Module: MetasploitPayloads::Crypto

Defined in:
lib/metasploit-payloads/crypto.rb

Constant Summary collapse

ENCRYPTED_PAYLOAD_HEADER =

Binary String, unsigned char, unsigned char, unsigned char

['msf', CIPHER_VERSION, IV_VERSION, KEY_VERSION].pack('A*CCC').freeze

Class Method Summary collapse

Class Method Details

.decrypt(ciphertext: '') ⇒ Object

Raises:

  • (::ArgumentError) 


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/metasploit-payloads/crypto.rb', line 65

def self.decrypt(ciphertext: '')
  raise ::ArgumentError, 'Unable to decrypt ciphertext: ' << ciphertext, caller unless ciphertext.to_s

  return ciphertext unless ciphertext.start_with?('msf'.b)

  # Use the correct algorithm based on the version in the header
  msf_header, cipher_version, iv_version, key_version = ciphertext.unpack('A3CCC')

  current_cipher = CIPHERS[cipher_version]
  cipher = ::OpenSSL::Cipher.new(current_cipher[:name])
  iv = current_cipher[:ivs][iv_version][:value]
  key = current_cipher[:keys][key_version][:value]

  cipher.decrypt
  cipher.iv = iv
  cipher.key = key

  header = [msf_header, cipher_version, iv_version, key_version].pack('A*CCC').b
  # Remove encrypted header
  ciphertext = ciphertext.sub(header, '')

  output = cipher.update(ciphertext)
  output << cipher.final

  output
end

.encrypt(plaintext: '') ⇒ Object

Raises:

  • (::ArgumentError) 


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/metasploit-payloads/crypto.rb', line 49

def self.encrypt(plaintext: '')
  raise ::ArgumentError, 'Unable to encrypt plaintext: ' << plaintext, caller unless plaintext.to_s

  cipher = ::OpenSSL::Cipher.new(CURRENT_CIPHER[:name])

  cipher.encrypt
  cipher.iv = CURRENT_CIPHER[:ivs][IV_VERSION][:value]
  cipher.key = CURRENT_CIPHER[:keys][KEY_VERSION][:value]

  output = ENCRYPTED_PAYLOAD_HEADER.dup
  output << cipher.update(plaintext)
  output << cipher.final

  output
end