rex 2.0.5 → 2.0.7

data/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb

@@ -0,0 +1,126 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class is a representation of a PA-ENC-TIMESTAMP, an encrypted timestamp sent
+        # as pre authenticated data
+        class PreAuthEncTimeStamp < Element
+
+          CRYPTO_MSG_TYPE = 1
+
+          # @!attribute pa_time_stamp
+          #   @return [Time] client's time
+          attr_accessor :pa_time_stamp
+          # @!attribute pausec
+          #   @return [Fixnum] optional microseconds client's time
+          attr_accessor :pausec
+
+          # Decodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp
+          #
+          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::Sequence
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode PreAuthEncTimeStamp, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp into an
+          # ASN.1 String
+          #
+          # @return [String]
+          def encode
+            pa_time_stamp_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_pa_time_stamp], 0, :CONTEXT_SPECIFIC)
+            pausec_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_pausec], 1, :CONTEXT_SPECIFIC)
+            seq = OpenSSL::ASN1::Sequence.new([pa_time_stamp_asn1, pausec_asn1])
+
+            seq.to_der
+          end
+
+          # Encrypts the Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp
+          #
+          # @param etype [Fixnum] the crypto schema to encrypt
+          # @param key [String] the key to encrypt
+          # @return [String] the encrypted result
+          # @raise [NotImplementedError] if encryption schema isn't supported
+          def encrypt(etype, key)
+            data = self.encode
+
+            res = ''
+            case etype
+            when RC4_HMAC
+              res = encrypt_rc4_hmac(data, key, CRYPTO_MSG_TYPE)
+            else
+              raise ::NotImplementedError, 'EncryptedData schema is not supported'
+            end
+
+            res
+          end
+
+          private
+
+          # Encodes the pa_time_stamp
+          #
+          # @return [OpenSSL::ASN1::GeneralizedTime]
+          def encode_pa_time_stamp
+            OpenSSL::ASN1::GeneralizedTime.new(pa_time_stamp)
+          end
+
+          # Encodes the pausec
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_pausec
+            int_bn = OpenSSL::BN.new(pausec.to_s)
+            int = OpenSSL::ASN1::Integer.new(int_bn)
+
+            int
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::PreAuthEncTimeStamp from an
+          # OpenSSL::ASN1::Sequence
+          #
+          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
+          def decode_asn1(input)
+            self.pa_time_stamp = decode_pa_time_stamp(input.value[0])
+            self.pausec = decode_pausec(input.value[1])
+          end
+
+          # Decodes the decode_pa_time_stamp from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Boolean]
+          def decode_pa_time_stamp(input)
+            input.value[0].value
+          end
+
+          # Decodes the pausec from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_pausec(input)
+            input.value[0].value.to_i
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb

@@ -0,0 +1,81 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class is a representation of a KERB-PA-PAC-REQUEST, pre authenticated data to
+        # explicitly request to include or exclude a PAC in the ticket.
+        class PreAuthPacRequest < Element
+
+          # @!attribute value
+          #   @return [Boolean]
+          attr_accessor :value
+
+          # Decodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest
+          #
+          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::Sequence
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode PreAuthPacRequest, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest into an
+          # ASN.1 String
+          #
+          # @return [String]
+          def encode
+            value_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_value], 0, :CONTEXT_SPECIFIC)
+            seq = OpenSSL::ASN1::Sequence.new([value_asn1])
+
+            seq.to_der
+          end
+
+          private
+
+          # Encodes value attribute
+          #
+          # @return [OpenSSL::ASN1::Boolean]
+          def encode_value
+            OpenSSL::ASN1::Boolean.new(value)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::PreAuthPacRequest from an
+          # OpenSSL::ASN1::Sequence
+          #
+          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
+          def decode_asn1(input)
+            self.value = decode_asn1_value(input.value[0])
+          end
+
+          # Decodes the value from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Boolean]
+          def decode_asn1_value(input)
+            input.value[0].value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/principal_name.rb

@@ -0,0 +1,116 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a principal, an asset (e.g., a
+        # workstation user or a network server) on a network.
+        class PrincipalName < Element
+
+          # @!attribute name_type
+          #   @return [Fixnum] The type of name
+          attr_accessor :name_type
+          # @!attribute name_string
+          #   @return [Array<String>] A sequence of strings that form a name.
+          attr_accessor :name_string
+
+          # Decodes a Rex::Proto::Kerberos::Model::PrincipalName
+          #
+          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::Sequence
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode Principal Name, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::PrincipalName into an
+          # ASN.1 String
+          #
+          # @return [String]
+          def encode
+            integer_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_name_type], 0, :CONTEXT_SPECIFIC)
+            string_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_name_string], 1, :CONTEXT_SPECIFIC)
+            seq = OpenSSL::ASN1::Sequence.new([integer_asn1, string_asn1])
+
+            seq.to_der
+          end
+
+          private
+
+          # Encodes the name_type
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_name_type
+            int_bn = OpenSSL::BN.new(name_type.to_s)
+            int = OpenSSL::ASN1::Integer.new(int_bn)
+
+            int
+          end
+
+          # Encodes the name_string
+          #
+          # @return [OpenSSL::ASN1::Sequence]
+          def encode_name_string
+            strings = []
+            name_string.each do |s|
+              strings << OpenSSL::ASN1::GeneralString.new(s)
+            end
+            seq_string = OpenSSL::ASN1::Sequence.new(strings)
+
+            seq_string
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::PrincipalName from an String
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::PrincipalName from an
+          # OpenSSL::ASN1::Sequence
+          #
+          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
+          def decode_asn1(input)
+            seq_values = input.value
+            self.name_type = decode_name_type(seq_values[0])
+            self.name_string = decode_name_string(seq_values[1])
+          end
+
+          # Decodes the name_type from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_name_type(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the name_string from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Array<String>]
+          def decode_name_string(input)
+            strings = []
+            input.value[0].value.each do |v|
+              strings << v.value
+            end
+
+            strings
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/ticket.rb

@@ -0,0 +1,151 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a Kerberos ticket that helps
+        # a client authenticate to a service.
+        class Ticket < Element
+          # @!attribute tkt_vno
+          #   @return [Fixnum] The ticket version number
+          attr_accessor :tkt_vno
+          # @!attribute realm
+          #   @return [String] The realm that issued the ticket
+          attr_accessor :realm
+          # @!attribute sname
+          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
+          attr_accessor :sname
+          # @!attribute enc_part
+          #   @return [Rex::Proto::Kerberos::Model::EncryptedData] The encrypted part of the ticket
+          attr_accessor :enc_part
+
+          # Decodes the Rex::Proto::Kerberos::Model::KrbError from an input
+          #
+          # @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::ASN1Data
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode Ticket, invalid input'
+            end
+
+            self
+          end
+
+          def encode
+            elems = []
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_tkt_vno], 0, :CONTEXT_SPECIFIC)
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_realm], 1, :CONTEXT_SPECIFIC)
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_sname], 2, :CONTEXT_SPECIFIC)
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_enc_part], 3, :CONTEXT_SPECIFIC)
+            seq = OpenSSL::ASN1::Sequence.new(elems)
+
+            seq_asn1 = OpenSSL::ASN1::ASN1Data.new([seq], TICKET, :APPLICATION)
+
+            seq_asn1.to_der
+          end
+
+          private
+
+          # Encodes the tkt_vno field
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_tkt_vno
+            bn = OpenSSL::BN.new(tkt_vno.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the realm field
+          #
+          # @return [OpenSSL::ASN1::GeneralString]
+          def encode_realm
+            OpenSSL::ASN1::GeneralString.new(realm)
+          end
+
+          # Encodes the sname field
+          #
+          # @return [String]
+          def encode_sname
+            sname.encode
+          end
+
+          # Encodes the enc_part field
+          #
+          # @return [String]
+          def encode_enc_part
+            enc_part.encode
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::Ticket from an String
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::Ticket
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode_asn1(input)
+            input.value[0].value.each do |val|
+              case val.tag
+              when 0
+                self.tkt_vno = decode_tkt_vno(val)
+              when 1
+                self.realm = decode_realm(val)
+              when 2
+                self.sname = decode_sname(val)
+              when 3
+                self.enc_part = decode_enc_part(val)
+              else
+                raise ::RuntimeError, 'Failed to decode Ticket SEQUENCE'
+              end
+            end
+          end
+
+          # Decodes the tkt_vno from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_tkt_vno(input)
+            input.value[0].value.to_i
+          end
+
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [String]
+          def decode_realm(input)
+            input.value[0].value
+          end
+
+          # Decodes the sname field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Model::PrincipalName]
+          def decode_sname(input)
+            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
+          end
+
+          # Decodes the enc_part from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Model::EncryptedData]
+          def decode_enc_part(input)
+            Rex::Proto::Kerberos::Model::EncryptedData.decode(input.value[0])
+          end
+        end
+      end
+    end
+  end
+end