From 422ecd8d3f466d3282c78149192cd045c6b5690a Mon Sep 17 00:00:00 2001 From: Christophe De La Fuente Date: Fri, 8 Nov 2024 11:04:17 +0100 Subject: [PATCH 1/5] Remove setting version for CSR --- lib/msf/core/exploit/remote/ms_icpr.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/msf/core/exploit/remote/ms_icpr.rb b/lib/msf/core/exploit/remote/ms_icpr.rb index 4510c54d94c0..0a0105fb6890 100644 --- a/lib/msf/core/exploit/remote/ms_icpr.rb +++ b/lib/msf/core/exploit/remote/ms_icpr.rb @@ -256,7 +256,6 @@ def do_request_cert(icpr, opts) # @return [OpenSSL::X509::Request] The request object. def build_csr(cn:, private_key:, dns: nil, msext_sid: nil, msext_upn: nil, algorithm: 'SHA256', application_policies: []) request = OpenSSL::X509::Request.new - request.version = 1 request.subject = OpenSSL::X509::Name.new([ ['CN', cn, OpenSSL::ASN1::UTF8STRING] ]) From 35bb832b7c3f6cb54e57c2b91f930a617557418d Mon Sep 17 00:00:00 2001 From: Christophe De La Fuente Date: Tue, 12 Nov 2024 12:31:52 +0100 Subject: [PATCH 2/5] Add `create_csr` helper under `Rex::Proto` Also update `ms_icpr.rb` to use it --- lib/msf/core/exploit/remote/ms_icpr.rb | 68 ++++++++++++-------------- lib/rex/proto/x509/request.rb | 18 +++++++ 2 files changed, 49 insertions(+), 37 deletions(-) create mode 100644 lib/rex/proto/x509/request.rb diff --git a/lib/msf/core/exploit/remote/ms_icpr.rb b/lib/msf/core/exploit/remote/ms_icpr.rb index 0a0105fb6890..e4e9ec197492 100644 --- a/lib/msf/core/exploit/remote/ms_icpr.rb +++ b/lib/msf/core/exploit/remote/ms_icpr.rb @@ -6,6 +6,7 @@ # -*- coding: binary -*- require 'windows_error/h_result' +require 'rex/proto/x509/request' module Msf @@ -255,47 +256,40 @@ def do_request_cert(icpr, opts) # @param [Array] application_policies OIDs to add as application policies. # @return [OpenSSL::X509::Request] The request object. def build_csr(cn:, private_key:, dns: nil, msext_sid: nil, msext_upn: nil, algorithm: 'SHA256', application_policies: []) - request = OpenSSL::X509::Request.new - request.subject = OpenSSL::X509::Name.new([ - ['CN', cn, OpenSSL::ASN1::UTF8STRING] - ]) - request.public_key = private_key.public_key - - extensions = [] - - subject_alt_names = [] - subject_alt_names << "DNS:#{dns}" if dns - subject_alt_names << "otherName:#{OID_NT_PRINCIPAL_NAME};UTF8:#{msext_upn}" if msext_upn - unless subject_alt_names.empty? - extensions << OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', subject_alt_names.join(','), false) - end - - if msext_sid - ntds_ca_security_ext = Rex::Proto::CryptoAsn1::NtdsCaSecurityExt.new(OtherName: { - type_id: OID_NTDS_OBJECTSID, - value: msext_sid - }) - extensions << OpenSSL::X509::Extension.new(OID_NTDS_CA_SECURITY_EXT, ntds_ca_security_ext.to_der, false) - end + Rex::Proto::X509::Request.create_csr(private_key, cn) do |request| + extensions = [] + + subject_alt_names = [] + subject_alt_names << "DNS:#{dns}" if dns + subject_alt_names << "otherName:#{OID_NT_PRINCIPAL_NAME};UTF8:#{msext_upn}" if msext_upn + unless subject_alt_names.empty? + extensions << OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', subject_alt_names.join(','), false) + end - unless application_policies.blank? - application_cert_policies = Rex::Proto::CryptoAsn1::X509::CertificatePolicies.new( - certificatePolicies: application_policies.map { |policy_oid| Rex::Proto::CryptoAsn1::X509::PolicyInformation.new(policyIdentifier: policy_oid) } - ) - extensions << OpenSSL::X509::Extension.new(OID_APPLICATION_CERT_POLICIES, application_cert_policies.to_der, false) - end + if msext_sid + ntds_ca_security_ext = Rex::Proto::CryptoAsn1::NtdsCaSecurityExt.new(OtherName: { + type_id: OID_NTDS_OBJECTSID, + value: msext_sid + }) + extensions << OpenSSL::X509::Extension.new(OID_NTDS_CA_SECURITY_EXT, ntds_ca_security_ext.to_der, false) + end - unless extensions.empty? - request.add_attribute(OpenSSL::X509::Attribute.new( - 'extReq', - OpenSSL::ASN1::Set.new( - [OpenSSL::ASN1::Sequence.new(extensions)] + unless application_policies.blank? + application_cert_policies = Rex::Proto::CryptoAsn1::X509::CertificatePolicies.new( + certificatePolicies: application_policies.map { |policy_oid| Rex::Proto::CryptoAsn1::X509::PolicyInformation.new(policyIdentifier: policy_oid) } ) - )) - end + extensions << OpenSSL::X509::Extension.new(OID_APPLICATION_CERT_POLICIES, application_cert_policies.to_der, false) + end - request.sign(private_key, OpenSSL::Digest.new(algorithm)) - request + unless extensions.empty? + request.add_attribute(OpenSSL::X509::Attribute.new( + 'extReq', + OpenSSL::ASN1::Set.new( + [OpenSSL::ASN1::Sequence.new(extensions)] + ) + )) + end + end end # Make a certificate request on behalf of another user. diff --git a/lib/rex/proto/x509/request.rb b/lib/rex/proto/x509/request.rb new file mode 100644 index 000000000000..532fe66de9c1 --- /dev/null +++ b/lib/rex/proto/x509/request.rb @@ -0,0 +1,18 @@ +module Rex::Proto::X509 + + class Request + def self.create_csr(private_key, cn) + request = OpenSSL::X509::Request.new + request.subject = OpenSSL::X509::Name.new([ + ['CN', cn, OpenSSL::ASN1::UTF8STRING] + ]) + request.public_key = private_key.public_key + + yield request if block_given? + + request.sign(private_key, OpenSSL::Digest.new('SHA256')) + request + end + end + +end From 24e19e4ebb93aba93751bdf67c11bd54e79a13da Mon Sep 17 00:00:00 2001 From: Christophe De La Fuente Date: Tue, 12 Nov 2024 18:23:31 +0100 Subject: [PATCH 3/5] Update the ESC8 relay module to use the new helper It also fixes some unrelated minor issues found in the module and the documentation --- documentation/modules/auxiliary/server/relay/esc8.md | 2 +- lib/msf/core/exploit/remote/smb/relay_server.rb | 10 +++++----- modules/auxiliary/server/relay/esc8.rb | 8 +------- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/documentation/modules/auxiliary/server/relay/esc8.md b/documentation/modules/auxiliary/server/relay/esc8.md index 5ee71457d47c..16d7c1b5c6e3 100644 --- a/documentation/modules/auxiliary/server/relay/esc8.md +++ b/documentation/modules/auxiliary/server/relay/esc8.md @@ -10,7 +10,7 @@ on a given template. * See https://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/overview.html#setting-up-a-esc8-vulnerable-host 2. Start `msfconsole` 2. Do: `use auxiliary/server/relay/esc8` -3. Set the `RANDOMIZE_TARGETS` option to the AD CS Web Enrollment server +3. Set the `RELAY_TARGETS` option to the AD CS Web Enrollment server 4. Run the module and wait for a request to be relayed ## Options diff --git a/lib/msf/core/exploit/remote/smb/relay_server.rb b/lib/msf/core/exploit/remote/smb/relay_server.rb index e596fb399f58..d8610f062709 100644 --- a/lib/msf/core/exploit/remote/smb/relay_server.rb +++ b/lib/msf/core/exploit/remote/smb/relay_server.rb @@ -21,11 +21,11 @@ def initialize(info = {}) end def smb_logger - if datastore['VERBOSE'] - log_device = Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Module.new(self) - else - Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Framework.new(framework) - end + log_device = if datastore['VERBOSE'] + Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Module.new(self) + else + Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Framework.new(framework) + end Msf::Exploit::Remote::SMB::LogAdapter::Logger.new(self, log_device) end diff --git a/modules/auxiliary/server/relay/esc8.rb b/modules/auxiliary/server/relay/esc8.rb index efc7dc96a8d5..fba637977a53 100644 --- a/modules/auxiliary/server/relay/esc8.rb +++ b/modules/auxiliary/server/relay/esc8.rb @@ -128,13 +128,7 @@ def on_relay_success(relay_connection:, relay_identity:) def create_csr(private_key, cert_template) vprint_status('Generating CSR...') - request = OpenSSL::X509::Request.new - request.version = 1 - request.subject = OpenSSL::X509::Name.new([ - ['CN', cert_template, OpenSSL::ASN1::UTF8STRING] - ]) - request.public_key = private_key.public_key - request.sign(private_key, OpenSSL::Digest.new('SHA256')) + request = Rex::Proto::X509::Request.create_csr(private_key, cert_template) vprint_status('CSR Generated') request end From 7bab1c1980719ebffbe0ad6d4819741af9b36a54 Mon Sep 17 00:00:00 2001 From: Christophe De La Fuente Date: Mon, 18 Nov 2024 17:17:58 +0100 Subject: [PATCH 4/5] Fix specs and add `algorithm` argument --- lib/msf/core/exploit/remote/ms_icpr.rb | 4 +- lib/rex/proto/x509/request.rb | 4 +- .../msf/core/exploit/remote/ms_icpr_spec.rb | 80 +++++++++---------- 3 files changed, 44 insertions(+), 44 deletions(-) diff --git a/lib/msf/core/exploit/remote/ms_icpr.rb b/lib/msf/core/exploit/remote/ms_icpr.rb index e4e9ec197492..925baa796dd0 100644 --- a/lib/msf/core/exploit/remote/ms_icpr.rb +++ b/lib/msf/core/exploit/remote/ms_icpr.rb @@ -5,7 +5,7 @@ # # -*- coding: binary -*- -require 'windows_error/h_result' +require 'windows_error' require 'rex/proto/x509/request' module Msf @@ -256,7 +256,7 @@ def do_request_cert(icpr, opts) # @param [Array] application_policies OIDs to add as application policies. # @return [OpenSSL::X509::Request] The request object. def build_csr(cn:, private_key:, dns: nil, msext_sid: nil, msext_upn: nil, algorithm: 'SHA256', application_policies: []) - Rex::Proto::X509::Request.create_csr(private_key, cn) do |request| + Rex::Proto::X509::Request.create_csr(private_key, cn, algorithm) do |request| extensions = [] subject_alt_names = [] diff --git a/lib/rex/proto/x509/request.rb b/lib/rex/proto/x509/request.rb index 532fe66de9c1..7cb723f0fb1d 100644 --- a/lib/rex/proto/x509/request.rb +++ b/lib/rex/proto/x509/request.rb @@ -1,7 +1,7 @@ module Rex::Proto::X509 class Request - def self.create_csr(private_key, cn) + def self.create_csr(private_key, cn, algorithm = 'SHA256') request = OpenSSL::X509::Request.new request.subject = OpenSSL::X509::Name.new([ ['CN', cn, OpenSSL::ASN1::UTF8STRING] @@ -10,7 +10,7 @@ def self.create_csr(private_key, cn) yield request if block_given? - request.sign(private_key, OpenSSL::Digest.new('SHA256')) + request.sign(private_key, OpenSSL::Digest.new(algorithm)) request end end diff --git a/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb b/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb index be38cdab5510..1fe9316ff647 100644 --- a/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb +++ b/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb @@ -90,19 +90,19 @@ let(:x509_csr) do OpenSSL::X509::Request.new(<<~REQUEST) -----BEGIN CERTIFICATE REQUEST----- - MIICVzCCAT8CAQEwEjEQMA4GA1UEAwwHYWxpZGRsZTCCASIwDQYJKoZIhvcNAQEB + MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHYWxpZGRsZTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAOM9IWt1689iwxky54DCtKqnJhssaW9dED2PbHsP+BRV kjs7TWPoKkxZne9vGS0v/r1jdVEjZYa7+8tpogm2a12PIlIwItl5t+Doqm87U7tT mAApjDKTT69vwo3KlTNhP9v7IhyubKIWOfgjDBTYEOT51YusnWtuDSWXUY7rCinU DMx7SBvvIydHgvirQTZNp3yECQvquGbAlmBuqfUDh7LL7hcF4iDfpIOMhkF3fgIT uqC3+9/iZ+l4q3dUmYQi2GdfkAQzznR83qdvBWAli3POljosQahTc3GJ1GEHMbuL BCbk+gdzoEM3K2fAGxIVarYWWWaTuxLqNn4gHvB0HecCAwEAAaAAMA0GCSqGSIb3 - DQEBCwUAA4IBAQBDi5bcG7sRB5rZFM7xdcM2xMVPMLW4nXaOovnDll3w439zOGdv - oesl2VxdJD0K1VcjDbS40/usV9+Pt3BJmJjePS/Mj8pBk+GpW2HiZ7VAhvxTb9rx - AiZjNMAzmgl3y4w4gaxV/CuNvKyfdBxGFvqEWqcDfESlttkwDm1ufVgx6T2SGrgc - 91W+/dmaSC+DCm8VCREzzJkD3APE5GRQCLUHiZOTJHEG6s3Gb25SOSVXIpEhWSEA - k5gUxxekO0L6th8aGqwGMtHqKU6AG1PfjgqRb/7dfv+0SoV1CXb7xUuPpDVW5i1F - pVvzc/YjfJ1N/B30y1zAKopstzerGN0fyIdg + DQEBCwUAA4IBAQAyU7goEqpmHfulRkaMAtna+7mpVdUsuGXidsP2AFyDmiBOUtR/ + gQoXeTwWQ62vKSmD0+gSnxDbokq4T8hif/cR8WZ1jZQXE0JR9FPI/qGs/6D5e56S + b7W3buC6UuON58pJmtrX7PtNUGg0FOn6jGB1jwEHtc+4sel24j7VMfzt3nuY/KTD + abGLQioi9iaVEbJ6pKmBaHGcEswFiqGBGWI1zrSVIYyNy67SK3/P3RWyHHNJeS2a + x7RMqHkWOXXjxqbM68i6tCL+2NstTzXI6mQkXWkOXU8d39wn/MqLyPdY0ZM7Lv/y + i506vK8iofDDYoHxz8YwaPU1DOCfu+T83nPg -----END CERTIFICATE REQUEST----- REQUEST end @@ -113,7 +113,7 @@ "\x62\x30\x82\x0b\x5e\x02\x01\x03\x31\x0d\x30\x0b\x06\x09\x60\x86\x48\x01" \ "\x65\x03\x04\x02\x01\x30\x82\x02\x6c\x06\x07\x2b\x06\x01\x05\x02\x03\x01" \ "\xa0\x82\x02\x5f\x04\x82\x02\x5b\x30\x82\x02\x57\x30\x82\x01\x3f\x02\x01" \ - "\x01\x30\x12\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x0c\x07\x61\x6c\x69\x64" \ + "\x00\x30\x12\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x0c\x07\x61\x6c\x69\x64" \ "\x64\x6c\x65\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01" \ "\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00" \ "\xe3\x3d\x21\x6b\x75\xeb\xcf\x62\xc3\x19\x32\xe7\x80\xc2\xb4\xaa\xa7\x26" \ @@ -131,21 +131,21 @@ "\x71\x89\xd4\x61\x07\x31\xbb\x8b\x04\x26\xe4\xfa\x07\x73\xa0\x43\x37\x2b" \ "\x67\xc0\x1b\x12\x15\x6a\xb6\x16\x59\x66\x93\xbb\x12\xea\x36\x7e\x20\x1e" \ "\xf0\x74\x1d\xe7\x02\x03\x01\x00\x01\xa0\x00\x30\x0d\x06\x09\x2a\x86\x48" \ - "\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x43\x8b\x96\xdc\x1b" \ - "\xbb\x11\x07\x9a\xd9\x14\xce\xf1\x75\xc3\x36\xc4\xc5\x4f\x30\xb5\xb8\x9d" \ - "\x76\x8e\xa2\xf9\xc3\x96\x5d\xf0\xe3\x7f\x73\x38\x67\x6f\xa1\xeb\x25\xd9" \ - "\x5c\x5d\x24\x3d\x0a\xd5\x57\x23\x0d\xb4\xb8\xd3\xfb\xac\x57\xdf\x8f\xb7" \ - "\x70\x49\x98\x98\xde\x3d\x2f\xcc\x8f\xca\x41\x93\xe1\xa9\x5b\x61\xe2\x67" \ - "\xb5\x40\x86\xfc\x53\x6f\xda\xf1\x02\x26\x63\x34\xc0\x33\x9a\x09\x77\xcb" \ - "\x8c\x38\x81\xac\x55\xfc\x2b\x8d\xbc\xac\x9f\x74\x1c\x46\x16\xfa\x84\x5a" \ - "\xa7\x03\x7c\x44\xa5\xb6\xd9\x30\x0e\x6d\x6e\x7d\x58\x31\xe9\x3d\x92\x1a" \ - "\xb8\x1c\xf7\x55\xbe\xfd\xd9\x9a\x48\x2f\x83\x0a\x6f\x15\x09\x11\x33\xcc" \ - "\x99\x03\xdc\x03\xc4\xe4\x64\x50\x08\xb5\x07\x89\x93\x93\x24\x71\x06\xea" \ - "\xcd\xc6\x6f\x6e\x52\x39\x25\x57\x22\x91\x21\x59\x21\x00\x93\x98\x14\xc7" \ - "\x17\xa4\x3b\x42\xfa\xb6\x1f\x1a\x1a\xac\x06\x32\xd1\xea\x29\x4e\x80\x1b" \ - "\x53\xdf\x8e\x0a\x91\x6f\xfe\xdd\x7e\xff\xb4\x4a\x85\x75\x09\x76\xfb\xc5" \ - "\x4b\x8f\xa4\x35\x56\xe6\x2d\x45\xa5\x5b\xf3\x73\xf6\x23\x7c\x9d\x4d\xfc" \ - "\x1d\xf4\xcb\x5c\xc0\x2a\x8a\x6c\xb7\x37\xab\x18\xdd\x1f\xc8\x87\x60\xa0" \ + "\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x32\x53\xb8\x28\x12" \ + "\xaa\x66\x1d\xfb\xa5\x46\x46\x8c\x02\xd9\xda\xfb\xb9\xa9\x55\xd5\x2c\xb8" \ + "\x65\xe2\x76\xc3\xf6\x00\x5c\x83\x9a\x20\x4e\x52\xd4\x7f\x81\x0a\x17\x79" \ + "\x3c\x16\x43\xad\xaf\x29\x29\x83\xd3\xe8\x12\x9f\x10\xdb\xa2\x4a\xb8\x4f" \ + "\xc8\x62\x7f\xf7\x11\xf1\x66\x75\x8d\x94\x17\x13\x42\x51\xf4\x53\xc8\xfe" \ + "\xa1\xac\xff\xa0\xf9\x7b\x9e\x92\x6f\xb5\xb7\x6e\xe0\xba\x52\xe3\x8d\xe7" \ + "\xca\x49\x9a\xda\xd7\xec\xfb\x4d\x50\x68\x34\x14\xe9\xfa\x8c\x60\x75\x8f" \ + "\x01\x07\xb5\xcf\xb8\xb1\xe9\x76\xe2\x3e\xd5\x31\xfc\xed\xde\x7b\x98\xfc" \ + "\xa4\xc3\x69\xb1\x8b\x42\x2a\x22\xf6\x26\x95\x11\xb2\x7a\xa4\xa9\x81\x68" \ + "\x71\x9c\x12\xcc\x05\x8a\xa1\x81\x19\x62\x35\xce\xb4\x95\x21\x8c\x8d\xcb" \ + "\xae\xd2\x2b\x7f\xcf\xdd\x15\xb2\x1c\x73\x49\x79\x2d\x9a\xc7\xb4\x4c\xa8" \ + "\x79\x16\x39\x75\xe3\xc6\xa6\xcc\xeb\xc8\xba\xb4\x22\xfe\xd8\xdb\x2d\x4f" \ + "\x35\xc8\xea\x64\x24\x5d\x69\x0e\x5d\x4f\x1d\xdf\xdc\x27\xfc\xca\x8b\xc8" \ + "\xf7\x58\xd1\x93\x3b\x2e\xff\xf2\x8b\x9d\x3a\xbc\xaf\x22\xa1\xf0\xc3\x62" \ + "\x81\xf1\xcf\xc6\x30\x68\xf5\x35\x0c\xe0\x9f\xbb\xe4\xfc\xde\x73\xe0\xa0" \ "\x82\x06\xcc\x30\x82\x06\xc8\x30\x82\x05\xb0\xa0\x03\x02\x01\x02\x02\x13" \ "\x10\x00\x00\x00\x43\x92\xab\x33\x25\xbd\xb1\xc3\x32\x00\x00\x00\x00\x00" \ "\x43\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x46" \ @@ -255,23 +255,23 @@ "\x6d\x00\x65\x1e\x20\x00\x4d\x00\x53\x00\x46\x00\x4c\x00\x41\x00\x42\x00" \ "\x5c\x00\x73\x00\x6d\x00\x63\x00\x69\x00\x6e\x00\x74\x00\x79\x00\x72\x00" \ "\x65\x30\x2f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x04\x31\x22\x04\x20" \ - "\xef\xf1\x08\x75\x09\x03\xad\x18\x44\x47\x2e\x2c\xbd\x14\x15\x3f\xd1\xe3" \ - "\x3e\xee\x28\x0f\x42\x8d\xe4\x4b\xc6\x08\xc3\x95\x71\xa3\x30\x0b\x06\x09" \ - "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x04\x82\x01\x00\x46\x06\xd6\x18\x92" \ - "\x5b\xb3\x89\xa4\x19\x44\x55\x1f\xcf\x55\x2e\xb7\xfe\x28\xf4\x6f\xfd\x97" \ - "\xd2\x01\xac\xcd\x15\x8d\x1a\x8f\xac\x26\x5c\xa3\xd3\x7d\xb0\xc3\x36\x47" \ - "\xff\x4d\x5a\x98\x4f\x17\x43\x70\x60\xf1\x69\x44\xfa\x27\x61\x71\x2a\xe5" \ - "\xa8\x8a\x98\x0d\x34\x4d\x22\x23\x10\xde\x43\x60\xf5\x3f\x7b\x3a\x72\xe4" \ - "\xf7\x69\x29\xe0\xaa\x9e\xff\x28\x18\x8c\x61\xb2\xe1\x41\x7a\x69\x92\x47" \ - "\xac\x2e\xe7\x92\x26\xd8\x54\x91\xae\x54\xaa\x8e\xc0\x06\x0d\x4b\x51\xfe" \ - "\xbe\x92\x40\x07\x11\x6e\x2b\xe0\xb8\xc0\xab\xfe\x52\x90\x3a\x28\xec\xa9" \ - "\xb1\x9a\xf2\xce\x43\x04\xf8\xea\x14\x2d\x54\xe4\x21\x23\x2e\x2a\xf0\x13" \ - "\xcd\xd7\x3c\xf5\xba\x76\x3c\x1a\xf4\x7c\xc7\x22\x34\xff\x84\x79\xb0\x32" \ - "\xe9\x04\xb7\x22\x92\x3f\x3a\x3d\x12\x47\xce\xe3\x9e\x4f\xd4\x5b\x83\xd9" \ - "\xc1\x20\x20\x04\x22\xed\xb5\x59\x43\x1c\xa9\xab\x0f\xb1\xb0\x9f\x05\x1c" \ - "\x88\x88\x98\xb9\x97\x53\x1e\xa4\xe3\xfd\x58\x92\x09\xe7\xcc\x83\xbf\x5f" \ - "\xc2\xb3\x08\x33\x96\x41\x75\x46\x35\x55\x0a\x34\x2e\xd8\x0b\x76\x2f\xf2" \ - "\xba\xf0\x21\x25\xc3\x73\x52\x5b\x8b\x51\xe8\x03\xb3\x78\x70\xc5\xf5" + "\x3f\x40\x73\xc1\x9c\x54\xeb\xbd\x4d\x4f\xab\x27\xfb\x8b\x65\x1a\x2c\x51" \ + "\x24\xf9\x97\x05\x91\x04\xaa\xf7\xbc\x6d\xfd\x07\x4d\x70\x30\x0b\x06\x09" \ + "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x04\x82\x01\x00\x78\x74\xf7\xee\xef" \ + "\x89\x2f\x02\x77\xb9\xde\x87\x07\x3a\x58\x1d\x2d\xc0\xb0\x55\x33\x40\xf1" \ + "\x6f\xb6\x28\xd6\x44\xf1\xfa\x4f\xf6\x99\xe1\xdc\xb2\x2e\x49\x5b\x36\xa7" \ + "\xee\x6f\x82\x67\x27\x43\xd5\x99\x57\xc2\x83\x09\x29\xd2\xb3\x86\x9e\x6f" \ + "\x75\x78\xdb\xe3\xeb\x33\x65\xce\x7c\xd4\x8f\x65\x73\xa7\x82\xe4\x5e\x50" \ + "\xd3\xe8\x76\xd2\x43\x96\xeb\xe5\x3a\xd1\x03\x2e\xa0\x61\xd7\xf2\x6b\x9e" \ + "\x0b\x24\x11\x2a\x25\x4d\x68\x5e\x86\x9c\x9b\xe4\xaa\x6c\x5c\x5c\xfe\x54" \ + "\x26\x85\xd8\xcc\x0f\xdd\x69\x0f\xf6\xc3\x0b\x7c\xca\x23\xeb\x99\x8c\xc1" \ + "\x69\x80\x69\xd2\x14\x1b\x1b\x99\xde\x25\x59\x12\x8d\xb4\xc0\x01\x56\x32" \ + "\x91\x76\x8f\x8b\xd4\x29\x2f\x74\x3e\xca\xe0\xd1\xe8\x68\xde\x9d\x1e\x15" \ + "\xd9\x07\x41\x82\x14\x2a\xe9\x5c\x03\x81\x80\x04\xf1\x5b\xa5\xea\x21\x72" \ + "\x9d\x98\xa0\x23\x46\x25\xb7\x68\x7d\xc2\x58\x80\xfb\x1c\xbb\x76\xba\x76" \ + "\x3a\xba\x1c\xd8\x0f\xbf\x21\x36\xce\x03\x94\x8c\x13\xbd\xc7\x87\x42\x06" \ + "\x1c\x2b\xc8\x53\xd1\xa7\xba\xea\xfa\xbc\xba\x8e\xd8\x6f\x1c\x34\x28\x8b" \ + "\x87\x0d\xbf\x30\x87\xc1\x6e\xcc\x15\xb5\xd7\x2d\xe4\xe6\xa6\xaa\xe6" ) end From 519c18a8588beaee4a6175abfb7cd0f9c50d201b Mon Sep 17 00:00:00 2001 From: Christophe De La Fuente Date: Mon, 18 Nov 2024 21:28:55 +0100 Subject: [PATCH 5/5] Update specs for `auxiliary/admin/dcerpc/icpr_cert` --- .../auxiliary/admin/dcerpc/icpr_cert_spec.rb | 82 +++++++++---------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/spec/modules/auxiliary/admin/dcerpc/icpr_cert_spec.rb b/spec/modules/auxiliary/admin/dcerpc/icpr_cert_spec.rb index 6c75a4cdc9b9..5ab10f9b5875 100644 --- a/spec/modules/auxiliary/admin/dcerpc/icpr_cert_spec.rb +++ b/spec/modules/auxiliary/admin/dcerpc/icpr_cert_spec.rb @@ -91,19 +91,19 @@ let(:x509_csr) do OpenSSL::X509::Request.new(<<~REQUEST) -----BEGIN CERTIFICATE REQUEST----- - MIICVzCCAT8CAQEwEjEQMA4GA1UEAwwHYWxpZGRsZTCCASIwDQYJKoZIhvcNAQEB + MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHYWxpZGRsZTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAOM9IWt1689iwxky54DCtKqnJhssaW9dED2PbHsP+BRV kjs7TWPoKkxZne9vGS0v/r1jdVEjZYa7+8tpogm2a12PIlIwItl5t+Doqm87U7tT mAApjDKTT69vwo3KlTNhP9v7IhyubKIWOfgjDBTYEOT51YusnWtuDSWXUY7rCinU DMx7SBvvIydHgvirQTZNp3yECQvquGbAlmBuqfUDh7LL7hcF4iDfpIOMhkF3fgIT uqC3+9/iZ+l4q3dUmYQi2GdfkAQzznR83qdvBWAli3POljosQahTc3GJ1GEHMbuL BCbk+gdzoEM3K2fAGxIVarYWWWaTuxLqNn4gHvB0HecCAwEAAaAAMA0GCSqGSIb3 - DQEBCwUAA4IBAQBDi5bcG7sRB5rZFM7xdcM2xMVPMLW4nXaOovnDll3w439zOGdv - oesl2VxdJD0K1VcjDbS40/usV9+Pt3BJmJjePS/Mj8pBk+GpW2HiZ7VAhvxTb9rx - AiZjNMAzmgl3y4w4gaxV/CuNvKyfdBxGFvqEWqcDfESlttkwDm1ufVgx6T2SGrgc - 91W+/dmaSC+DCm8VCREzzJkD3APE5GRQCLUHiZOTJHEG6s3Gb25SOSVXIpEhWSEA - k5gUxxekO0L6th8aGqwGMtHqKU6AG1PfjgqRb/7dfv+0SoV1CXb7xUuPpDVW5i1F - pVvzc/YjfJ1N/B30y1zAKopstzerGN0fyIdg + DQEBCwUAA4IBAQAyU7goEqpmHfulRkaMAtna+7mpVdUsuGXidsP2AFyDmiBOUtR/ + gQoXeTwWQ62vKSmD0+gSnxDbokq4T8hif/cR8WZ1jZQXE0JR9FPI/qGs/6D5e56S + b7W3buC6UuON58pJmtrX7PtNUGg0FOn6jGB1jwEHtc+4sel24j7VMfzt3nuY/KTD + abGLQioi9iaVEbJ6pKmBaHGcEswFiqGBGWI1zrSVIYyNy67SK3/P3RWyHHNJeS2a + x7RMqHkWOXXjxqbM68i6tCL+2NstTzXI6mQkXWkOXU8d39wn/MqLyPdY0ZM7Lv/y + i506vK8iofDDYoHxz8YwaPU1DOCfu+T83nPg -----END CERTIFICATE REQUEST----- REQUEST end @@ -114,7 +114,7 @@ "\x62\x30\x82\x0b\x5e\x02\x01\x03\x31\x0d\x30\x0b\x06\x09\x60\x86\x48\x01" \ "\x65\x03\x04\x02\x01\x30\x82\x02\x6c\x06\x07\x2b\x06\x01\x05\x02\x03\x01" \ "\xa0\x82\x02\x5f\x04\x82\x02\x5b\x30\x82\x02\x57\x30\x82\x01\x3f\x02\x01" \ - "\x01\x30\x12\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x0c\x07\x61\x6c\x69\x64" \ + "\x00\x30\x12\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x0c\x07\x61\x6c\x69\x64" \ "\x64\x6c\x65\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01" \ "\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00" \ "\xe3\x3d\x21\x6b\x75\xeb\xcf\x62\xc3\x19\x32\xe7\x80\xc2\xb4\xaa\xa7\x26" \ @@ -132,21 +132,21 @@ "\x71\x89\xd4\x61\x07\x31\xbb\x8b\x04\x26\xe4\xfa\x07\x73\xa0\x43\x37\x2b" \ "\x67\xc0\x1b\x12\x15\x6a\xb6\x16\x59\x66\x93\xbb\x12\xea\x36\x7e\x20\x1e" \ "\xf0\x74\x1d\xe7\x02\x03\x01\x00\x01\xa0\x00\x30\x0d\x06\x09\x2a\x86\x48" \ - "\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x43\x8b\x96\xdc\x1b" \ - "\xbb\x11\x07\x9a\xd9\x14\xce\xf1\x75\xc3\x36\xc4\xc5\x4f\x30\xb5\xb8\x9d" \ - "\x76\x8e\xa2\xf9\xc3\x96\x5d\xf0\xe3\x7f\x73\x38\x67\x6f\xa1\xeb\x25\xd9" \ - "\x5c\x5d\x24\x3d\x0a\xd5\x57\x23\x0d\xb4\xb8\xd3\xfb\xac\x57\xdf\x8f\xb7" \ - "\x70\x49\x98\x98\xde\x3d\x2f\xcc\x8f\xca\x41\x93\xe1\xa9\x5b\x61\xe2\x67" \ - "\xb5\x40\x86\xfc\x53\x6f\xda\xf1\x02\x26\x63\x34\xc0\x33\x9a\x09\x77\xcb" \ - "\x8c\x38\x81\xac\x55\xfc\x2b\x8d\xbc\xac\x9f\x74\x1c\x46\x16\xfa\x84\x5a" \ - "\xa7\x03\x7c\x44\xa5\xb6\xd9\x30\x0e\x6d\x6e\x7d\x58\x31\xe9\x3d\x92\x1a" \ - "\xb8\x1c\xf7\x55\xbe\xfd\xd9\x9a\x48\x2f\x83\x0a\x6f\x15\x09\x11\x33\xcc" \ - "\x99\x03\xdc\x03\xc4\xe4\x64\x50\x08\xb5\x07\x89\x93\x93\x24\x71\x06\xea" \ - "\xcd\xc6\x6f\x6e\x52\x39\x25\x57\x22\x91\x21\x59\x21\x00\x93\x98\x14\xc7" \ - "\x17\xa4\x3b\x42\xfa\xb6\x1f\x1a\x1a\xac\x06\x32\xd1\xea\x29\x4e\x80\x1b" \ - "\x53\xdf\x8e\x0a\x91\x6f\xfe\xdd\x7e\xff\xb4\x4a\x85\x75\x09\x76\xfb\xc5" \ - "\x4b\x8f\xa4\x35\x56\xe6\x2d\x45\xa5\x5b\xf3\x73\xf6\x23\x7c\x9d\x4d\xfc" \ - "\x1d\xf4\xcb\x5c\xc0\x2a\x8a\x6c\xb7\x37\xab\x18\xdd\x1f\xc8\x87\x60\xa0" \ + "\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x32\x53\xb8\x28\x12" \ + "\xaa\x66\x1d\xfb\xa5\x46\x46\x8c\x02\xd9\xda\xfb\xb9\xa9\x55\xd5\x2c\xb8" \ + "\x65\xe2\x76\xc3\xf6\x00\x5c\x83\x9a\x20\x4e\x52\xd4\x7f\x81\x0a\x17\x79" \ + "\x3c\x16\x43\xad\xaf\x29\x29\x83\xd3\xe8\x12\x9f\x10\xdb\xa2\x4a\xb8\x4f" \ + "\xc8\x62\x7f\xf7\x11\xf1\x66\x75\x8d\x94\x17\x13\x42\x51\xf4\x53\xc8\xfe" \ + "\xa1\xac\xff\xa0\xf9\x7b\x9e\x92\x6f\xb5\xb7\x6e\xe0\xba\x52\xe3\x8d\xe7" \ + "\xca\x49\x9a\xda\xd7\xec\xfb\x4d\x50\x68\x34\x14\xe9\xfa\x8c\x60\x75\x8f" \ + "\x01\x07\xb5\xcf\xb8\xb1\xe9\x76\xe2\x3e\xd5\x31\xfc\xed\xde\x7b\x98\xfc" \ + "\xa4\xc3\x69\xb1\x8b\x42\x2a\x22\xf6\x26\x95\x11\xb2\x7a\xa4\xa9\x81\x68" \ + "\x71\x9c\x12\xcc\x05\x8a\xa1\x81\x19\x62\x35\xce\xb4\x95\x21\x8c\x8d\xcb" \ + "\xae\xd2\x2b\x7f\xcf\xdd\x15\xb2\x1c\x73\x49\x79\x2d\x9a\xc7\xb4\x4c\xa8" \ + "\x79\x16\x39\x75\xe3\xc6\xa6\xcc\xeb\xc8\xba\xb4\x22\xfe\xd8\xdb\x2d\x4f" \ + "\x35\xc8\xea\x64\x24\x5d\x69\x0e\x5d\x4f\x1d\xdf\xdc\x27\xfc\xca\x8b\xc8" \ + "\xf7\x58\xd1\x93\x3b\x2e\xff\xf2\x8b\x9d\x3a\xbc\xaf\x22\xa1\xf0\xc3\x62" \ + "\x81\xf1\xcf\xc6\x30\x68\xf5\x35\x0c\xe0\x9f\xbb\xe4\xfc\xde\x73\xe0\xa0" \ "\x82\x06\xcc\x30\x82\x06\xc8\x30\x82\x05\xb0\xa0\x03\x02\x01\x02\x02\x13" \ "\x10\x00\x00\x00\x43\x92\xab\x33\x25\xbd\xb1\xc3\x32\x00\x00\x00\x00\x00" \ "\x43\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x46" \ @@ -256,23 +256,23 @@ "\x6d\x00\x65\x1e\x20\x00\x4d\x00\x53\x00\x46\x00\x4c\x00\x41\x00\x42\x00" \ "\x5c\x00\x73\x00\x6d\x00\x63\x00\x69\x00\x6e\x00\x74\x00\x79\x00\x72\x00" \ "\x65\x30\x2f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x04\x31\x22\x04\x20" \ - "\xef\xf1\x08\x75\x09\x03\xad\x18\x44\x47\x2e\x2c\xbd\x14\x15\x3f\xd1\xe3" \ - "\x3e\xee\x28\x0f\x42\x8d\xe4\x4b\xc6\x08\xc3\x95\x71\xa3\x30\x0b\x06\x09" \ - "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x04\x82\x01\x00\x46\x06\xd6\x18\x92" \ - "\x5b\xb3\x89\xa4\x19\x44\x55\x1f\xcf\x55\x2e\xb7\xfe\x28\xf4\x6f\xfd\x97" \ - "\xd2\x01\xac\xcd\x15\x8d\x1a\x8f\xac\x26\x5c\xa3\xd3\x7d\xb0\xc3\x36\x47" \ - "\xff\x4d\x5a\x98\x4f\x17\x43\x70\x60\xf1\x69\x44\xfa\x27\x61\x71\x2a\xe5" \ - "\xa8\x8a\x98\x0d\x34\x4d\x22\x23\x10\xde\x43\x60\xf5\x3f\x7b\x3a\x72\xe4" \ - "\xf7\x69\x29\xe0\xaa\x9e\xff\x28\x18\x8c\x61\xb2\xe1\x41\x7a\x69\x92\x47" \ - "\xac\x2e\xe7\x92\x26\xd8\x54\x91\xae\x54\xaa\x8e\xc0\x06\x0d\x4b\x51\xfe" \ - "\xbe\x92\x40\x07\x11\x6e\x2b\xe0\xb8\xc0\xab\xfe\x52\x90\x3a\x28\xec\xa9" \ - "\xb1\x9a\xf2\xce\x43\x04\xf8\xea\x14\x2d\x54\xe4\x21\x23\x2e\x2a\xf0\x13" \ - "\xcd\xd7\x3c\xf5\xba\x76\x3c\x1a\xf4\x7c\xc7\x22\x34\xff\x84\x79\xb0\x32" \ - "\xe9\x04\xb7\x22\x92\x3f\x3a\x3d\x12\x47\xce\xe3\x9e\x4f\xd4\x5b\x83\xd9" \ - "\xc1\x20\x20\x04\x22\xed\xb5\x59\x43\x1c\xa9\xab\x0f\xb1\xb0\x9f\x05\x1c" \ - "\x88\x88\x98\xb9\x97\x53\x1e\xa4\xe3\xfd\x58\x92\x09\xe7\xcc\x83\xbf\x5f" \ - "\xc2\xb3\x08\x33\x96\x41\x75\x46\x35\x55\x0a\x34\x2e\xd8\x0b\x76\x2f\xf2" \ - "\xba\xf0\x21\x25\xc3\x73\x52\x5b\x8b\x51\xe8\x03\xb3\x78\x70\xc5\xf5" + "\x3f\x40\x73\xc1\x9c\x54\xeb\xbd\x4d\x4f\xab\x27\xfb\x8b\x65\x1a\x2c\x51" \ + "\x24\xf9\x97\x05\x91\x04\xaa\xf7\xbc\x6d\xfd\x07\x4d\x70\x30\x0b\x06\x09" \ + "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x04\x82\x01\x00\x78\x74\xf7\xee\xef" \ + "\x89\x2f\x02\x77\xb9\xde\x87\x07\x3a\x58\x1d\x2d\xc0\xb0\x55\x33\x40\xf1" \ + "\x6f\xb6\x28\xd6\x44\xf1\xfa\x4f\xf6\x99\xe1\xdc\xb2\x2e\x49\x5b\x36\xa7" \ + "\xee\x6f\x82\x67\x27\x43\xd5\x99\x57\xc2\x83\x09\x29\xd2\xb3\x86\x9e\x6f" \ + "\x75\x78\xdb\xe3\xeb\x33\x65\xce\x7c\xd4\x8f\x65\x73\xa7\x82\xe4\x5e\x50" \ + "\xd3\xe8\x76\xd2\x43\x96\xeb\xe5\x3a\xd1\x03\x2e\xa0\x61\xd7\xf2\x6b\x9e" \ + "\x0b\x24\x11\x2a\x25\x4d\x68\x5e\x86\x9c\x9b\xe4\xaa\x6c\x5c\x5c\xfe\x54" \ + "\x26\x85\xd8\xcc\x0f\xdd\x69\x0f\xf6\xc3\x0b\x7c\xca\x23\xeb\x99\x8c\xc1" \ + "\x69\x80\x69\xd2\x14\x1b\x1b\x99\xde\x25\x59\x12\x8d\xb4\xc0\x01\x56\x32" \ + "\x91\x76\x8f\x8b\xd4\x29\x2f\x74\x3e\xca\xe0\xd1\xe8\x68\xde\x9d\x1e\x15" \ + "\xd9\x07\x41\x82\x14\x2a\xe9\x5c\x03\x81\x80\x04\xf1\x5b\xa5\xea\x21\x72" \ + "\x9d\x98\xa0\x23\x46\x25\xb7\x68\x7d\xc2\x58\x80\xfb\x1c\xbb\x76\xba\x76" \ + "\x3a\xba\x1c\xd8\x0f\xbf\x21\x36\xce\x03\x94\x8c\x13\xbd\xc7\x87\x42\x06" \ + "\x1c\x2b\xc8\x53\xd1\xa7\xba\xea\xfa\xbc\xba\x8e\xd8\x6f\x1c\x34\x28\x8b" \ + "\x87\x0d\xbf\x30\x87\xc1\x6e\xcc\x15\xb5\xd7\x2d\xe4\xe6\xa6\xaa\xe6" ) end @@ -300,7 +300,7 @@ expect(result).to respond_to(:to_der) end - it 'should be correct' do + it 'should be correct' do expect(result.to_der).to eq(x509_csr.to_der) end end