metasploit-credential 5.0.5 → 5.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f619d2601985401f78215f264a5ca6b35e30395e76e118f00fbb2a19ff0be1d6
-  data.tar.gz: b85fbfcc6cb48a360b0baff638f79573c307cb1e6efd81f82ed8d2eb505fc998
+  metadata.gz: 160c796cde281dc16f28a82c485aefc9e5514c6c316e524e70f1078f19bea454
+  data.tar.gz: da7444e3d488aa8c96dee9390b03e75ae1b0db1a2bf4bfa3732217fb2112ee4f
 SHA512:
-  metadata.gz: e4b97eda489cf82ea347c190bb152aa04a33760bcfb2c77c898b82d378beadb3ad5ece4306acdc9b7c305b01a7c2ef25aed233eb46621a8e2495adb2d49b67de
-  data.tar.gz: 93ef61cbb0e3735e39dff2e91d21c8d28f09d0d9261150f199c38288fd5c66114966194db54a14386096b1db7b1ef735fd9c225ee8a2f9392daee646993f8526
+  metadata.gz: 9eb83198d92396fda14da456a595e012759aece87af7b60b68e20ef6569c77b2563db450050d12f4d79b9cb9d6495319a9649f0bffcfb9948e6ee7994ba19add
+  data.tar.gz: cc9e76bd3341a68dfddb03bafdfbecd6d0fcf404082830118f0535205d16b56a77f4df97289c362e9a22708c56e47f69780952f6362caa17d88f64539dc9df8f

data/app/models/metasploit/credential/nonreplayable_hash.rb

@@ -10,17 +10,118 @@ class Metasploit::Credential::NonreplayableHash < Metasploit::Credential::Passwo
   # The names of John the Ripper supported formats, from the "jumbo" edition.
   # Listed in the format section of the output of +john --help+ on the CLI
   # Current as of 2014-06-12
-  VALID_JTR_FORMATS = %w(afs bf bf-opencl bfegg bsdi crc32 des django dmd5 dominosec dragonfly3-32 dragonfly3-64
-                         dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n epi episerver gost hdaa hmac-md5 hmac-sha1
-                         hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2 keepass keychain krb4 krb5 lm
-                         lotus5 md4-gen md5 md5crypt-opencl md5ns mediawiki mscash mscash2 mscash2-opencl mschapv2
-                         mskrb5 mssql mssql05 mysql mysql-sha1 mysql-sha1-opencl nethalflm netlm netlmv2 netntlm
-                         netntlmv2 nsldap nt nt-opencl nt2 odf office oracle oracle11 osc pdf phpass phpass-opencl phps
-                         pix-md5 pkzip po pwsafe pwsafe-opencl racf rar raw-md4 raw-md4-opencl raw-md5 raw-md5-opencl
-                         raw-md5u raw-sha raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha1-opencl raw-sha224 raw-sha256
-                         raw-sha384 raw-sha512 raw-sha512-opencl salted-sha1 sapb sapg sha1-gen sha256crypt sha512crypt
-                         sha512crypt-opencl sip ssh ssha-opencl sybasease trip vnc wbb3 wpapsk wpapsk-opencl xsha
-                         xsha512 xsha512-opencl zip)
+  VALID_JTR_FORMATS = %w(
+    afs
+    bf
+    bf-opencl
+    bfegg
+    bsdi
+    crc32
+    des
+    django
+    dmd5
+    dominosec
+    dragonfly3-32
+    dragonfly3-64
+    dragonfly4-32
+    dragonfly4-64
+    drupal7
+    dummy
+    dynamic_n
+    epi
+    episerver
+    gost
+    hdaa
+    hmac-md5
+    hmac-sha1
+    hmac-sha224
+    hmac-sha256
+    hmac-sha384
+    hmac-sha512
+    hmailserver
+    ipb2
+    keepass
+    keychain
+    krb4
+    krb5
+    lm
+    lotus5
+    md4-gen
+    md5
+    md5crypt-opencl
+    md5ns
+    mediawiki
+    mscash
+    mscash2
+    mscash2-opencl
+    mschapv2
+    mskrb5
+    mssql
+    mssql05
+    mysql
+    mysql-sha1
+    mysql-sha1-opencl
+    nethalflm
+    netlm
+    netlmv2
+    netntlm
+    netntlmv2
+    nsldap
+    nt
+    nt-opencl
+    nt2
+    odf
+    office
+    oracle
+    oracle11
+    osc
+    pdf
+    phpass
+    phpass-opencl
+    phps
+    pix-md5
+    pkzip
+    po
+    pwsafe
+    pwsafe-opencl
+    racf
+    rar
+    raw-md4
+    raw-md4-opencl
+    raw-md5
+    raw-md5-opencl
+    raw-md5u
+    raw-sha
+    raw-sha1
+    raw-sha1-linkedin
+    raw-sha1-ng
+    raw-sha1-opencl
+    raw-sha224
+    raw-sha256
+    raw-sha384
+    raw-sha512
+    raw-sha512-opencl
+    salted-sha1
+    sapb
+    sapg
+    sha1-gen
+    sha256crypt
+    sha512crypt
+    sha512crypt-opencl
+    sip
+    ssh
+    ssha-opencl
+    sybasease
+    trip
+    vnc
+    wbb3
+    wpapsk
+    wpapsk-opencl
+    xsha
+    xsha512
+    xsha512-opencl
+    zip
+  )
 
   #
   # Attributes

data/app/models/metasploit/credential/ntlm_hash.rb

@@ -1,5 +1,22 @@
 require 'net/ntlm'
 
+# TODO: Revert once available in rubyntlm
+# https://github.com/WinRb/rubyntlm/pull/51
+module Net
+  module NTLM
+    class << self
+      def apply_des(plain, keys)
+        keys.map {|k|
+          dec = OpenSSL::Cipher.new("des-cbc").encrypt
+          dec.padding = 0
+          dec.key = k
+          dec.update(plain) + dec.final
+        }
+      end
+    end
+  end
+end
+
 # A {Metasploit::Credential::PasswordHash password hash} that can be {Metasploit::Credential::ReplayableHash replayed}
 # to authenticate to SMB.  It is composed of two hash hex digests (where the hash bytes are printed as a
 # hexadecimal string where 2 characters represent a byte of the original hash with the high nibble first): (1)

data/lib/metasploit/credential/version.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Credential
     # VERSION is managed by GemRelease
-    VERSION = '5.0.5'
+    VERSION = '5.0.8'
 
     # @return [String]
     #

data/spec/factories/metasploit/credential/ssh_keys.rb

@@ -4,7 +4,7 @@ FactoryBot.define do
     transient do
       key_type { generate :metasploit_credential_ssh_key_key_type }
       # key size tuned for speed.  DO NOT use for production, it is below current recommended key size of 2048
-      key_size { 512 }
+      key_size { 1024 }
     end
 
     data {

data/spec/models/metasploit/credential/ssh_key_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe Metasploit::Credential::SSHKey, type: :model do
 
   let(:key_size) do
     # key size tuned for speed.  DO NOT use for production, it is below current recommended key size of 2048
-    512
+    1024
   end
 
   context 'factories' do

data/spec/spec_helper.rb

@@ -1,3 +1,8 @@
+# Enable legacy providers
+ENV['OPENSSL_CONF'] = File.expand_path(
+  File.join(File.dirname(__FILE__), 'support', 'openssl.conf')
+)
+
 # This file is copied to spec/ when you run 'rails generate rspec:install'
 ENV["RAILS_ENV"] ||= 'test'
 

data/spec/support/openssl.conf

@@ -0,0 +1,14 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 5.0.5
+  version: 5.0.8
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-09-27 00:00:00.000000000 Z
+date: 2022-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-concern
@@ -407,6 +407,7 @@ files:
 - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
 - spec/spec_helper.rb
 - spec/support/matchers/validate_non_nilness_of.rb
+- spec/support/openssl.conf
 - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
 - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
 - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
@@ -535,6 +536,7 @@ test_files:
 - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
 - spec/spec_helper.rb
 - spec/support/matchers/validate_non_nilness_of.rb
+- spec/support/openssl.conf
 - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
 - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
 - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb