Grey Repo

Files

setup.src cli.src libs/scan.src src/machine.src src/utils.src src/tableAttack.src

setup.src

import_code("/home/me/h/libs/list.src")
import_code("/home/me/h/libs/disk.src")
import_code("/home/me/h/libs/passwords.src")
Disk.init("/home/me/h/disks", "passwords")
if(Disk.blobs.len > 1) then exit("password generation setup already completed")
PasswordGenerator.init(PASSWORDS)
~~print("generating passwords, it will take a while")~~
print "generating passwords, it will take a while"
HASH_TABLE=PasswordGenerator.AllPasswords
~~print("done")~~
print "done"
~~print("parsing passwords obj")~~
print "parsing passwords obj"
f = function(o)
return o[1]
end function
pass_list = HASH_TABLE.to_list.map(@f)
~~print("done")~~
print "done"
~~print("writing to disk")~~
print "writing to disk"
Disk.write(pass_list.join(char(10)))
~~print("done")~~
print "done"

cli.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap
TABLEATTACK_SCRIPT = get_shell.host_computer.File("/home/me/h/src/tableAttack.src")
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
~~Disk.init("/home/me/h/disks", "passwords")~~
Vega = {}
Vega.vega_sig = {}
Vega.vega_sig["description"] = "auto hacking tool"
Vega.vega_sig["args"] = ["ip*"]
Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
Vega.vega = function(args = [], options = {})
//TODO: check if ip is valid
ip = args[0]
has_verbose = options["-v"]
machine = new Machine
machine.init(ip)
machine.most_vulnerable_service.set_exploits
~~p machine~~
p machine.most_vulnerable_service.inspect(["info"])
~~p machine.most_vulnerable_service.inspect(["value", "address"])~~
~~//p machine.most_vulnerable_service.exploits~~
pass_disk = new Disk
pass_disk.init("/home/me/h/disks", "passwords")
passwords = pass_disk.read_chars.split(char(10))
for service in machine.services
service.set_exploits
service.quick_root_shell(passwords, TABLEATTACK_SCRIPT) // this will start terminal if success
end for
print "no quick shell available"
print "services"
for s in machine.services
print s.inspect(["info"])
end for
print "exploits"
for s in machine.services
for x in s.exploits
x.set_result_info
print x.inspect(["result", "result_info"])
end for
end for
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Vega, "vega")

libs/scan.src

map = function(list, func)
result = list[0:] //list copy.
for i in indexes(list)
result[i] = func(result[i])
end for
return result
end function
_or = function(value1, value2)
if value1 == null or value1 == false then
return value2
end if
return value1
end function
// converts scan_address output to a list easier to process
// usage example:
// mem_scan = metaxploit.scan_address(metaLib, entry)
// mem_scan = mem_scan_exploits(mem_scan)
mem_scan_exploits = function(mem_scan)
ex_list = []
while true
ex_mark = mem_scan.indexOf("<b>")
if ex_mark == null then break
// get exploit value
ex_mark_end = mem_scan.indexOf("</b>")
value = slice(mem_scan, ex_mark+3, ex_mark_end)
// get requirements
mem_scan = mem_scan[ex_mark_end+5:]
mem_scan = mem_scan[mem_scan.indexOf(".")+1:]
mem_scan_lines = mem_scan.split(char(10))[1:]
if mem_scan_lines[0].indexOf("*") != null then
req = mem_scan_lines[:mem_scan_lines.indexOf("")]
else
req = []
end if
if req.len >= 1 then
mem_scan = mem_scan[mem_scan.indexOf(req[-1])+req[-1].len+1:]
end if
exploit = [value, req]
//["exploit_name": ["requirement", "requirement"]]
ex_list.push(exploit)
end while
return ex_list
//[
// {"exploit_name": ["requirement", "requirement"]},
// {"exploit_name": ["requirement", "requirement"]}
//]
end function
ScanExploit = {}
// ScanExploit.address : "0x62AC77E1"
// ScanExploit.value : "applyund"
// ScanExploit.requirements : ["* req1", "* req2"]
// ScanExploit.result :shell, computer, number, null, file object
// ScanExploit.result_info : string with description why the exploit failed
~~ScanExploit.attrs = ["address", "value", "requirements_len", "result"]~~
ScanExploit.attrs = ["requirements_len", "result"]
~~ScanExploit.init = function(options)~~
ScanExploit.init = function(scan, options)
self.scan = scan
self.address = options.address
self.value = options.value
self.requirements = options.requirements
self.requirements_len = self.requirements.len
end function
~~ScanExploit.get_result = function()~~
try_exploit(entry, exploit[0])
// TODO: make it create a file and check permissions
check_user = function(computer)
root = computer.change_password("guest", "1234")
//root_folder = computer.File("/root")
if root == true then
return "root"
else
return "guest"
end if
end function
check_permissions = function(computer)
out = ""
c_home = computer.File("/home")
if c_home != null and c_home.has_permission("r") then
out = out + " /home"
end if
c_passwd = computer.File("/etc/passwd")
if c_passwd != null and c_passwd.has_permission("r") then
out = out + " /etc/passwd"
end if
c_libs = computer.File("/lib")
if c_libs != null and c_libs.has_permission("r") then
out = out + " /lib"
end if
if out != "" then
out = "permission on" + out
end if
return out
end function
ScanExploit.set_result_info = function(extra_param = null)
out = ""
type = typeof(self. result)
if type == "file" then
if self.result.is_folder then
out = "folder"
end if
permission = " without permission"
if self.result.has_permission("r") then permission = " with permission"
out = out + permission
out = out + " " + self.result.path
end if
if type == "shell" or type == "computer" then
comp = self.result
if type == "shell" then comp = self.result.host_computer
user = check_user(comp)
out = out + user + " user"
out = out + " " + check_permissions(comp)
end if
if type == "number" then
out = out + self.result
if extra_param == null then extra_param = "null"
out = out + " extra_param: " + extra_param
end if
self.result_info = out
end function
ScanExploit.set_result = function(extra_param = null)
result = self.scan.meta_lib.overflow(self.address, self.value)
if result == null then
if extra_param != null and extra_param != "" then
result = self.scan.meta_lib.overflow(self.address, self.value, extra_param)
end if
end if
self.result = result
self.set_result_info(extra_param)
end function
Scan = {}
~~Scan.metaxploit = null~~
~~// include_lib metaxploit~~
Scan.attrs = ["ip", "port", "lib_version", "lib_name"]
Scan.lib_path = null
~~Scan.extra_param = null~~
~~Scan.show_null = false~~
Scan.lib_file = null
~~Scan.net_session = null~~
Scan.show_null = false
Scan.shell = get_shell
Scan.computer = Scan.shell.host_computer
~~Scan.meta_lib = null~~
Scan.lib_name = null
Scan.lib_version = null
Scan.exploits = []
// Scan.lib_file = null : local libe, set when scanning a local lib
// Scan.net_session : remote lib, set when scaning a remote ip
// Scan.metaxploit : required metaxploit lib obj
// Scan.meta_lib : set after running execute method
// Scan.lib_name : set after running execute method
// Scan.lib_version : set after running execute method
// Scan.exploits : list of all exploits found, set after execute method
~~// ip "17.233.32.41", port 22~~
Scan.init = function(ip, port)
self.ip = ip
self.port = port
if self.ip != null then
self.net_session = _or(self.metaxploit.net_use(self.ip, self.port), self.metaxploit.net_use(self.ip))
else
self.lib_file = self.computer.File(self.lib_path)
end if
end function
Scan.execute = function()
if self.lib_file != null then
self.meta_lib = metaxploit.load(self.lib_file.path)
else
self.meta_lib = self.net_session.dump_lib
end if
self.lib_name = self.meta_lib.lib_name
self.lib_version = self.meta_lib.version
self.addresses = self.metaxploit.scan(self.meta_lib)
// ["0x62AC77E1", "0x50D166E8", "0x611B6063", "0x1A9FD00C"]
self.get_exploits
end function
Scan.get_exploits = function()
scope = self
get_values = function(address)
exploits_text = scope.metaxploit.scan_address(scope.meta_lib, address)
exploits_values = mem_scan_exploits(exploits_text)
return [address, exploits_values]
end function
self.exploits = map(self.addresses, @get_values)
// [0x611B6063, [[applyund, [* req1, * req2]], ...], ...], ...}]
result = []
for exploit_values in self.exploits
for value in exploit_values[1]
exploit = new ScanExploit
~~exploit.init({"address": exploit_values[0], "value": value[0], "requirements": value[1]})~~
exploit.init(self, {"address": exploit_values[0], "value": value[0], "requirements": value[1]})
result.push(exploit)
end for
end for
return result
//self.exploits = []
end function

src/machine.src

~~Machine = {}~~
~~Machine.services_inspect = function(obj, scope)~~
~~f = function(o)~~
~~exploits_len = 0~~
~~if o.hasIndex("exploits") then exploits_len = o.exploits.len~~
~~return o.inspect(["info", [exploits_len, "exploits_len"]])~~
~~end function~~
~~return scope.services.map(@f)~~
~~end function~~
~~Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]~~
~~Machine.metaxploit = null //required~~
MachineServices = {}
//class eval shit
exploits_inspect = function(obj, scope)
exploits_len = 0
if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
return scope.exploits.len
end function
Service.attrs.push("exploits")
MachineServices.set_exploits = function()
self.scan = new Scan
self.scan.init(self.nmap.ip, self.port)
self.scan.execute
self.exploits = self.scan.get_exploits
end function
MachineServices.quick_root_shell = function(passwords, attack_script)
for x in self.exploits
x.set_result
if typeof(x.result) != "shell" then continue
remote_shell = x.result
remote_comp = remote_shell.host_computer
if remote_comp.File("/home/guest/tableAttack.src") != null then
remote_comp.File("/home/guest/tableAttack.src").delete
end if
remote_comp.touch("/home/guest", "tableAttack.src")
remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
passwords.push("Jeron")
get_custom_object.passwords = passwords
remote_shell.launch("/home/guest/tableAttack")
root_shell = get_custom_object.shell
if root_shell != null then root_shell.start_terminal
end for
return null
end function
Machine = {}
Machine.services_inspect = function(obj, scope)
f = function(o)
exploits_len = 0
if o.hasIndex("exploits") then exploits_len = o.exploits.len
return o.inspect(["info", [exploits_len, "exploits_len"]])
end function
return scope.services.map(@f)
end function
Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
Machine.metaxploit = null //required
Machine.init = function(ip)
self.ip = ip
self.set_services
end function
Machine.set_services = function()
self.nmap = new Nmap
self.nmap.init(self.ip)
self.services = self.nmap.services
for i in self.services.indexes
// class eval shit
self.services[i].set_exploits = @MachineServices.set_exploits
self.services[i].quick_root_shell = @MachineServices.quick_root_shell
end for
end function
// this will get more complicated later on, i want to choose a port that i have the most change of getting in
// so i can check a database of exploits see or see the local ip with most ports open etc
Machine.most_vulnerable_service = function()
if self.services.len == 1 then return self.services[0]
if self.services.len == 0 then return null
with_smallest_version = self.services[0]
for service in self.services[1:]
if service.version_to_int < with_smallest_version.version_to_int then
with_smallest_version = service
end if
end for
return with_smallest_version
end function

src/utils.src

Utils = {}
Utils.is_class = function(obj)
return typeof(obj) == "map" and obj.hasIndex("__isa")
end function
Utils.attr_to_s = function(value)
if value == null then return "null"
if Utils.is_class(value) then return value.inspect
if typeof(value) == "list" then return value.inspect
if typeof(value) == "string" then return "'" + value + "'"
return value
end function
~~list.inspect = function()~~
list.inspect = function(attrs_overwrite = null)
l = self[0:]
for i in l.indexes
~~if Utils.is_class(l[i]) then l[i] = l[i].inspect~~
~~if typeof(l[i]) == "list" then l[i] = l[i].inspect~~
if attrs_overwrite then
if Utils.is_class(l[i]) then l[i] = l[i].inspect(attrs_overwrite)
if typeof(l[i]) == "list" then l[i] = l[i].inspect(attrs_overwrite)
else
if Utils.is_class(l[i]) then l[i] = l[i].inspect
if typeof(l[i]) == "list" then l[i] = l[i].inspect
end if
end for
return "[" + l.join(", ") + "]"
end function
map.inspect = function(attrs_overwrite = null)
if self.hasIndex("__isa") then
class_name = "NotFound"
for i in globals.indexes
if self isa globals[i] then class_name = i
end for
attrs_inspect = []
attrs = null
if self["__isa"].hasIndex("attrs") then attrs = self.attrs
if attrs_overwrite != null then attrs = attrs_overwrite
if attrs != null then
for i in attrs
value = null
if typeof(i) == "list" then
f = @i[0]
if self.hasIndex(i[1]) then
if typeof(@f) == "function" then value = f(self[i[1]], self)
if typeof(@f) != "function" then value = self[i[1]]
else
if typeof(@f) == "function" then value = f(i[0], self)
if typeof(@f) != "function" then value = i[0]
end if
else
if self.hasIndex(i) then value = self[i]
end if
value = Utils.attr_to_s(value)
key = i
if typeof(key) == "list" then key = i[1]
attrs_inspect.push(key + "=" + value)
end for
end if
out = "#<" + class_name
if attrs_inspect.len > 0 then out = out + " " + attrs_inspect.join(" ")
out = out + ">"
return out
end if
return self
end function
p = function(obj)
~~if typeof(obj) == "map" then~~
if typeof(obj) == "map" or typeof(obj) == "list" then
print(obj.inspect)
else
print(obj)
end if
end function

src/tableAttack.src

~~Forcer = {}~~
~~Forcer.init = function(passwords = [], options = {"verbose": false})~~
~~self.passwords = passwords~~
~~self.verbose = options.verbose~~
~~end function~~
~~Forcer.brute_force = function()~~
~~count = 0~~
~~pass_len = self.passwords.len~~
~~for pass in self.passwords~~
~~count = count + 1~~
~~shell = get_shell("root", pass)~~
~~if shell then~~
~~if self.verbose then print("password is: "+pass)~~
~~self.password = pass~~
~~self.shell = shell~~
~~else~~
~~if self.verbose then print(count+" out of "+pass_len+" not "+pass)~~
~~self.password = null~~
~~self.shell = null~~
~~end if~~
~~end for~~
~~end function~~
~~Forcer.init(get_custom_object.passwords, {"verbose": true})~~
~~Forcer.brute_force~~
~~get_custom_object.password = Forcer.password~~
~~get_custom_object.shell = Forcer.shell~~