infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cipher::Cipher is deprecated

bug/bundler_fix
Brent Cook 2017-01-17 14:44:45 -06:00
parent f69b4a330e
commit 836da6177f
28 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/msf/core/exploit/tincd.rb
View File

@ -118,7 +118,7 @@ module Exploit::Remote::TincdExploitClient
bf_enc_key = key_s1[offset_key...@server_key_len]
bf_enc_iv = key_s1[offset_iv...offset_key]
@bf_enc_cipher = OpenSSL::Cipher::Cipher.new('BF-OFB')
@bf_enc_cipher = OpenSSL::Cipher.new('BF-OFB')
@bf_enc_cipher.encrypt
@bf_enc_cipher.key = bf_enc_key
@bf_enc_cipher.iv = bf_enc_iv
@ -165,7 +165,7 @@ module Exploit::Remote::TincdExploitClient
bf_dec_key = key_s2[offset_key...@client_key_len]
bf_dec_iv = key_s2[offset_iv...offset_key]
@bf_dec_cipher = OpenSSL::Cipher::Cipher.new 'BF-OFB'
@bf_dec_cipher = OpenSSL::Cipher.new 'BF-OFB'
@bf_dec_cipher.encrypt
@bf_dec_cipher.key = bf_dec_key
@bf_dec_cipher.iv = bf_dec_iv

4
lib/msf/core/handler/bind_tcp.rb
View File

@ -180,7 +180,7 @@ module BindTcp
key = m.digest(datastore["AESPassword"] || "")
Rex::ThreadFactory.spawn('AESEncryption', false) {
c1 = OpenSSL::Cipher::Cipher.new('aes-128-cfb8')
c1 = OpenSSL::Cipher.new('aes-128-cfb8')
c1.encrypt
c1.key=key
sock.put([0].pack('N'))
@ -194,7 +194,7 @@ module BindTcp
}
Rex::ThreadFactory.spawn('AESEncryption', false) {
c2 = OpenSSL::Cipher::Cipher.new('aes-128-cfb8')
c2 = OpenSSL::Cipher.new('aes-128-cfb8')
c2.decrypt
c2.key=key
iv=""

2
lib/msf/core/payload/windows/rc4.rb
View File

@ -75,7 +75,7 @@ module Payload::Windows::Rc4
def generate_stage(opts = {})
p = super(opts)
xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
c1 = OpenSSL::Cipher::Cipher.new('RC4')
c1 = OpenSSL::Cipher.new('RC4')
c1.decrypt
c1.key = rc4key
p = c1.update(p)

6
lib/msf/core/post/windows/priv.rb
View File

@ -313,7 +313,7 @@ module Msf::Post::Windows::Priv
md5x << pol[60,16]
end
rc4 = OpenSSL::Cipher::Cipher.new("rc4")
rc4 = OpenSSL::Cipher.new("rc4")
rc4.key = md5x.digest
lsa_key = rc4.update(pol[12,48])
lsa_key << rc4.final
@ -363,7 +363,7 @@ module Msf::Post::Windows::Priv
sha256x << policy_secret[28,32]
end
aes = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
aes = OpenSSL::Cipher.new("aes-256-cbc")
aes.key = sha256x.digest
vprint_status("digest #{sha256x.digest.unpack("H*")[0]}")
@ -396,7 +396,7 @@ module Msf::Post::Windows::Priv
enc_block = secret[i..i+7]
block_key = key[j..j+6]
des_key = convert_des_56_to_64(block_key)
d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
d1 = OpenSSL::Cipher.new('des-ecb')
d1.padding = 0
d1.key = des_key

2
lib/rex/parser/group_policy_preferences.rb
View File

@ -165,7 +165,7 @@ class GPP
end
key = "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b"
aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
aes = OpenSSL::Cipher.new("AES-256-CBC")
begin
aes.decrypt
aes.key = key

4
lib/rex/proto/kerberos/crypto/rc4_hmac.rb
View File

@ -23,7 +23,7 @@ module Rex
k1 = OpenSSL::HMAC.digest('MD5', key, [msg_type].pack('V'))
k3 = OpenSSL::HMAC.digest('MD5', k1, checksum)
cipher = OpenSSL::Cipher::Cipher.new('rc4')
cipher = OpenSSL::Cipher.new('rc4')
cipher.decrypt
cipher.key = k3
decrypted = cipher.update(data) + cipher.final
@ -50,7 +50,7 @@ module Rex
k3 = OpenSSL::HMAC.digest('MD5', k1, checksum)
cipher = OpenSSL::Cipher::Cipher.new('rc4')
cipher = OpenSSL::Cipher.new('rc4')
cipher.encrypt
cipher.key = k3
encrypted = cipher.update(data_encrypt) + cipher.final

4
lib/rex/proto/ntlm/crypt.rb
View File

@ -373,7 +373,7 @@ BASE = Rex::Proto::NTLM::Base
def self.encrypt_sessionkey(session_key, user_session_key)
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
cipher = OpenSSL::Cipher::Cipher.new('rc4')
cipher = OpenSSL::Cipher.new('rc4')
cipher.encrypt
cipher.key = user_session_key
cipher.update(session_key)
@ -381,7 +381,7 @@ BASE = Rex::Proto::NTLM::Base
def self.decrypt_sessionkey(encrypted_session_key, user_session_key)
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
cipher = OpenSSL::Cipher::Cipher.new('rc4')
cipher = OpenSSL::Cipher.new('rc4')
cipher.decrypt
cipher.key = user_session_key
cipher.update(encrypted_session_key)

4
lib/rex/proto/rfb/cipher.rb
View File

@ -48,7 +48,7 @@ class Cipher
# VNC auth does two 8-byte blocks individually instead supporting some block mode
cipher = ''
2.times { |x|
c = OpenSSL::Cipher::Cipher.new('des')
c = OpenSSL::Cipher.new('des')
c.encrypt
c.key = key
cipher << c.update(plain[x*8, 8])
@ -69,7 +69,7 @@ class Cipher
# NOTE: This only does one 8 byte block
plain = ''
c = OpenSSL::Cipher::Cipher.new('des')
c = OpenSSL::Cipher.new('des')
c.decrypt
c.key = key
c.update(cipher)

2
modules/auxiliary/admin/http/sysaid_sql_creds.rb
View File

@ -44,7 +44,7 @@ class MetasploitModule < Msf::Auxiliary
def decrypt_password (ciphertext)
salt = [-87, -101, -56, 50, 86, 53, -29, 3].pack('c*')
cipher = OpenSSL::Cipher::Cipher.new("DES")
cipher = OpenSSL::Cipher.new("DES")
base_64_code = Rex::Text.decode_base64(ciphertext)
cipher.decrypt
cipher.pkcs5_keyivgen 'inigomontoya', salt, 19

2
modules/auxiliary/gather/mcafee_epo_xxe.rb
View File

@ -58,7 +58,7 @@ class MetasploitModule < Msf::Auxiliary
def run
key = "\x5E\x9C\x3E\xDF\xE6\x25\x84\x36\x66\x21\x93\x80\x31\x5A\x29\x33" #static key used
aes = OpenSSL::Cipher::Cipher.new('AES-128-ECB') # ecb, bad bad tsk
aes = OpenSSL::Cipher.new('AES-128-ECB') # ecb, bad bad tsk
aes.decrypt
aes.padding=1
aes.key = key

4
modules/auxiliary/gather/trackit_sql_domain_creds.rb
View File

@ -260,7 +260,7 @@ class MetasploitModule < Msf::Auxiliary
end
if loot[database_pw]
cipher = OpenSSL::Cipher::Cipher.new("des")
cipher = OpenSSL::Cipher.new("des")
cipher.decrypt
cipher.key = 'NumaraTI'
cipher.iv = 'NumaraTI'
@ -274,7 +274,7 @@ class MetasploitModule < Msf::Auxiliary
end
if loot[domain_admin_pw]
cipher = OpenSSL::Cipher::Cipher.new("des")
cipher = OpenSSL::Cipher.new("des")
cipher.decrypt
cipher.key = 'NumaraTI'
cipher.iv = 'NumaraTI'

2
modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
View File

@ -194,7 +194,7 @@ class MetasploitModule < Msf::Auxiliary
(dk, iv) = get_derived_key(pbe_key, salt, 1000)
alg = 'des-cbc'
decode_cipher = OpenSSL::Cipher::Cipher.new(alg)
decode_cipher = OpenSSL::Cipher.new(alg)
decode_cipher.decrypt
decode_cipher.padding = 0
decode_cipher.key = dk

2
modules/exploits/linux/misc/accellion_fta_mpipe2.rb
View File

@ -144,7 +144,7 @@ class MetasploitModule < Msf::Exploit::Remote
key = hash[0, key_len]
iv = Rex::Text.rand_text(iv_len)
c = OpenSSL::Cipher::Cipher.new('bf-cbc')
c = OpenSSL::Cipher.new('bf-cbc')
c.encrypt
c.key_len = key_len
c.key = key

2
modules/exploits/multi/http/metasploit_static_secret_key_base.rb
View File

@ -76,7 +76,7 @@ class MetasploitModule < Msf::Exploit::Remote
end
def new_cipher
OpenSSL::Cipher::Cipher.new(@cipher)
OpenSSL::Cipher.new(@cipher)
end
end

2
modules/exploits/multi/http/rails_secret_deserialization.rb
View File

@ -76,7 +76,7 @@ class MetasploitModule < Msf::Exploit::Remote
end
def new_cipher
OpenSSL::Cipher::Cipher.new(@cipher)
OpenSSL::Cipher.new(@cipher)
end
end

2
modules/post/multi/gather/remmina_creds.rb
View File

@ -49,7 +49,7 @@ class MetasploitModule < Msf::Post
end
def decrypt(secret, data)
c = OpenSSL::Cipher::Cipher.new('des3')
c = OpenSSL::Cipher.new('des3')
key_data = Base64.decode64(secret)
# the key is the first 24 bytes of the secret
c.key = key_data[0, 24]

4
modules/post/windows/gather/cachedump.rb
View File

@ -246,7 +246,7 @@ class MetasploitModule < Msf::Post
def decrypt_hash(edata, nlkm, ch)
rc4key = OpenSSL::HMAC.digest(OpenSSL::Digest.new('md5'), nlkm, ch)
rc4 = OpenSSL::Cipher::Cipher.new("rc4")
rc4 = OpenSSL::Cipher.new("rc4")
rc4.key = rc4key
decrypted = rc4.update(edata)
decrypted << rc4.final
@ -255,7 +255,7 @@ class MetasploitModule < Msf::Post
end
def decrypt_hash_vista(edata, nlkm, ch)
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
aes = OpenSSL::Cipher.new('aes-128-cbc')
aes.key = nlkm[16...-1]
aes.padding = 0
aes.decrypt

2
modules/post/windows/gather/credentials/coreftp.rb
View File

@ -91,7 +91,7 @@ class MetasploitModule < Msf::Post
def decrypt(encoded)
cipher = [encoded].pack("H*")
aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
aes = OpenSSL::Cipher.new("AES-128-ECB")
aes.padding = 0
aes.decrypt
aes.key = "hdfzpysvpzimorhk"

2
modules/post/windows/gather/credentials/epo_sql.rb
View File

@ -159,7 +159,7 @@ class MetasploitModule < Msf::Post
def decrypt46(encoded)
encrypted_data = Rex::Text.decode_base64(encoded)
aes = OpenSSL::Cipher::Cipher.new('AES-128-ECB')
aes = OpenSSL::Cipher.new('AES-128-ECB')
aes.padding = 0
aes.decrypt
# Private key extracted from ePO 4.6.0 Build 1029

2
modules/post/windows/gather/credentials/mremote.rb
View File

@ -120,7 +120,7 @@ class MetasploitModule < Msf::Post
end
def decrypt(encrypted_data, key, iv, cipher_type)
aes = OpenSSL::Cipher::Cipher.new(cipher_type)
aes = OpenSSL::Cipher.new(cipher_type)
aes.decrypt
aes.key = key
aes.iv = iv if iv != nil

2
modules/post/windows/gather/credentials/razer_synapse.rb
View File

@ -45,7 +45,7 @@ class MetasploitModule < Msf::Post
# decrypt password
def decrypt(pass)
pass = Rex::Text.decode_base64(pass) if is_base64?(pass)
cipher = OpenSSL::Cipher::Cipher.new 'aes-256-cbc'
cipher = OpenSSL::Cipher.new 'aes-256-cbc'
cipher.decrypt
cipher.key = "hcxilkqbbhczfeultgbskdmaunivmfuo"
cipher.iv = "ryojvlzmdalyglrj"

2
modules/post/windows/gather/credentials/skype.rb
View File

@ -124,7 +124,7 @@ puts hash.hexdigest
# Concatinate SHA digests for AES key
sha = Digest::SHA1.digest("\x00\x00\x00\x00" + salt) + Digest::SHA1.digest("\x00\x00\x00\x01" + salt)
aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
aes = OpenSSL::Cipher.new("AES-256-CBC")
aes.encrypt
aes.key = sha[0,32] # Use only 32 bytes of key
final = aes.update([0].pack("N*") * 4) # Encrypt 16 \x00 bytes

2
modules/post/windows/gather/credentials/spark_im.rb
View File

@ -39,7 +39,7 @@ class MetasploitModule < Msf::Post
encrypted = hash.unpack("m")[0]
key = "ugfpV1dMC5jyJtqwVAfTpHkxqJ0+E0ae".unpack("m")[0]
cipher = OpenSSL::Cipher::Cipher.new 'des-ede3'
cipher = OpenSSL::Cipher.new 'des-ede3'
cipher.decrypt
cipher.key = key

2
modules/post/windows/gather/credentials/wsftp_client.rb
View File

@ -99,7 +99,7 @@ class MetasploitModule < Msf::Post
decoded = pwd.unpack("m*")[0]
key = "\xE1\xF0\xC3\xD2\xA5\xB4\x87\x96\x69\x78\x4B\x5A\x2D\x3C\x0F\x1E\x34\x12\x78\x56\xab\x90\xef\xcd"
iv = "\x34\x12\x78\x56\xab\x90\xef\xcd"
des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
des = OpenSSL::Cipher.new("des-ede3-cbc")
des.decrypt
des.key = key

8
modules/post/windows/gather/hashdump.rb
View File

@ -144,7 +144,7 @@ class MetasploitModule < Msf::Post
hash = Digest::MD5.new
hash.update(vf[0x70, 16] + @sam_qwerty + bootkey + @sam_numeric)
rc4 = OpenSSL::Cipher::Cipher.new("rc4")
rc4 = OpenSSL::Cipher.new("rc4")
rc4.key = hash.digest
hbootkey = rc4.update(vf[0x80, 32])
hbootkey << rc4.final
@ -257,18 +257,18 @@ class MetasploitModule < Msf::Post
des_k1, des_k2 = rid_to_key(rid)
d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
d1 = OpenSSL::Cipher.new('des-ecb')
d1.padding = 0
d1.key = des_k1
d2 = OpenSSL::Cipher::Cipher.new('des-ecb')
d2 = OpenSSL::Cipher.new('des-ecb')
d2.padding = 0
d2.key = des_k2
md5 = Digest::MD5.new
md5.update(hbootkey[0,16] + [rid].pack("V") + pass)
rc4 = OpenSSL::Cipher::Cipher.new('rc4')
rc4 = OpenSSL::Cipher.new('rc4')
rc4.key = md5.digest
okey = rc4.update(enchash)

8
modules/post/windows/gather/smart_hashdump.rb
View File

@ -68,7 +68,7 @@ class MetasploitModule < Msf::Post
hash = Digest::MD5.new
hash.update(vf[0x70, 16] + @sam_qwerty + bootkey + @sam_numeric)
rc4 = OpenSSL::Cipher::Cipher.new("rc4")
rc4 = OpenSSL::Cipher.new("rc4")
rc4.key = hash.digest
hbootkey = rc4.update(vf[0x80, 32])
hbootkey << rc4.final
@ -186,18 +186,18 @@ class MetasploitModule < Msf::Post
des_k1, des_k2 = rid_to_key(rid)
d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
d1 = OpenSSL::Cipher.new('des-ecb')
d1.padding = 0
d1.key = des_k1
d2 = OpenSSL::Cipher::Cipher.new('des-ecb')
d2 = OpenSSL::Cipher.new('des-ecb')
d2.padding = 0
d2.key = des_k2
md5 = Digest::MD5.new
md5.update(hbootkey[0,16] + [rid].pack("V") + pass)
rc4 = OpenSSL::Cipher::Cipher.new('rc4')
rc4 = OpenSSL::Cipher.new('rc4')
rc4.key = md5.digest
okey = rc4.update(enchash)

8
modules/post/windows/manage/hashcarve.rb
View File

@ -87,7 +87,7 @@ class MetasploitModule < Msf::Post
ok.close
hash = Digest::MD5.new
hash.update(vf[0x70, 16] + @sam_qwerty + bootkey + @sam_numeric)
rc4 = OpenSSL::Cipher::Cipher.new("rc4")
rc4 = OpenSSL::Cipher.new("rc4")
rc4.key = hash.digest
hbootkey = rc4.update(vf[0x80, 32])
hbootkey << rc4.final
@ -169,15 +169,15 @@ class MetasploitModule < Msf::Post
end
des_k1, des_k2 = rid_to_key(rid)
d1 = OpenSSL::Cipher::Cipher.new('des-ecb')
d1 = OpenSSL::Cipher.new('des-ecb')
d1.padding = 0
d1.key = des_k1
d2 = OpenSSL::Cipher::Cipher.new('des-ecb')
d2 = OpenSSL::Cipher.new('des-ecb')
d2.padding = 0
d2.key = des_k2
md5 = Digest::MD5.new
md5.update(hbootkey[0,16] + [rid].pack("V") + pass)
rc4 = OpenSSL::Cipher::Cipher.new('rc4')
rc4 = OpenSSL::Cipher.new('rc4')
rc4.key = md5.digest
rc4.encrypt
d2o = d2.encrypt.update(hash[8,8])

2
tools/password/cpassword_decrypt.rb
View File

@ -64,7 +64,7 @@ class CPassword
key << "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc"
key << "\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b"
begin
aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
aes = OpenSSL::Cipher.new("AES-256-CBC")
aes.decrypt
aes.key = key
plaintext = aes.update(decoded)