corleone
79 lines
1.5 KiB
Ruby
79 lines
1.5 KiB
Ruby
require 'msf/core'
|
|
require 'openssl'
|
|
require 'rubygems'
|
|
require 'rex'
|
|
require 'digest/sha1'
|
|
|
|
module Msf
|
|
module Exploit::Oracrypto
|
|
|
|
def initialize(info={})
|
|
super
|
|
register_options(
|
|
[], Msf::Exploit::Oracrypto
|
|
)
|
|
end
|
|
|
|
def create11g_hash(password, salt)
|
|
hash=Digest::SHA1.digest(password+salt)
|
|
return hash
|
|
end
|
|
|
|
def decrypt_sesskey(sesskey, hash, keylen)
|
|
iv="\x00"*16
|
|
begin
|
|
c = OpenSSL::Cipher::Cipher.new("aes-192-cbc")
|
|
c.decrypt
|
|
#Ruby check for the right padding, but it is not necessary here
|
|
#With windows it cause "bad decrypt", so we switch it off
|
|
c.padding=0
|
|
#c.iv=iv
|
|
c.key=hash+"\x00"*4
|
|
d = c.update(sesskey)
|
|
d << c.final
|
|
rescue OpenSSL::Cipher::CipherError => e
|
|
"incorrect password"
|
|
rescue Exception => e
|
|
"unknown error"
|
|
end
|
|
return d
|
|
end
|
|
|
|
def combine_sesskeys(sesskey_srv, sesskey_clnt)
|
|
combined_skey=""
|
|
csk=""
|
|
0.upto(23) do |i|
|
|
byte = sesskey_clnt.bytes.to_a[i+16]^sesskey_srv.bytes.to_a[i+16]
|
|
csk << byte
|
|
end
|
|
md1=Digest::MD5.digest(csk[0,16])
|
|
md2=Digest::MD5.digest(csk[16,8])
|
|
combined_skey=md1+md2
|
|
return combined_skey
|
|
end
|
|
|
|
def encrypt_sesskey(sesskey, hash, keylen)
|
|
iv="\x00"*32
|
|
c = OpenSSL::Cipher::Cipher.new("aes-192-cbc")
|
|
c.encrypt
|
|
c.iv=iv
|
|
c.key=hash+"\x00"*4
|
|
e = c.update(sesskey)
|
|
e << c.final
|
|
return e
|
|
end
|
|
|
|
def encrypt_password(password, csk)
|
|
iv="\x00"*32
|
|
c = OpenSSL::Cipher::Cipher.new("aes-192-cbc")
|
|
c.encrypt
|
|
c.iv=iv
|
|
c.key=csk
|
|
e = c.update(password)
|
|
e << c.final
|
|
return e
|
|
end
|
|
|
|
end
|
|
end
|