metasploit-credential 5.0.5 → 5.0.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f619d2601985401f78215f264a5ca6b35e30395e76e118f00fbb2a19ff0be1d6
4
- data.tar.gz: b85fbfcc6cb48a360b0baff638f79573c307cb1e6efd81f82ed8d2eb505fc998
3
+ metadata.gz: 160c796cde281dc16f28a82c485aefc9e5514c6c316e524e70f1078f19bea454
4
+ data.tar.gz: da7444e3d488aa8c96dee9390b03e75ae1b0db1a2bf4bfa3732217fb2112ee4f
5
5
  SHA512:
6
- metadata.gz: e4b97eda489cf82ea347c190bb152aa04a33760bcfb2c77c898b82d378beadb3ad5ece4306acdc9b7c305b01a7c2ef25aed233eb46621a8e2495adb2d49b67de
7
- data.tar.gz: 93ef61cbb0e3735e39dff2e91d21c8d28f09d0d9261150f199c38288fd5c66114966194db54a14386096b1db7b1ef735fd9c225ee8a2f9392daee646993f8526
6
+ metadata.gz: 9eb83198d92396fda14da456a595e012759aece87af7b60b68e20ef6569c77b2563db450050d12f4d79b9cb9d6495319a9649f0bffcfb9948e6ee7994ba19add
7
+ data.tar.gz: cc9e76bd3341a68dfddb03bafdfbecd6d0fcf404082830118f0535205d16b56a77f4df97289c362e9a22708c56e47f69780952f6362caa17d88f64539dc9df8f
checksums.yaml.gz.sig CHANGED
Binary file
@@ -10,17 +10,118 @@ class Metasploit::Credential::NonreplayableHash < Metasploit::Credential::Passwo
10
10
  # The names of John the Ripper supported formats, from the "jumbo" edition.
11
11
  # Listed in the format section of the output of +john --help+ on the CLI
12
12
  # Current as of 2014-06-12
13
- VALID_JTR_FORMATS = %w(afs bf bf-opencl bfegg bsdi crc32 des django dmd5 dominosec dragonfly3-32 dragonfly3-64
14
- dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n epi episerver gost hdaa hmac-md5 hmac-sha1
15
- hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2 keepass keychain krb4 krb5 lm
16
- lotus5 md4-gen md5 md5crypt-opencl md5ns mediawiki mscash mscash2 mscash2-opencl mschapv2
17
- mskrb5 mssql mssql05 mysql mysql-sha1 mysql-sha1-opencl nethalflm netlm netlmv2 netntlm
18
- netntlmv2 nsldap nt nt-opencl nt2 odf office oracle oracle11 osc pdf phpass phpass-opencl phps
19
- pix-md5 pkzip po pwsafe pwsafe-opencl racf rar raw-md4 raw-md4-opencl raw-md5 raw-md5-opencl
20
- raw-md5u raw-sha raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha1-opencl raw-sha224 raw-sha256
21
- raw-sha384 raw-sha512 raw-sha512-opencl salted-sha1 sapb sapg sha1-gen sha256crypt sha512crypt
22
- sha512crypt-opencl sip ssh ssha-opencl sybasease trip vnc wbb3 wpapsk wpapsk-opencl xsha
23
- xsha512 xsha512-opencl zip)
13
+ VALID_JTR_FORMATS = %w(
14
+ afs
15
+ bf
16
+ bf-opencl
17
+ bfegg
18
+ bsdi
19
+ crc32
20
+ des
21
+ django
22
+ dmd5
23
+ dominosec
24
+ dragonfly3-32
25
+ dragonfly3-64
26
+ dragonfly4-32
27
+ dragonfly4-64
28
+ drupal7
29
+ dummy
30
+ dynamic_n
31
+ epi
32
+ episerver
33
+ gost
34
+ hdaa
35
+ hmac-md5
36
+ hmac-sha1
37
+ hmac-sha224
38
+ hmac-sha256
39
+ hmac-sha384
40
+ hmac-sha512
41
+ hmailserver
42
+ ipb2
43
+ keepass
44
+ keychain
45
+ krb4
46
+ krb5
47
+ lm
48
+ lotus5
49
+ md4-gen
50
+ md5
51
+ md5crypt-opencl
52
+ md5ns
53
+ mediawiki
54
+ mscash
55
+ mscash2
56
+ mscash2-opencl
57
+ mschapv2
58
+ mskrb5
59
+ mssql
60
+ mssql05
61
+ mysql
62
+ mysql-sha1
63
+ mysql-sha1-opencl
64
+ nethalflm
65
+ netlm
66
+ netlmv2
67
+ netntlm
68
+ netntlmv2
69
+ nsldap
70
+ nt
71
+ nt-opencl
72
+ nt2
73
+ odf
74
+ office
75
+ oracle
76
+ oracle11
77
+ osc
78
+ pdf
79
+ phpass
80
+ phpass-opencl
81
+ phps
82
+ pix-md5
83
+ pkzip
84
+ po
85
+ pwsafe
86
+ pwsafe-opencl
87
+ racf
88
+ rar
89
+ raw-md4
90
+ raw-md4-opencl
91
+ raw-md5
92
+ raw-md5-opencl
93
+ raw-md5u
94
+ raw-sha
95
+ raw-sha1
96
+ raw-sha1-linkedin
97
+ raw-sha1-ng
98
+ raw-sha1-opencl
99
+ raw-sha224
100
+ raw-sha256
101
+ raw-sha384
102
+ raw-sha512
103
+ raw-sha512-opencl
104
+ salted-sha1
105
+ sapb
106
+ sapg
107
+ sha1-gen
108
+ sha256crypt
109
+ sha512crypt
110
+ sha512crypt-opencl
111
+ sip
112
+ ssh
113
+ ssha-opencl
114
+ sybasease
115
+ trip
116
+ vnc
117
+ wbb3
118
+ wpapsk
119
+ wpapsk-opencl
120
+ xsha
121
+ xsha512
122
+ xsha512-opencl
123
+ zip
124
+ )
24
125
 
25
126
  #
26
127
  # Attributes
@@ -1,5 +1,22 @@
1
1
  require 'net/ntlm'
2
2
 
3
+ # TODO: Revert once available in rubyntlm
4
+ # https://github.com/WinRb/rubyntlm/pull/51
5
+ module Net
6
+ module NTLM
7
+ class << self
8
+ def apply_des(plain, keys)
9
+ keys.map {|k|
10
+ dec = OpenSSL::Cipher.new("des-cbc").encrypt
11
+ dec.padding = 0
12
+ dec.key = k
13
+ dec.update(plain) + dec.final
14
+ }
15
+ end
16
+ end
17
+ end
18
+ end
19
+
3
20
  # A {Metasploit::Credential::PasswordHash password hash} that can be {Metasploit::Credential::ReplayableHash replayed}
4
21
  # to authenticate to SMB. It is composed of two hash hex digests (where the hash bytes are printed as a
5
22
  # hexadecimal string where 2 characters represent a byte of the original hash with the high nibble first): (1)
@@ -3,7 +3,7 @@
3
3
  module Metasploit
4
4
  module Credential
5
5
  # VERSION is managed by GemRelease
6
- VERSION = '5.0.5'
6
+ VERSION = '5.0.8'
7
7
 
8
8
  # @return [String]
9
9
  #
@@ -4,7 +4,7 @@ FactoryBot.define do
4
4
  transient do
5
5
  key_type { generate :metasploit_credential_ssh_key_key_type }
6
6
  # key size tuned for speed. DO NOT use for production, it is below current recommended key size of 2048
7
- key_size { 512 }
7
+ key_size { 1024 }
8
8
  end
9
9
 
10
10
  data {
@@ -7,7 +7,7 @@ RSpec.describe Metasploit::Credential::SSHKey, type: :model do
7
7
 
8
8
  let(:key_size) do
9
9
  # key size tuned for speed. DO NOT use for production, it is below current recommended key size of 2048
10
- 512
10
+ 1024
11
11
  end
12
12
 
13
13
  context 'factories' do
data/spec/spec_helper.rb CHANGED
@@ -1,3 +1,8 @@
1
+ # Enable legacy providers
2
+ ENV['OPENSSL_CONF'] = File.expand_path(
3
+ File.join(File.dirname(__FILE__), 'support', 'openssl.conf')
4
+ )
5
+
1
6
  # This file is copied to spec/ when you run 'rails generate rspec:install'
2
7
  ENV["RAILS_ENV"] ||= 'test'
3
8
 
@@ -0,0 +1,14 @@
1
+ openssl_conf = openssl_init
2
+
3
+ [openssl_init]
4
+ providers = provider_sect
5
+
6
+ [provider_sect]
7
+ default = default_sect
8
+ legacy = legacy_sect
9
+
10
+ [default_sect]
11
+ activate = 1
12
+
13
+ [legacy_sect]
14
+ activate = 1
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-credential
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.5
4
+ version: 5.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2021-09-27 00:00:00.000000000 Z
96
+ date: 2022-08-02 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: metasploit-concern
@@ -407,6 +407,7 @@ files:
407
407
  - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
408
408
  - spec/spec_helper.rb
409
409
  - spec/support/matchers/validate_non_nilness_of.rb
410
+ - spec/support/openssl.conf
410
411
  - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
411
412
  - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
412
413
  - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
@@ -535,6 +536,7 @@ test_files:
535
536
  - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
536
537
  - spec/spec_helper.rb
537
538
  - spec/support/matchers/validate_non_nilness_of.rb
539
+ - spec/support/openssl.conf
538
540
  - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
539
541
  - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
540
542
  - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
metadata.gz.sig CHANGED
Binary file