c7decrypt 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -31
- data/lib/c7decrypt/type5.rb +94 -0
- data/lib/c7decrypt/version.rb +1 -1
- data/lib/c7decrypt.rb +2 -1
- data/spec/type5_spec.rb +31 -0
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f9b11d4c6617708dd781e31039ea82b65bb34e53
|
|
4
|
+
data.tar.gz: 5aecaa33cbaad57c2f429975d4b5d0d4023f67e6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0724d39e013f76b882e6bf822913b81231ddb45d3b8a9a59127fa87050ce3630f4c9decb959b3dfec63c3bd123265ec31faa278495d85503358727ddfc665a81
|
|
7
|
+
data.tar.gz: 90a3fd6438c7c331ad0d0e3785d528c368b3907b54d1ea638802a9dec1961ba4ea63b2245ee25c6befce0fe5fb178a055413d5e7279c49bd72e4d36a6252d9e3
|
data/README.md
CHANGED
|
@@ -44,50 +44,24 @@ To use, just require
|
|
|
44
44
|
require 'c7decrypt'
|
|
45
45
|
```
|
|
46
46
|
|
|
47
|
-
Decrypt A
|
|
47
|
+
Decrypt A Cisco Type-7 Password
|
|
48
48
|
|
|
49
49
|
```ruby
|
|
50
50
|
>> C7Decrypt::Type7.decrypt("060506324F41")
|
|
51
51
|
=> "cisco"
|
|
52
52
|
```
|
|
53
|
-
|
|
54
|
-
Decrypt Array of Encrypted Passwords
|
|
55
|
-
|
|
56
|
-
```ruby
|
|
57
|
-
>> encrypted_hashes = ["060506324F41", "0822455D0A16"]
|
|
58
|
-
=> ["060506324F41", "0822455D0A16"]
|
|
59
|
-
>> C7Decrypt::Type7.decrypt_array(encrypted_hashes)
|
|
60
|
-
=> ["cisco", "cisco"]
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
Decrypt Encrypted Passwords from Config
|
|
64
|
-
|
|
65
|
-
```ruby
|
|
66
|
-
>> C7Decrypt::Type7.decrypt_config("cisco_config.txt")
|
|
67
|
-
=> ["cisco", "Password1", "admin"]
|
|
68
|
-
```
|
|
69
|
-
|
|
70
|
-
Encrypt A Single Plaintext Password
|
|
53
|
+
Encrypt A Cisco Type-7 Password
|
|
71
54
|
|
|
72
55
|
```ruby
|
|
73
56
|
>> C7Decrypt::Type7.encrypt("cisco")
|
|
74
57
|
=> "02050D480809"
|
|
75
58
|
```
|
|
76
59
|
|
|
77
|
-
Encrypt A
|
|
78
|
-
|
|
79
|
-
```ruby
|
|
80
|
-
>> C7Decrypt::Type7.encrypt("cisco", 6)
|
|
81
|
-
=> "060506324F41"
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
Encrypt An Array of Plaintext Passwords
|
|
60
|
+
Encrypt A Cisco Type-5 Password
|
|
85
61
|
|
|
86
62
|
```ruby
|
|
87
|
-
>>
|
|
88
|
-
=>
|
|
89
|
-
>> C7Decrypt::Type7.encrypt_array(passwords)
|
|
90
|
-
=> ["02050D480809", "021605481811003348"]
|
|
63
|
+
>> C7Decrypt::Type5.encrypt("cisco")
|
|
64
|
+
=> "$1$CQk2$d62sxZKKAp7PHXWq4mOPF."
|
|
91
65
|
```
|
|
92
66
|
|
|
93
67
|
## Rubies Supported
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
require 'securerandom'
|
|
3
|
+
|
|
4
|
+
module C7Decrypt
|
|
5
|
+
module Type5
|
|
6
|
+
|
|
7
|
+
# Source Reference:
|
|
8
|
+
#
|
|
9
|
+
# The Ruby logic within this module was adapted
|
|
10
|
+
# directly from https://github.com/mogest/unix-crypt
|
|
11
|
+
#
|
|
12
|
+
# Copyright (c) 2013, Roger Nesbitt
|
|
13
|
+
# All rights reserved.
|
|
14
|
+
#
|
|
15
|
+
|
|
16
|
+
module Constants
|
|
17
|
+
BYTE_INDEXES = [
|
|
18
|
+
[0, 6, 12],
|
|
19
|
+
[1, 7, 13],
|
|
20
|
+
[2, 8, 14],
|
|
21
|
+
[3, 9, 15],
|
|
22
|
+
[4, 10, 5],
|
|
23
|
+
[nil, nil, 11]
|
|
24
|
+
]
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# The Encryption Method for Cisco Type-5 Encrypted Strings
|
|
28
|
+
# @param [String] password
|
|
29
|
+
# @param [String] salt
|
|
30
|
+
# @return [String] formatted Type-5 hash
|
|
31
|
+
def self.encrypt(password, salt = generate_salt)
|
|
32
|
+
password = password.encode("UTF-8")
|
|
33
|
+
password.force_encoding("ASCII-8BIT")
|
|
34
|
+
|
|
35
|
+
b = Digest::MD5.digest("#{password}#{salt}#{password}")
|
|
36
|
+
a_string = "#{password}$1$#{salt}#{b * (password.length/16)}#{b[0...password.length % 16]}"
|
|
37
|
+
|
|
38
|
+
password_length = password.length
|
|
39
|
+
while password_length > 0
|
|
40
|
+
a_string += (password_length & 1 != 0) ? "\x0" : password[0].chr
|
|
41
|
+
password_length >>= 1
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
input = Digest::MD5.digest(a_string)
|
|
45
|
+
|
|
46
|
+
1000.times do |index|
|
|
47
|
+
c_string = ((index & 1 != 0) ? password : input)
|
|
48
|
+
c_string += salt unless index % 3 == 0
|
|
49
|
+
c_string += password unless index % 7 == 0
|
|
50
|
+
c_string += ((index & 1 != 0) ? input : password)
|
|
51
|
+
input = Digest::MD5.digest(c_string)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
return cisco_md5_format(salt, bit_specified_base64encode(input))
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# A helper method for formating Cisco Type-5 hashes
|
|
58
|
+
def self.cisco_md5_format(salt, hash)
|
|
59
|
+
return "$1$" + salt + "$" + hash
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# A helper method for bit specified base64 output (the format Type-5 hashes are in)
|
|
63
|
+
# @param [String] input
|
|
64
|
+
# @return [String] encoded_input
|
|
65
|
+
def self.bit_specified_base64encode(input)
|
|
66
|
+
b64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
|
67
|
+
input = input.bytes.to_a
|
|
68
|
+
output = ""
|
|
69
|
+
Constants::BYTE_INDEXES.each do |i3, i2, i1|
|
|
70
|
+
b1, b2, b3 = i1 && input[i1] || 0, i2 && input[i2] || 0, i3 && input[i3] || 0
|
|
71
|
+
output <<
|
|
72
|
+
b64[ b1 & 0b00111111] <<
|
|
73
|
+
b64[((b1 & 0b11000000) >> 6) |
|
|
74
|
+
((b2 & 0b00001111) << 2)] <<
|
|
75
|
+
b64[((b2 & 0b11110000) >> 4) |
|
|
76
|
+
((b3 & 0b00000011) << 4)] <<
|
|
77
|
+
b64[ (b3 & 0b11111100) >> 2]
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
remainder = 3 - (16 % 3)
|
|
81
|
+
remainder = 0 if remainder == 3
|
|
82
|
+
|
|
83
|
+
return output[0..-1-remainder]
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
# Generates a random salt using the same character set as the base64 encoding
|
|
87
|
+
# used by the hash encoder.
|
|
88
|
+
# @return [String] salt
|
|
89
|
+
def self.generate_salt(size = 4)
|
|
90
|
+
SecureRandom.base64((size * 6 / 8.0).ceil).tr("+", ".")[0...size]
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
end
|
|
94
|
+
end
|
data/lib/c7decrypt/version.rb
CHANGED
data/lib/c7decrypt.rb
CHANGED
data/spec/type5_spec.rb
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require 'c7decrypt'
|
|
2
|
+
require 'rspec/its'
|
|
3
|
+
|
|
4
|
+
describe C7Decrypt::Type5 do
|
|
5
|
+
|
|
6
|
+
context "when encrypting single Cisco Type-5 hash" do
|
|
7
|
+
before(:each) do
|
|
8
|
+
@password = "SECRETPASSWORD"
|
|
9
|
+
@salt = "TMnL"
|
|
10
|
+
@hash = C7Decrypt::Type5.encrypt(@password, @salt)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
subject{@hash}
|
|
14
|
+
its(:class) {should == ::String}
|
|
15
|
+
it {should == "$1$#{@salt}$iAFs16ZXx7x18vR1DeIp6/"}
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
context "when encrypting single Cisco Type-5 hash" do
|
|
19
|
+
before(:each) do
|
|
20
|
+
@password = "Password123"
|
|
21
|
+
@salt = "VkQd"
|
|
22
|
+
@hash = C7Decrypt::Type5.encrypt(@password, @salt)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
subject{@hash}
|
|
26
|
+
its(:class) {should == ::String}
|
|
27
|
+
it {should == "$1$#{@salt}$Vma3sR7B1LL.v5lgy1NYc/"}
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: c7decrypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Claudius
|
|
@@ -84,11 +84,13 @@ files:
|
|
|
84
84
|
- bin/c7decrypt
|
|
85
85
|
- c7decrypt.gemspec
|
|
86
86
|
- lib/c7decrypt.rb
|
|
87
|
+
- lib/c7decrypt/type5.rb
|
|
87
88
|
- lib/c7decrypt/type7.rb
|
|
88
89
|
- lib/c7decrypt/version.rb
|
|
89
90
|
- spec/example_configs/bad_canned_example.txt
|
|
90
91
|
- spec/example_configs/empty_example.txt
|
|
91
92
|
- spec/example_configs/simple_canned_example.txt
|
|
93
|
+
- spec/type5_spec.rb
|
|
92
94
|
- spec/type7_spec.rb
|
|
93
95
|
homepage: http://rubygems.org/gems/c7decrypt
|
|
94
96
|
licenses: []
|