Swap ChaCha20 to AES-256-CBC for at-rest encryption

2025-01-14 17:37:27 +01:00 · 2023-10-24 10:07:07 +01:00 · 2023-10-24 10:07:07 +01:00 · 62c599b2ff
commit 62c599b2ff
parent bf5bc65b88
2 changed files with 14 additions and 2 deletions
--- a/gem/lib/metasploit-payloads/crypto.rb
+++ b/gem/lib/metasploit-payloads/crypto.rb
@ -14,9 +14,21 @@ module MetasploitPayloads
          value: "\x28\x39\x97\x4c\x95\x11\x9d\x42\x6c\x8b\xff\x43\x3e\x5d\x3c\x33\x1b\x95\xd3\xea\xeb\xc9\xae\x71\x0a\x36\xe7\x98\x3d\x9d\x09\x52".b, # 32 bytes
          version: 1
        }
+      },
+      aes_256_cbc: {
+        name: 'aes-256-cbc'.b,
+        version: 2,
+        iv: {
+          value: "\x3c\x09\x85\x95\x19\x09\x10\xff\x76\xf0\x48\xf7\x21\x1a\x5c\x59".b, # 16 bytes
+          version: 1
+        },
+        key: {
+          value: "\x01\x93\x90\xfb\x84\xcd\x70\x16\x90\x1d\xc6\xf4\xf2\xfd\xcf\x59\xc4\x9c\x26\x35\x29\x67\x8c\x2d\x17\xb9\x35\xcb\x7d\xb0\x88\x7a".b, # 32 bytes
+          version: 1
+        }
      }
    }.freeze
-    CURRENT_CIPHER = CIPHERS[:chacha20]
+    CURRENT_CIPHER = CIPHERS[:aes_256_cbc]
    CIPHER_VERSION = CURRENT_CIPHER[:version]
    KEY_VERSION = CURRENT_CIPHER[:key][:version]
    IV_VERSION = CURRENT_CIPHER[:iv][:version]
--- a/gem/spec/metasploit_payloads/crypto_spec.rb
+++ b/gem/spec/metasploit_payloads/crypto_spec.rb
@ -5,7 +5,7 @@ RSpec.describe ::MetasploitPayloads::Crypto do
  describe '#encrypt' do
    let(:encrypted_header) { ::MetasploitPayloads::Crypto::ENCRYPTED_PAYLOAD_HEADER }
    let(:plaintext) { "Hello World!".b }
-    let(:ciphertext) { encrypted_header + "\x89:^r\xC1\xC9\xD9\xA1\xDC\xEB\xBFm".b }
+    let(:ciphertext) { encrypted_header + "F=\xF9\xCB\xF6\xA1\xE4h\x89\x96DD\xC0+\x04\xF1".b }

    it 'can encrypt plaintext' do
      expect(described_class.encrypt(plaintext: plaintext)).to eq ciphertext