pwn 0.5.64 → 0.5.66

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c42962690f6fcba146756b708712680aa0f82bdcc83085bdb28f004206e069c0
-  data.tar.gz: 524d051208dde3344f8878474b36b5418ccbe300547f846398cab16236344c35
+  metadata.gz: 9943bae307e743e8dbb7bdb1a1ccdd1c0b61f29e8413bceb25350fc6023fd289
+  data.tar.gz: 2f32981b889d1e6e21591094b4781162239c36e7b67f7cd0e91eab0c5c400ed1
 SHA512:
-  metadata.gz: ead15133e412b3bad3871b31fb7fe6db531f9cdb729f83ea46b51d8f5f4311a6394097e6b27352abc1d8755338cb8f78e0abf84aa94ef258973dbc89db355421
-  data.tar.gz: 903fbff707e0166a55169ab78d955e42ae0582b48a507893b91ba0ad530bf840e180fc2ac9d06de9cc8f7c2de7f9fdd5d9638735caf3041107875c9602be32b2
+  metadata.gz: 58eacda5cce4074c84615d5aee751ef4f642185521b641798563bbed6eb7348cf8a6cee5fe261084784b9c646a3c6cdddca8004f8fb157173861c75ea9e3d637
+  data.tar.gz: 958c25709cc837206df7d2890e06e2604a7d27fd61e97b30a48fe561306aacef3348d4e24f7eb23699ed371019adc28f31d688995f0451d414416b8992109226

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.64]:001 >>> PWN.help
+pwn[v0.5.66]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.64]:001 >>> PWN.help
+pwn[v0.5.66]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.64]:001 >>> PWN.help
+pwn[v0.5.66]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn

@@ -312,12 +312,14 @@ begin
 
       if is_encrypted
         # TODO: Implement "something you know, something you have, && something you are?"
-        decryption_file = opts[:decryption_file] ||= "#{ENV.fetch('HOME')}/pwn.decryptor.yaml"
-        raise "ERROR: Decryption file not found at #{decryption_file}" unless File.exist?(decryption_file)
+        decryption_file = opts[:decryption_file] ||= "#{Dir.home}/pwn.decryptor.yaml"
+        yaml_decryptor = YAML.load_file(decryption_file, symbolize_names: true) if File.exist?(decryption_file)
 
-        yaml_decryptor = YAML.load_file(decryption_file, symbolize_names: true)
-        key = opts[:key] ||= yaml_decryptor[:key]
-        iv = opts[:iv] ||= yaml_decryptor[:iv]
+        key = opts[:key] ||= yaml_decryptor[:key] ||= ENV.fetch('PWN_DECRYPTOR_KEY')
+        key = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Decryption Key') if key.nil?
+
+        iv = opts[:iv] ||= yaml_decryptor[:iv] ||= ENV.fetch('PWN_DECRYPTOR_IV')
+        iv = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Decryption IV') if iv.nil?
 
         encrypted_config_dump = PWN::Plugins::Vault.dump(
           file: yaml_config_path,

data/etc/pwn.decryptor.yaml.EXAMPLE

@@ -1,2 +1,4 @@
+# If you rely upon this file, it should be out-of-band
+# (e.g. not available in code repos, permission protected, limited access, etc.) 
 key: 'KEY PROVIDED WHEN USING PWN::Plugins::Vault.create(file: "pwn.yaml") TO ENCRYPT pwn.yaml'
 iv: 'KEY PROVIDED WHEN USING PWN::Plugins::Vault.create(file: "pwn.yaml") TO ENCRYPT pwn.yaml'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.64'
+  VERSION = '0.5.66'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.64
+  version: 0.5.66
 platform: ruby
 authors:
 - 0day Inc.