librex 0.0.7 → 0.0.12
Sign up to get free protection for your applications and to get access to all the features.
- data/{README.md → README.markdown} +1 -2
- data/Rakefile +51 -5
- data/lib/rex/proto/ntlm/crypt.rb +80 -5
- metadata +8 -8
@@ -3,8 +3,7 @@
|
|
3
3
|
A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
|
4
4
|
|
5
5
|
Currently based on:
|
6
|
-
SVN Revision:
|
6
|
+
SVN Revision: 11938
|
7
7
|
|
8
8
|
# Credits
|
9
9
|
The Metasploit development team <http://www.metasploit.com>
|
10
|
-
|
data/Rakefile
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
|
1
|
+
# encoding: utf-8
|
2
2
|
|
3
|
-
task :build do
|
3
|
+
task :build => :update do
|
4
4
|
system "gem build librex.gemspec"
|
5
5
|
end
|
6
6
|
|
@@ -12,7 +12,7 @@ task :clean do
|
|
12
12
|
system "rm *.gem"
|
13
13
|
end
|
14
14
|
|
15
|
-
task :
|
15
|
+
task :update do
|
16
16
|
puts "[*] Removing old rex code"
|
17
17
|
system "git rm lib/rex.rb"
|
18
18
|
system "git rm lib/rex.rb.ts.rb"
|
@@ -32,8 +32,54 @@ task :update_rex do
|
|
32
32
|
system "mv /tmp/msftmp/lib/rex/ lib/"
|
33
33
|
system "find . -iname '.svn' -exec rm -rf {} \\;"
|
34
34
|
system "git add lib/"
|
35
|
-
|
36
|
-
|
35
|
+
|
37
36
|
puts "[*] Cleaning up tmp files"
|
38
37
|
system "rm -rf /tmp/msftmp"
|
38
|
+
|
39
|
+
puts "[*] Updating librex.gemspec with new Version and Revision Number"
|
40
|
+
File.open("librex.gemspec.1", "w+") do |output|
|
41
|
+
File.open("librex.gemspec", "r") do |input|
|
42
|
+
while (line = input.gets)
|
43
|
+
|
44
|
+
if line =~ /^VERSION = (.*)$/
|
45
|
+
version = $1.chop.gsub("\"",'').split(".")
|
46
|
+
version[2] = version[2].to_i + 1
|
47
|
+
version = version.join(".")
|
48
|
+
|
49
|
+
puts "#{version}"
|
50
|
+
|
51
|
+
line = "VERSION = \"#{version}\"\n"
|
52
|
+
elsif line =~ /^REVISION = (.*)$/
|
53
|
+
line = "REVISION = \"#{rev[1]}\"\n"
|
54
|
+
else
|
55
|
+
line = line
|
56
|
+
end
|
57
|
+
|
58
|
+
output.write line
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
system "mv librex.gemspec.1 librex.gemspec"
|
64
|
+
|
65
|
+
puts "[*] Updating README.markdown with new Revision Number"
|
66
|
+
File.open("README.markdown.1", "w+") do |output|
|
67
|
+
File.open("README.markdown", "r") do |input|
|
68
|
+
while (line = input.gets)
|
69
|
+
if line =~ /^SVN Revision: (.*)$/
|
70
|
+
line = "SVN Revision: #{rev[1]}\n"
|
71
|
+
else
|
72
|
+
line = line
|
73
|
+
end
|
74
|
+
|
75
|
+
output.write line
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
system "mv README.markdown.1 README.markdown"
|
81
|
+
|
82
|
+
system "git commit -a -m \"Updated for Revision #{rev[1]}\""
|
83
|
+
puts "Commiting and Pushing Updates for Revision #{rev[1]}"
|
84
|
+
system "git push"
|
39
85
|
end
|
data/lib/rex/proto/ntlm/crypt.rb
CHANGED
@@ -117,8 +117,7 @@ BASE = Rex::Proto::NTLM::Base
|
|
117
117
|
ntlmhash = password
|
118
118
|
else
|
119
119
|
ntlmhash = ntlm_hash(password, opt)
|
120
|
-
end
|
121
|
-
|
120
|
+
end
|
122
121
|
# With Win 7 and maybe other OSs we sometimes get the domain not uppercased
|
123
122
|
userdomain = user.upcase + domain
|
124
123
|
unless opt[:unicode]
|
@@ -172,12 +171,12 @@ BASE = Rex::Proto::NTLM::Base
|
|
172
171
|
if not (key and chal)
|
173
172
|
raise ArgumentError , 'ntlmv2_hash and challenge are mandatory'
|
174
173
|
end
|
175
|
-
|
174
|
+
|
176
175
|
chal = BASE::pack_int64le(chal) if chal.is_a?(::Integer)
|
177
176
|
bb = nil
|
178
177
|
|
179
178
|
if opt[:nt_client_challenge]
|
180
|
-
if opt[:nt_client_challenge].to_s.length <=
|
179
|
+
if opt[:nt_client_challenge].to_s.length <= 8
|
181
180
|
raise ArgumentError,"nt_client_challenge is not in a correct format "
|
182
181
|
end
|
183
182
|
bb = opt[:nt_client_challenge]
|
@@ -205,7 +204,6 @@ BASE = Rex::Proto::NTLM::Base
|
|
205
204
|
end
|
206
205
|
|
207
206
|
OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
|
208
|
-
|
209
207
|
end
|
210
208
|
|
211
209
|
def self.lmv2_response(arg, opt = {})
|
@@ -236,6 +234,83 @@ BASE = Rex::Proto::NTLM::Base
|
|
236
234
|
[cc.ljust(24, "\0"), response]
|
237
235
|
end
|
238
236
|
|
237
|
+
#this function will check if the net lm response provided correspond to en empty password
|
238
|
+
def self.is_hash_from_empty_pwd?(arg)
|
239
|
+
hash_type = arg[:type]
|
240
|
+
raise ArgumentError,"arg[:type] is mandatory" if not hash_type
|
241
|
+
raise ArgumentError,"arg[:type] must be lm or ntlm" if not hash_type =~ /^((lm)|(ntlm))$/
|
242
|
+
|
243
|
+
ntlm_ver = arg[:ntlm_ver]
|
244
|
+
raise ArgumentError,"arg[:ntlm_ver] is mandatory" if not ntlm_ver
|
245
|
+
|
246
|
+
hash = arg[:hash]
|
247
|
+
raise ArgumentError,"arg[:hash] is mandatory" if not hash
|
248
|
+
|
249
|
+
srv_chall = arg[:srv_challenge]
|
250
|
+
raise ArgumentError,"arg[:srv_challenge] is mandatory" if not srv_chall
|
251
|
+
raise ArgumentError,"Server challenge length must be exactly 8 bytes" if srv_chall.length != 8
|
252
|
+
|
253
|
+
#calculate responses for empty pwd
|
254
|
+
case ntlm_ver
|
255
|
+
when CONST::NTLM_V1_RESPONSE
|
256
|
+
if hash.length != 24
|
257
|
+
raise ArgumentError,"hash length must be exactly 24 bytes "
|
258
|
+
end
|
259
|
+
case hash_type
|
260
|
+
when 'lm'
|
261
|
+
arglm = { :lm_hash => self.lm_hash(''),
|
262
|
+
:challenge => srv_chall}
|
263
|
+
calculatedhash = self.lm_response(arglm)
|
264
|
+
when 'ntlm'
|
265
|
+
argntlm = { :ntlm_hash => self.ntlm_hash(''),
|
266
|
+
:challenge => srv_chall }
|
267
|
+
calculatedhash = self.ntlm_response(argntlm)
|
268
|
+
end
|
269
|
+
when CONST::NTLM_V2_RESPONSE
|
270
|
+
raise ArgumentError,"hash length must be exactly 16 bytes " if hash.length != 16
|
271
|
+
cli_chall = arg[:cli_challenge]
|
272
|
+
raise ArgumentError,"arg[:cli_challenge] is mandatory in this case" if not cli_chall
|
273
|
+
user = arg[:user]
|
274
|
+
raise ArgumentError,"arg[:user] is mandatory in this case" if not user
|
275
|
+
domain = arg[:domain]
|
276
|
+
raise ArgumentError,"arg[:domain] is mandatory in this case" if not domain
|
277
|
+
|
278
|
+
case hash_type
|
279
|
+
when 'lm'
|
280
|
+
raise ArgumentError,"Client challenge length must be exactly 8 bytes " if cli_chall.length != 8
|
281
|
+
arglm = { :ntlmv2_hash => self.ntlmv2_hash(user,'', domain),
|
282
|
+
:challenge => srv_chall }
|
283
|
+
optlm = { :client_challenge => cli_chall}
|
284
|
+
calculatedhash = self.lmv2_response(arglm, optlm)[0,16]
|
285
|
+
when 'ntlm'
|
286
|
+
raise ArgumentError,"Client challenge length must be bigger then 8 bytes " if cli_chall.length <= 8
|
287
|
+
argntlm = { :ntlmv2_hash => self.ntlmv2_hash(user, '', domain),
|
288
|
+
:challenge => srv_chall }
|
289
|
+
optntlm = { :nt_client_challenge => cli_chall}
|
290
|
+
calculatedhash = self.ntlmv2_response(argntlm,optntlm)[0,16]
|
291
|
+
end
|
292
|
+
when CONST::NTLM_2_SESSION_RESPONSE
|
293
|
+
raise ArgumentError,"hash length must be exactly 16 bytes " if hash.length != 24
|
294
|
+
cli_chall = arg[:cli_challenge]
|
295
|
+
raise ArgumentError,"arg[:cli_challenge] is mandatory in this case" if not cli_chall
|
296
|
+
raise ArgumentError,"Client challenge length must be exactly 8 bytes " if cli_chall.length != 8
|
297
|
+
case hash_type
|
298
|
+
when 'lm'
|
299
|
+
raise ArgumentError, "ntlm2_session is incompatible with lm"
|
300
|
+
when 'ntlm'
|
301
|
+
argntlm = { :ntlm_hash => self.ntlm_hash(''),
|
302
|
+
:challenge => srv_chall }
|
303
|
+
optntlm = { :client_challenge => cli_chall}
|
304
|
+
end
|
305
|
+
calculatedhash = self.ntlm2_session(argntlm,optntlm).join[24,24]
|
306
|
+
else
|
307
|
+
raise ArgumentError,"ntlm_ver is of unknow type"
|
308
|
+
end
|
309
|
+
hash == calculatedhash
|
310
|
+
end
|
311
|
+
|
312
|
+
|
313
|
+
|
239
314
|
#
|
240
315
|
# Signing method added for metasploit project
|
241
316
|
#
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: librex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 0.0.
|
5
|
+
version: 0.0.12
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Metasploit Development Team
|
@@ -11,11 +11,11 @@ autorequire:
|
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
13
|
|
14
|
-
date: 2011-03-
|
14
|
+
date: 2011-03-11 00:00:00 -06:00
|
15
15
|
default_executable:
|
16
16
|
dependencies: []
|
17
17
|
|
18
|
-
description: Rex provides a variety of classes useful for security testing and exploit development. Based on
|
18
|
+
description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 11938
|
19
19
|
email:
|
20
20
|
- hdm@metasploit.com
|
21
21
|
- jacob.hammack@hammackj.com
|
@@ -24,10 +24,10 @@ executables: []
|
|
24
24
|
extensions: []
|
25
25
|
|
26
26
|
extra_rdoc_files:
|
27
|
-
- README.
|
27
|
+
- README.markdown
|
28
28
|
files:
|
29
29
|
- Rakefile
|
30
|
-
- README.
|
30
|
+
- README.markdown
|
31
31
|
- lib/rex/arch/sparc.rb
|
32
32
|
- lib/rex/arch/sparc.rb.ut.rb
|
33
33
|
- lib/rex/arch/x86.rb
|
@@ -454,8 +454,8 @@ files:
|
|
454
454
|
- lib/rex.rb.ts.rb
|
455
455
|
has_rdoc: true
|
456
456
|
homepage: http://www.metasploit.com/
|
457
|
-
licenses:
|
458
|
-
|
457
|
+
licenses:
|
458
|
+
- BSD
|
459
459
|
post_install_message:
|
460
460
|
rdoc_options: []
|
461
461
|
|
@@ -479,6 +479,6 @@ rubyforge_project:
|
|
479
479
|
rubygems_version: 1.6.2
|
480
480
|
signing_key:
|
481
481
|
specification_version: 3
|
482
|
-
summary: Ruby Exploitation
|
482
|
+
summary: Ruby Exploitation Library
|
483
483
|
test_files: []
|
484
484
|
|