metasploit-credential 5.0.6 → 5.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86a500eec0075de53cd66a150f8ac92c5ff93cb7a86deba97d7232704ad61683
-  data.tar.gz: 73e8dae5337c8608070417445ec99fb4b5e1de340baab42a8d723a7ecb262a61
+  metadata.gz: 9ff754feda3fa62cc3f74f11d85fbb537f04c4ffa80ae49c81c07bf31b733418
+  data.tar.gz: 0e517d89e0f3e37eca70b8b2d6a07cd4610f92f35a61d122a859dc9a37e12f10
 SHA512:
-  metadata.gz: 1cca1af29a6b39d79be942d49f21377f127f881c344b9827765f1d54da2d41e16a94b8d706ff5234bf47d65cc9c8058fd2367f3c0731db19f1383b319882ec07
-  data.tar.gz: 6f1ee1774ce0215d50af37b9e861fdedc41bf056c9e47621cd21b3c3914fa8044515227112a12802f1e5b1c4a80ab61f714b073c7f92aa2fd0681650e9be2618
+  metadata.gz: 680d7bed0f50aeea5a00e1b0b6b585cefe4735f2a2d573abbc03c04b21e78de44c3684ddcc4e7bcdd4146146ba8e9d3b0781a67d1b75e48281305811f666e965
+  data.tar.gz: 8c2b2e632ce7009286f96df6795bcf4db812b394cdb9f6aef54de175f7c24950b223d3519ad02add8718210b077f2085f877a617b2388e0349680bd3c67f51f4

data/app/models/metasploit/credential/nonreplayable_hash.rb

@@ -10,17 +10,118 @@ class Metasploit::Credential::NonreplayableHash < Metasploit::Credential::Passwo
   # The names of John the Ripper supported formats, from the "jumbo" edition.
   # Listed in the format section of the output of +john --help+ on the CLI
   # Current as of 2014-06-12
-  VALID_JTR_FORMATS = %w(afs bf bf-opencl bfegg bsdi crc32 des django dmd5 dominosec dragonfly3-32 dragonfly3-64
-                         dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n epi episerver gost hdaa hmac-md5 hmac-sha1
-                         hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2 keepass keychain krb4 krb5 lm
-                         lotus5 md4-gen md5 md5crypt-opencl md5ns mediawiki mscash mscash2 mscash2-opencl mschapv2
-                         mskrb5 mssql mssql05 mysql mysql-sha1 mysql-sha1-opencl nethalflm netlm netlmv2 netntlm
-                         netntlmv2 nsldap nt nt-opencl nt2 odf office oracle oracle11 osc pdf phpass phpass-opencl phps
-                         pix-md5 pkzip po pwsafe pwsafe-opencl racf rar raw-md4 raw-md4-opencl raw-md5 raw-md5-opencl
-                         raw-md5u raw-sha raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha1-opencl raw-sha224 raw-sha256
-                         raw-sha384 raw-sha512 raw-sha512-opencl salted-sha1 sapb sapg sha1-gen sha256crypt sha512crypt
-                         sha512crypt-opencl sip ssh ssha-opencl sybasease trip vnc wbb3 wpapsk wpapsk-opencl xsha
-                         xsha512 xsha512-opencl zip)
+  VALID_JTR_FORMATS = %w(
+    afs
+    bf
+    bf-opencl
+    bfegg
+    bsdi
+    crc32
+    des
+    django
+    dmd5
+    dominosec
+    dragonfly3-32
+    dragonfly3-64
+    dragonfly4-32
+    dragonfly4-64
+    drupal7
+    dummy
+    dynamic_n
+    epi
+    episerver
+    gost
+    hdaa
+    hmac-md5
+    hmac-sha1
+    hmac-sha224
+    hmac-sha256
+    hmac-sha384
+    hmac-sha512
+    hmailserver
+    ipb2
+    keepass
+    keychain
+    krb4
+    krb5
+    lm
+    lotus5
+    md4-gen
+    md5
+    md5crypt-opencl
+    md5ns
+    mediawiki
+    mscash
+    mscash2
+    mscash2-opencl
+    mschapv2
+    mskrb5
+    mssql
+    mssql05
+    mysql
+    mysql-sha1
+    mysql-sha1-opencl
+    nethalflm
+    netlm
+    netlmv2
+    netntlm
+    netntlmv2
+    nsldap
+    nt
+    nt-opencl
+    nt2
+    odf
+    office
+    oracle
+    oracle11
+    osc
+    pdf
+    phpass
+    phpass-opencl
+    phps
+    pix-md5
+    pkzip
+    po
+    pwsafe
+    pwsafe-opencl
+    racf
+    rar
+    raw-md4
+    raw-md4-opencl
+    raw-md5
+    raw-md5-opencl
+    raw-md5u
+    raw-sha
+    raw-sha1
+    raw-sha1-linkedin
+    raw-sha1-ng
+    raw-sha1-opencl
+    raw-sha224
+    raw-sha256
+    raw-sha384
+    raw-sha512
+    raw-sha512-opencl
+    salted-sha1
+    sapb
+    sapg
+    sha1-gen
+    sha256crypt
+    sha512crypt
+    sha512crypt-opencl
+    sip
+    ssh
+    ssha-opencl
+    sybasease
+    trip
+    vnc
+    wbb3
+    wpapsk
+    wpapsk-opencl
+    xsha
+    xsha512
+    xsha512-opencl
+    zip
+  )
 
   #
   # Attributes

data/app/models/metasploit/credential/ntlm_hash.rb

@@ -1,5 +1,22 @@
 require 'net/ntlm'
 
+# TODO: Revert once available in rubyntlm
+# https://github.com/WinRb/rubyntlm/pull/51
+module Net
+  module NTLM
+    class << self
+      def apply_des(plain, keys)
+        keys.map {|k|
+          dec = OpenSSL::Cipher.new("des-cbc").encrypt
+          dec.padding = 0
+          dec.key = k
+          dec.update(plain) + dec.final
+        }
+      end
+    end
+  end
+end
+
 # A {Metasploit::Credential::PasswordHash password hash} that can be {Metasploit::Credential::ReplayableHash replayed}
 # to authenticate to SMB.  It is composed of two hash hex digests (where the hash bytes are printed as a
 # hexadecimal string where 2 characters represent a byte of the original hash with the high nibble first): (1)

data/lib/metasploit/credential/version.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Credential
     # VERSION is managed by GemRelease
-    VERSION = '5.0.6'
+    VERSION = '5.0.9'
 
     # @return [String]
     #

data/spec/factories/metasploit/credential/ssh_keys.rb

@@ -4,7 +4,7 @@ FactoryBot.define do
     transient do
       key_type { generate :metasploit_credential_ssh_key_key_type }
       # key size tuned for speed.  DO NOT use for production, it is below current recommended key size of 2048
-      key_size { 512 }
+      key_size { 1024 }
     end
 
     data {

data/spec/models/metasploit/credential/ssh_key_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe Metasploit::Credential::SSHKey, type: :model do
 
   let(:key_size) do
     # key size tuned for speed.  DO NOT use for production, it is below current recommended key size of 2048
-    512
+    1024
   end
 
   context 'factories' do

data/spec/spec_helper.rb

@@ -1,3 +1,8 @@
+# Enable legacy providers
+ENV['OPENSSL_CONF'] = File.expand_path(
+  File.join(File.dirname(__FILE__), 'support', 'openssl.conf')
+)
+
 # This file is copied to spec/ when you run 'rails generate rspec:install'
 ENV["RAILS_ENV"] ||= 'test'
 

data/spec/support/openssl.conf

@@ -0,0 +1,14 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 5.0.6
+  version: 5.0.9
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-04-05 00:00:00.000000000 Z
+date: 2022-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-concern
@@ -407,6 +407,7 @@ files:
 - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
 - spec/spec_helper.rb
 - spec/support/matchers/validate_non_nilness_of.rb
+- spec/support/openssl.conf
 - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
 - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
 - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
@@ -535,6 +536,7 @@ test_files:
 - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
 - spec/spec_helper.rb
 - spec/support/matchers/validate_non_nilness_of.rb
+- spec/support/openssl.conf
 - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
 - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
 - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb

metadata.gz.sig

@@ -1 +1,2 @@
-��o����it�ω�4�Ϻ�y�3�D ���(��]�Z��5�s�
J�C��	f��L'�ɳ�Y�f6���X�E9�*]�##��ix=o������d��!(��*�HNr}����)"Zyg���:Odm	��iԘ�!��흳��n������e钸#РK�
+)S鞲�+�M8ۚp~��g���|9�ڝ��	�B�$�^��7N.���d��4
���5�ť��Q,��p�X8��=ߍd�����(��Iυ/0wQ����JWi{q
+y�65�ư^Ϣ:?d��x�$-j�r�wv7�F����=q��� .�pG�|��%�Lqqt�ǎ����I��ƌ&oM�zxL����,����Xr�P�t��V-S�7��y�r�V�{t