c7decrypt 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -31
- data/lib/c7decrypt/type5.rb +94 -0
- data/lib/c7decrypt/version.rb +1 -1
- data/lib/c7decrypt.rb +2 -1
- data/spec/type5_spec.rb +31 -0
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f9b11d4c6617708dd781e31039ea82b65bb34e53
|
|
4
|
+
data.tar.gz: 5aecaa33cbaad57c2f429975d4b5d0d4023f67e6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0724d39e013f76b882e6bf822913b81231ddb45d3b8a9a59127fa87050ce3630f4c9decb959b3dfec63c3bd123265ec31faa278495d85503358727ddfc665a81
|
|
7
|
+
data.tar.gz: 90a3fd6438c7c331ad0d0e3785d528c368b3907b54d1ea638802a9dec1961ba4ea63b2245ee25c6befce0fe5fb178a055413d5e7279c49bd72e4d36a6252d9e3
|
data/README.md
CHANGED
|
@@ -44,50 +44,24 @@ To use, just require
|
|
|
44
44
|
require 'c7decrypt'
|
|
45
45
|
```
|
|
46
46
|
|
|
47
|
-
Decrypt A
|
|
47
|
+
Decrypt A Cisco Type-7 Password
|
|
48
48
|
|
|
49
49
|
```ruby
|
|
50
50
|
>> C7Decrypt::Type7.decrypt("060506324F41")
|
|
51
51
|
=> "cisco"
|
|
52
52
|
```
|
|
53
|
-
|
|
54
|
-
Decrypt Array of Encrypted Passwords
|
|
55
|
-
|
|
56
|
-
```ruby
|
|
57
|
-
>> encrypted_hashes = ["060506324F41", "0822455D0A16"]
|
|
58
|
-
=> ["060506324F41", "0822455D0A16"]
|
|
59
|
-
>> C7Decrypt::Type7.decrypt_array(encrypted_hashes)
|
|
60
|
-
=> ["cisco", "cisco"]
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
Decrypt Encrypted Passwords from Config
|
|
64
|
-
|
|
65
|
-
```ruby
|
|
66
|
-
>> C7Decrypt::Type7.decrypt_config("cisco_config.txt")
|
|
67
|
-
=> ["cisco", "Password1", "admin"]
|
|
68
|
-
```
|
|
69
|
-
|
|
70
|
-
Encrypt A Single Plaintext Password
|
|
53
|
+
Encrypt A Cisco Type-7 Password
|
|
71
54
|
|
|
72
55
|
```ruby
|
|
73
56
|
>> C7Decrypt::Type7.encrypt("cisco")
|
|
74
57
|
=> "02050D480809"
|
|
75
58
|
```
|
|
76
59
|
|
|
77
|
-
Encrypt A
|
|
78
|
-
|
|
79
|
-
```ruby
|
|
80
|
-
>> C7Decrypt::Type7.encrypt("cisco", 6)
|
|
81
|
-
=> "060506324F41"
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
Encrypt An Array of Plaintext Passwords
|
|
60
|
+
Encrypt A Cisco Type-5 Password
|
|
85
61
|
|
|
86
62
|
```ruby
|
|
87
|
-
>>
|
|
88
|
-
=>
|
|
89
|
-
>> C7Decrypt::Type7.encrypt_array(passwords)
|
|
90
|
-
=> ["02050D480809", "021605481811003348"]
|
|
63
|
+
>> C7Decrypt::Type5.encrypt("cisco")
|
|
64
|
+
=> "$1$CQk2$d62sxZKKAp7PHXWq4mOPF."
|
|
91
65
|
```
|
|
92
66
|
|
|
93
67
|
## Rubies Supported
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
require 'securerandom'
|
|
3
|
+
|
|
4
|
+
module C7Decrypt
|
|
5
|
+
module Type5
|
|
6
|
+
|
|
7
|
+
# Source Reference:
|
|
8
|
+
#
|
|
9
|
+
# The Ruby logic within this module was adapted
|
|
10
|
+
# directly from https://github.com/mogest/unix-crypt
|
|
11
|
+
#
|
|
12
|
+
# Copyright (c) 2013, Roger Nesbitt
|
|
13
|
+
# All rights reserved.
|
|
14
|
+
#
|
|
15
|
+
|
|
16
|
+
module Constants
|
|
17
|
+
BYTE_INDEXES = [
|
|
18
|
+
[0, 6, 12],
|
|
19
|
+
[1, 7, 13],
|
|
20
|
+
[2, 8, 14],
|
|
21
|
+
[3, 9, 15],
|
|
22
|
+
[4, 10, 5],
|
|
23
|
+
[nil, nil, 11]
|
|
24
|
+
]
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# The Encryption Method for Cisco Type-5 Encrypted Strings
|
|
28
|
+
# @param [String] password
|
|
29
|
+
# @param [String] salt
|
|
30
|
+
# @return [String] formatted Type-5 hash
|
|
31
|
+
def self.encrypt(password, salt = generate_salt)
|
|
32
|
+
password = password.encode("UTF-8")
|
|
33
|
+
password.force_encoding("ASCII-8BIT")
|
|
34
|
+
|
|
35
|
+
b = Digest::MD5.digest("#{password}#{salt}#{password}")
|
|
36
|
+
a_string = "#{password}$1$#{salt}#{b * (password.length/16)}#{b[0...password.length % 16]}"
|
|
37
|
+
|
|
38
|
+
password_length = password.length
|
|
39
|
+
while password_length > 0
|
|
40
|
+
a_string += (password_length & 1 != 0) ? "\x0" : password[0].chr
|
|
41
|
+
password_length >>= 1
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
input = Digest::MD5.digest(a_string)
|
|
45
|
+
|
|
46
|
+
1000.times do |index|
|
|
47
|
+
c_string = ((index & 1 != 0) ? password : input)
|
|
48
|
+
c_string += salt unless index % 3 == 0
|
|
49
|
+
c_string += password unless index % 7 == 0
|
|
50
|
+
c_string += ((index & 1 != 0) ? input : password)
|
|
51
|
+
input = Digest::MD5.digest(c_string)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
return cisco_md5_format(salt, bit_specified_base64encode(input))
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# A helper method for formating Cisco Type-5 hashes
|
|
58
|
+
def self.cisco_md5_format(salt, hash)
|
|
59
|
+
return "$1$" + salt + "$" + hash
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# A helper method for bit specified base64 output (the format Type-5 hashes are in)
|
|
63
|
+
# @param [String] input
|
|
64
|
+
# @return [String] encoded_input
|
|
65
|
+
def self.bit_specified_base64encode(input)
|
|
66
|
+
b64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
|
67
|
+
input = input.bytes.to_a
|
|
68
|
+
output = ""
|
|
69
|
+
Constants::BYTE_INDEXES.each do |i3, i2, i1|
|
|
70
|
+
b1, b2, b3 = i1 && input[i1] || 0, i2 && input[i2] || 0, i3 && input[i3] || 0
|
|
71
|
+
output <<
|
|
72
|
+
b64[ b1 & 0b00111111] <<
|
|
73
|
+
b64[((b1 & 0b11000000) >> 6) |
|
|
74
|
+
((b2 & 0b00001111) << 2)] <<
|
|
75
|
+
b64[((b2 & 0b11110000) >> 4) |
|
|
76
|
+
((b3 & 0b00000011) << 4)] <<
|
|
77
|
+
b64[ (b3 & 0b11111100) >> 2]
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
remainder = 3 - (16 % 3)
|
|
81
|
+
remainder = 0 if remainder == 3
|
|
82
|
+
|
|
83
|
+
return output[0..-1-remainder]
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
# Generates a random salt using the same character set as the base64 encoding
|
|
87
|
+
# used by the hash encoder.
|
|
88
|
+
# @return [String] salt
|
|
89
|
+
def self.generate_salt(size = 4)
|
|
90
|
+
SecureRandom.base64((size * 6 / 8.0).ceil).tr("+", ".")[0...size]
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
end
|
|
94
|
+
end
|
data/lib/c7decrypt/version.rb
CHANGED
data/lib/c7decrypt.rb
CHANGED
data/spec/type5_spec.rb
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require 'c7decrypt'
|
|
2
|
+
require 'rspec/its'
|
|
3
|
+
|
|
4
|
+
describe C7Decrypt::Type5 do
|
|
5
|
+
|
|
6
|
+
context "when encrypting single Cisco Type-5 hash" do
|
|
7
|
+
before(:each) do
|
|
8
|
+
@password = "SECRETPASSWORD"
|
|
9
|
+
@salt = "TMnL"
|
|
10
|
+
@hash = C7Decrypt::Type5.encrypt(@password, @salt)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
subject{@hash}
|
|
14
|
+
its(:class) {should == ::String}
|
|
15
|
+
it {should == "$1$#{@salt}$iAFs16ZXx7x18vR1DeIp6/"}
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
context "when encrypting single Cisco Type-5 hash" do
|
|
19
|
+
before(:each) do
|
|
20
|
+
@password = "Password123"
|
|
21
|
+
@salt = "VkQd"
|
|
22
|
+
@hash = C7Decrypt::Type5.encrypt(@password, @salt)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
subject{@hash}
|
|
26
|
+
its(:class) {should == ::String}
|
|
27
|
+
it {should == "$1$#{@salt}$Vma3sR7B1LL.v5lgy1NYc/"}
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: c7decrypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Claudius
|
|
@@ -84,11 +84,13 @@ files:
|
|
|
84
84
|
- bin/c7decrypt
|
|
85
85
|
- c7decrypt.gemspec
|
|
86
86
|
- lib/c7decrypt.rb
|
|
87
|
+
- lib/c7decrypt/type5.rb
|
|
87
88
|
- lib/c7decrypt/type7.rb
|
|
88
89
|
- lib/c7decrypt/version.rb
|
|
89
90
|
- spec/example_configs/bad_canned_example.txt
|
|
90
91
|
- spec/example_configs/empty_example.txt
|
|
91
92
|
- spec/example_configs/simple_canned_example.txt
|
|
93
|
+
- spec/type5_spec.rb
|
|
92
94
|
- spec/type7_spec.rb
|
|
93
95
|
homepage: http://rubygems.org/gems/c7decrypt
|
|
94
96
|
licenses: []
|