above system
</span> <span class='ivar'>@lsa_vista_style</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='id identifier rubyid_lsa_key'>lsa_key</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_lsa_data'>decrypt_lsa_data</span><span class='lparen'>(</span><span class='id identifier rubyid_value_data'>value_data</span><span class='comma'>,</span> <span class='id identifier rubyid_boot_key'>boot_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_lsa_key'>lsa_key</span> <span class='op'>=</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='lbracket'>[</span><span class='int'>68</span><span class='comma'>,</span> <span class='int'>32</span><span class='rbracket'>]</span> <span class='kw'>unless</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='kw'>else</span>
<span class='comment'># vprint_status(&#39;Getting PolSecretEncryptionKey...&#39;)
</span> <span class='id identifier rubyid__value_type'>_value_type</span><span class='comma'>,</span> <span class='id identifier rubyid_value_data'>value_data</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Policy\\PolSecretEncryptionKey</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='comment'># If that didn&#39;t work, then we&#39;re out of luck
</span> <span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_value_data'>value_data</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='comment'># XP or below system
</span> <span class='ivar'>@lsa_vista_style</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='id identifier rubyid_md5x'>md5x</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>MD5</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_md5x'>md5x</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_boot_key'>boot_key</span>
<span class='int'>1000</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span> <span class='kw'>do</span>
<span class='id identifier rubyid_md5x'>md5x</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_value_data'>value_data</span><span class='lbracket'>[</span><span class='int'>60</span><span class='comma'>,</span> <span class='int'>16</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_rc4'>rc4</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>rc4</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rc4'>rc4</span><span class='period'>.</span><span class='id identifier rubyid_decrypt'>decrypt</span>
<span class='id identifier rubyid_rc4'>rc4</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_md5x'>md5x</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span>
<span class='id identifier rubyid_lsa_key'>lsa_key</span> <span class='op'>=</span> <span class='id identifier rubyid_rc4'>rc4</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='id identifier rubyid_value_data'>value_data</span><span class='lbracket'>[</span><span class='int'>12</span><span class='comma'>,</span> <span class='int'>48</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_lsa_key'>lsa_key</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rc4'>rc4</span><span class='period'>.</span><span class='id identifier rubyid_final'>final</span>
<span class='id identifier rubyid_lsa_key'>lsa_key</span> <span class='op'>=</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='lbracket'>[</span><span class='int'>0x10</span><span class='op'>..</span><span class='int'>0x1F</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_lsa_key'>lsa_key</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_secrets-instance_method">
#<strong>lsa_secrets</strong>(lsa_key) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the decrypted LSA secrets under HKLMSECURITYPolicySecrets. For this, the LSA secret key must be provided, which can be retrieved with the #lsa_secret_key method.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>lsa_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The LSA secret key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash containing the LSA secrets.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/security.rb', line 134</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_secrets'>lsa_secrets</span><span class='lparen'>(</span><span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_keys'>keys</span> <span class='op'>=</span> <span class='id identifier rubyid_enum_key'>enum_key</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Policy\\Secrets</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_keys'>keys</span>
<span class='id identifier rubyid_keys'>keys</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NL$Control</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_keys'>keys</span><span class='period'>.</span><span class='id identifier rubyid_each_with_object'>each_with_object</span><span class='lparen'>(</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_lsa_secrets'>lsa_secrets</span><span class='op'>|</span>
<span class='id identifier rubyid__value_type'>_value_type</span><span class='comma'>,</span> <span class='id identifier rubyid_value_data'>value_data</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>HKLM\\SECURITY\\Policy\\Secrets\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_key'>key</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\CurrVal</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_encrypted_secret'>encrypted_secret</span> <span class='op'>=</span> <span class='id identifier rubyid_value_data'>value_data</span>
<span class='kw'>next</span> <span class='kw'>unless</span> <span class='id identifier rubyid_encrypted_secret'>encrypted_secret</span>
<span class='kw'>if</span> <span class='ivar'>@lsa_vista_style</span>
<span class='id identifier rubyid_decrypted'>decrypted</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_lsa_data'>decrypt_lsa_data</span><span class='lparen'>(</span><span class='id identifier rubyid_encrypted_secret'>encrypted_secret</span><span class='comma'>,</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_secret_size'>secret_size</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypted'>decrypted</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_secret'>secret</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypted'>decrypted</span><span class='lbracket'>[</span><span class='int'>16</span><span class='comma'>,</span> <span class='id identifier rubyid_secret_size'>secret_size</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_encrypted_secret_size'>encrypted_secret_size</span> <span class='op'>=</span> <span class='id identifier rubyid_encrypted_secret'>encrypted_secret</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_secret'>secret</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_secret_data'>decrypt_secret_data</span><span class='lparen'>(</span><span class='id identifier rubyid_encrypted_secret'>encrypted_secret</span><span class='lbracket'>[</span><span class='lparen'>(</span><span class='id identifier rubyid_encrypted_secret'>encrypted_secret</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>-</span> <span class='id identifier rubyid_encrypted_secret_size'>encrypted_secret_size</span><span class='rparen'>)</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_lsa_secrets'>lsa_secrets</span><span class='lbracket'>[</span><span class='id identifier rubyid_key'>key</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_secret'>secret</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="nlkm_secret_key-instance_method">
#<strong>nlkm_secret_key</strong>(lsa_key) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the decrypted NLKM secret key from HKLMSECURITYPolicySecretsNL$KMCurrVal. For this, the LSA secret key must be provided, which can be retrieved with the #lsa_secret_key method.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>lsa_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The LSA secret key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The NLKM secret key</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
163
164
165
166
167
168
169
170
171
172
173
174
175</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/security.rb', line 163</span>
<span class='kw'>def</span> <span class='id identifier rubyid_nlkm_secret_key'>nlkm_secret_key</span><span class='lparen'>(</span><span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='rparen'>)</span>
<span class='id identifier rubyid__value_type'>_value_type</span><span class='comma'>,</span> <span class='id identifier rubyid_value_data'>value_data</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HKLM\\SECURITY\\Policy\\Secrets\\NL$KM\\CurrVal</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_value_data'>value_data</span>
<span class='kw'>if</span> <span class='ivar'>@lsa_vista_style</span>
<span class='id identifier rubyid_nlkm_dec'>nlkm_dec</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_lsa_data'>decrypt_lsa_data</span><span class='lparen'>(</span><span class='id identifier rubyid_value_data'>value_data</span><span class='comma'>,</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_value_data_size'>value_data_size</span> <span class='op'>=</span> <span class='id identifier rubyid_value_data'>value_data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_nlkm_dec'>nlkm_dec</span> <span class='op'>=</span> <span class='id identifier rubyid_decrypt_secret_data'>decrypt_secret_data</span><span class='lparen'>(</span><span class='id identifier rubyid_value_data'>value_data</span><span class='lbracket'>[</span><span class='lparen'>(</span><span class='id identifier rubyid_value_data'>value_data</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>-</span> <span class='id identifier rubyid_value_data_size'>value_data_size</span><span class='rparen'>)</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_lsa_key'>lsa_key</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_nlkm_dec'>nlkm_dec</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="normalize_key-instance_method">
#<strong>normalize_key</strong>(key) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
82
83
84</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/security.rb', line 82</span>
<span class='kw'>def</span> <span class='id identifier rubyid_normalize_key'>normalize_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='ivar'>@root</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>?</span> <span class='id identifier rubyid_key'>key</span> <span class='op'>:</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_delete_prefix'>delete_prefix</span><span class='lparen'>(</span><span class='ivar'>@root</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:57 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink