CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/rex/parser/net_sarang.rb
Views: 1904
1module Rex2module Parser3module NetSarang4# @author Kali-Team5class NetSarangCrypto6attr_accessor :version7attr_accessor :username8attr_accessor :sid9attr_accessor :master_password10attr_accessor :key1112# This class implements encryption and decryption of NetSarang13#14# @param type [String] only Xshell or Xftp.15# @param version [String] Specify version of session file. e.g.:5.316# @param username [String] Specify username. This parameter will be used if version > 5.2.17# @param sid [String] Specify SID. This parameter will be used if version >= 5.1.18# @option master_password [String] Specify user's master password.19#20# @return [Rex::Parser::NetSarang::NetSarangCrypto] The NetSarangCrypto object21def initialize(type, version, username, sid, master_password = nil)22self.version = version.to_f23self.username = username24self.sid = sid25self.master_password = master_password26md5 = OpenSSL::Digest.new('MD5')27sha256 = OpenSSL::Digest.new('SHA256')28if (self.version > 0) && (self.version < 5.1)29self.key = (type == 'Xshell') ? md5.digest('!X@s#h$e%l^l&') : md5.digest('!X@s#c$e%l^l&')30elsif (self.version >= 5.1) && (self.version <= 5.2)31self.key = sha256.digest(self.sid)32elsif (self.version > 5.2)33if self.master_password.nil?34self.key = sha256.digest(self.username + self.sid)35else36self.key = sha256.digest(self.master_password)37end38else39raise 'Invalid argument: version'40end41end4243# Encrypt44#45# @param string [String]46# @return [String] ciphertext47def encrypt_string(string)48cipher = Rex::Crypto.rc4(key, string)49if (version < 5.1)50return Rex::Text.encode_base64(cipher)51else52sha256 = OpenSSL::Digest.new('SHA256')53checksum = sha256.digest(string)54ciphertext = cipher55return Rex::Text.encode_base64(ciphertext + checksum)56end57end5859# Decrypt60#61# @param string [String]62# @return [String] plaintext failed return nil63def decrypt_string(string)64if (version < 5.1)65return Rex::Crypto.rc4(key, Rex::Text.decode_base64(string))66else67data = Rex::Text.decode_base64(string)68ciphertext = data[0, data.length - 0x20]69plaintext = Rex::Crypto.rc4(key, ciphertext)70if plaintext.is_utf8?71return plaintext72else73return nil74end75end76end77end7879# Parse xsh session file provided as a string.80#81# @param input [String] XSH Session file as a string82# @return [Array] An array containing the version, host,83# port, username, and password obtained from the XSH session file.84def parser_xsh(input)85ini = Rex::Parser::Ini.from_s(input)86version = ini['SessionInfo']['Version']87port = ini['CONNECTION']['Port']88host = ini['CONNECTION']['Host']89username = ini['CONNECTION:AUTHENTICATION']['UserName']90password = ini['CONNECTION:AUTHENTICATION']['Password'] || nil91[version, host, port, username, password]92end9394# parser xfp session file95#96# @param ini [String]97# @return [version, host, port, username, password]98def parser_xfp(file)99ini = Rex::Parser::Ini.from_s(file)100version = ini['SessionInfo']['Version']101port = ini['Connection']['Port']102host = ini['Connection']['Host']103username = ini['Connection']['UserName']104password = ini['Connection']['Password']105[version, host, port, username, password]106end107end108end109end110111112