metasploit-credential 5.0.7 → 5.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d140b2eb720061d68c2e0fec85404497f81a6051a9f8d976f878f36c23aed270
-  data.tar.gz: 620eb8b84e8668482a0b33c2b65a5d1db8a9898f62afb8c839f8d8bf40e07428
+  metadata.gz: 160c796cde281dc16f28a82c485aefc9e5514c6c316e524e70f1078f19bea454
+  data.tar.gz: da7444e3d488aa8c96dee9390b03e75ae1b0db1a2bf4bfa3732217fb2112ee4f
 SHA512:
-  metadata.gz: 480728a45afedefb42fe8c564ccef3389c4e479bc7234179450e90f0d3c25ccf58a6b9cfced84d0896ee88c9d0b3f5b3c195473fb156de5998ace3eff665ffc8
-  data.tar.gz: 1519aa87cb68fe5711bc812cad71ef329f73f20b6b2dfc09d53167011a59744a518a637ea5aac5929a6d8a3c57ab57d74f42746dcad654e2d5cc29bc3aeb482b
+  metadata.gz: 9eb83198d92396fda14da456a595e012759aece87af7b60b68e20ef6569c77b2563db450050d12f4d79b9cb9d6495319a9649f0bffcfb9948e6ee7994ba19add
+  data.tar.gz: cc9e76bd3341a68dfddb03bafdfbecd6d0fcf404082830118f0535205d16b56a77f4df97289c362e9a22708c56e47f69780952f6362caa17d88f64539dc9df8f

data/app/models/metasploit/credential/ntlm_hash.rb

@@ -1,5 +1,22 @@
 require 'net/ntlm'
 
+# TODO: Revert once available in rubyntlm
+# https://github.com/WinRb/rubyntlm/pull/51
+module Net
+  module NTLM
+    class << self
+      def apply_des(plain, keys)
+        keys.map {|k|
+          dec = OpenSSL::Cipher.new("des-cbc").encrypt
+          dec.padding = 0
+          dec.key = k
+          dec.update(plain) + dec.final
+        }
+      end
+    end
+  end
+end
+
 # A {Metasploit::Credential::PasswordHash password hash} that can be {Metasploit::Credential::ReplayableHash replayed}
 # to authenticate to SMB.  It is composed of two hash hex digests (where the hash bytes are printed as a
 # hexadecimal string where 2 characters represent a byte of the original hash with the high nibble first): (1)

data/lib/metasploit/credential/version.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Credential
     # VERSION is managed by GemRelease
-    VERSION = '5.0.7'
+    VERSION = '5.0.8'
 
     # @return [String]
     #

data/spec/dummy/config/database.yml

@@ -1,6 +1,6 @@
 development: &pgsql
   adapter: postgresql
-  database: metasploit-credential_development4
+  database: metasploit-credential_development0
   username: msf
   password: pass123
   host: localhost
@@ -10,4 +10,4 @@ development: &pgsql
   min_messages: warning
 test:
   <<: *pgsql
-  database: metasploit-credential_test4
+  database: metasploit-credential_test0

data/spec/factories/metasploit/credential/ssh_keys.rb

@@ -4,7 +4,7 @@ FactoryBot.define do
     transient do
       key_type { generate :metasploit_credential_ssh_key_key_type }
       # key size tuned for speed.  DO NOT use for production, it is below current recommended key size of 2048
-      key_size { 512 }
+      key_size { 1024 }
     end
 
     data {

data/spec/models/metasploit/credential/ssh_key_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe Metasploit::Credential::SSHKey, type: :model do
 
   let(:key_size) do
     # key size tuned for speed.  DO NOT use for production, it is below current recommended key size of 2048
-    512
+    1024
   end
 
   context 'factories' do

data/spec/spec_helper.rb

@@ -1,3 +1,8 @@
+# Enable legacy providers
+ENV['OPENSSL_CONF'] = File.expand_path(
+  File.join(File.dirname(__FILE__), 'support', 'openssl.conf')
+)
+
 # This file is copied to spec/ when you run 'rails generate rspec:install'
 ENV["RAILS_ENV"] ||= 'test'
 

data/spec/support/openssl.conf

@@ -0,0 +1,14 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 5.0.7
+  version: 5.0.8
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-04-11 00:00:00.000000000 Z
+date: 2022-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-concern
@@ -407,6 +407,7 @@ files:
 - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
 - spec/spec_helper.rb
 - spec/support/matchers/validate_non_nilness_of.rb
+- spec/support/openssl.conf
 - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
 - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
 - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
@@ -535,6 +536,7 @@ test_files:
 - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
 - spec/spec_helper.rb
 - spec/support/matchers/validate_non_nilness_of.rb
+- spec/support/openssl.conf
 - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
 - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
 - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb