dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

See #3183: Pad the plain text before trying DES on it. 

git-svn-id: file:///home/svn/framework3/trunk@12033 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
Joshua Drake 2011-03-20 08:55:12 +00:00
parent d45b2aaa20
commit 12ea375d25
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/rex/proto/rfb/cipher.rb
View File

@ -44,6 +44,9 @@ class Cipher
def self.encrypt(plain, password)
key = self.mangle_password(password)
# pad the plain to 16 chars
plain << ("\x00" * (16 - plain.length)) if plain.length < 16
# VNC auth does two 8-byte blocks individually instead supporting some block mode
cipher = ''
2.times { |x|
@ -63,6 +66,9 @@ class Cipher
def self.decrypt(cipher, password = "\x17\x52\x6b\x06\x23\x4e\x58\x07")
key = self.mangle_password(password)
# pad the cipher text to 9 bytes
cipher << ("\x00" * (9 - cipher.length)) if cipher.length < 9
# NOTE: This only does one 8 byte block
plain = ''
c = OpenSSL::Cipher::Cipher.new('des')