metasploit-credential 5.0.7 → 5.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/app/models/metasploit/credential/ntlm_hash.rb +17 -0
  4. data/lib/metasploit/credential/version.rb +1 -1
  5. data/spec/dummy/config/database.yml +2 -2
  6. data/spec/factories/metasploit/credential/ssh_keys.rb +1 -1
  7. data/spec/models/metasploit/credential/ssh_key_spec.rb +1 -1
  8. data/spec/spec_helper.rb +5 -0
  9. data/spec/support/openssl.conf +14 -0
  10. data.tar.gz.sig +0 -0
  11. metadata +4 -2
  12. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d140b2eb720061d68c2e0fec85404497f81a6051a9f8d976f878f36c23aed270
4
- data.tar.gz: 620eb8b84e8668482a0b33c2b65a5d1db8a9898f62afb8c839f8d8bf40e07428
3
+ metadata.gz: 160c796cde281dc16f28a82c485aefc9e5514c6c316e524e70f1078f19bea454
4
+ data.tar.gz: da7444e3d488aa8c96dee9390b03e75ae1b0db1a2bf4bfa3732217fb2112ee4f
5
5
  SHA512:
6
- metadata.gz: 480728a45afedefb42fe8c564ccef3389c4e479bc7234179450e90f0d3c25ccf58a6b9cfced84d0896ee88c9d0b3f5b3c195473fb156de5998ace3eff665ffc8
7
- data.tar.gz: 1519aa87cb68fe5711bc812cad71ef329f73f20b6b2dfc09d53167011a59744a518a637ea5aac5929a6d8a3c57ab57d74f42746dcad654e2d5cc29bc3aeb482b
6
+ metadata.gz: 9eb83198d92396fda14da456a595e012759aece87af7b60b68e20ef6569c77b2563db450050d12f4d79b9cb9d6495319a9649f0bffcfb9948e6ee7994ba19add
7
+ data.tar.gz: cc9e76bd3341a68dfddb03bafdfbecd6d0fcf404082830118f0535205d16b56a77f4df97289c362e9a22708c56e47f69780952f6362caa17d88f64539dc9df8f
checksums.yaml.gz.sig CHANGED
Binary file
data/app/models/metasploit/credential/ntlm_hash.rb CHANGED
@@ -1,5 +1,22 @@
1
1
  require 'net/ntlm'
2
2
 
3
+ # TODO: Revert once available in rubyntlm
4
+ # https://github.com/WinRb/rubyntlm/pull/51
5
+ module Net
6
+ module NTLM
7
+ class << self
8
+ def apply_des(plain, keys)
9
+ keys.map {|k|
10
+ dec = OpenSSL::Cipher.new("des-cbc").encrypt
11
+ dec.padding = 0
12
+ dec.key = k
13
+ dec.update(plain) + dec.final
14
+ }
15
+ end
16
+ end
17
+ end
18
+ end
19
+
3
20
  # A {Metasploit::Credential::PasswordHash password hash} that can be {Metasploit::Credential::ReplayableHash replayed}
4
21
  # to authenticate to SMB. It is composed of two hash hex digests (where the hash bytes are printed as a
5
22
  # hexadecimal string where 2 characters represent a byte of the original hash with the high nibble first): (1)
data/lib/metasploit/credential/version.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Metasploit
4
4
  module Credential
5
5
  # VERSION is managed by GemRelease
6
- VERSION = '5.0.7'
6
+ VERSION = '5.0.8'
7
7
 
8
8
  # @return [String]
9
9
  #
data/spec/dummy/config/database.yml CHANGED
@@ -1,6 +1,6 @@
1
1
  development: &pgsql
2
2
  adapter: postgresql
3
- database: metasploit-credential_development4
3
+ database: metasploit-credential_development0
4
4
  username: msf
5
5
  password: pass123
6
6
  host: localhost
@@ -10,4 +10,4 @@ development: &pgsql
10
10
  min_messages: warning
11
11
  test:
12
12
  <<: *pgsql
13
- database: metasploit-credential_test4
13
+ database: metasploit-credential_test0
data/spec/factories/metasploit/credential/ssh_keys.rb CHANGED
@@ -4,7 +4,7 @@ FactoryBot.define do
4
4
  transient do
5
5
  key_type { generate :metasploit_credential_ssh_key_key_type }
6
6
  # key size tuned for speed. DO NOT use for production, it is below current recommended key size of 2048
7
- key_size { 512 }
7
+ key_size { 1024 }
8
8
  end
9
9
 
10
10
  data {
data/spec/models/metasploit/credential/ssh_key_spec.rb CHANGED
@@ -7,7 +7,7 @@ RSpec.describe Metasploit::Credential::SSHKey, type: :model do
7
7
 
8
8
  let(:key_size) do
9
9
  # key size tuned for speed. DO NOT use for production, it is below current recommended key size of 2048
10
- 512
10
+ 1024
11
11
  end
12
12
 
13
13
  context 'factories' do
data/spec/spec_helper.rb CHANGED
@@ -1,3 +1,8 @@
1
+ # Enable legacy providers
2
+ ENV['OPENSSL_CONF'] = File.expand_path(
3
+ File.join(File.dirname(__FILE__), 'support', 'openssl.conf')
4
+ )
5
+
1
6
  # This file is copied to spec/ when you run 'rails generate rspec:install'
2
7
  ENV["RAILS_ENV"] ||= 'test'
3
8
 
data/spec/support/openssl.conf ADDED
@@ -0,0 +1,14 @@
1
+ openssl_conf = openssl_init
2
+
3
+ [openssl_init]
4
+ providers = provider_sect
5
+
6
+ [provider_sect]
7
+ default = default_sect
8
+ legacy = legacy_sect
9
+
10
+ [default_sect]
11
+ activate = 1
12
+
13
+ [legacy_sect]
14
+ activate = 1
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-credential
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.7
4
+ version: 5.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2022-04-11 00:00:00.000000000 Z
96
+ date: 2022-08-02 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: metasploit-concern
@@ -407,6 +407,7 @@ files:
407
407
  - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
408
408
  - spec/spec_helper.rb
409
409
  - spec/support/matchers/validate_non_nilness_of.rb
410
+ - spec/support/openssl.conf
410
411
  - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
411
412
  - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
412
413
  - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
@@ -535,6 +536,7 @@ test_files:
535
536
  - spec/models/metasploit_data_models/search/visitor/relation_spec.rb
536
537
  - spec/spec_helper.rb
537
538
  - spec/support/matchers/validate_non_nilness_of.rb
539
+ - spec/support/openssl.conf
538
540
  - spec/support/shared/contexts/metasploit/credential/exporter/export_objects.rb
539
541
  - spec/support/shared/contexts/metasploit/credential/importer/zip/file.rb
540
542
  - spec/support/shared/contexts/metasploit/credential/search/operation/type.rb
metadata.gz.sig CHANGED
Binary file