librex 0.0.65 → 0.0.66
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +1 -1
- data/lib/rex/arch.rb +1 -0
- data/lib/rex/arch/sparc.rb +16 -15
- data/lib/rex/arch/sparc.rb.ut.rb +2 -1
- data/lib/rex/arch/x86.rb +1 -0
- data/lib/rex/arch/x86.rb.ut.rb +2 -1
- data/lib/rex/assembly/nasm.rb +1 -0
- data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
- data/lib/rex/compat.rb +13 -0
- data/lib/rex/constants.rb +5 -4
- data/lib/rex/elfparsey.rb +3 -2
- data/lib/rex/elfparsey/elf.rb +2 -1
- data/lib/rex/elfparsey/elfbase.rb +8 -7
- data/lib/rex/elfparsey/exceptions.rb +3 -2
- data/lib/rex/elfscan.rb +3 -2
- data/lib/rex/elfscan/scanner.rb +2 -1
- data/lib/rex/elfscan/search.rb +2 -1
- data/lib/rex/encoder/alpha2.rb +2 -1
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
- data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
- data/lib/rex/encoder/alpha2/generic.rb +37 -60
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
- data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
- data/lib/rex/encoder/ndr.rb +1 -0
- data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
- data/lib/rex/encoder/nonalpha.rb +1 -0
- data/lib/rex/encoder/nonupper.rb +1 -0
- data/lib/rex/encoder/xdr.rb +9 -8
- data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
- data/lib/rex/encoder/xor.rb +1 -0
- data/lib/rex/encoder/xor/dword.rb +2 -1
- data/lib/rex/encoder/xor/dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword.rb +1 -0
- data/lib/rex/encoders/xor_dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor.rb +2 -1
- data/lib/rex/encoding/xor.rb.ts.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword_additive.rb +1 -0
- data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/exceptions.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/qword.rb +2 -1
- data/lib/rex/encoding/xor/word.rb +2 -1
- data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
- data/lib/rex/exceptions.rb +1 -0
- data/lib/rex/exceptions.rb.ut.rb +2 -1
- data/lib/rex/exploitation/cmdstager.rb +2 -1
- data/lib/rex/exploitation/cmdstager/base.rb +1 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
- data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
- data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
- data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
- data/lib/rex/exploitation/egghunter.rb +12 -11
- data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
- data/lib/rex/exploitation/encryptjs.rb +1 -0
- data/lib/rex/exploitation/heaplib.rb +1 -0
- data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
- data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
- data/lib/rex/exploitation/jsobfu.rb +2 -1
- data/lib/rex/exploitation/obfuscatejs.rb +1 -0
- data/lib/rex/exploitation/omelet.rb +1 -0
- data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
- data/lib/rex/exploitation/opcodedb.rb +12 -11
- data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
- data/lib/rex/exploitation/seh.rb +3 -2
- data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
- data/lib/rex/file.rb +4 -3
- data/lib/rex/file.rb.ut.rb +2 -1
- data/lib/rex/image_source.rb +3 -2
- data/lib/rex/image_source/disk.rb +3 -2
- data/lib/rex/image_source/image_source.rb +3 -2
- data/lib/rex/image_source/memory.rb +3 -2
- data/lib/rex/io/bidirectional_pipe.rb +1 -0
- data/lib/rex/io/datagram_abstraction.rb +2 -1
- data/lib/rex/io/ring_buffer.rb +49 -44
- data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
- data/lib/rex/io/stream.rb +1 -0
- data/lib/rex/io/stream_abstraction.rb +1 -0
- data/lib/rex/io/stream_server.rb +1 -0
- data/lib/rex/job_container.rb +1 -0
- data/lib/rex/logging.rb +2 -1
- data/lib/rex/logging/log_dispatcher.rb +5 -4
- data/lib/rex/logging/log_sink.rb +2 -1
- data/lib/rex/logging/sinks/flatfile.rb +4 -3
- data/lib/rex/logging/sinks/stderr.rb +2 -1
- data/lib/rex/machparsey.rb +2 -1
- data/lib/rex/machparsey/exceptions.rb +2 -1
- data/lib/rex/machparsey/mach.rb +20 -19
- data/lib/rex/machparsey/machbase.rb +27 -26
- data/lib/rex/machscan.rb +2 -1
- data/lib/rex/machscan/scanner.rb +1 -0
- data/lib/rex/mime.rb +2 -1
- data/lib/rex/mime/header.rb +1 -0
- data/lib/rex/mime/message.rb +4 -1
- data/lib/rex/mime/part.rb +2 -1
- data/lib/rex/nop/opty2.rb +2 -1
- data/lib/rex/nop/opty2.rb.ut.rb +2 -1
- data/lib/rex/nop/opty2_tables.rb +1 -0
- data/lib/rex/ole.rb +3 -2
- data/lib/rex/ole/clsid.rb +3 -2
- data/lib/rex/ole/difat.rb +3 -2
- data/lib/rex/ole/directory.rb +3 -2
- data/lib/rex/ole/direntry.rb +3 -2
- data/lib/rex/ole/fat.rb +3 -2
- data/lib/rex/ole/header.rb +3 -2
- data/lib/rex/ole/minifat.rb +3 -2
- data/lib/rex/ole/propset.rb +4 -3
- data/lib/rex/ole/samples/create_ole.rb +1 -0
- data/lib/rex/ole/samples/dir.rb +1 -0
- data/lib/rex/ole/samples/dump_stream.rb +1 -0
- data/lib/rex/ole/samples/ole_info.rb +1 -0
- data/lib/rex/ole/storage.rb +3 -2
- data/lib/rex/ole/stream.rb +3 -2
- data/lib/rex/ole/substorage.rb +3 -2
- data/lib/rex/ole/util.rb +3 -2
- data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
- data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
- data/lib/rex/parser/appscan_nokogiri.rb +17 -16
- data/lib/rex/parser/arguments.rb +2 -1
- data/lib/rex/parser/arguments.rb.ut.rb +2 -1
- data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
- data/lib/rex/parser/ci_nokogiri.rb +4 -3
- data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
- data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
- data/lib/rex/parser/ini.rb +1 -0
- data/lib/rex/parser/ini.rb.ut.rb +2 -1
- data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
- data/lib/rex/parser/ip360_xml.rb +4 -3
- data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
- data/lib/rex/parser/nessus_xml.rb +3 -2
- data/lib/rex/parser/netsparker_xml.rb +10 -9
- data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
- data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
- data/lib/rex/parser/nexpose_xml.rb +1 -0
- data/lib/rex/parser/nmap_nokogiri.rb +63 -33
- data/lib/rex/parser/nmap_xml.rb +1 -0
- data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
- data/lib/rex/parser/openvas_nokogiri.rb +172 -0
- data/lib/rex/parser/retina_xml.rb +1 -0
- data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
- data/lib/rex/payloads.rb +2 -1
- data/lib/rex/payloads/win32.rb +2 -1
- data/lib/rex/payloads/win32/common.rb +2 -1
- data/lib/rex/payloads/win32/kernel.rb +2 -1
- data/lib/rex/payloads/win32/kernel/common.rb +4 -3
- data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
- data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
- data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
- data/lib/rex/peparsey.rb +3 -2
- data/lib/rex/peparsey/exceptions.rb +2 -1
- data/lib/rex/peparsey/pe.rb +3 -2
- data/lib/rex/peparsey/pe_memdump.rb +2 -1
- data/lib/rex/peparsey/pebase.rb +2 -1
- data/lib/rex/peparsey/section.rb +2 -1
- data/lib/rex/pescan.rb +3 -2
- data/lib/rex/pescan/analyze.rb +1 -0
- data/lib/rex/pescan/scanner.rb +1 -0
- data/lib/rex/pescan/search.rb +1 -0
- data/lib/rex/platforms.rb +2 -1
- data/lib/rex/platforms/windows.rb +2 -1
- data/lib/rex/poly.rb +2 -1
- data/lib/rex/poly/block.rb +16 -15
- data/lib/rex/poly/register.rb +2 -1
- data/lib/rex/poly/register/x86.rb +2 -1
- data/lib/rex/post.rb +2 -2
- data/lib/rex/post/dir.rb +2 -1
- data/lib/rex/post/file.rb +1 -0
- data/lib/rex/post/file_stat.rb +1 -0
- data/lib/rex/post/io.rb +2 -1
- data/lib/rex/post/meterpreter.rb +2 -1
- data/lib/rex/post/meterpreter/channel.rb +1 -0
- data/lib/rex/post/meterpreter/channel_container.rb +2 -1
- data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
- data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
- data/lib/rex/post/meterpreter/client.rb +23 -1
- data/lib/rex/post/meterpreter/client_core.rb +10 -5
- data/lib/rex/post/meterpreter/dependencies.rb +2 -1
- data/lib/rex/post/meterpreter/extension.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
- data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
- data/lib/rex/post/meterpreter/packet.rb +26 -6
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
- data/lib/rex/post/permission.rb +2 -1
- data/lib/rex/post/process.rb +2 -1
- data/lib/rex/post/thread.rb +2 -1
- data/lib/rex/post/ui.rb +2 -1
- data/lib/rex/proto.rb +1 -0
- data/lib/rex/proto.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc.rb +2 -1
- data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc/client.rb +1 -0
- data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
- data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
- data/lib/rex/proto/dcerpc/handle.rb +1 -0
- data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/packet.rb +52 -45
- data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
- data/lib/rex/proto/dcerpc/response.rb +1 -0
- data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/uuid.rb +13 -12
- data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
- data/lib/rex/proto/dhcp.rb +2 -1
- data/lib/rex/proto/dhcp/constants.rb +2 -1
- data/lib/rex/proto/dhcp/server.rb +4 -3
- data/lib/rex/proto/drda.rb +1 -0
- data/lib/rex/proto/drda.rb.ts.rb +1 -0
- data/lib/rex/proto/drda/constants.rb +1 -0
- data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
- data/lib/rex/proto/drda/packet.rb +11 -10
- data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
- data/lib/rex/proto/drda/utils.rb +4 -3
- data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
- data/lib/rex/proto/http.rb +2 -1
- data/lib/rex/proto/http.rb.ts.rb +2 -1
- data/lib/rex/proto/http/client.rb +29 -5
- data/lib/rex/proto/http/client.rb.ut.rb +1 -0
- data/lib/rex/proto/http/handler.rb +2 -1
- data/lib/rex/proto/http/handler/erb.rb +5 -4
- data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
- data/lib/rex/proto/http/handler/proc.rb +1 -0
- data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
- data/lib/rex/proto/http/header.rb +3 -3
- data/lib/rex/proto/http/header.rb.ut.rb +2 -1
- data/lib/rex/proto/http/packet.rb +1 -0
- data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
- data/lib/rex/proto/http/request.rb +23 -22
- data/lib/rex/proto/http/request.rb.ut.rb +2 -1
- data/lib/rex/proto/http/response.rb +6 -5
- data/lib/rex/proto/http/response.rb.ut.rb +7 -6
- data/lib/rex/proto/http/server.rb +1 -0
- data/lib/rex/proto/http/server.rb.ut.rb +6 -5
- data/lib/rex/proto/iax2.rb +1 -0
- data/lib/rex/proto/iax2/call.rb +48 -47
- data/lib/rex/proto/iax2/client.rb +23 -22
- data/lib/rex/proto/iax2/codecs.rb +1 -0
- data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
- data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
- data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
- data/lib/rex/proto/iax2/constants.rb +1 -0
- data/lib/rex/proto/natpmp.rb +11 -0
- data/lib/rex/proto/natpmp/constants.rb +19 -0
- data/lib/rex/proto/natpmp/packet.rb +45 -0
- data/lib/rex/proto/ntlm.rb +1 -0
- data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
- data/lib/rex/proto/ntlm/base.rb +38 -37
- data/lib/rex/proto/ntlm/constants.rb +1 -0
- data/lib/rex/proto/ntlm/crypt.rb +45 -44
- data/lib/rex/proto/ntlm/exceptions.rb +1 -0
- data/lib/rex/proto/ntlm/message.rb +30 -29
- data/lib/rex/proto/ntlm/utils.rb +116 -115
- data/lib/rex/proto/proxy/socks4a.rb +1 -0
- data/lib/rex/proto/rfb.rb +1 -0
- data/lib/rex/proto/rfb.rb.ut.rb +1 -0
- data/lib/rex/proto/rfb/cipher.rb +1 -0
- data/lib/rex/proto/rfb/client.rb +1 -0
- data/lib/rex/proto/rfb/constants.rb +1 -0
- data/lib/rex/proto/smb.rb +2 -1
- data/lib/rex/proto/smb.rb.ts.rb +2 -1
- data/lib/rex/proto/smb/client.rb +23 -22
- data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/constants.rb +1 -0
- data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
- data/lib/rex/proto/smb/crypt.rb +3 -2
- data/lib/rex/proto/smb/evasions.rb +1 -0
- data/lib/rex/proto/smb/exceptions.rb +6 -5
- data/lib/rex/proto/smb/simpleclient.rb +1 -0
- data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/utils.rb +1 -0
- data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
- data/lib/rex/proto/sunrpc.rb +1 -0
- data/lib/rex/proto/sunrpc/client.rb +1 -0
- data/lib/rex/proto/tftp.rb +3 -1
- data/lib/rex/proto/tftp/client.rb +344 -0
- data/lib/rex/proto/tftp/constants.rb +2 -1
- data/lib/rex/proto/tftp/server.rb +2 -1
- data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
- data/lib/rex/registry.rb +14 -0
- data/lib/rex/registry/hive.rb +132 -0
- data/lib/rex/registry/lfkey.rb +51 -0
- data/lib/rex/registry/nodekey.rb +54 -0
- data/lib/rex/registry/regf.rb +25 -0
- data/lib/rex/registry/valuekey.rb +67 -0
- data/lib/rex/registry/valuelist.rb +29 -0
- data/lib/rex/ropbuilder.rb +2 -1
- data/lib/rex/ropbuilder/rop.rb +3 -2
- data/lib/rex/script.rb +1 -0
- data/lib/rex/script/base.rb +1 -0
- data/lib/rex/script/meterpreter.rb +1 -0
- data/lib/rex/script/shell.rb +1 -0
- data/lib/rex/service.rb +2 -1
- data/lib/rex/service_manager.rb +6 -5
- data/lib/rex/service_manager.rb.ut.rb +2 -1
- data/lib/rex/services/local_relay.rb +1 -0
- data/lib/rex/socket.rb +72 -36
- data/lib/rex/socket.rb.ut.rb +1 -0
- data/lib/rex/socket/comm.rb +1 -0
- data/lib/rex/socket/comm/local.rb +60 -13
- data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
- data/lib/rex/socket/ip.rb +1 -0
- data/lib/rex/socket/parameters.rb +15 -14
- data/lib/rex/socket/parameters.rb.ut.rb +2 -1
- data/lib/rex/socket/range_walker.rb +71 -26
- data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp.rb +1 -0
- data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp_server.rb +1 -0
- data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/switch_board.rb +1 -0
- data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp.rb +4 -3
- data/lib/rex/socket/tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp_server.rb +1 -0
- data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
- data/lib/rex/socket/udp.rb +2 -1
- data/lib/rex/socket/udp.rb.ut.rb +2 -1
- data/lib/rex/struct2.rb +2 -1
- data/lib/rex/struct2/c_struct.rb +2 -1
- data/lib/rex/struct2/c_struct_template.rb +2 -1
- data/lib/rex/struct2/constant.rb +2 -1
- data/lib/rex/struct2/element.rb +2 -1
- data/lib/rex/struct2/generic.rb +1 -0
- data/lib/rex/struct2/restraint.rb +2 -1
- data/lib/rex/struct2/s_string.rb +1 -0
- data/lib/rex/struct2/s_struct.rb +1 -0
- data/lib/rex/sync.rb +2 -1
- data/lib/rex/sync/event.rb +1 -0
- data/lib/rex/sync/read_write_lock.rb +1 -0
- data/lib/rex/sync/ref.rb +2 -1
- data/lib/rex/sync/thread_safe.rb +2 -1
- data/lib/rex/test.rb +2 -1
- data/lib/rex/text.rb +136 -19
- data/lib/rex/text.rb.ut.rb +1 -0
- data/lib/rex/thread_factory.rb +5 -4
- data/lib/rex/time.rb +2 -1
- data/lib/rex/transformer.rb +1 -0
- data/lib/rex/transformer.rb.ut.rb +2 -1
- data/lib/rex/ui.rb +2 -1
- data/lib/rex/ui/interactive.rb +10 -9
- data/lib/rex/ui/output.rb +1 -0
- data/lib/rex/ui/output/none.rb +2 -1
- data/lib/rex/ui/progress_tracker.rb +2 -1
- data/lib/rex/ui/subscriber.rb +9 -8
- data/lib/rex/ui/text/color.rb +1 -0
- data/lib/rex/ui/text/color.rb.ut.rb +1 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
- data/lib/rex/ui/text/input.rb +1 -0
- data/lib/rex/ui/text/input/buffer.rb +7 -6
- data/lib/rex/ui/text/input/readline.rb +14 -13
- data/lib/rex/ui/text/input/socket.rb +1 -0
- data/lib/rex/ui/text/input/stdio.rb +2 -1
- data/lib/rex/ui/text/irb_shell.rb +1 -0
- data/lib/rex/ui/text/output.rb +1 -0
- data/lib/rex/ui/text/output/buffer.rb +1 -0
- data/lib/rex/ui/text/output/file.rb +1 -0
- data/lib/rex/ui/text/output/socket.rb +1 -0
- data/lib/rex/ui/text/output/stdio.rb +1 -0
- data/lib/rex/ui/text/output/tee.rb +1 -0
- data/lib/rex/ui/text/progress_tracker.rb +2 -1
- data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
- data/lib/rex/ui/text/shell.rb +1 -0
- data/lib/rex/ui/text/table.rb +20 -14
- data/lib/rex/ui/text/table.rb.ut.rb +3 -2
- data/lib/rex/zip.rb +1 -0
- data/lib/rex/zip/archive.rb +2 -1
- data/lib/rex/zip/blocks.rb +3 -2
- data/lib/rex/zip/entry.rb +6 -7
- data/lib/rex/zip/jar.rb +4 -3
- data/lib/rex/zip/samples/comment.rb +1 -0
- data/lib/rex/zip/samples/mkwar.rb +1 -0
- data/lib/rex/zip/samples/mkzip.rb +1 -0
- data/lib/rex/zip/samples/recursive.rb +1 -0
- metadata +433 -435
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
#
|
2
3
|
# An NTLM Authentication Library for Ruby
|
3
4
|
#
|
@@ -6,7 +7,7 @@
|
|
6
7
|
# http://jp.rubyist.net/magazine/?0013-CodeReview
|
7
8
|
# -------------------------------------------------------------
|
8
9
|
# Copyright (c) 2005,2006 yrock
|
9
|
-
#
|
10
|
+
#
|
10
11
|
# This program is free software.
|
11
12
|
# You can distribute/modify this program under the terms of the
|
12
13
|
# Ruby License.
|
@@ -18,8 +19,8 @@
|
|
18
19
|
# -------------------------------------------------------------
|
19
20
|
#
|
20
21
|
# All protocol information used to write this code stems from
|
21
|
-
# "The NTLM Authentication Protocol" by Eric Glass. The author
|
22
|
-
# would thank to him for this tremendous work and making it
|
22
|
+
# "The NTLM Authentication Protocol" by Eric Glass. The author
|
23
|
+
# would thank to him for this tremendous work and making it
|
23
24
|
# available on the net.
|
24
25
|
# http://davenport.sourceforge.net/ntlm.html
|
25
26
|
# -------------------------------------------------------------
|
@@ -28,7 +29,7 @@
|
|
28
29
|
# Permission to use, copy, modify, and distribute this document
|
29
30
|
# for any purpose and without any fee is hereby granted,
|
30
31
|
# provided that the above copyright notice and this list of
|
31
|
-
# conditions appear in all copies.
|
32
|
+
# conditions appear in all copies.
|
32
33
|
# -------------------------------------------------------------
|
33
34
|
#
|
34
35
|
# The author also looked Mozilla-Firefox-1.0.7 source code,
|
@@ -37,7 +38,7 @@
|
|
37
38
|
# "http://x2a.org/websvn/filedetails.php?
|
38
39
|
# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
|
39
40
|
# The latter has a minor bug in its separate_keys function.
|
40
|
-
# The third key has to begin from the 14th character of the
|
41
|
+
# The third key has to begin from the 14th character of the
|
41
42
|
# input string instead of 13th:)
|
42
43
|
#--
|
43
44
|
# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
|
@@ -212,13 +213,13 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
212
213
|
if usr.nil? or pwd.nil?
|
213
214
|
raise ArgumentError, "user and password have to be supplied"
|
214
215
|
end
|
215
|
-
|
216
|
+
|
216
217
|
if opt[:workstation]
|
217
218
|
ws = opt[:workstation]
|
218
219
|
else
|
219
220
|
ws = ""
|
220
221
|
end
|
221
|
-
|
222
|
+
|
222
223
|
if opt[:client_challenge]
|
223
224
|
cc = opt[:client_challenge]
|
224
225
|
else
|
@@ -245,9 +246,9 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
245
246
|
ti = self.target_info
|
246
247
|
|
247
248
|
chal = self[:challenge].serialize
|
248
|
-
|
249
|
+
|
249
250
|
if opt[:ntlmv2]
|
250
|
-
ar = { :ntlmv2_hash => CRYPT::ntlmv2_hash(usr, pwd, tgt, opt),
|
251
|
+
ar = { :ntlmv2_hash => CRYPT::ntlmv2_hash(usr, pwd, tgt, opt),
|
251
252
|
:challenge => chal, :target_info => ti}
|
252
253
|
lm_res = CRYPT::lmv2_response(ar, opt)
|
253
254
|
ntlm_res = CRYPT::ntlmv2_response(ar, opt)
|
@@ -258,7 +259,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
258
259
|
lm_res = CRYPT::lm_response(pwd, chal)
|
259
260
|
ntlm_res = CRYPT::ntlm_response(pwd, chal)
|
260
261
|
end
|
261
|
-
|
262
|
+
|
262
263
|
Type3.create({
|
263
264
|
:lm_response => lm_res,
|
264
265
|
:ntlm_response => ntlm_res,
|
@@ -270,7 +271,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
270
271
|
end
|
271
272
|
end
|
272
273
|
|
273
|
-
|
274
|
+
|
274
275
|
Type3 = Message.define{
|
275
276
|
string :sign, {:size => 8, :value => CONST::SSP_SIGN}
|
276
277
|
int32LE :type, {:value => 3}
|
@@ -298,7 +299,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
298
299
|
t.domain = arg[:domain]
|
299
300
|
t.user = arg[:user]
|
300
301
|
t.workstation = arg[:workstation]
|
301
|
-
|
302
|
+
|
302
303
|
if arg[:session_key]
|
303
304
|
t.enable(:session_key)
|
304
305
|
t.session_key = arg[session_key]
|
@@ -387,7 +388,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
387
388
|
host_len = decode[44,2].unpack("v").first
|
388
389
|
host_offset = decode[48,2].unpack("v").first
|
389
390
|
host = decode[host_offset, host_len]
|
390
|
-
|
391
|
+
|
391
392
|
return domain, user, host, lm, nt
|
392
393
|
else
|
393
394
|
return "", "", "", "", ""
|
@@ -395,11 +396,11 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
395
396
|
end
|
396
397
|
|
397
398
|
|
398
|
-
|
399
|
-
#
|
399
|
+
|
400
|
+
#
|
400
401
|
# Process Type 1 NTLM Messages, return a Base64 Type 2 Message
|
401
402
|
#
|
402
|
-
def self.process_type1_message(message, nonce = "\x11\x22\x33\x44\x55\x66\x77\x88", win_domain = 'DOMAIN',
|
403
|
+
def self.process_type1_message(message, nonce = "\x11\x22\x33\x44\x55\x66\x77\x88", win_domain = 'DOMAIN',
|
403
404
|
win_name = 'SERVER', dns_name = 'server', dns_domain = 'example.com', downgrade = true)
|
404
405
|
|
405
406
|
dns_name = Rex::Text.to_unicode(dns_name + "." + dns_domain)
|
@@ -425,14 +426,14 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
425
426
|
end
|
426
427
|
if (reqflags & CONST::NEGOTIATE_ALWAYS_SIGN) == CONST::NEGOTIATE_ALWAYS_SIGN
|
427
428
|
reqflags = reqflags - CONST::NEGOTIATE_ALWAYS_SIGN
|
428
|
-
end
|
429
|
+
end
|
429
430
|
end
|
430
431
|
|
431
|
-
flags = reqflags + CONST::TARGET_TYPE_DOMAIN + CONST::TARGET_TYPE_SERVER
|
432
|
+
flags = reqflags + CONST::TARGET_TYPE_DOMAIN + CONST::TARGET_TYPE_SERVER
|
432
433
|
tid = true
|
433
434
|
|
434
435
|
tidoffset = 48 + win_domain.length
|
435
|
-
tidbuff =
|
436
|
+
tidbuff =
|
436
437
|
[2].pack('v') + # tid type, win domain
|
437
438
|
[win_domain.length].pack('v') +
|
438
439
|
win_domain +
|
@@ -460,9 +461,9 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
460
461
|
end
|
461
462
|
|
462
463
|
type2msg +="\x30\x00\x00\x00" + # Offset, 4 bytes
|
463
|
-
|
464
|
-
|
465
|
-
|
464
|
+
[flags].pack('V') + # flags, 4 bytes
|
465
|
+
nonce + # the nonce, 8 bytes
|
466
|
+
"\x00" * 8 # Context (all 0s), 8 bytes
|
466
467
|
|
467
468
|
if (tid)
|
468
469
|
type2msg += # Target information security buffer. Filled if REQUEST_TARGET
|
@@ -485,7 +486,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
485
486
|
|
486
487
|
return type2msg
|
487
488
|
end
|
488
|
-
|
489
|
+
|
489
490
|
#
|
490
491
|
# Downgrading Type messages to LMv1/NTLMv1 and removing signing
|
491
492
|
#
|
@@ -506,8 +507,8 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
506
507
|
end
|
507
508
|
if (reqflags & CONST::NEGOTIATE_ALWAYS_SIGN) == CONST::NEGOTIATE_ALWAYS_SIGN
|
508
509
|
reqflags = reqflags - CONST::NEGOTIATE_ALWAYS_SIGN
|
509
|
-
end
|
510
|
-
|
510
|
+
end
|
511
|
+
|
511
512
|
# Return the flags back to the decode so we can base64 it again
|
512
513
|
flags = reqflags.to_s(16)
|
513
514
|
0.upto(8) do |idx|
|
@@ -525,12 +526,12 @@ CRYPT = Rex::Proto::NTLM::Crypt
|
|
525
526
|
end
|
526
527
|
idx += 2
|
527
528
|
end
|
528
|
-
|
529
|
+
|
529
530
|
end
|
530
|
-
return Rex::Text.encode_base64(decode).delete("\n") # base64 encode and remove the returns
|
531
|
+
return Rex::Text.encode_base64(decode).delete("\n") # base64 encode and remove the returns
|
531
532
|
end
|
532
|
-
|
533
|
-
end
|
533
|
+
|
534
|
+
end
|
534
535
|
end
|
535
536
|
end
|
536
537
|
end
|
data/lib/rex/proto/ntlm/utils.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
require 'rex/proto/ntlm/constants'
|
2
3
|
require 'rex/proto/ntlm/crypt'
|
3
4
|
require 'rex/proto/ntlm/exceptions'
|
@@ -57,29 +58,29 @@ class Utils
|
|
57
58
|
# mechTypes: 2 items :
|
58
59
|
# -MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
|
59
60
|
# -MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
|
60
|
-
#
|
61
|
+
#
|
61
62
|
# this is the default on Win7
|
62
63
|
def self.make_simple_negotiate_secblob_resp
|
63
|
-
blob =
|
64
|
-
"\x60" + self.asn1encode(
|
64
|
+
blob =
|
65
|
+
"\x60" + self.asn1encode(
|
65
66
|
"\x06" + self.asn1encode(
|
66
67
|
"\x2b\x06\x01\x05\x05\x02"
|
67
|
-
) +
|
68
|
+
) +
|
68
69
|
"\xa0" + self.asn1encode(
|
69
70
|
"\x30" + self.asn1encode(
|
70
71
|
"\xa0" + self.asn1encode(
|
71
|
-
"\x30" + self.asn1encode(
|
72
|
+
"\x30" + self.asn1encode(
|
72
73
|
"\x06" + self.asn1encode(
|
73
74
|
"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
|
74
|
-
)
|
75
|
+
)
|
75
76
|
)
|
76
|
-
)
|
77
|
+
)
|
77
78
|
)
|
78
79
|
)
|
79
80
|
)
|
80
81
|
|
81
|
-
return blob
|
82
|
-
end
|
82
|
+
return blob
|
83
|
+
end
|
83
84
|
|
84
85
|
# GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
|
85
86
|
# mechTypes: 4 items :
|
@@ -87,14 +88,14 @@ class Utils
|
|
87
88
|
# MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
|
88
89
|
# MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
|
89
90
|
# MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
|
90
|
-
# mechListMIC:
|
91
|
+
# mechListMIC:
|
91
92
|
# principal: account@domain
|
92
93
|
def self.make_negotiate_secblob_resp(account, domain)
|
93
|
-
blob =
|
94
|
-
"\x60" + self.asn1encode(
|
94
|
+
blob =
|
95
|
+
"\x60" + self.asn1encode(
|
95
96
|
"\x06" + self.asn1encode(
|
96
97
|
"\x2b\x06\x01\x05\x05\x02"
|
97
|
-
) +
|
98
|
+
) +
|
98
99
|
"\xa0" + self.asn1encode(
|
99
100
|
"\x30" + self.asn1encode(
|
100
101
|
"\xa0" + self.asn1encode(
|
@@ -107,10 +108,10 @@ class Utils
|
|
107
108
|
) +
|
108
109
|
"\x06" + self.asn1encode(
|
109
110
|
"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
|
110
|
-
) +
|
111
|
+
) +
|
111
112
|
"\x06" + self.asn1encode(
|
112
113
|
"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
|
113
|
-
)
|
114
|
+
)
|
114
115
|
)
|
115
116
|
) +
|
116
117
|
"\xa3" + self.asn1encode(
|
@@ -126,8 +127,8 @@ class Utils
|
|
126
127
|
)
|
127
128
|
)
|
128
129
|
|
129
|
-
return blob
|
130
|
-
end
|
130
|
+
return blob
|
131
|
+
end
|
131
132
|
|
132
133
|
# BLOB without GSS usefull for ntlmssp type 1 message
|
133
134
|
def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
|
@@ -144,7 +145,7 @@ class Utils
|
|
144
145
|
name.length, #length
|
145
146
|
name.length, #max length
|
146
147
|
domain.length + 32
|
147
|
-
].pack('vvV') +
|
148
|
+
].pack('vvV') +
|
148
149
|
|
149
150
|
domain + name
|
150
151
|
return blob
|
@@ -152,11 +153,11 @@ class Utils
|
|
152
153
|
|
153
154
|
# GSS BLOB usefull for ntlmssp type 1 message
|
154
155
|
def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
|
155
|
-
blob =
|
156
|
-
"\x60" + self.asn1encode(
|
156
|
+
blob =
|
157
|
+
"\x60" + self.asn1encode(
|
157
158
|
"\x06" + self.asn1encode(
|
158
159
|
"\x2b\x06\x01\x05\x05\x02"
|
159
|
-
) +
|
160
|
+
) +
|
160
161
|
"\xa0" + self.asn1encode(
|
161
162
|
"\x30" + self.asn1encode(
|
162
163
|
"\xa0" + self.asn1encode(
|
@@ -175,11 +176,11 @@ class Utils
|
|
175
176
|
)
|
176
177
|
)
|
177
178
|
|
178
|
-
return blob
|
179
|
+
return blob
|
179
180
|
end
|
180
181
|
|
181
182
|
|
182
|
-
# BLOB without GSS usefull for ntlm type 2 message
|
183
|
+
# BLOB without GSS usefull for ntlm type 2 message
|
183
184
|
def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
|
184
185
|
|
185
186
|
addr_list = ''
|
@@ -189,7 +190,7 @@ class Utils
|
|
189
190
|
addr_list << [3, dns_name.length].pack('vv') + dns_name
|
190
191
|
addr_list << [0, 0].pack('vv')
|
191
192
|
|
192
|
-
ptr = 0
|
193
|
+
ptr = 0
|
193
194
|
blob = "NTLMSSP\x00" +
|
194
195
|
[2].pack('V') +
|
195
196
|
[
|
@@ -198,21 +199,21 @@ class Utils
|
|
198
199
|
(ptr += 48) # offset
|
199
200
|
].pack('vvV') +
|
200
201
|
[ flags ].pack('V') +
|
201
|
-
chall +
|
202
|
+
chall +
|
202
203
|
"\x00\x00\x00\x00\x00\x00\x00\x00" +
|
203
204
|
[
|
204
205
|
addr_list.length, # length
|
205
206
|
addr_list.length, # max length
|
206
|
-
(ptr += win_domain.length)
|
207
|
+
(ptr += win_domain.length)
|
207
208
|
].pack('vvV') +
|
208
|
-
win_domain +
|
209
|
+
win_domain +
|
209
210
|
addr_list
|
210
211
|
return blob
|
211
212
|
end
|
212
213
|
|
213
214
|
# GSS BLOB usefull for ntlmssp type 2 message
|
214
215
|
def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
|
215
|
-
|
216
|
+
|
216
217
|
blob =
|
217
218
|
"\xa1" + self.asn1encode(
|
218
219
|
"\x30" + self.asn1encode(
|
@@ -231,7 +232,7 @@ class Utils
|
|
231
232
|
make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
|
232
233
|
)
|
233
234
|
)
|
234
|
-
)
|
235
|
+
)
|
235
236
|
)
|
236
237
|
|
237
238
|
return blob
|
@@ -240,53 +241,53 @@ class Utils
|
|
240
241
|
# BLOB without GSS Usefull for ntlmssp type 3 message
|
241
242
|
def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
|
242
243
|
lm ||= "\x00" * 24
|
243
|
-
ntlm ||= "\x00" * 24
|
244
|
-
|
244
|
+
ntlm ||= "\x00" * 24
|
245
|
+
|
245
246
|
domain_uni = Rex::Text.to_unicode(domain)
|
246
247
|
user_uni = Rex::Text.to_unicode(user)
|
247
248
|
name_uni = Rex::Text.to_unicode(name)
|
248
249
|
session = enc_session_key
|
249
250
|
|
250
|
-
ptr = 64
|
251
|
+
ptr = 64
|
251
252
|
|
252
253
|
blob = "NTLMSSP\x00" +
|
253
254
|
[ 3 ].pack('V') +
|
254
|
-
|
255
|
+
|
255
256
|
[ # Lan Manager Response
|
256
257
|
lm.length,
|
257
258
|
lm.length,
|
258
259
|
(ptr)
|
259
260
|
].pack('vvV') +
|
260
|
-
|
261
|
+
|
261
262
|
[ # NTLM Manager Response
|
262
263
|
ntlm.length,
|
263
264
|
ntlm.length,
|
264
265
|
(ptr += lm.length)
|
265
|
-
].pack('vvV') +
|
266
|
-
|
266
|
+
].pack('vvV') +
|
267
|
+
|
267
268
|
[ # Domain Name
|
268
269
|
domain_uni.length,
|
269
270
|
domain_uni.length,
|
270
271
|
(ptr += ntlm.length)
|
271
|
-
].pack('vvV') +
|
272
|
+
].pack('vvV') +
|
272
273
|
|
273
274
|
[ # Username
|
274
275
|
user_uni.length,
|
275
276
|
user_uni.length,
|
276
277
|
(ptr += domain_uni.length)
|
277
|
-
].pack('vvV') +
|
278
|
+
].pack('vvV') +
|
278
279
|
|
279
280
|
[ # Hostname
|
280
281
|
name_uni.length,
|
281
282
|
name_uni.length,
|
282
283
|
(ptr += user_uni.length)
|
283
|
-
].pack('vvV') +
|
284
|
-
|
284
|
+
].pack('vvV') +
|
285
|
+
|
285
286
|
[ # Session Key (none)
|
286
287
|
session.length,
|
287
288
|
session.length,
|
288
289
|
(ptr += name_uni.length)
|
289
|
-
].pack('vvV') +
|
290
|
+
].pack('vvV') +
|
290
291
|
|
291
292
|
[ flags ].pack('V') +
|
292
293
|
|
@@ -294,8 +295,8 @@ class Utils
|
|
294
295
|
ntlm +
|
295
296
|
domain_uni +
|
296
297
|
user_uni +
|
297
|
-
name_uni +
|
298
|
-
session + "\x00"
|
298
|
+
name_uni +
|
299
|
+
session + "\x00"
|
299
300
|
return blob
|
300
301
|
|
301
302
|
end
|
@@ -327,7 +328,7 @@ class Utils
|
|
327
328
|
"\x00"
|
328
329
|
)
|
329
330
|
)
|
330
|
-
)
|
331
|
+
)
|
331
332
|
)
|
332
333
|
return blob
|
333
334
|
end
|
@@ -342,7 +343,7 @@ class Utils
|
|
342
343
|
send_ntlm = opt[:send_ntlm] != nil ? opt[:send_ntlm] : true
|
343
344
|
use_lanman_key = opt[:use_lanman_key] != nil ? opt[:use_lanman_key] : false
|
344
345
|
|
345
|
-
if signing
|
346
|
+
if signing
|
346
347
|
ntlmssp_flags = 0xe2088215
|
347
348
|
else
|
348
349
|
|
@@ -352,7 +353,7 @@ class Utils
|
|
352
353
|
if usentlm2_session
|
353
354
|
if use_ntlmv2
|
354
355
|
#set Negotiate Target Info
|
355
|
-
ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
|
356
|
+
ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
|
356
357
|
end
|
357
358
|
|
358
359
|
else
|
@@ -363,7 +364,7 @@ class Utils
|
|
363
364
|
ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
|
364
365
|
end
|
365
366
|
end
|
366
|
-
|
367
|
+
|
367
368
|
#we can also downgrade ntlm2_session when we send only lmv1
|
368
369
|
ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
|
369
370
|
|
@@ -414,9 +415,9 @@ class Utils
|
|
414
415
|
#Client time
|
415
416
|
data[:chall_MsvAvTimestamp] = addr
|
416
417
|
when 8
|
417
|
-
#A Restriction_Encoding structure
|
418
|
+
#A Restriction_Encoding structure
|
418
419
|
when 9
|
419
|
-
#The SPN of the target server.
|
420
|
+
#The SPN of the target server.
|
420
421
|
when 10
|
421
422
|
#A channel bindings hash.
|
422
423
|
end
|
@@ -426,9 +427,9 @@ class Utils
|
|
426
427
|
|
427
428
|
# This function return an ntlmv2 client challenge
|
428
429
|
# This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
|
429
|
-
def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
|
430
|
+
def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
|
430
431
|
client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
|
431
|
-
|
432
|
+
|
432
433
|
client_challenge ||= Rex::Text.rand_text(8)
|
433
434
|
# We have to set the timestamps here to the one in the challenge message from server if present
|
434
435
|
# If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
|
@@ -448,28 +449,28 @@ class Utils
|
|
448
449
|
|
449
450
|
# Windows Seven / 2008r2 Request this type if in local security policies,
|
450
451
|
# Microsoft network server : Server SPN target name validation level is set to <Required from client>
|
451
|
-
# otherwise it send an STATUS_ACCESS_DENIED packet
|
452
|
+
# otherwise it send an STATUS_ACCESS_DENIED packet
|
452
453
|
if spnopt[:use_spn]
|
453
454
|
spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
|
454
455
|
addr_list << [9, spn.length].pack('vv') + spn
|
455
456
|
end
|
456
|
-
|
457
|
+
|
457
458
|
# MAY BE USEFUL FOR FUTURE
|
458
|
-
# Seven (client) add at least one more av that is of type MsAvRestrictions (8)
|
459
|
-
# maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
|
459
|
+
# Seven (client) add at least one more av that is of type MsAvRestrictions (8)
|
460
|
+
# maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
|
460
461
|
# restriction_encoding = [48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
|
461
462
|
# Rex::Text.rand_text(32) # MachineId generated on startup on win7 and above
|
462
463
|
# addr_list << [8, restriction_encoding.length].pack('vv') + restriction_encoding
|
463
|
-
|
464
|
+
|
464
465
|
# Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
|
465
466
|
# addr_list << [10, 16].pack('vv') + "\x00" * 16
|
466
|
-
|
467
|
+
|
467
468
|
|
468
469
|
addr_list << [0, 0].pack('vv')
|
469
470
|
ntlm_clientchallenge = [1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
|
470
471
|
timestamp + #Timestamp
|
471
472
|
client_challenge + #clientchallenge
|
472
|
-
[0].pack("V") + #Reserved3
|
473
|
+
[0].pack("V") + #Reserved3
|
473
474
|
addr_list + "\x00" * 4
|
474
475
|
|
475
476
|
end
|
@@ -492,46 +493,46 @@ class Utils
|
|
492
493
|
if send_ntlm #should be default
|
493
494
|
if usentlm2_session
|
494
495
|
if use_ntlmv2
|
495
|
-
ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
|
496
|
-
dns_host_name,client_challenge ,
|
496
|
+
ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
|
497
|
+
dns_host_name,client_challenge ,
|
497
498
|
chall_MsvAvTimestamp, spnopt)
|
498
499
|
if self.is_pass_ntlm_hash?(pass)
|
499
|
-
argntlm = {
|
500
|
+
argntlm = {
|
500
501
|
:ntlmv2_hash => CRYPT::ntlmv2_hash(
|
501
|
-
user,
|
502
|
-
[ pass.upcase()[33,65] ].pack('H32'),
|
502
|
+
user,
|
503
|
+
[ pass.upcase()[33,65] ].pack('H32'),
|
503
504
|
domain,{:pass_is_hash => true}
|
504
505
|
),
|
505
|
-
:challenge => challenge_key
|
506
|
+
:challenge => challenge_key
|
506
507
|
}
|
507
508
|
else
|
508
509
|
argntlm = {
|
509
510
|
:ntlmv2_hash => CRYPT::ntlmv2_hash(user, pass, domain),
|
510
|
-
:challenge => challenge_key
|
511
|
+
:challenge => challenge_key
|
511
512
|
}
|
512
513
|
end
|
513
514
|
|
514
515
|
optntlm = { :nt_client_challenge => ntlm_cli_challenge}
|
515
516
|
ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
|
516
|
-
resp_ntlm = ntlmv2_response
|
517
|
-
|
517
|
+
resp_ntlm = ntlmv2_response
|
518
|
+
|
518
519
|
if send_lm
|
519
520
|
if self.is_pass_ntlm_hash?(pass)
|
520
521
|
arglm = {
|
521
522
|
:ntlmv2_hash => CRYPT::ntlmv2_hash(
|
522
|
-
user,
|
523
|
-
[ pass.upcase()[33,65] ].pack('H32'),
|
523
|
+
user,
|
524
|
+
[ pass.upcase()[33,65] ].pack('H32'),
|
524
525
|
domain,{:pass_is_hash => true}
|
525
526
|
),
|
526
|
-
:challenge => challenge_key
|
527
|
+
:challenge => challenge_key
|
527
528
|
}
|
528
529
|
else
|
529
530
|
arglm = {
|
530
531
|
:ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
|
531
|
-
:challenge => challenge_key
|
532
|
+
:challenge => challenge_key
|
532
533
|
}
|
533
534
|
end
|
534
|
-
|
535
|
+
|
535
536
|
optlm = { :client_challenge => client_challenge }
|
536
537
|
resp_lm = CRYPT::lmv2_response(arglm, optlm)
|
537
538
|
else
|
@@ -540,20 +541,20 @@ class Utils
|
|
540
541
|
|
541
542
|
else # ntlm2_session
|
542
543
|
if self.is_pass_ntlm_hash?(pass)
|
543
|
-
argntlm = {
|
544
|
-
:ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
|
545
|
-
:challenge => challenge_key
|
544
|
+
argntlm = {
|
545
|
+
:ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
|
546
|
+
:challenge => challenge_key
|
546
547
|
}
|
547
548
|
else
|
548
549
|
argntlm = {
|
549
|
-
:ntlm_hash => CRYPT::ntlm_hash(pass),
|
550
|
-
:challenge => challenge_key
|
550
|
+
:ntlm_hash => CRYPT::ntlm_hash(pass),
|
551
|
+
:challenge => challenge_key
|
551
552
|
}
|
552
553
|
end
|
553
|
-
|
554
|
+
|
554
555
|
optntlm = { :client_challenge => client_challenge}
|
555
556
|
resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
|
556
|
-
|
557
|
+
|
557
558
|
# Generate the fake LANMAN hash
|
558
559
|
resp_lm = client_challenge + ("\x00" * 16)
|
559
560
|
end
|
@@ -561,27 +562,27 @@ class Utils
|
|
561
562
|
else # we use lmv1/ntlmv1
|
562
563
|
if self.is_pass_ntlm_hash?(pass)
|
563
564
|
argntlm = {
|
564
|
-
:ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
|
565
|
-
:challenge => challenge_key
|
565
|
+
:ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
|
566
|
+
:challenge => challenge_key
|
566
567
|
}
|
567
568
|
else
|
568
569
|
argntlm = {
|
569
|
-
:ntlm_hash => CRYPT::ntlm_hash(pass),
|
570
|
-
:challenge => challenge_key
|
570
|
+
:ntlm_hash => CRYPT::ntlm_hash(pass),
|
571
|
+
:challenge => challenge_key
|
571
572
|
}
|
572
573
|
end
|
573
|
-
|
574
|
+
|
574
575
|
resp_ntlm = CRYPT::ntlm_response(argntlm)
|
575
576
|
if send_lm
|
576
577
|
if self.is_pass_ntlm_hash?(pass)
|
577
578
|
arglm = {
|
578
579
|
:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
|
579
|
-
:challenge => challenge_key
|
580
|
+
:challenge => challenge_key
|
580
581
|
}
|
581
582
|
else
|
582
583
|
arglm = {
|
583
584
|
:lm_hash => CRYPT::lm_hash(pass),
|
584
|
-
:challenge => challenge_key
|
585
|
+
:challenge => challenge_key
|
585
586
|
}
|
586
587
|
end
|
587
588
|
resp_lm = CRYPT::lm_response(arglm)
|
@@ -591,22 +592,22 @@ class Utils
|
|
591
592
|
resp_lm = resp_ntlm
|
592
593
|
end
|
593
594
|
end
|
594
|
-
else #send_ntlm = false
|
595
|
+
else #send_ntlm = false
|
595
596
|
#lmv2
|
596
597
|
if usentlm2_session && use_ntlmv2
|
597
598
|
if self.is_pass_ntlm_hash?(pass)
|
598
599
|
arglm = {
|
599
600
|
:ntlmv2_hash => CRYPT::ntlmv2_hash(
|
600
|
-
user,
|
601
|
-
[ pass.upcase()[33,65] ].pack('H32'),
|
601
|
+
user,
|
602
|
+
[ pass.upcase()[33,65] ].pack('H32'),
|
602
603
|
domain,{:pass_is_hash => true}
|
603
604
|
),
|
604
|
-
:challenge => challenge_key
|
605
|
+
:challenge => challenge_key
|
605
606
|
}
|
606
607
|
else
|
607
608
|
arglm = {
|
608
609
|
:ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
|
609
|
-
:challenge => challenge_key
|
610
|
+
:challenge => challenge_key
|
610
611
|
}
|
611
612
|
end
|
612
613
|
optlm = { :client_challenge => client_challenge }
|
@@ -615,12 +616,12 @@ class Utils
|
|
615
616
|
if self.is_pass_ntlm_hash?(pass)
|
616
617
|
arglm = {
|
617
618
|
:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
|
618
|
-
:challenge => challenge_key
|
619
|
+
:challenge => challenge_key
|
619
620
|
}
|
620
621
|
else
|
621
622
|
arglm = {
|
622
623
|
:lm_hash => CRYPT::lm_hash(pass),
|
623
|
-
:challenge => challenge_key
|
624
|
+
:challenge => challenge_key
|
624
625
|
}
|
625
626
|
end
|
626
627
|
resp_lm = CRYPT::lm_response(arglm)
|
@@ -677,39 +678,39 @@ class Utils
|
|
677
678
|
if usentlm2_session
|
678
679
|
if use_ntlmv2
|
679
680
|
if self.is_pass_ntlm_hash?(pass)
|
680
|
-
user_session_key = CRYPT::ntlmv2_user_session_key(user,
|
681
|
+
user_session_key = CRYPT::ntlmv2_user_session_key(user,
|
681
682
|
[ pass.upcase()[33,65] ].pack('H32'),
|
682
|
-
|
683
|
-
challenge_key, ntlm_cli_challenge,
|
683
|
+
domain,
|
684
|
+
challenge_key, ntlm_cli_challenge,
|
684
685
|
{:pass_is_hash => true})
|
685
686
|
else
|
686
|
-
user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
|
687
|
+
user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
|
687
688
|
challenge_key, ntlm_cli_challenge)
|
688
689
|
end
|
689
690
|
else
|
690
691
|
if self.is_pass_ntlm_hash?(pass)
|
691
|
-
user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
|
692
|
-
challenge_key,
|
693
|
-
client_challenge,
|
692
|
+
user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
|
693
|
+
challenge_key,
|
694
|
+
client_challenge,
|
694
695
|
{:pass_is_hash => true})
|
695
696
|
else
|
696
|
-
user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
|
697
|
+
user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
|
697
698
|
client_challenge)
|
698
699
|
end
|
699
700
|
end
|
700
701
|
else # lmv1/ntlmv1
|
701
702
|
# lanman_key may also be used without ntlm response but it is not so much used
|
702
|
-
# so we don't care about this feature
|
703
|
+
# so we don't care about this feature
|
703
704
|
if send_lm && use_lanman_key
|
704
705
|
if self.is_pass_ntlm_hash?(pass)
|
705
|
-
user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
706
|
-
challenge_key,
|
706
|
+
user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
707
|
+
challenge_key,
|
707
708
|
{:pass_is_hash => true})
|
708
709
|
else
|
709
710
|
user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
|
710
711
|
end
|
711
712
|
lanman_weak = true
|
712
|
-
|
713
|
+
|
713
714
|
|
714
715
|
else
|
715
716
|
if self.is_pass_ntlm_hash?(pass)
|
@@ -723,17 +724,17 @@ class Utils
|
|
723
724
|
else
|
724
725
|
if usentlm2_session && use_ntlmv2
|
725
726
|
if self.is_pass_ntlm_hash?(pass)
|
726
|
-
user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
|
727
|
-
domain,
|
728
|
-
challenge_key, client_challenge,
|
727
|
+
user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
|
728
|
+
domain,
|
729
|
+
challenge_key, client_challenge,
|
729
730
|
{:pass_is_hash => true})
|
730
731
|
else
|
731
|
-
user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
|
732
|
+
user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
|
732
733
|
challenge_key, client_challenge)
|
733
734
|
end
|
734
735
|
else
|
735
736
|
if self.is_pass_ntlm_hash?(pass)
|
736
|
-
user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
737
|
+
user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
737
738
|
{:pass_is_hash => true})
|
738
739
|
else
|
739
740
|
user_session_key = CRYPT::lmv1_user_session_key(pass)
|
@@ -741,7 +742,7 @@ class Utils
|
|
741
742
|
end
|
742
743
|
end
|
743
744
|
|
744
|
-
user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
|
745
|
+
user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
|
745
746
|
|
746
747
|
# Sessionkey and encrypted session key
|
747
748
|
if key_exchange
|
@@ -750,12 +751,12 @@ class Utils
|
|
750
751
|
else
|
751
752
|
signing_key = user_session_key
|
752
753
|
end
|
753
|
-
|
754
|
+
|
754
755
|
return signing_key, enc_session_key, ntlmssp_flags
|
755
|
-
|
756
|
-
|
756
|
+
|
757
|
+
|
757
758
|
end
|
758
|
-
|
759
|
+
|
759
760
|
|
760
761
|
|
761
762
|
end
|