Class: Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeTimedSigner

Inherits:

URLSafeSigner

• Object
• URLSafeSigner
• Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeTimedSigner

Defined in:

lib/msf/core/exploit/remote/http/flask_unsign.rb

Constant Summary

Constants inherited from URLSafeSigner

Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeSigner::DEFAULT_SEPARATOR

Instance Method Summary

• #get_timestamp ⇒ Object
• #sign(value) ⇒ Object
• #timestamp_to_datetime(ts) ⇒ Object
• #valid?(value) ⇒ Boolean

Methods inherited from URLSafeSigner

#derive_key, #get_signature, #initialize

Constructor Details

This class inherits a constructor from Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeSigner

Instance Method Details

#get_timestamp ⇒ Object

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 41

def get_timestamp
  Time.now.to_f
end

#sign(value) ⇒ Object

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 49

def sign(value)
  timestamp = [get_timestamp].pack('Q>')
  timestamp.delete_prefix!("\x00".b) while timestamp.start_with?("\x00".b)
  timestamp = FlaskUnsign.base64_encode(timestamp)
  value = value + @separator + timestamp
  value + @separator + get_signature(value)
end

#timestamp_to_datetime(ts) ⇒ Object

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 45

def timestamp_to_datetime(ts)
  Time.at(ts)
end

#valid?(value) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 57

def valid?(value)
  value, _, signature = value.rpartition(@separator)
  value, _, timestamp = value.rpartition(@separator)
  signature == get_signature(value + @separator + timestamp)
end