rex 2.0.5 → 2.0.7

data/lib/rex/proto/kerberos/model/authorization_data.rb

@@ -0,0 +1,85 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a Kerberos AuthorizationData data
+        # definition.
+        class AuthorizationData < Element
+          # @!attribute elements
+          #   @return [Hash{Symbol => <Fixnum, String>}] The type of the authorization data
+          #   @option [Fixnum] :type
+          #   @option [String] :data
+          attr_accessor :elements
+
+          # Rex::Proto::Kerberos::Model::AuthorizationData decoding isn't supported
+          #
+          # @raise [NotImplementedError]
+          def decode(input)
+            raise ::NotImplementedError, 'Authorization Data decoding not supported'
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::AuthorizationData into an ASN.1 String
+          #
+          # @return [String]
+          def encode
+            seqs = []
+            elements.each do |elem|
+              elems = []
+              type_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_type(elem[:type])], 0, :CONTEXT_SPECIFIC)
+              elems << type_asn1
+              data_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_data(elem[:data])], 1, :CONTEXT_SPECIFIC)
+              elems << data_asn1
+              seqs << OpenSSL::ASN1::Sequence.new(elems)
+            end
+
+            seq = OpenSSL::ASN1::Sequence.new(seqs)
+
+            seq.to_der
+          end
+
+          # Encrypts the Rex::Proto::Kerberos::Model::AuthorizationData
+          #
+          # @param etype [Fixnum] the crypto schema to encrypt
+          # @param key [String] the key to encrypt
+          # @return [String] the encrypted result
+          # @raise [NotImplementedError] if encryption schema isn't supported
+          def encrypt(etype, key)
+            data = self.encode
+
+            res = ''
+            case etype
+            when RC4_HMAC
+              res = encrypt_rc4_hmac(data, key, 5)
+            else
+              raise ::NotImplementedError, 'EncryptedData schema is not supported'
+            end
+
+            res
+          end
+
+
+          private
+
+          # Encodes the type
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_type(type)
+            bn = OpenSSL::BN.new(type.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the data
+          #
+          # @return [OpenSSL::ASN1::OctetString]
+          def encode_data(data)
+            OpenSSL::ASN1::OctetString.new(data)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/checksum.rb

@@ -0,0 +1,59 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a Kerberos Checksum definition.
+        class Checksum < Element
+
+          # @!attribute type
+          #   @return [Fixnum] The algorithm used to generate the checksum
+          attr_accessor :type
+          # @!attribute checksum
+          #   @return [String] The checksum itself
+          attr_accessor :checksum
+
+          # Rex::Proto::Kerberos::Model::Checksum decoding isn't supported
+          #
+          # @raise [NotImplementedError]
+          def decode(input)
+            raise ::NotImplementedError, 'Checksum decoding not supported'
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::Checksum into an ASN.1 String
+          #
+          # @return [String]
+          def encode
+            elems = []
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_type], 0, :CONTEXT_SPECIFIC)
+            elems << OpenSSL::ASN1::ASN1Data.new([encode_checksum], 1, :CONTEXT_SPECIFIC)
+
+            seq = OpenSSL::ASN1::Sequence.new(elems)
+
+            seq.to_der
+          end
+
+          private
+
+          # Encodes the type field
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_type
+            bn = OpenSSL::BN.new(type.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the checksum field
+          #
+          # @return [OpenSSL::ASN1::OctetString]
+          def encode_checksum
+            OpenSSL::ASN1::OctetString.new(checksum)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/element.rb

@@ -0,0 +1,67 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of a principal, an asset (e.g., a
+        # workstation user or a network server) on a network.
+        class Element
+
+          include Rex::Proto::Kerberos::Crypto
+          include Rex::Proto::Kerberos::Model
+
+          def self.attr_accessor(*vars)
+            @attributes ||= []
+            @attributes.concat vars
+            super(*vars)
+          end
+
+          # Retrieves the element class fields
+          #
+          # @return [Array]
+          def self.attributes
+            @attributes
+          end
+
+          def self.decode(input)
+            elem = self.new
+            elem.decode(input)
+          end
+
+          def initialize(options = {})
+            self.class.attributes.each do |attr|
+              if options.has_key?(attr)
+                m = (attr.to_s + '=').to_sym
+                self.send(m, options[attr])
+              end
+            end
+          end
+
+          # Retrieves the element instance fields
+          #
+          # @return [Array]
+          def attributes
+            self.class.attributes
+          end
+
+          # Decodes the Rex::Proto::Kerberos::Model::Element from the input. This
+          # method has been designed to be overridden by subclasses.
+          #
+          # @raise [NoMethodError]
+          def decode(input)
+            raise ::NoMethodError, 'Method designed to be overridden'
+          end
+
+          # Encodes the Rex::Proto::Kerberos::Model::Element into an ASN.1 String. This
+          # method has been designed to be overridden by subclasses.
+          #
+          # @raise [NoMethodError]
+          def encode
+            raise ::NoMethodError, 'Method designed to be overridden'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/enc_kdc_response.rb

@@ -0,0 +1,215 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        class EncKdcResponse < Element
+          # @!attribute key
+          #   @return [Rex::Proto::Kerberos::Model::EncryptionKey] The session key
+          attr_accessor :key
+          # @!attribute last_req
+          #   @return [Array<Rex::Proto::Kerberos::Model::LastRequest>] This field is returned by the KDC and specifies the time(s)
+          #   of the last request by a principal
+          attr_accessor :last_req
+          # @!attribute nonce
+          #   @return [Fixnum] random number
+          attr_accessor :nonce
+          # @!attribute key_expiration
+          #   @return [Time] The key-expiration field is part of the response from the
+          #   KDC and specifies the time that the client's secret key is due to expire
+          attr_accessor :key_expiration
+          # @!attribute flags
+          #   @return [Fixnum] This field indicates which of various options were used or
+          #   requested when the ticket was issued
+          attr_accessor :flags
+          # @!attribute auth_time
+          #   @return [Time] the time of initial authentication for the named principal
+          attr_accessor :auth_time
+          # @!attribute start_time
+          #   @return [Time] Specifies the time after which the ticket is valid
+          attr_accessor :start_time
+          # @!attribute end_time
+          #   @return [Time] This field contains the time after which the ticket will
+          #   not be honored (its expiration time)
+          attr_accessor :end_time
+          # @!attribute renew_till
+          #   @return [Time] This field is only present in tickets that have the
+          #   RENEWABLE flag set in the flags field.  It indicates the maximum
+          #   endtime that may be included in a renewal
+          attr_accessor :renew_till
+          # @!attribute srealm
+          #   @return [String] The realm part of the server's principal identifier
+          attr_accessor :srealm
+          # @!attribute sname
+          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
+          attr_accessor :sname
+
+          # Decodes the Rex::Proto::Kerberos::Model::EncKdcResponse from an input
+          #
+          # @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [self] if decoding succeeds
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::ASN1Data
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode EncKdcResponse, invalid input'
+            end
+
+            self
+          end
+
+          # Rex::Proto::Kerberos::Model::EncKdcResponse encoding isn't supported
+          #
+          # @raise [NotImplementedError]
+          def encode
+            raise ::NotImplementedError, 'EncKdcResponse encoding not supported'
+          end
+
+          private
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncKdcResponse from an String
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncKdcResponse
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode_asn1(input)
+            input.value[0].value.each do |val|
+              case val.tag
+              when 0
+                self.key = decode_key(val)
+              when 1
+                self.last_req = decode_last_req(val)
+              when 2
+                self.nonce = decode_nonce(val)
+              when 3
+                self.key_expiration = decode_key_expiration(val)
+              when 4
+                self.flags = decode_flags(val)
+              when 5
+                self.auth_time = decode_auth_time(val)
+              when 6
+                self.start_time = decode_start_time(val)
+              when 7
+                self.end_time = decode_end_time(val)
+              when 8
+                self.renew_till = decode_renew_till(val)
+              when 9
+                self.srealm = decode_srealm(val)
+              when 10
+                self.sname = decode_sname(val)
+              else
+                raise ::RuntimeError, 'Failed to decode ENC-KDC-RESPONSE SEQUENCE'
+              end
+            end
+          end
+
+          # Decodes the key from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [EncryptionKey]
+          def decode_key(input)
+            Rex::Proto::Kerberos::Model::EncryptionKey.decode(input.value[0])
+          end
+
+          # Decodes the last_req from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Array<Rex::Proto::Kerberos::Model::LastRequest>]
+          def decode_last_req(input)
+            last_requests = []
+            input.value[0].value.each do |last_request|
+              last_requests << Rex::Proto::Kerberos::Model::LastRequest.decode(last_request)
+            end
+
+            last_requests
+          end
+
+          # Decodes the nonce field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_nonce(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the key_expiration field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_key_expiration(input)
+            input.value[0].value
+          end
+
+          # Decodes the flags field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_flags(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the auth_time field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_auth_time(input)
+            input.value[0].value
+          end
+
+          # Decodes the start_time field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_start_time(input)
+            input.value[0].value
+          end
+
+          # Decodes the end_time field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_end_time(input)
+            input.value[0].value
+          end
+
+          # Decodes the renew_till field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Time]
+          def decode_renew_till(input)
+            input.value[0].value
+          end
+
+          # Decodes the srealm field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [String]
+          def decode_srealm(input)
+            input.value[0].value
+          end
+
+          # Decodes the sname field
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Rex::Proto::Kerberos::Type::PrincipalName]
+          def decode_sname(input)
+            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/model/encrypted_data.rb

@@ -0,0 +1,171 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Model
+        # This class provides a representation of an encrypted message.
+        class EncryptedData < Element
+          # @!attribute name_type
+          #   @return [Fixnum] The encryption algorithm
+          attr_accessor :etype
+          # @!attribute kvno
+          #   @return [Fixnum] The version number of the key
+          attr_accessor :kvno
+          # @!attribute cipher
+          #   @return [String] The enciphered text
+          attr_accessor :cipher
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncryptedData
+          #
+          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
+          # @return [self]
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode(input)
+            case input
+            when String
+              decode_string(input)
+            when OpenSSL::ASN1::Sequence
+              decode_asn1(input)
+            else
+              raise ::RuntimeError, 'Failed to decode EncryptedData Name, invalid input'
+            end
+
+            self
+          end
+
+          # Encodes a Rex::Proto::Kerberos::Model::EncryptedData into an ASN.1 String
+          #
+          # @return [String]
+          def encode
+            elems = []
+            etype_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_etype], 0, :CONTEXT_SPECIFIC)
+            elems << etype_asn1
+
+            if kvno
+              kvno_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_kvno], 1, :CONTEXT_SPECIFIC)
+              elems << kvno_asn1
+            end
+
+            cipher_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_cipher], 2, :CONTEXT_SPECIFIC)
+            elems << cipher_asn1
+
+            seq = OpenSSL::ASN1::Sequence.new(elems)
+
+            seq.to_der
+          end
+
+          # Decrypts the cipher with etype encryption schema
+          #
+          # @param key [String] the key to decrypt
+          # @param msg_type [Fixnum] the message type
+          # @return [String] the decrypted `cipher`
+          # @raise [RuntimeError] if decryption doesn't succeed
+          # @raise [NotImplementedError] if encryption isn't supported
+          def decrypt(key, msg_type)
+            if cipher.nil? || cipher.empty?
+              return ''
+            end
+
+            res = ''
+            case etype
+            when RC4_HMAC
+              res = decrypt_rc4_hmac(cipher, key, msg_type)
+              raise ::RuntimeError, 'EncryptedData failed to decrypt' if res.length < 8
+              res = res[8, res.length - 1]
+            else
+              raise ::NotImplementedError, 'EncryptedData schema is not supported'
+            end
+
+            res
+          end
+
+          private
+
+          # Encodes the etype
+          #
+          # @return [OpenSSL::ASN1::Integer]
+          def encode_etype
+            bn = OpenSSL::BN.new(etype.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the kvno
+          #
+          # @raise [RuntimeError]
+          def encode_kvno
+            bn = OpenSSL::BN.new(kvno.to_s)
+            int = OpenSSL::ASN1::Integer.new(bn)
+
+            int
+          end
+
+          # Encodes the cipher
+          #
+          # @return [OpenSSL::ASN1::OctetString]
+          def encode_cipher
+            OpenSSL::ASN1::OctetString.new(cipher)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncryptedData from an String
+          #
+          # @param input [String] the input to decode from
+          def decode_string(input)
+            asn1 = OpenSSL::ASN1.decode(input)
+
+            decode_asn1(asn1)
+          end
+
+          # Decodes a Rex::Proto::Kerberos::Model::EncryptedData from an
+          # OpenSSL::ASN1::Sequence
+          #
+          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
+          # @raise [RuntimeError] if decoding doesn't succeed
+          def decode_asn1(input)
+            seq_values = input.value
+
+            seq_values.each do |val|
+              case val.tag
+              when 0
+                self.etype = decode_etype(val)
+              when 1
+                self.kvno = decode_kvno(val)
+              when 2
+                self.cipher = decode_cipher(val)
+              else
+                raise ::RuntimeError, 'Failed to decode EncryptedData SEQUENCE'
+              end
+            end
+          end
+
+          # Decodes the etype from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_etype(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the kvno from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Fixnum]
+          def decode_kvno(input)
+            input.value[0].value.to_i
+          end
+
+          # Decodes the cipher from an OpenSSL::ASN1::ASN1Data
+          #
+          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+          # @return [Sting]
+          def decode_cipher(input)
+            input.value[0].value
+          end
+
+        end
+      end
+    end
+  end
+end