Module: Rex::Proto::Kerberos::Crypto::Rc4Hmac

Included in:
Rex::Proto::Kerberos::Crypto
Defined in:
lib/rex/proto/kerberos/crypto/rc4_hmac.rb

Instance Method Summary collapse

Instance Method Details

#decrypt_rc4_hmac(cipher, key, msg_type) ⇒ String

Decrypts the cipher using RC4-HMAC schema

Parameters:

  • cipher (String)

    the data to decrypt

  • key (String)

    the key to decrypt

  • msg_type (Fixnum)

    the message type

Returns:

  • (String)

    the decrypted cipher

Raises:



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/rex/proto/kerberos/crypto/rc4_hmac.rb', line 15

def decrypt_rc4_hmac(cipher, key, msg_type)
  unless cipher && cipher.length > 16
    raise ::RuntimeError, 'RC4-HMAC decryption failed'
  end

  checksum = cipher[0, 16]
  data = cipher[16, cipher.length - 1]

  k1 = OpenSSL::HMAC.digest('MD5', key, [msg_type].pack('V'))
  k3 = OpenSSL::HMAC.digest('MD5', k1, checksum)

  cipher = OpenSSL::Cipher::Cipher.new('rc4')
  cipher.decrypt
  cipher.key = k3
  decrypted = cipher.update(data) + cipher.final

  if OpenSSL::HMAC.digest('MD5', k1, decrypted) != checksum
    raise ::RuntimeError, 'RC4-HMAC decryption failed, incorrect checksum verification'
  end

  decrypted
end

#encrypt_rc4_hmac(data, key, msg_type) ⇒ String

Encrypts the cipher using RC4-HMAC schema

Parameters:

  • data (String)

    the data to encrypt

  • key (String)

    the key to encrypt

  • msg_type (Fixnum)

    the message type

Returns:

  • (String)

    the encrypted data



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/rex/proto/kerberos/crypto/rc4_hmac.rb', line 44

def encrypt_rc4_hmac(data, key, msg_type)
  k1 = OpenSSL::HMAC.digest('MD5', key, [msg_type].pack('V'))

  data_encrypt = Rex::Text::rand_text(8) + data

  checksum = OpenSSL::HMAC.digest('MD5', k1, data_encrypt)

  k3 = OpenSSL::HMAC.digest('MD5', k1, checksum)

  cipher = OpenSSL::Cipher::Cipher.new('rc4')
  cipher.encrypt
  cipher.key = k3
  encrypted = cipher.update(data_encrypt) + cipher.final

  res = checksum + encrypted
  res
end