crypto_func.inc

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· INC 代码 · 共 1,024 行 · 第 1/2 页
INC
1,024 行
 for (i=0; i < 8; i++)    random += raw_string (rand() % 256); conf_data = random + data; checksum = HMAC_MD5 (key:hmac, data:conf_data); K3 = HMAC_MD5 (key:hmac, data:checksum); arcfour_setkey (key:K3); val1 = ARCFOUR (data:conf_data); return checksum + val1;}function rc4_hmac_decrypt (key,data,type,real_key){ local_var hmac, checksum, checksum2, conf_data, K3, key2, val1; if (isnull(real_key) || (real_key == FALSE))   key2 = rc4_hmac_string_to_key (string:key); else   key2 = key;  hmac = HMAC_MD5 (key:key2, data:type); checksum = substr(data,0,15); K3 = HMAC_MD5 (key:hmac, data:checksum); conf_data = substr (data,16,strlen(data)-1); arcfour_setkey (key:K3); val1 = ARCFOUR (data:conf_data); checksum2 = HMAC_MD5 (key:hmac, data:val1); if (checksum == checksum2)   return substr(val1,8,strlen(val1)-1); else   return NULL;}#function rc4_hmac_checksum (key,data,type)#{# ksign = HMAC_MD5;#}#---------------------------------------------------------## DES-cbc  encryption code                                ##---------------------------------------------------------#function xor8 (a,b){ local_var tmp, i; tmp = NULL; for (i=0; i<strlen(a); i++)   tmp += raw_byte (b:ord(a[i]) ^ ord(b[i])); return tmp;}function reverse(i){ local_var tmp, val, j; tmp = 0; val = 0x80; for (j=1; j<8; j++) {  if (ord(i) & val)    tmp += (1 << j);  val = val >> 1; } return raw_byte(b:tmp);}function reverse8 (s){ local_var tmp, i; tmp = NULL; for (i=0; i<strlen(s); i++)   tmp += reverse(i:s[strlen(s)-1-i]); return tmp;}function get_parity (i){ local_var tmp, val, j; tmp = 0; val = 2; for (j=0; j<7; j++) {   if (i & val)     tmp++;   val = (val << 1) % 256; } return (tmp%2);}function fixparity(s){ local_var tmp, val, i; tmp = NULL; for (i=0; i<strlen(s);i++) {  val = ord(s[i]);  if (get_parity(i:val) == 0)   val = (val & 0xFE) + 1 ;  else   val = val & 0xFE;  tmp += raw_byte(b:val); } return tmp;}function removeMSBits(s){ local_var tmp, i; tmp = NULL; for (i=0; i<strlen(s); i++) {  tmp += raw_byte(b:ord(s[i]) << 1); } return tmp;}# Need to be donefunction is_weak_key (key){ return 0;}function des_cbc_checksum (key, data, iv){ local_var tout0, tout1, tin0, tin1, i, tin, keyb, tmp; tout0 = get_dword(blob:iv, pos:0); tout1 = get_dword(blob:iv, pos:4); keyb = set_des_key (key:key); for (i=0; i<strlen(data); i+=8) {  if (i+8<=strlen(data))  {   tin0 = get_dword(blob:data, pos:i);   tin1 = get_dword(blob:data, pos:i+4);  }  else  {   tmp = substr(data,i,strlen(data)-1);   tmp += crap(data:raw_byte(b:0), length:8-(strlen(tmp)%8));   tin0 = get_dword(blob:tmp, pos:i);   tin1 = get_dword(blob:tmp, pos:i+4);     }  tin0 = tin0 ^ tout0;  tin1 = tin1 ^ tout1;    tin = raw_dword (d:tin0) + raw_dword(d:tin1);  tin = DES (in:tin, key:keyb, type:1, _string:FALSE);  tout0 = get_dword(blob:tin, pos:0);  tout1 = get_dword(blob:tin, pos:4); } return raw_dword(d:tout0) + raw_dword(d:tout1);}function des_cbc_encrypt (data, key, iv, encrypt){ local_var tin, tin0, tin1, tout0, tout1, out, i, xor0, xor1, keyb; keyb = set_des_key (key:key); out = NULL; if (encrypt == 1) {  tout0 = get_dword(blob:iv, pos:0);  tout1 = get_dword(blob:iv, pos:4);  for (i=0; i<strlen(data); i+=8)  {   tin0 = get_dword(blob:data, pos:i);   tin1 = get_dword(blob:data, pos:i+4);   tin0 = tin0 ^ tout0;   tin1 = tin1 ^ tout1;     tin = raw_dword (d:tin0) + raw_dword(d:tin1);   tin = DES (in:tin, key:keyb, type:1, _string:FALSE);   tout0 = get_dword(blob:tin, pos:0);   tout1 = get_dword(blob:tin, pos:4);   out += tin;  } } else {  xor0 = get_dword(blob:iv, pos:0);  xor1 = get_dword(blob:iv, pos:4);  for (i=0; i<strlen(data); i+=8)  {   tin0 = get_dword(blob:data, pos:i);   tin1 = get_dword(blob:data, pos:i+4);   tin = raw_dword(d:tin0) + raw_dword(d:tin1);   tin = DES (in:tin, key:keyb, type:0, _string:FALSE);   tout0 = get_dword(blob:tin, pos:0) ^ xor0;   tout1 = get_dword(blob:tin, pos:4) ^ xor1;   out += raw_dword(d:tout0) + raw_dword(d:tout1);   xor0 = tin0;   xor1 = tin1;  } } return out;}function des_cbc_string_to_key (_string,salt){ local_var odd, s, tempkey, byteblock, i, j, key, fix_weak; fix_weak = raw_string(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xF0); odd = 1; s = _string + salt; tempkey = raw_string (0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);  # pad on 8 bytes if (strlen(s) % 8)   s = s + crap (data:raw_byte(b:0x00), length:8-(strlen(s)%8)); for (i=0; i< strlen(s); i+=8) {  byteblock = removeMSBits(s:substr(s,i,i+7));  if (odd == 0)  {   odd = 1;   byteblock = reverse8(s:byteblock);  }  else   odd = 0;  tempkey = xor8 (a:tempkey, b:byteblock); } tempkey = fixparity(s:tempkey); if (is_weak_key(key:key))   key = xor8 (a:key, b:fix_weak); key = des_cbc_checksum(key:tempkey,data:s, iv:tempkey); key = fixparity(s:key); return key;}function des_cbc_md5_encrypt (data, key){ local_var iv, confounder, i, hash, cksum, tmp; cksum = raw_string (0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); confounder = NULL; for (i=0; i<8; i++)  confounder += raw_byte(b:rand()%256); tmp = data; if (strlen(data)%8)   tmp += crap(data:raw_byte(b:0),length:8-(strlen(data)%8)); hash = MD5 (confounder+cksum+tmp); iv = raw_string (0,0,0,0,0,0,0,0); return des_cbc_encrypt (data:confounder+hash+tmp, key:key, iv:iv, encrypt:1);}function des_cbc_md5_decrypt (data, key){ local_var iv, confounder, cksum, decrypted, hash, msg, tohash; cksum = raw_string (0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); iv = raw_string (0,0,0,0,0,0,0,0); decrypted = des_cbc_encrypt (data:data, key:key, iv:iv, encrypt:0); if (strlen(decrypted) < 24)   return NULL;  msg = substr(decrypted,24,strlen(decrypted)-1); confounder = substr(decrypted, 0, 7); tohash = confounder+cksum+msg; hash = MD5 (tohash); cksum = substr(decrypted, 8, 23); if (hexstr(cksum) >!< hexstr(hash))   return NULL; return msg;}function des_cbc_md5_checksum (data, key){ local_var confounder, iv, i, enckey, tmp; iv = raw_string (0,0,0,0,0,0,0,0); enckey = xor8(a:key,b:raw_string(0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0)); confounder = NULL; for (i=0; i<8; i++)  confounder += raw_byte(b:rand()%256); return des_cbc_encrypt (data:confounder+MD5(confounder+data), key:enckey, iv:iv, encrypt:1);}#---------------------------------------------------------## LANMAN2.1 Challenge/Response                            ##---------------------------------------------------------#function LM_Hash (password){ local_var len, pass, K1, K2, hash; len = strlen (password) & 14; pass = substr (password, 0, len); while (strlen(pass) < 14)   pass += raw_string (0); pass = toupper (pass); K1 = substr (pass, 0, 6); K2 = substr (pass, 7, 13); hash = DES (in:"KGS!@#$%", key:K1, type:1) + DES (in:"KGS!@#$%", key:K2, type:1); return hash;}function LM_Response (password, hash, challenge){ local_var key1, key2, key3, response; response = NULL; if (isnull(hash))   hash = LM_Hash (password:password); response[1] = substr (hash, 0, 7) + raw_string (0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); hash += raw_string (0x00,0x00,0x00,0x00,0x00); key1 = substr (hash, 0, 6); key2 = substr (hash, 7, 13); key3 = substr (hash, 14, 20); response[0] = DES (in:challenge, key:key1, type:1) + DES (in:challenge, key:key2, type:1) + DES (in:challenge, key:key3, type:1); return response;}#---------------------------------------------------------## NTLM 0.12 Challenge/Response                            ##---------------------------------------------------------#function NTLM_Hash (password){ if (password)   return MD4 (password); else   return raw_string(0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0);}function NTLM_Response (password, hash, challenge){ local_var key1, key2, key3, response; response = NULL; if (isnull(hash))   hash = NTLM_Hash (password:password); response[1] = MD4 (hash); hash += raw_string (0x00,0x00,0x00,0x00,0x00); key1 = substr (hash, 0, 6); key2 = substr (hash, 7, 13); key3 = substr (hash, 14, 20); response[0] = DES (in:challenge, key:key1, type:1) + DES (in:challenge, key:key2, type:1) + DES (in:challenge, key:key3, type:1); return response;}function NTLMv2_Hash (password, login, hash, domain){ local_var hash, user, dest, data; if (isnull(hash))   hash = NTLM_Hash (password:password); user = toupper (login); dest = domain;  data = user + dest; hash = HMAC_MD5 (data:data, key:hash); return hash;}# Not used : Broken #function NTLMv2_Response (password, hash, login, domain, challenge){ local_var data, blob, hmac, resp, TimeStamp, blip, i; resp = NULL; hash = NTLMv2_Hash (password:password, login:login, hash:hash, domain:domain); blip = NULL; for (i = 0; i < 8; i++)    blip += raw_string (rand() % 256);  TimeStamp = raw_string (0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) ; # To change !!  blob = raw_string ( 0x01,                    # Response Type Identification Number                     0x01,                    # Maximum Response Type Identification Number		     0x00, 0x00,              # Reserved		     0X00, 0x00, 0x00, 0x00 ) # Reserved ?	+	TimeStamp	+	blip	+	raw_string (0x00,0x00,0x00,0x00)  # Unknown value	+	raw_string (0x00,0x00,0x00,0x00)  # List of Netbios Name. Emtpy for the moment.	+	raw_string (0x00,0x00,0x00,0x00); # Unknown value	 data = challenge + blob; hmac = HMAC_MD5 (data:data, key:hash); resp[0] = hmac + blob; resp[1] = HMAC_MD5 (data:hash, key:hmac); return resp;}function LMv2_Response (password, login, hash, domain, challenge){ local_var data, blob, hmac, resp, TimeStamp, blip, i;  resp = NULL; hash = NTLMv2_Hash (password:password, login:login, hash:hash, domain:domain); blip = NULL; for (i = 0; i < 8; i++)    blip += raw_string (rand() % 256);  data = challenge + blip; hmac = HMAC_MD5 (data:data, key:hash); resp[0] = hmac + blip; resp[1] = HMAC_MD5 (data:hmac, key:hash); return resp;}
crypto_func.inc - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 crypto_func.inc 源码文件，采用 INC 编程语言编写，共 1,024 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫下载站收录了大量与windows相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?