rex 2.0.5 → 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rex/exploitation/egghunter.rb +4 -6
- data/lib/rex/exploitation/powershell/psh_methods.rb +9 -0
- data/lib/rex/java/serialization.rb +2 -1
- data/lib/rex/java/serialization/builder.rb +94 -0
- data/lib/rex/java/serialization/model.rb +29 -18
- data/lib/rex/java/serialization/model/annotation.rb +2 -2
- data/lib/rex/java/serialization/model/field.rb +2 -2
- data/lib/rex/java/serialization/model/new_array.rb +8 -3
- data/lib/rex/java/serialization/model/new_class_desc.rb +3 -3
- data/lib/rex/java/serialization/model/new_enum.rb +4 -4
- data/lib/rex/java/serialization/model/new_object.rb +17 -10
- data/lib/rex/ole/direntry.rb +1 -1
- data/lib/rex/ole/samples/create_ole.rb +0 -0
- data/lib/rex/ole/samples/dir.rb +0 -0
- data/lib/rex/ole/samples/dump_stream.rb +0 -0
- data/lib/rex/ole/samples/ole_info.rb +0 -0
- data/lib/rex/parser/foundstone_nokogiri.rb +1 -1
- data/lib/rex/parser/fs/ntfs.rb +252 -0
- data/lib/rex/parser/openvas_nokogiri.rb +2 -0
- data/lib/rex/payloads/win32/kernel.rb +3 -3
- data/lib/rex/post/meterpreter/client_core.rb +172 -64
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +3 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +12 -10
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +64 -37
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +8 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +15 -3
- data/lib/rex/post/meterpreter/packet.rb +41 -38
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +7 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +17 -4
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +11 -4
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +1 -1
- data/lib/rex/proto.rb +2 -0
- data/lib/rex/proto/acpp.rb +17 -0
- data/lib/rex/proto/acpp/client.rb +29 -0
- data/lib/rex/proto/acpp/message.rb +183 -0
- data/lib/rex/proto/http/client.rb +1 -2
- data/lib/rex/proto/iax2/call.rb +22 -3
- data/lib/rex/proto/iax2/client.rb +1 -0
- data/lib/rex/proto/kerberos.rb +13 -0
- data/lib/rex/proto/kerberos/client.rb +213 -0
- data/lib/rex/proto/kerberos/credential_cache.rb +19 -0
- data/lib/rex/proto/kerberos/credential_cache/cache.rb +81 -0
- data/lib/rex/proto/kerberos/credential_cache/credential.rb +151 -0
- data/lib/rex/proto/kerberos/credential_cache/element.rb +49 -0
- data/lib/rex/proto/kerberos/credential_cache/key_block.rb +62 -0
- data/lib/rex/proto/kerberos/credential_cache/principal.rb +70 -0
- data/lib/rex/proto/kerberos/credential_cache/time.rb +69 -0
- data/lib/rex/proto/kerberos/crypto.rb +21 -0
- data/lib/rex/proto/kerberos/crypto/rc4_hmac.rb +65 -0
- data/lib/rex/proto/kerberos/crypto/rsa_md5.rb +15 -0
- data/lib/rex/proto/kerberos/model.rb +133 -0
- data/lib/rex/proto/kerberos/model/ap_req.rb +98 -0
- data/lib/rex/proto/kerberos/model/authenticator.rb +143 -0
- data/lib/rex/proto/kerberos/model/authorization_data.rb +85 -0
- data/lib/rex/proto/kerberos/model/checksum.rb +59 -0
- data/lib/rex/proto/kerberos/model/element.rb +67 -0
- data/lib/rex/proto/kerberos/model/enc_kdc_response.rb +215 -0
- data/lib/rex/proto/kerberos/model/encrypted_data.rb +171 -0
- data/lib/rex/proto/kerberos/model/encryption_key.rb +106 -0
- data/lib/rex/proto/kerberos/model/kdc_request.rb +166 -0
- data/lib/rex/proto/kerberos/model/kdc_request_body.rb +315 -0
- data/lib/rex/proto/kerberos/model/kdc_response.rb +141 -0
- data/lib/rex/proto/kerberos/model/krb_error.rb +219 -0
- data/lib/rex/proto/kerberos/model/last_request.rb +82 -0
- data/lib/rex/proto/kerberos/model/pre_auth_data.rb +104 -0
- data/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb +126 -0
- data/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb +81 -0
- data/lib/rex/proto/kerberos/model/principal_name.rb +116 -0
- data/lib/rex/proto/kerberos/model/ticket.rb +151 -0
- data/lib/rex/proto/kerberos/pac.rb +36 -0
- data/lib/rex/proto/kerberos/pac/client_info.rb +53 -0
- data/lib/rex/proto/kerberos/pac/element.rb +52 -0
- data/lib/rex/proto/kerberos/pac/logon_info.rb +566 -0
- data/lib/rex/proto/kerberos/pac/priv_svr_checksum.rb +29 -0
- data/lib/rex/proto/kerberos/pac/server_checksum.rb +30 -0
- data/lib/rex/proto/kerberos/pac/type.rb +121 -0
- data/lib/rex/proto/rmi.rb +7 -0
- data/lib/rex/proto/rmi/model.rb +31 -0
- data/lib/rex/proto/rmi/model/call.rb +60 -0
- data/lib/rex/proto/rmi/model/continuation.rb +76 -0
- data/lib/rex/proto/rmi/model/dgc_ack.rb +62 -0
- data/lib/rex/proto/rmi/model/element.rb +143 -0
- data/lib/rex/proto/rmi/model/output_header.rb +86 -0
- data/lib/rex/proto/rmi/model/ping.rb +41 -0
- data/lib/rex/proto/rmi/model/ping_ack.rb +41 -0
- data/lib/rex/proto/rmi/model/protocol_ack.rb +100 -0
- data/lib/rex/proto/rmi/model/return_data.rb +60 -0
- data/lib/rex/socket.rb +9 -1
- data/lib/rex/socket/tcp_server.rb +3 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +4 -4
- data/lib/rex/ui/text/output/tee.rb +2 -0
- data/lib/rex/zip/samples/comment.rb +0 -0
- data/lib/rex/zip/samples/mkwar.rb +0 -0
- data/lib/rex/zip/samples/mkzip.rb +0 -0
- data/lib/rex/zip/samples/recursive.rb +0 -0
- data/rex.gemspec +1 -1
- metadata +56 -2
@@ -0,0 +1,126 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
module Rex
|
4
|
+
module Proto
|
5
|
+
module Kerberos
|
6
|
+
module Model
|
7
|
+
# This class is a representation of a PA-ENC-TIMESTAMP, an encrypted timestamp sent
|
8
|
+
# as pre authenticated data
|
9
|
+
class PreAuthEncTimeStamp < Element
|
10
|
+
|
11
|
+
CRYPTO_MSG_TYPE = 1
|
12
|
+
|
13
|
+
# @!attribute pa_time_stamp
|
14
|
+
# @return [Time] client's time
|
15
|
+
attr_accessor :pa_time_stamp
|
16
|
+
# @!attribute pausec
|
17
|
+
# @return [Fixnum] optional microseconds client's time
|
18
|
+
attr_accessor :pausec
|
19
|
+
|
20
|
+
# Decodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp
|
21
|
+
#
|
22
|
+
# @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
|
23
|
+
# @return [self] if decoding succeeds
|
24
|
+
# @raise [RuntimeError] if decoding doesn't succeed
|
25
|
+
def decode(input)
|
26
|
+
case input
|
27
|
+
when String
|
28
|
+
decode_string(input)
|
29
|
+
when OpenSSL::ASN1::Sequence
|
30
|
+
decode_asn1(input)
|
31
|
+
else
|
32
|
+
raise ::RuntimeError, 'Failed to decode PreAuthEncTimeStamp, invalid input'
|
33
|
+
end
|
34
|
+
|
35
|
+
self
|
36
|
+
end
|
37
|
+
|
38
|
+
# Encodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp into an
|
39
|
+
# ASN.1 String
|
40
|
+
#
|
41
|
+
# @return [String]
|
42
|
+
def encode
|
43
|
+
pa_time_stamp_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_pa_time_stamp], 0, :CONTEXT_SPECIFIC)
|
44
|
+
pausec_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_pausec], 1, :CONTEXT_SPECIFIC)
|
45
|
+
seq = OpenSSL::ASN1::Sequence.new([pa_time_stamp_asn1, pausec_asn1])
|
46
|
+
|
47
|
+
seq.to_der
|
48
|
+
end
|
49
|
+
|
50
|
+
# Encrypts the Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp
|
51
|
+
#
|
52
|
+
# @param etype [Fixnum] the crypto schema to encrypt
|
53
|
+
# @param key [String] the key to encrypt
|
54
|
+
# @return [String] the encrypted result
|
55
|
+
# @raise [NotImplementedError] if encryption schema isn't supported
|
56
|
+
def encrypt(etype, key)
|
57
|
+
data = self.encode
|
58
|
+
|
59
|
+
res = ''
|
60
|
+
case etype
|
61
|
+
when RC4_HMAC
|
62
|
+
res = encrypt_rc4_hmac(data, key, CRYPTO_MSG_TYPE)
|
63
|
+
else
|
64
|
+
raise ::NotImplementedError, 'EncryptedData schema is not supported'
|
65
|
+
end
|
66
|
+
|
67
|
+
res
|
68
|
+
end
|
69
|
+
|
70
|
+
private
|
71
|
+
|
72
|
+
# Encodes the pa_time_stamp
|
73
|
+
#
|
74
|
+
# @return [OpenSSL::ASN1::GeneralizedTime]
|
75
|
+
def encode_pa_time_stamp
|
76
|
+
OpenSSL::ASN1::GeneralizedTime.new(pa_time_stamp)
|
77
|
+
end
|
78
|
+
|
79
|
+
# Encodes the pausec
|
80
|
+
#
|
81
|
+
# @return [OpenSSL::ASN1::Integer]
|
82
|
+
def encode_pausec
|
83
|
+
int_bn = OpenSSL::BN.new(pausec.to_s)
|
84
|
+
int = OpenSSL::ASN1::Integer.new(int_bn)
|
85
|
+
|
86
|
+
int
|
87
|
+
end
|
88
|
+
|
89
|
+
# Decodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp
|
90
|
+
#
|
91
|
+
# @param input [String] the input to decode from
|
92
|
+
def decode_string(input)
|
93
|
+
asn1 = OpenSSL::ASN1.decode(input)
|
94
|
+
|
95
|
+
decode_asn1(asn1)
|
96
|
+
end
|
97
|
+
|
98
|
+
# Decodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp from an
|
99
|
+
# OpenSSL::ASN1::Sequence
|
100
|
+
#
|
101
|
+
# @param input [OpenSSL::ASN1::Sequence] the input to decode from
|
102
|
+
def decode_asn1(input)
|
103
|
+
self.pa_time_stamp = decode_pa_time_stamp(input.value[0])
|
104
|
+
self.pausec = decode_pausec(input.value[1])
|
105
|
+
end
|
106
|
+
|
107
|
+
# Decodes the decode_pa_time_stamp from an OpenSSL::ASN1::ASN1Data
|
108
|
+
#
|
109
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
110
|
+
# @return [Boolean]
|
111
|
+
def decode_pa_time_stamp(input)
|
112
|
+
input.value[0].value
|
113
|
+
end
|
114
|
+
|
115
|
+
# Decodes the pausec from an OpenSSL::ASN1::ASN1Data
|
116
|
+
#
|
117
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
118
|
+
# @return [Fixnum]
|
119
|
+
def decode_pausec(input)
|
120
|
+
input.value[0].value.to_i
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
module Rex
|
4
|
+
module Proto
|
5
|
+
module Kerberos
|
6
|
+
module Model
|
7
|
+
# This class is a representation of a KERB-PA-PAC-REQUEST, pre authenticated data to
|
8
|
+
# explicitly request to include or exclude a PAC in the ticket.
|
9
|
+
class PreAuthPacRequest < Element
|
10
|
+
|
11
|
+
# @!attribute value
|
12
|
+
# @return [Boolean]
|
13
|
+
attr_accessor :value
|
14
|
+
|
15
|
+
# Decodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest
|
16
|
+
#
|
17
|
+
# @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
|
18
|
+
# @return [self] if decoding succeeds
|
19
|
+
# @raise [RuntimeError] if decoding doesn't succeed
|
20
|
+
def decode(input)
|
21
|
+
case input
|
22
|
+
when String
|
23
|
+
decode_string(input)
|
24
|
+
when OpenSSL::ASN1::Sequence
|
25
|
+
decode_asn1(input)
|
26
|
+
else
|
27
|
+
raise ::RuntimeError, 'Failed to decode PreAuthPacRequest, invalid input'
|
28
|
+
end
|
29
|
+
|
30
|
+
self
|
31
|
+
end
|
32
|
+
|
33
|
+
# Encodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest into an
|
34
|
+
# ASN.1 String
|
35
|
+
#
|
36
|
+
# @return [String]
|
37
|
+
def encode
|
38
|
+
value_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_value], 0, :CONTEXT_SPECIFIC)
|
39
|
+
seq = OpenSSL::ASN1::Sequence.new([value_asn1])
|
40
|
+
|
41
|
+
seq.to_der
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
# Encodes value attribute
|
47
|
+
#
|
48
|
+
# @return [OpenSSL::ASN1::Boolean]
|
49
|
+
def encode_value
|
50
|
+
OpenSSL::ASN1::Boolean.new(value)
|
51
|
+
end
|
52
|
+
|
53
|
+
# Decodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest
|
54
|
+
#
|
55
|
+
# @param input [String] the input to decode from
|
56
|
+
def decode_string(input)
|
57
|
+
asn1 = OpenSSL::ASN1.decode(input)
|
58
|
+
|
59
|
+
decode_asn1(asn1)
|
60
|
+
end
|
61
|
+
|
62
|
+
# Decodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest from an
|
63
|
+
# OpenSSL::ASN1::Sequence
|
64
|
+
#
|
65
|
+
# @param input [OpenSSL::ASN1::Sequence] the input to decode from
|
66
|
+
def decode_asn1(input)
|
67
|
+
self.value = decode_asn1_value(input.value[0])
|
68
|
+
end
|
69
|
+
|
70
|
+
# Decodes the value from an OpenSSL::ASN1::ASN1Data
|
71
|
+
#
|
72
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
73
|
+
# @return [Boolean]
|
74
|
+
def decode_asn1_value(input)
|
75
|
+
input.value[0].value
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
@@ -0,0 +1,116 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
module Rex
|
4
|
+
module Proto
|
5
|
+
module Kerberos
|
6
|
+
module Model
|
7
|
+
# This class provides a representation of a principal, an asset (e.g., a
|
8
|
+
# workstation user or a network server) on a network.
|
9
|
+
class PrincipalName < Element
|
10
|
+
|
11
|
+
# @!attribute name_type
|
12
|
+
# @return [Fixnum] The type of name
|
13
|
+
attr_accessor :name_type
|
14
|
+
# @!attribute name_string
|
15
|
+
# @return [Array<String>] A sequence of strings that form a name.
|
16
|
+
attr_accessor :name_string
|
17
|
+
|
18
|
+
# Decodes a Rex::Proto::Kerberos::Model::PrincipalName
|
19
|
+
#
|
20
|
+
# @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
|
21
|
+
# @return [self] if decoding succeeds
|
22
|
+
# @raise [RuntimeError] if decoding doesn't succeed
|
23
|
+
def decode(input)
|
24
|
+
case input
|
25
|
+
when String
|
26
|
+
decode_string(input)
|
27
|
+
when OpenSSL::ASN1::Sequence
|
28
|
+
decode_asn1(input)
|
29
|
+
else
|
30
|
+
raise ::RuntimeError, 'Failed to decode Principal Name, invalid input'
|
31
|
+
end
|
32
|
+
|
33
|
+
self
|
34
|
+
end
|
35
|
+
|
36
|
+
# Encodes a Rex::Proto::Kerberos::Model::PrincipalName into an
|
37
|
+
# ASN.1 String
|
38
|
+
#
|
39
|
+
# @return [String]
|
40
|
+
def encode
|
41
|
+
integer_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_name_type], 0, :CONTEXT_SPECIFIC)
|
42
|
+
string_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_name_string], 1, :CONTEXT_SPECIFIC)
|
43
|
+
seq = OpenSSL::ASN1::Sequence.new([integer_asn1, string_asn1])
|
44
|
+
|
45
|
+
seq.to_der
|
46
|
+
end
|
47
|
+
|
48
|
+
private
|
49
|
+
|
50
|
+
# Encodes the name_type
|
51
|
+
#
|
52
|
+
# @return [OpenSSL::ASN1::Integer]
|
53
|
+
def encode_name_type
|
54
|
+
int_bn = OpenSSL::BN.new(name_type.to_s)
|
55
|
+
int = OpenSSL::ASN1::Integer.new(int_bn)
|
56
|
+
|
57
|
+
int
|
58
|
+
end
|
59
|
+
|
60
|
+
# Encodes the name_string
|
61
|
+
#
|
62
|
+
# @return [OpenSSL::ASN1::Sequence]
|
63
|
+
def encode_name_string
|
64
|
+
strings = []
|
65
|
+
name_string.each do |s|
|
66
|
+
strings << OpenSSL::ASN1::GeneralString.new(s)
|
67
|
+
end
|
68
|
+
seq_string = OpenSSL::ASN1::Sequence.new(strings)
|
69
|
+
|
70
|
+
seq_string
|
71
|
+
end
|
72
|
+
|
73
|
+
# Decodes a Rex::Proto::Kerberos::Model::PrincipalName from an String
|
74
|
+
#
|
75
|
+
# @param input [String] the input to decode from
|
76
|
+
def decode_string(input)
|
77
|
+
asn1 = OpenSSL::ASN1.decode(input)
|
78
|
+
|
79
|
+
decode_asn1(asn1)
|
80
|
+
end
|
81
|
+
|
82
|
+
# Decodes a Rex::Proto::Kerberos::Model::PrincipalName from an
|
83
|
+
# OpenSSL::ASN1::Sequence
|
84
|
+
#
|
85
|
+
# @param input [OpenSSL::ASN1::Sequence] the input to decode from
|
86
|
+
def decode_asn1(input)
|
87
|
+
seq_values = input.value
|
88
|
+
self.name_type = decode_name_type(seq_values[0])
|
89
|
+
self.name_string = decode_name_string(seq_values[1])
|
90
|
+
end
|
91
|
+
|
92
|
+
# Decodes the name_type from an OpenSSL::ASN1::ASN1Data
|
93
|
+
#
|
94
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
95
|
+
# @return [Fixnum]
|
96
|
+
def decode_name_type(input)
|
97
|
+
input.value[0].value.to_i
|
98
|
+
end
|
99
|
+
|
100
|
+
# Decodes the name_string from an OpenSSL::ASN1::ASN1Data
|
101
|
+
#
|
102
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
103
|
+
# @return [Array<String>]
|
104
|
+
def decode_name_string(input)
|
105
|
+
strings = []
|
106
|
+
input.value[0].value.each do |v|
|
107
|
+
strings << v.value
|
108
|
+
end
|
109
|
+
|
110
|
+
strings
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
@@ -0,0 +1,151 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
module Rex
|
4
|
+
module Proto
|
5
|
+
module Kerberos
|
6
|
+
module Model
|
7
|
+
# This class provides a representation of a Kerberos ticket that helps
|
8
|
+
# a client authenticate to a service.
|
9
|
+
class Ticket < Element
|
10
|
+
# @!attribute tkt_vno
|
11
|
+
# @return [Fixnum] The ticket version number
|
12
|
+
attr_accessor :tkt_vno
|
13
|
+
# @!attribute realm
|
14
|
+
# @return [String] The realm that issued the ticket
|
15
|
+
attr_accessor :realm
|
16
|
+
# @!attribute sname
|
17
|
+
# @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
|
18
|
+
attr_accessor :sname
|
19
|
+
# @!attribute enc_part
|
20
|
+
# @return [Rex::Proto::Kerberos::Model::EncryptedData] The encrypted part of the ticket
|
21
|
+
attr_accessor :enc_part
|
22
|
+
|
23
|
+
# Decodes the Rex::Proto::Kerberos::Model::KrbError from an input
|
24
|
+
#
|
25
|
+
# @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
|
26
|
+
# @return [self] if decoding succeeds
|
27
|
+
# @raise [RuntimeError] if decoding doesn't succeed
|
28
|
+
def decode(input)
|
29
|
+
case input
|
30
|
+
when String
|
31
|
+
decode_string(input)
|
32
|
+
when OpenSSL::ASN1::ASN1Data
|
33
|
+
decode_asn1(input)
|
34
|
+
else
|
35
|
+
raise ::RuntimeError, 'Failed to decode Ticket, invalid input'
|
36
|
+
end
|
37
|
+
|
38
|
+
self
|
39
|
+
end
|
40
|
+
|
41
|
+
def encode
|
42
|
+
elems = []
|
43
|
+
elems << OpenSSL::ASN1::ASN1Data.new([encode_tkt_vno], 0, :CONTEXT_SPECIFIC)
|
44
|
+
elems << OpenSSL::ASN1::ASN1Data.new([encode_realm], 1, :CONTEXT_SPECIFIC)
|
45
|
+
elems << OpenSSL::ASN1::ASN1Data.new([encode_sname], 2, :CONTEXT_SPECIFIC)
|
46
|
+
elems << OpenSSL::ASN1::ASN1Data.new([encode_enc_part], 3, :CONTEXT_SPECIFIC)
|
47
|
+
seq = OpenSSL::ASN1::Sequence.new(elems)
|
48
|
+
|
49
|
+
seq_asn1 = OpenSSL::ASN1::ASN1Data.new([seq], TICKET, :APPLICATION)
|
50
|
+
|
51
|
+
seq_asn1.to_der
|
52
|
+
end
|
53
|
+
|
54
|
+
private
|
55
|
+
|
56
|
+
# Encodes the tkt_vno field
|
57
|
+
#
|
58
|
+
# @return [OpenSSL::ASN1::Integer]
|
59
|
+
def encode_tkt_vno
|
60
|
+
bn = OpenSSL::BN.new(tkt_vno.to_s)
|
61
|
+
int = OpenSSL::ASN1::Integer.new(bn)
|
62
|
+
|
63
|
+
int
|
64
|
+
end
|
65
|
+
|
66
|
+
# Encodes the realm field
|
67
|
+
#
|
68
|
+
# @return [OpenSSL::ASN1::GeneralString]
|
69
|
+
def encode_realm
|
70
|
+
OpenSSL::ASN1::GeneralString.new(realm)
|
71
|
+
end
|
72
|
+
|
73
|
+
# Encodes the sname field
|
74
|
+
#
|
75
|
+
# @return [String]
|
76
|
+
def encode_sname
|
77
|
+
sname.encode
|
78
|
+
end
|
79
|
+
|
80
|
+
# Encodes the enc_part field
|
81
|
+
#
|
82
|
+
# @return [String]
|
83
|
+
def encode_enc_part
|
84
|
+
enc_part.encode
|
85
|
+
end
|
86
|
+
|
87
|
+
# Decodes a Rex::Proto::Kerberos::Model::Ticket from an String
|
88
|
+
#
|
89
|
+
# @param input [String] the input to decode from
|
90
|
+
def decode_string(input)
|
91
|
+
asn1 = OpenSSL::ASN1.decode(input)
|
92
|
+
|
93
|
+
decode_asn1(asn1)
|
94
|
+
end
|
95
|
+
|
96
|
+
# Decodes a Rex::Proto::Kerberos::Model::Ticket
|
97
|
+
#
|
98
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
99
|
+
# @raise [RuntimeError] if decoding doesn't succeed
|
100
|
+
def decode_asn1(input)
|
101
|
+
input.value[0].value.each do |val|
|
102
|
+
case val.tag
|
103
|
+
when 0
|
104
|
+
self.tkt_vno = decode_tkt_vno(val)
|
105
|
+
when 1
|
106
|
+
self.realm = decode_realm(val)
|
107
|
+
when 2
|
108
|
+
self.sname = decode_sname(val)
|
109
|
+
when 3
|
110
|
+
self.enc_part = decode_enc_part(val)
|
111
|
+
else
|
112
|
+
raise ::RuntimeError, 'Failed to decode Ticket SEQUENCE'
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
# Decodes the tkt_vno from an OpenSSL::ASN1::ASN1Data
|
118
|
+
#
|
119
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
120
|
+
# @return [Fixnum]
|
121
|
+
def decode_tkt_vno(input)
|
122
|
+
input.value[0].value.to_i
|
123
|
+
end
|
124
|
+
|
125
|
+
#
|
126
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
127
|
+
# @return [String]
|
128
|
+
def decode_realm(input)
|
129
|
+
input.value[0].value
|
130
|
+
end
|
131
|
+
|
132
|
+
# Decodes the sname field
|
133
|
+
#
|
134
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
135
|
+
# @return [Rex::Proto::Kerberos::Model::PrincipalName]
|
136
|
+
def decode_sname(input)
|
137
|
+
Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
|
138
|
+
end
|
139
|
+
|
140
|
+
# Decodes the enc_part from an OpenSSL::ASN1::ASN1Data
|
141
|
+
#
|
142
|
+
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
|
143
|
+
# @return [Rex::Proto::Kerberos::Model::EncryptedData]
|
144
|
+
def decode_enc_part(input)
|
145
|
+
Rex::Proto::Kerberos::Model::EncryptedData.decode(input.value[0])
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
151
|
+
end
|