use the same instance

Takahiro-Yoko · Takahiro-Yoko · commit b5c4fd0e3241 · 2024-07-26T21:05:59.000+09:00
OpenSSL::Digest.new('sha256')
diff --git a/modules/exploits/linux/http/empire_skywalker.rb b/modules/exploits/linux/http/empire_skywalker.rb
@@ -348,8 +348,11 @@ def aes_encrypt_then_hmac(key, data)
 
   def aes_decrypt(key, data)
     mac = data[-10..]
-    expected = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, data[..-11])[..9]
-    raise "Invalid ciphertext received." unless OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, mac) == OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, expected)
+    sha256_digest = OpenSSL::Digest.new('sha256')
+    expected = OpenSSL::HMAC.digest(sha256_digest, key, data[..-11])[..9]
+    unless OpenSSL::HMAC.digest(sha256_digest, key, mac) == OpenSSL::HMAC.digest(sha256_digest, key, expected)
+      raise "Invalid ciphertext received." 
+    end
 
     size = key.length * 8
     raise ArgumentError.new('AES key width must be 128 or 256 bits') unless (size == 128 || size == 256)
