Files

cli.src src/tableAttack.src src/machine.src
cli.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File("/home/me/h/src/tableAttack.src")
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init("/home/me/h/disks", "passwords")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • Vega = {}
  • Vega.vega_sig = {}
  • Vega.vega_sig["description"] = "auto hacking tool"
  • Vega.vega_sig["args"] = ["ip*"]
  • Vega.vega_sig["args"] = ["ip"]
  • Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
  • Vega.vega = function(args = [], options = {})
  • //TODO: check if ip is valid
  • ip = args[0]
  • has_verbose = options["-v"]
  • Machine.passwords_list = PASSWORDS_DISK.read_chars.split(char(10))
  • Machine.table_attack_script = TABLEATTACK_SCRIPT
  • ip = args[0]
  • machine = new Machine
  • machine.init(ip)
  • pass_disk = new Disk
  • pass_disk.init("/home/me/h/disks", "passwords")
  • passwords = pass_disk.read_chars.split(char(10))
  • for service in machine.services
  • service.set_exploits
  • service.quick_root_shell(passwords, TABLEATTACK_SCRIPT) // this will start terminal if success
  • end for
  • while true
  • machine = new Machine
  • machine.init(machine.random_ip)
  • if ip then machine.init(ip)
  • root_shell = machine.quick_attack
  • if root_shell then root_shell.start_terminal
  • if ip then exit()
  • end while
  • print "no quick shell available"
  • print "services"
  • for s in machine.services
  • print s.inspect(["info"])
  • end for
  • print "exploits"
  • for s in machine.services
  • for x in s.exploits
  • x.set_result_info
  • print x.inspect(["result", "result_info"])
  • end for
  • end for
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Vega, "vega")
src/tableAttack.src
  • Forcer = {}
  • Forcer.init = function(passwords = [], options = {"verbose": false})
  • self.passwords = passwords
  • self.verbose = options.verbose
  • end function
  • Forcer.brute_force = function()
  • count = 0
  • pass_len = self.passwords.len
  • for pass in self.passwords
  • count = count + 1
  • shell = get_shell("root", pass)
  • if shell then
  • if self.verbose then print("password is: "+pass)
  • self.password = pass
  • self.shell = shell
  • return
  • else
  • if self.verbose then print(count+" out of "+pass_len+" not "+pass)
  • self.password = null
  • self.shell = null
  • end if
  • end for
  • end function
  • Forcer.init(get_custom_object.passwords, {"verbose": true})
  • Forcer.init(get_custom_object.passwords, {"verbose": false})
  • Forcer.brute_force
  • get_custom_object.password = Forcer.password
  • get_custom_object.shell = Forcer.shell
src/machine.src
  • MachineServices = {}
  • //class eval shit
  • exploits_inspect = function(obj, scope)
  • exploits_len = 0
  • if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
  • return scope.exploits.len
  • end function
  • Service.attrs.push("exploits")
  • MachineServices.set_exploits = function()
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.scan.execute
  • self.exploits = self.scan.get_exploits
  • end function
  • MachineServices.quick_root_shell = function(passwords, attack_script)
  • for x in self.exploits
  • x.set_result
  • if typeof(x.result) != "shell" then continue
  • remote_shell = x.result
  • remote_comp = remote_shell.host_computer
  • if remote_comp.File("/home/guest/tableAttack.src") != null then
  • remote_comp.File("/home/guest/tableAttack.src").delete
  • end if
  • remote_comp.touch("/home/guest", "tableAttack.src")
  • remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
  • remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
  • passwords.push("Jeron")
  • get_custom_object.passwords = passwords
  • remote_shell.launch("/home/guest/tableAttack")
  • root_shell = get_custom_object.shell
  • if root_shell != null then root_shell.start_terminal
  • return root_shell
  • end for
  • return null
  • end function
  • Machine = {}
  • //Machine.passwords_list : required passwords list
  • //Machine.table_attack_script : required table attack script
  • Machine.services_inspect = function(obj, scope)
  • f = function(o)
  • exploits_len = 0
  • if o.hasIndex("exploits") then exploits_len = o.exploits.len
  • return o.inspect(["info", [exploits_len, "exploits_len"]])
  • end function
  • return scope.services.map(@f)
  • end function
  • Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
  • Machine.metaxploit = null //required
  • Machine.init = function(ip)
  • self.ip = ip
  • self.set_services
  • end function
  • Machine.quick_attack = function()
  • for service in self.services
  • service.set_exploits
  • root_shell = service.quick_root_shell(self.passwords_list, self.table_attack_script)
  • if typeof(root_shell) == "shell" then return root_shell
  • end for
  • return null
  • end function
  • Machine.random_ip = function()
  • first_byte_range = range(0, 255)
  • first_byte_range.remove(192) //reserved
  • first_byte_range.remove(191) //reserved
  • first_byte_range.remove(0) //reserved
  • first_byte_range.remove(10) //private
  • first_byte_range.remove(172) //private
  • first_byte_range.remove(128) //reserved
  • first_byte_range.remove(223) //reserved
  • rest_byte_range = range(0,255)
  • ip = []
  • ip.push(floor(rnd() * first_byte_range.len))
  • for i in range(2)
  • ip.push(floor(rnd() * rest_byte_range.len))
  • end for
  • ip = ip.join(".")
  • if is_valid_ip(ip) and get_router(ip) and get_shell.ping(ip) then
  • return ip
  • end if
  • return self.random_ip
  • end function
  • Machine.set_services = function()
  • self.nmap = new Nmap
  • self.nmap.init(self.ip)
  • self.services = self.nmap.services
  • for i in self.services.indexes
  • // class eval shit
  • self.services[i].set_exploits = @MachineServices.set_exploits
  • self.services[i].quick_root_shell = @MachineServices.quick_root_shell
  • end for
  • end function
  • // this will get more complicated later on, i want to choose a port that i have the most change of getting in
  • // so i can check a database of exploits see or see the local ip with most ports open etc
  • Machine.most_vulnerable_service = function()
  • if self.services.len == 1 then return self.services[0]
  • if self.services.len == 0 then return null
  • with_smallest_version = self.services[0]
  • for service in self.services[1:]
  • if service.version_to_int < with_smallest_version.version_to_int then
  • with_smallest_version = service
  • end if
  • end for
  • return with_smallest_version
  • end function