github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-02-16 00:24:29 +01:00
Code Releases Activity

remove base64 code

Browse Source
This commit is contained in:
Tim W 2020-06-11 12:03:19 +08:00 committed by OJ
parent 07c6a06487
commit a4a960ede8
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
3 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java
View File

@ -70,7 +70,7 @@ public interface TLVType {
public static final int TLV_TYPE_SESSION_GUID = TLVPacket.TLV_META_TYPE_RAW | 462;
// TLV Encryption
public static final int TLV_TYPE_RSA_PUB_KEY = TLVPacket.TLV_META_TYPE_STRING | 550;
public static final int TLV_TYPE_RSA_PUB_KEY = TLVPacket.TLV_META_TYPE_RAW | 550;
public static final int TLV_TYPE_SYM_KEY_TYPE = TLVPacket.TLV_META_TYPE_UINT | 551;
public static final int TLV_TYPE_SYM_KEY = TLVPacket.TLV_META_TYPE_RAW | 552;
public static final int TLV_TYPE_ENC_SYM_KEY = TLVPacket.TLV_META_TYPE_RAW | 553;

5
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Transport.java
View File

@ -19,6 +19,8 @@ public abstract class Transport {
public static final int ENC_NONE = 0;
public static final int ENC_AES256 = 1;
private static final SecureRandom sr = new SecureRandom();
private Transport prev;
private Transport next;
private Meterpreter meterpreter;
@ -134,14 +136,13 @@ public abstract class Transport {
}
protected byte[] aesEncrypt(byte[] data) throws Exception {
SecureRandom sr = new SecureRandom();
byte[] iv = new byte[16];
sr.nextBytes(iv);
byte[] encrypted = null;
IvParameterSpec ivSpec = new IvParameterSpec(iv);
SecretKeySpec keySpec = new SecretKeySpec(this.aesKey, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
synchronized(cipher) {
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
encrypted = cipher.doFinal(data);

19
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/core_negotiate_tlv_encryption.java
View File

@ -17,16 +17,16 @@ import com.metasploit.meterpreter.command.Command;
public class core_negotiate_tlv_encryption implements Command {
public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
String pem = request.getStringValue(TLVType.TLV_TYPE_RSA_PUB_KEY);
private static final SecureRandom sr = new SecureRandom();
SecureRandom sr = new SecureRandom();
public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
byte[] der = request.getRawValue(TLVType.TLV_TYPE_RSA_PUB_KEY);
byte[] aesKey = new byte[32];
sr.nextBytes(aesKey);
try
{
PublicKey pubKey = getPublicKey(pem);
PublicKey pubKey = getPublicKey(der);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
response.add(TLVType.TLV_TYPE_ENC_SYM_KEY, cipher.doFinal(aesKey));
@ -42,17 +42,6 @@ public class core_negotiate_tlv_encryption implements Command {
return ERROR_SUCCESS;
}
private PublicKey getPublicKey(String pem) {
String[] lines = pem.trim().split("\n", -1);
String b64 = "";
for (int i = 1; i < lines.length - 1; ++i) {
b64 = String.join("", b64, lines[i]);
}
return getPublicKey(DatatypeConverter.parseBase64Binary(b64));
}
// This is here for when we move over to using DER instead of PEM
private PublicKey getPublicKey(byte[] der) {
try