Module: PWN::Plugins::Vault

Defined in:
lib/pwn/plugins/vault.rb

Overview

Used to encrypt/decrypt configuration files leveraging AES256

Class Method Summary collapse

Class Method Details

.authorsObject

Author(s)

0day Inc. <[email protected]>



235
236
237
238
239
 
# File 'lib/pwn/plugins/vault.rb', line 235

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <[email protected]>
  "
end

.create(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::Vault.create(

file: 'required - encrypted file to create'

)



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/pwn/plugins/vault.rb', line 43

public_class_method def self.create(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)

  cipher = OpenSSL::Cipher.new('aes-256-cbc')
  key = Base64.strict_encode64(cipher.random_key)
  iv = Base64.strict_encode64(cipher.random_iv)

  puts 'Please store the Key && IV in a secure location as they are required for decryption.'
  puts "Key: #{key}"
  puts "IV: #{iv}"

  encrypt(
    file: file,
    key: key,
    iv: iv
  )
rescue StandardError => e
  raise e
end

.decrypt(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::Vault.decrypt(

file: 'required - file to decrypt',
key: 'required - key to decrypt',
iv: 'required - iv to decrypt'

)



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/pwn/plugins/vault.rb', line 70

public_class_method def self.decrypt(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
  key = opts[:key] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Key'
  )

  iv = opts[:iv] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'IV'
  )

  is_encrypted = file_encrypted?(file: file)
  raise 'ERROR: File is not encrypted.' unless is_encrypted

  cipher = OpenSSL::Cipher.new('aes-256-cbc')
  cipher.decrypt
  cipher.key = Base64.strict_decode64(key)
  cipher.iv = Base64.strict_decode64(iv)

  b64_decoded_file_contents = Base64.strict_decode64(File.read(file).chomp)
  plain_text = cipher.update(b64_decoded_file_contents) + cipher.final

  File.write(file, plain_text)
rescue ArgumentError
  raise 'ERROR: Incorrect Key or IV.'
rescue StandardError => e
  raise e
end

.dump(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::Vault.dump(

file: 'required - file to dump',
key: 'required - key to decrypt',
iv: 'required - iv to decrypt',
search: 'optional - search for a specific string'

)



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'lib/pwn/plugins/vault.rb', line 106

def self.dump(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
  key = opts[:key] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Key'
  )

  iv = opts[:iv] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'IV'
  )

  search = opts[:search]

  decrypt(
    file: file,
    key: key,
    iv: iv
  )

  if search
    file_dump =  File.readlines(file).grep(/#{search}/)
  else
    file_dump =  File.read(file)
  end

  encrypt(
    file: file,
    key: key,
    iv: iv
  )

  file_dump
rescue ArgumentError
  raise 'ERROR: Incorrect Key or IV.'
rescue StandardError => e
  raise e
end

.edit(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::Vault.edit(

file: 'required - file to edit',
key: 'required - key to decrypt',
iv: 'required - iv to decrypt'

)



150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/pwn/plugins/vault.rb', line 150

def self.edit(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
  key = opts[:key] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Key'
  )

  iv = opts[:iv] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'IV'
  )

  editor = opts[:editor] ||= '/usr/bin/vim'

  decrypt(
    file: file,
    key: key,
    iv: iv
  )

  raise 'ERROR: Editor not found.' unless File.exist?(editor)

  # Get realtive editor in case aliases are used
  relative_editor = File.basename(editor)
  system(relative_editor, file)

  encrypt(
    file: file,
    key: key,
    iv: iv
  )
rescue ArgumentError
  raise 'ERROR: Incorrect Key or IV.'
rescue StandardError => e
  raise e
end

.encrypt(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::Vault.encrypt(

file: 'required - file to encrypt',
key: 'required - key to decrypt',
iv: 'required - iv to decrypt'

)



192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
 
# File 'lib/pwn/plugins/vault.rb', line 192

public_class_method def self.encrypt(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
  key = opts[:key] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Key'
  )

  iv = opts[:iv] ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'IV'
  )

  cipher = OpenSSL::Cipher.new('aes-256-cbc')
  cipher.encrypt
  cipher.key = Base64.strict_decode64(key)
  cipher.iv = Base64.strict_decode64(iv)

  data = File.read(file)
  encrypted = cipher.update(data) + cipher.final
  encrypted_string = Base64.strict_encode64(encrypted)

  File.write(file, "#{encrypted_string}\n")
rescue StandardError => e
  raise e
end

.file_encrypted?(opts = {}) ⇒ Boolean

Supported Method Parameters

PWN::Plugins::Vault.file_encrypted?(

file: 'required - file to check if encrypted'

)

Returns:

  • (Boolean) 


220
221
222
223
224
225
226
227
228
229
230
231
 
# File 'lib/pwn/plugins/vault.rb', line 220

public_class_method def self.file_encrypted?(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)

  raise 'ERROR: File does not exist.' unless File.exist?(file)

  file_contents = File.read(file).chomp
  file_contents.is_a?(String) && Base64.strict_encode64(Base64.strict_decode64(file_contents)) == file_contents
rescue ArgumentError
  false
rescue StandardError => e
  raise e
end

.helpObject

Display Usage for this Module



243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
 
# File 'lib/pwn/plugins/vault.rb', line 243

public_class_method def self.help
  puts "USAGE:
    #{self}.refresh_encryption_secrets(
      file: 'required - file to encrypt with new key and iv',
      key: 'required - key to decrypt',
      iv: 'required - iv to decrypt'
    )

    #{self}.create(
      file: 'required - file to encrypt'
    )

    #{self}.decrypt(
      file: 'required - file to decrypt',
      key: 'required - key to decrypt',
      iv: 'required - iv to decrypt'
    )

    #{self}.dump(
      file: 'required - file to dump',
      key: 'required - key to decrypt',
      iv: 'required - iv to decrypt',
  #   search: 'optional - search for a specific string'
    )

    #{self}.edit(
      file: 'required - file to edit',
      key: 'required - key to decrypt',
      iv: 'required - iv to decrypt'
    )

    #{self}.encrypt(
      file: 'required - file to encrypt',
      key: 'required - key to decrypt',
      iv: 'required - iv to decrypt'
    )

    #{self}.file_encrypted?(
      file: 'required - file to check if encrypted'
    )

    #{self}.authors
  "
end

.refresh_encryption_secrets(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::Vault.refresh_encryption_secrets(

file: 'required - file to encrypt with new key and iv',
key: 'required - key to decrypt',
iv: 'required - iv to decrypt'

)



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/pwn/plugins/vault.rb', line 18

def self.refresh_encryption_secrets(opts = {})
  file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
  key = opts[:key]
  iv = opts[:iv]

  decrypt(
    file: file,
    key: key,
    iv: iv
  )

  create(
    file: file
  )
rescue ArgumentError
  raise 'ERROR: Incorrect Key or IV.'
rescue StandardError => e
  raise e
end