Grey Repo

Files

cli.src libs/nmap.src libs/scan.src src/machine.src libs/meta.src src/shell.src

cli.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap
import_code("/home/me/h/libs/meta.src") // exports Meta
import_code("/home/me/h/src/shell.src") // extend map
TABLEATTACK_SCRIPT = get_shell.host_computer.File("/home/me/h/src/tableAttack.src")
PASSWORDS_DISK = new Disk
PASSWORDS_DISK.init("/home/me/h/disks", "passwords")
EMPTY_LOG_PATH = "/home/me/Config/emptyLog"
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
Vega = {}
Vega.vega_sig = {}
Vega.vega_sig["description"] = "auto hacking tool"
~~Vega.vega_sig["args"] = ["ip"]~~
Vega.vega_sig["args"] = [""]
Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
Vega.vega = function(args = [], options = {})
has_verbose = options["-v"]
Machine.passwords_list = PASSWORDS_DISK.read_chars.split(char(10))
Machine.table_attack_script = TABLEATTACK_SCRIPT
~~ip = args[0]~~
Meta.init
Meta.console
end function
Vega.root_random_router = function()
while true
machine = new Machine
machine.init(machine.random_ip)
if ip then machine.init(ip)
if ip then break
~~root_shell = machine.quick_attack~~
~~if root_shell == null then continue~~
~~// clear logs~~
root_comp = root_shell.host_computer
~~new_log_name = EMPTY_LOG_PATH.split("/")[-1]~~
~~get_shell.scp(EMPTY_LOG_PATH, "/var", root_shell)~~
new_log_file = root_comp.File("/var/"+new_log_name)
root_shell = machine.quick_attack(true)
~~copy_out = new_log_file.copy("/var", "system.log")~~
~~if copy_out != 1 then print copy_out~~
~~new_log_file.rename(".log")~~
if root_shell == null then continue
~~root_shell.start_terminal~~
return root_shell.clear_logs(EMPTY_LOG_PATH)
end while
end function
Vega.exploit_all_services = function(machine)
for s in machine.services
s.set_exploits
for x in s.exploits
x.set_result
end for
end for
print "services"
for s in machine.services
print s.inspect(["info"])
end for
print "exploits"
for s in machine.services
for x in s.exploits
print x.inspect(["address", "value", "result_class"])
end for
end for
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Vega, "vega")

libs/nmap.src

~~map = function(list, func)~~
lmap = function(list, func)
result = list[0:] //list copy.
for i in indexes(list)
result[i] = func(result[i])
end for
return result
end function
Service = {}
// port : port number
// lan_ip
// info : service name and version
// port_obj : port obj
// version_to_int : int of 3 digits
Service.attrs = ["port", "status", "lan_ip", "info"]
Service.init = function(nmap, port = null)
self.nmap = nmap
if port == null then
self.port_obj = null
self.port = null
self.status = null
self.info = "router " + self.nmap.router.kernel_version
self.lan_ip = self.nmap.router.local_ip
else
self.port_obj = port
self.port = self.port_obj.port_number
self.status = "open"
if(self.port_obj.is_closed and not self.nmap.is_lan) then
self.status = "closed"
end if
self.info = self.nmap.router.port_info(self.port_obj)
self.lan_ip = self.port_obj.get_lan_ip
end if
self.version_to_int = self.info.split(" ")[1].split(".").join("").to_int
end function
Nmap = {}
Nmap.init = function(ip)
self.ip = ip
if not is_valid_ip(self.ip) then exit("nmap: invalid ip address")
self.is_lan = is_lan_ip(self.ip)
self.set_router
self.set_ports
self.set_services
end function
Nmap.set_router = function()
if self.is_lan then
self.router = get_router;
else
self.router = get_router(self.ip)
end if
if self.router == null then exit("nmap: ip address not found")
end function
Nmap.set_ports = function()
if not self.is_lan then
self.ports = self.router.used_ports
else
self.ports = self.router.device_ports(self.ip)
end if
if self.ports == null then exit("nmap: ip address not found")
if typeof(self.ports) == "string" then exit(self.ports)
end function
Nmap.set_services = function()
scope = self
port_to_service = function(port)
service = new Service
service.init(scope, port)
return service
end function
~~self.services = map(self.ports, @port_to_service)~~
self.services = lmap(self.ports, @port_to_service)
service = new Service
service.init(scope)
self.services.push service
end function

libs/scan.src

~~map = function(list, func)~~
lmap = function(list, func)
result = list[0:] //list copy.
for i in indexes(list)
result[i] = func(result[i])
end for
return result
end function
_or = function(value1, value2)
if value1 == null or value1 == false then
return value2
end if
return value1
end function
// converts scan_address output to a list easier to process
// usage example:
// mem_scan = metaxploit.scan_address(metaLib, entry)
// mem_scan = mem_scan_exploits(mem_scan)
mem_scan_exploits = function(mem_scan)
ex_list = []
while true
ex_mark = mem_scan.indexOf("<b>")
if ex_mark == null then break
// get exploit value
ex_mark_end = mem_scan.indexOf("</b>")
value = slice(mem_scan, ex_mark+3, ex_mark_end)
// get requirements
mem_scan = mem_scan[ex_mark_end+5:]
mem_scan = mem_scan[mem_scan.indexOf(".")+1:]
mem_scan_lines = mem_scan.split(char(10))[1:]
if mem_scan_lines[0].indexOf("*") != null then
req = mem_scan_lines[:mem_scan_lines.indexOf("")]
else
req = []
end if
if req.len >= 1 then
mem_scan = mem_scan[mem_scan.indexOf(req[-1])+req[-1].len+1:]
end if
exploit = [value, req]
//["exploit_name": ["requirement", "requirement"]]
ex_list.push(exploit)
end while
return ex_list
//[
// {"exploit_name": ["requirement", "requirement"]},
// {"exploit_name": ["requirement", "requirement"]}
//]
end function
ScanExploitResult = {}
// ScanExploitResult.obj : result obj
// ScanExploitResult.info : string containing result info
ScanExploitResult.attrs = ["obj", "info"]
ScanExploitResult.init = function(obj, extra_param = null)
self.obj = obj
self.extra_param = extra_param
end function
ScanExploitResult.check_user = function(computer)
if computer.touch("/home/guest", "anonymous.dat") then
file = computer.File("/home/guest/anonymous.dat")
return file.owner
end if
return "unknown"
end function
ScanExploitResult.check_permissions = function(computer)
out = ""
c_home = computer.File("/home")
if c_home != null and c_home.has_permission("r") then
out = out + " /home"
end if
c_passwd = computer.File("/etc/passwd")
if c_passwd != null and c_passwd.has_permission("r") then
out = out + " /etc/passwd"
end if
c_libs = computer.File("/lib")
if c_libs != null and c_libs.has_permission("r") then
out = out + " /lib"
end if
if out != "" then
out = "permission on" + out
end if
return out
end function
ScanExploitResult.set_info = function(extra_param = null)
out = ""
type = typeof(self.obj)
if type == "file" then
if self.obj.is_folder then
out = "folder"
end if
permission = " without permission"
if self.obj.has_permission("r") then permission = " with permission"
out = out + permission
out = out + " " + self.obj.path
end if
if type == "shell" or type == "computer" then
comp = self.obj
if type == "shell" then comp = self.obj.host_computer
user = self.check_user(comp)
out = out + user + " user"
out = out + " " + self.check_permissions(comp)
end if
if type == "number" then
out = out + self.obj
if extra_param == null then extra_param = "null"
out = out + " extra_param: " + extra_param
end if
self.info = out
end function
ScanExploit = {}
// ScanExploit.address : "0x62AC77E1"
// ScanExploit.value : "applyund"
// ScanExploit.requirements : ["* req1", "* req2"]
// ScanExploit.result :shell, computer, number, null, file object
// ScanExploit.result_class : result obj wrapped in a class with some useful methods
ScanExploit.attrs = ["requirements_len", "result"]
ScanExploit.init = function(scan, options)
self.scan = scan
self.address = options.address
self.value = options.value
self.requirements = options.requirements
self.requirements_len = self.requirements.len
end function
ScanExploit.set_result = function(extra_param = null)
result = self.scan.meta_lib.overflow(self.address, self.value)
if result == null then
if extra_param != null and extra_param != "" then
result = self.scan.meta_lib.overflow(self.address, self.value, extra_param)
end if
end if
self.result = result
self.result_class = new ScanExploitResult
self.result_class.init(result)
self.result_class.set_info(extra_param)
end function
Scan = {}
Scan.attrs = ["ip", "port", "lib_version", "lib_name"]
Scan.lib_path = null
Scan.lib_file = null
Scan.show_null = false
Scan.shell = get_shell
Scan.computer = Scan.shell.host_computer
// Scan.lib_file = null : local libe, set when scanning a local lib
// Scan.net_session : remote lib, set when scaning a remote ip
// Scan.metaxploit : required metaxploit lib obj
// Scan.meta_lib : set after running execute method
// Scan.lib_name : set after running execute method
// Scan.lib_version : set after running execute method
// Scan.exploits : list of all exploits found, set after execute method
Scan.init = function(ip, port)
self.ip = ip
self.port = port
if self.ip != null then
self.net_session = _or(self.metaxploit.net_use(self.ip, self.port), self.metaxploit.net_use(self.ip))
else
self.lib_file = self.computer.File(self.lib_path)
end if
end function
Scan.execute = function()
if self.lib_file != null then
self.meta_lib = metaxploit.load(self.lib_file.path)
else
self.meta_lib = self.net_session.dump_lib
end if
self.lib_name = self.meta_lib.lib_name
self.lib_version = self.meta_lib.version
self.addresses = self.metaxploit.scan(self.meta_lib)
// ["0x62AC77E1", "0x50D166E8", "0x611B6063", "0x1A9FD00C"]
self.get_exploits
end function
Scan.get_exploits = function()
scope = self
get_values = function(address)
exploits_text = scope.metaxploit.scan_address(scope.meta_lib, address)
exploits_values = mem_scan_exploits(exploits_text)
return [address, exploits_values]
end function
~~self.exploits = map(self.addresses, @get_values)~~
self.exploits = lmap(self.addresses, @get_values)
// [0x611B6063, [[applyund, [* req1, * req2]], ...], ...], ...}]
result = []
for exploit_values in self.exploits
for value in exploit_values[1]
exploit = new ScanExploit
exploit.init(self, {"address": exploit_values[0], "value": value[0], "requirements": value[1]})
result.push(exploit)
end for
end for
return result
//self.exploits = []
end function

src/machine.src

MachineServices = {}
//class eval shit
exploits_inspect = function(obj, scope)
exploits_len = 0
if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
return scope.exploits.len
end function
Service.attrs.push("exploits")
Service.set_exploits = function()
self.scan = new Scan
self.scan.init(self.nmap.ip, self.port)
self.scan.execute
self.exploits = self.scan.get_exploits
end function
Service.quick_root_shell = function(passwords, attack_script)
for x in self.exploits
x.set_result
if typeof(x.result) != "shell" then continue
remote_shell = x.result
remote_comp = remote_shell.host_computer
if remote_comp.File("/home/guest/tableAttack.src") != null then
remote_comp.File("/home/guest/tableAttack.src").delete
end if
remote_comp.touch("/home/guest", "tableAttack.src")
remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
print "building script"
remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
get_custom_object.passwords = passwords
remote_shell.launch("/home/guest/tableAttack")
root_shell = get_custom_object.shell
return root_shell
end for
return null
end function
Machine = {}
//Machine.passwords_list : required passwords list
//Machine.table_attack_script : required table attack script
Machine.services_inspect = function(obj, scope)
f = function(o)
exploits_len = 0
if o.hasIndex("exploits") then exploits_len = o.exploits.len
~~return o.inspect(["info", [exploits_len, "exploits_len"]])~~
return o.inspect(["info", [exploits_len, "exploits_len"], "port"])
end function
return scope.services.map(@f)
end function
Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
Machine.metaxploit = null //required
Machine.init = function(ip)
self.ip = ip
self.set_services
end function
~~Machine.quick_attack = function()~~
for service in self.services
Machine.quick_attack = function(only_routers = true)
target_services = self.services
if only_routers == true then
f = function(o)
return o.port == null
end function
target_services.map(@f)
end if
for service in target_services
service.set_exploits
root_shell = service.quick_root_shell(self.passwords_list, self.table_attack_script)
if typeof(root_shell) == "shell" then return root_shell
end for
return null
end function
Machine.random_ip = function()
first_byte_range = range(0, 255)
first_byte_range.remove(192) //reserved
first_byte_range.remove(191) //reserved
first_byte_range.remove(0) //reserved
first_byte_range.remove(10) //private
first_byte_range.remove(172) //private
first_byte_range.remove(128) //reserved
first_byte_range.remove(223) //reserved
rest_byte_range = range(0,255)
ip = []
ip.push(floor(rnd() * first_byte_range.len))
for i in range(2)
ip.push(floor(rnd() * rest_byte_range.len))
end for
ip = ip.join(".")
if is_valid_ip(ip) and get_router(ip) and get_shell.ping(ip) then
return ip
end if
return self.random_ip
end function
Machine.set_services = function()
self.nmap = new Nmap
self.nmap.init(self.ip)
self.services = self.nmap.services
end function
// this will get more complicated later on, i want to choose a port that i have the most change of getting in
// so i can check a database of exploits see or see the local ip with most ports open etc
Machine.most_vulnerable_service = function()
if self.services.len == 1 then return self.services[0]
if self.services.len == 0 then return null
with_smallest_version = self.services[0]
for service in self.services[1:]
if service.version_to_int < with_smallest_version.version_to_int then
with_smallest_version = service
end if
end for
return with_smallest_version
end function

libs/meta.src

~~Scoper = {}~~
~~Scoper.get_scope = function()~~
~~scope = {}~~
~~scope.map = map~~
~~scope.list = list~~
~~scope.number = number~~
~~scope.string = string~~
~~scope.globals = globals~~
~~return scope~~
~~end function~~
~~Scoper.shallow_copy = function(obj1, obj2)~~
~~for i in obj2.indexes~~
~~obj1[@i] = @obj2[@i]~~
~~end for~~
~~end function~~
~~Scoper.transfer_scope = function(scope)~~
~~self.shallow_copy(map, scope.map)~~
~~self.shallow_copy(list, scope.list)~~
~~self.shallow_copy(number, scope.number)~~
~~self.shallow_copy(string, scope.string)~~
~~self.shallow_copy(globals, scope.globals)~~
~~end function~~
~~Meta = {}~~
~~Meta.shell = get_shell~~
~~Meta.computer = Meta.shell.host_computer~~
~~// PREPEND_MARK~~
~~Meta.prepend_code = "get_scope = function()~~
~~scope = {}~~
~~scope.map = map~~
~~scope.list = list~~
~~scope.number = number~~
~~scope.string = string~~
~~scope.globals = globals~~
~~return scope~~
~~end function~~
~~shallow_copy = function(obj1, obj2)~~
~~for i in obj2.indexes~~
~~obj1[@i] = @obj2[@i]~~
~~end for~~
~~end function~~
~~transfer_scope = function(scope)~~
~~shallow_copy(map, scope.map)~~
~~shallow_copy(list, scope.list)~~
~~shallow_copy(number, scope.number)~~
~~shallow_copy(string, scope.string)~~
~~shallow_copy(globals, scope.globals)~~
~~end function~~
~~parent_scope = get_custom_object.parent_scope~~
~~transfer_scope(parent_scope)~~
"
~~// APPEND_MARK~~
~~Meta.append_code = "get_custom_object.child_scope = get_scope"~~
~~// required options:~~
~~// build_full_path, example /home/me/evals/evalscript.src~~
~~Meta.init = function(build_full_path = "/home/guest/evalscript.src")~~
~~self.build_full_path = build_full_path~~
~~self.build_path = self.build_full_path.split("/")[0:-1].join("/")~~
~~self.build_name = self.build_full_path.split("/")[-1]~~
~~self.build_bin_name = self.build_name.split(".")[0]~~
~~self.build_bin_full_path = self.build_path + "/" + self.build_bin_name~~
~~end function~~
~~Meta.eval = function(code)~~
~~eval_script_code = self.prepend_code + char(10) + code + char(10) + self.append_code~~
~~self.computer.touch(self.build_path, self.build_name)~~
~~eval_script = self.computer.File(self.build_full_path)~~
~~eval_script.set_content(eval_script_code)~~
~~compiler_out = get_shell.build(self.build_full_path, self.build_path)~~
~~if compiler_out then~~
~~print compiler_out~~
~~return~~
~~end if~~
~~get_custom_object.parent_scope = Scoper.get_scope~~
~~get_shell.launch(self.build_bin_full_path)~~
~~if get_custom_object.hasIndex("child_scope") then Scoper.transfer_scope(get_custom_object.child_scope)~~
~~end function~~
~~Meta.console = function()~~
~~prompt_code = function(line = 0)~~
~~code = user_input("igs("+line+")> ")~~
~~if code == "continue" then return 0~~
~~if code.len > 0 and code.values[-1] == char(92) then~~
~~return code[0:-1] + char(10) + prompt_code(line + 1)~~
~~end if~~
~~return code~~
~~end function~~
~~while true~~
~~arbitrary_code = prompt_code~~
~~if not arbitrary_code then return~~
~~self.eval(arbitrary_code)~~
~~end while~~
~~end function~~

src/shell.src

~~// extend shell objs~~
~~map.clear_logs = function(empty_log_path)~~
~~if typeof(self) != "shell" then~~
~~print "<color=red>error obj is not an shell</color>"~~
~~end if~~
~~shell = self~~
~~comp = shell.host_computer~~
~~new_log_name = empty_log_path.split("/")[-1]~~
~~get_shell.scp(empty_log_path, "/var", shell)~~
~~new_log_file = comp.File("/var/"+new_log_name)~~
~~copy_out = new_log_file.copy("/var", "system.log")~~
~~if copy_out != 1 then print copy_out~~
~~new_log_file.rename(".log")~~
~~return shell~~
~~end function~~