diff --git a/lib/rex/proto/kerberos/crypto/rc4_hmac.rb b/lib/rex/proto/kerberos/crypto/rc4_hmac.rb index 698963e3cf..e413e987fe 100644 --- a/lib/rex/proto/kerberos/crypto/rc4_hmac.rb +++ b/lib/rex/proto/kerberos/crypto/rc4_hmac.rb @@ -17,12 +17,9 @@ module Rex raise ::RuntimeError, 'RC4-HMAC decryption failed' end - #my_key = OpenSSL::Digest.digest('MD4', Rex::Text.to_unicode(key)) - checksum = cipher[0, 16] data = cipher[16, cipher.length - 1] - #k1 = OpenSSL::HMAC.digest('MD5', my_key, [msg_type].pack('V')) k1 = OpenSSL::HMAC.digest('MD5', key, [msg_type].pack('V')) k3 = OpenSSL::HMAC.digest('MD5', k1, checksum) @@ -45,11 +42,10 @@ module Rex # @param msg_type [Fixnum] the message type # @return [String] the encrypted data def encrypt_rc4_hmac(data, key, msg_type) - #my_key = OpenSSL::Digest.digest('MD4', Rex::Text.to_unicode(key)) k1 = OpenSSL::HMAC.digest('MD5', key, [msg_type].pack('V')) data_encrypt = Rex::Text::rand_text(8) + data - #data_encrypt = "\x92\xc9\x72\xcf\xe3\x51\xcc\xbf" + data + checksum = OpenSSL::HMAC.digest('MD5', k1, data_encrypt) k3 = OpenSSL::HMAC.digest('MD5', k1, checksum) diff --git a/lib/rex/proto/kerberos/model/ap_req.rb b/lib/rex/proto/kerberos/model/ap_req.rb index 0613f17746..a05905ec6d 100644 --- a/lib/rex/proto/kerberos/model/ap_req.rb +++ b/lib/rex/proto/kerberos/model/ap_req.rb @@ -4,12 +4,13 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a KRB_AP_REQ definition. class ApReq < Element # @!attribute pvno # @return [Fixnum] The protocol version number attr_accessor :pvno # @!attribute msg_type - # @return [Fixnum] The type of a protocol message + # @return [Fixnum] The type of the protocol message attr_accessor :msg_type # @!attribute options # @return [Fixnum] request options, affects processing @@ -22,10 +23,16 @@ module Rex # client's choice of a subkey attr_accessor :authenticator + # Rex::Proto::Kerberos::Model::ApReq decoding isn't supported + # + # @raise [RuntimeError] def decode(input) raise ::RuntimeError, 'AP-REQ decoding not supported' end + # Encodes the Rex::Proto::Kerberos::Model::ApReq into an ASN.1 String + # + # @return [String] def encode elems = [] elems << OpenSSL::ASN1::ASN1Data.new([encode_pvno], 0, :CONTEXT_SPECIFIC) diff --git a/lib/rex/proto/kerberos/model/authenticator.rb b/lib/rex/proto/kerberos/model/authenticator.rb index d63c174633..34c3158c8a 100644 --- a/lib/rex/proto/kerberos/model/authenticator.rb +++ b/lib/rex/proto/kerberos/model/authenticator.rb @@ -4,6 +4,9 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of an Authenticator, sent with a + # ticket to the server to certify the client's knowledge of the encryption + # key in the ticket. class Authenticator < Element include Rex::Proto::Kerberos::Crypto::Rc4Hmac @@ -18,7 +21,8 @@ module Rex # identifier attr_accessor :cname # @!attribute checksum - # @return [Rex::Proto::Kerberos::Model::Checksum] + # @return [Rex::Proto::Kerberos::Model::Checksum] The checksum of the application data that + # accompanies the KRB_AP_REQ. attr_accessor :checksum # @!attribute cusec # @return [Fixnum] The microsecond part of the client's timestamp @@ -31,10 +35,16 @@ module Rex # key which is to be used to protect this specific application session attr_accessor :subkey + # Rex::Proto::Kerberos::Model::Authenticator decoding isn't supported + # + # @raise [RuntimeError] def decode(input) raise ::RuntimeError, 'Authenticator decoding not supported' end + # Encodes the Rex::Proto::Kerberos::Model::Authenticator into an ASN.1 String + # + # @return [String] def encode elems = [] elems << OpenSSL::ASN1::ASN1Data.new([encode_vno], 0, :CONTEXT_SPECIFIC) @@ -73,7 +83,7 @@ module Rex private - # Encodes the vno + # Encodes the vno field # # @return [OpenSSL::ASN1::Integer] def encode_vno @@ -83,28 +93,28 @@ module Rex int end - # Encodes the crealm + # Encodes the crealm field # # @return [OpenSSL::ASN1::GeneralString] def encode_crealm OpenSSL::ASN1::GeneralString.new(crealm) end - # Encodes the cname + # Encodes the cname field # # @return [String] def encode_cname cname.encode end - # Encodes the checksum + # Encodes the checksum field # # @return [String] def encode_checksum checksum.encode end - # Encodes the cusec + # Encodes the cusec field # # @return [OpenSSL::ASN1::Integer] def encode_cusec @@ -121,6 +131,9 @@ module Rex OpenSSL::ASN1::GeneralizedTime.new(ctime) end + # Encodes the subkey field + # + # @return [String] def encode_subkey subkey.encode end diff --git a/lib/rex/proto/kerberos/model/authorization_data.rb b/lib/rex/proto/kerberos/model/authorization_data.rb index 0e4713c2dc..5f2dc5f078 100644 --- a/lib/rex/proto/kerberos/model/authorization_data.rb +++ b/lib/rex/proto/kerberos/model/authorization_data.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a Kerberos AuthorizationData data + # definition. class AuthorizationData < Element include Rex::Proto::Kerberos::Crypto::Rc4Hmac @@ -14,6 +16,9 @@ module Rex # @option [String] :data attr_accessor :elements + # Rex::Proto::Kerberos::Model::AuthorizationData decoding isn't supported + # + # @raise [RuntimeError] def decode(input) raise ::RuntimeError, 'Authorization Data decoding not supported' end diff --git a/lib/rex/proto/kerberos/model/checksum.rb b/lib/rex/proto/kerberos/model/checksum.rb index 0dd28bb612..ddc3ac71e4 100644 --- a/lib/rex/proto/kerberos/model/checksum.rb +++ b/lib/rex/proto/kerberos/model/checksum.rb @@ -4,7 +4,7 @@ module Rex module Proto module Kerberos module Model - # This class provides a representation of a checksum. + # This class provides a representation of a Kerberos Checksum definition. class Checksum < Element # @!attribute type @@ -14,6 +14,9 @@ module Rex # @return [String] The checksum itself attr_accessor :checksum + # Rex::Proto::Kerberos::Model::Checksum decoding isn't supported + # + # @raise [RuntimeError] def decode(input) raise ::RuntimeError, 'Checksum decoding not supported' end @@ -33,7 +36,7 @@ module Rex private - # Encodes the type + # Encodes the type field # # @return [OpenSSL::ASN1::Integer] def encode_type @@ -43,7 +46,7 @@ module Rex int end - # Encodes the checksum + # Encodes the checksum field # # @return [OpenSSL::ASN1::OctetString] def encode_checksum diff --git a/lib/rex/proto/kerberos/model/enc_kdc_response.rb b/lib/rex/proto/kerberos/model/enc_kdc_response.rb index 20f527c24b..b960d48b83 100644 --- a/lib/rex/proto/kerberos/model/enc_kdc_response.rb +++ b/lib/rex/proto/kerberos/model/enc_kdc_response.rb @@ -63,6 +63,9 @@ module Rex self end + # Rex::Proto::Kerberos::Model::EncKdcResponse encoding isn't supported + # + # @raise [RuntimeError] def encode raise ::RuntimeError, 'EncKdcResponse encoding not supported' end diff --git a/lib/rex/proto/kerberos/model/encryption_key.rb b/lib/rex/proto/kerberos/model/encryption_key.rb index 36d127862e..92131ef518 100644 --- a/lib/rex/proto/kerberos/model/encryption_key.rb +++ b/lib/rex/proto/kerberos/model/encryption_key.rb @@ -4,7 +4,8 @@ module Rex module Proto module Kerberos module Model - # This class provides a representation of an Encryption Key + # This class provides a representation of a Kerberos EncryptionKey data + # definition class EncryptionKey < Element # @!attribute key @@ -26,7 +27,7 @@ module Rex when OpenSSL::ASN1::Sequence decode_asn1(input) else - raise ::RuntimeError, 'Failed to decode Encryption Key, invalid input' + raise ::RuntimeError, 'Failed to decode EncryptionKey, invalid input' end self diff --git a/lib/rex/proto/kerberos/model/kdc_request.rb b/lib/rex/proto/kerberos/model/kdc_request.rb index ad871c44bf..54a07a6eaf 100644 --- a/lib/rex/proto/kerberos/model/kdc_request.rb +++ b/lib/rex/proto/kerberos/model/kdc_request.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a Kerberos KDC-REQ (request) data + # definition class KdcRequest < Element # @!attribute pvno # @return [Fixnum] The protocol version number @@ -31,7 +33,7 @@ module Rex when OpenSSL::ASN1::ASN1Data decode_asn1(input) else - raise ::RuntimeError, 'Failed to decode KDC Request, invalid input' + raise ::RuntimeError, 'Failed to decode KdcRequest, invalid input' end self diff --git a/lib/rex/proto/kerberos/model/kdc_request_body.rb b/lib/rex/proto/kerberos/model/kdc_request_body.rb index c67e64e4d9..1b3d34ac23 100644 --- a/lib/rex/proto/kerberos/model/kdc_request_body.rb +++ b/lib/rex/proto/kerberos/model/kdc_request_body.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a Kerberos KDC-REQ-BODY (request body) data + # definition class KdcRequestBody < Element include Rex::Proto::Kerberos::Crypto::RsaMd5 diff --git a/lib/rex/proto/kerberos/model/kdc_response.rb b/lib/rex/proto/kerberos/model/kdc_response.rb index 047163b38c..8d43a9e123 100644 --- a/lib/rex/proto/kerberos/model/kdc_response.rb +++ b/lib/rex/proto/kerberos/model/kdc_response.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a Kerberos KDC-REQ (response) data + # definition class KdcResponse < Element # @!attribute pvno # @return [Fixnum] The protocol version number @@ -42,6 +44,9 @@ module Rex self end + # Rex::Proto::Kerberos::Model::KdcResponse encoding isn't supported + # + # @raise [RuntimeError] def encode raise ::RuntimeError, 'KdcResponse encoding not supported' end diff --git a/lib/rex/proto/kerberos/model/krb_error.rb b/lib/rex/proto/kerberos/model/krb_error.rb index e6b4eb9a0e..d4a58a55dc 100644 --- a/lib/rex/proto/kerberos/model/krb_error.rb +++ b/lib/rex/proto/kerberos/model/krb_error.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a Kerberos KRB-ERROR (response error) + # message definition. class KrbError < Element # @!attribute pvno # @return [Fixnum] The protocol version number @@ -54,12 +56,15 @@ module Rex when OpenSSL::ASN1::ASN1Data decode_asn1(input) else - raise ::RuntimeError, 'Failed to decode KRB Error, invalid input' + raise ::RuntimeError, 'Failed to decode KrbError, invalid input' end self end + # Rex::Proto::Kerberos::Model::KrbError encoding isn't supported + # + # @raise [RuntimeError] def encode raise ::RuntimeError, 'KrbError encoding not supported' end diff --git a/lib/rex/proto/kerberos/model/last_request.rb b/lib/rex/proto/kerberos/model/last_request.rb index ada444177c..adcd01c2f9 100644 --- a/lib/rex/proto/kerberos/model/last_request.rb +++ b/lib/rex/proto/kerberos/model/last_request.rb @@ -32,6 +32,9 @@ module Rex self end + # Rex::Proto::Kerberos::Model::LastRequest encoding isn't supported + # + # @raise [RuntimeError] def encode raise ::RuntimeError, 'LastRequest encoding not supported' end diff --git a/lib/rex/proto/kerberos/model/pre_auth_data.rb b/lib/rex/proto/kerberos/model/pre_auth_data.rb index 4d541febb0..1fa5cc09f7 100644 --- a/lib/rex/proto/kerberos/model/pre_auth_data.rb +++ b/lib/rex/proto/kerberos/model/pre_auth_data.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation for Kerberos pre authenticated + # data class PreAuthData < Element # @!attribute type diff --git a/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb b/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb index c9012d5323..3870a429e9 100644 --- a/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb +++ b/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb @@ -4,7 +4,8 @@ module Rex module Proto module Kerberos module Model - # This class is a representation of a PA-ENC-TIMESTAMP, an encrypted timestamp + # This class is a representation of a PA-ENC-TIMESTAMP, an encrypted timestamp sent + # as pre authenticated data class PreAuthEncTimeStamp < Element include Rex::Proto::Kerberos::Crypto::Rc4Hmac @@ -30,7 +31,7 @@ module Rex when OpenSSL::ASN1::Sequence decode_asn1(input) else - raise ::RuntimeError, 'Failed to decode EncryptedData Name, invalid input' + raise ::RuntimeError, 'Failed to decode PreAuthEncTimeStamp, invalid input' end self diff --git a/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb b/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb index 776682241c..8c89404482 100644 --- a/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb +++ b/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb @@ -4,8 +4,8 @@ module Rex module Proto module Kerberos module Model - # This class is a representation of a KERB-PA-PAC-REQUEST, it explicitly request - # to include or exclude a PAC in the ticket. + # This class is a representation of a KERB-PA-PAC-REQUEST, pre authenticated data to + # explicitly request to include or exclude a PAC in the ticket. class PreAuthPacRequest < Element # @!attribute value @@ -24,7 +24,7 @@ module Rex when OpenSSL::ASN1::Sequence decode_asn1(input) else - raise ::RuntimeError, 'Failed to decode PreAuthData, invalid input' + raise ::RuntimeError, 'Failed to decode PreAuthPacRequest, invalid input' end self diff --git a/lib/rex/proto/kerberos/model/ticket.rb b/lib/rex/proto/kerberos/model/ticket.rb index ef11524ea4..1e40c1d123 100644 --- a/lib/rex/proto/kerberos/model/ticket.rb +++ b/lib/rex/proto/kerberos/model/ticket.rb @@ -4,6 +4,8 @@ module Rex module Proto module Kerberos module Model + # This class provides a representation of a Kerberos ticket that helps + # a client authenticate to a service. class Ticket < Element # @!attribute tkt_vno # @return [Fixnum] The ticket version number @@ -51,7 +53,7 @@ module Rex private - # Encodes the tkt_vno + # Encodes the tkt_vno field # # @return [OpenSSL::ASN1::Integer] def encode_tkt_vno @@ -61,21 +63,21 @@ module Rex int end - # Encodes the realm + # Encodes the realm field # # @return [OpenSSL::ASN1::GeneralString] def encode_realm OpenSSL::ASN1::GeneralString.new(realm) end - # Encodes the sname + # Encodes the sname field # # @return [String] def encode_sname sname.encode end - # Encodes the enc_part + # Encodes the enc_part field # # @return [String] def encode_enc_part