Files

cli.src src/machine.src
cli.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap
  • import_code("/home/me/h/libs/meta.src") // exports Meta
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File("/home/me/h/src/tableAttack.src")
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init("/home/me/h/disks", "passwords")
  • EMPTY_LOG_PATH = "/home/me/Config/emptyLog"
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • LIBS_DISK = new Disk
  • LIBS_DISK.init(home_dir + "/Config", "libsDB")
  • LIB_STORE_PATH = home_dir + "/Config/libs"
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • fish_lib = {"router": "kernel_router.so", "http": "libhttp.so", "ssh": "libssh.so", "repository": "librepository.so"}
  • Vega = {}
  • Vega.vega_sig = {}
  • Vega.vega_sig["description"] = "auto hacking tool"
  • Vega.vega_sig["args"] = [""]
  • Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
  • Vega.vega = function(args = [], options = {})
  • has_verbose = options["-v"]
  • Machine.passwords_list = PASSWORDS_DISK.read_chars.split(char(10))
  • Machine.table_attack_script = TABLEATTACK_SCRIPT
  • machine = new Machine
  • machine.init(machine.random_ip, PASSWORDS_DISK.read_chars.split(char(10)))
  • Meta.init
  • Meta.console
  • for s in machine.services
  • known_libs = get_shell.host_computer.File(LIB_STORE_PATH).get_files
  • for i in known_libs.indexes
  • known_libs[i] = known_libs[i].name
  • end for
  • s.set_exploits
  • if not fish_lib.hasIndex(s.info.split(" ")[0]) then continue
  • key = s.info.replace(".", "").replace(" ", "")
  • if known_libs.indexOf(key) then continue
  • so_name = fish_lib[s.info.split(" ")[0]]
  • sh = s.quick_root_shell(TABLEATTACK_SCRIPT)
  • if typeof(sh) != "shell" then continue
  • o = sh.scp("/lib/" + so_name, LIB_STORE_PATH, get_shell)
  • sh.clear_logs(EMPTY_LOG_PATH)
  • o = get_shell.host_computer.File(LIB_STORE_PATH + "/" + so_name)
  • if typeof(o) != "file" then
  • print o
  • else
  • o.rename(key)
  • end if
  • end for
  • end function
  • Vega.root_random_router = function()
  • while true
  • machine = new Machine
  • machine.init(machine.random_ip)
  • if ip then machine.init(ip)
  • if ip then break
  • root_shell = machine.quick_attack(true)
  • if root_shell == null then continue
  • return root_shell.clear_logs(EMPTY_LOG_PATH)
  • end while
  • end function
  • Vega.exploit_all_services = function(machine)
  • for s in machine.services
  • s.set_exploits
  • for x in s.exploits
  • x.set_result
  • end for
  • end for
  • print "services"
  • for s in machine.services
  • print s.inspect(["info"])
  • end for
  • print "exploits"
  • for s in machine.services
  • for x in s.exploits
  • print x.inspect(["address", "value", "result_class"])
  • end for
  • end for
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Vega, "vega")
src/machine.src
  • MachineServices = {}
  • //class eval shit
  • exploits_inspect = function(obj, scope)
  • exploits_len = 0
  • if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
  • return scope.exploits.len
  • end function
  • Service.attrs.push("exploits")
  • Service.set_exploits = function()
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.scan.execute
  • self.exploits = self.scan.get_exploits
  • end function
  • Service.quick_root_shell = function(passwords, attack_script)
  • // require passwords list set in custom_object
  • Service.quick_root_shell = function(attack_script)
  • for x in self.exploits
  • x.set_result
  • if typeof(x.result) != "shell" then continue
  • remote_shell = x.result
  • remote_comp = remote_shell.host_computer
  • if remote_comp.File("/home/guest/tableAttack.src") != null then
  • remote_comp.File("/home/guest/tableAttack.src").delete
  • end if
  • remote_comp.touch("/home/guest", "tableAttack.src")
  • remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
  • print "building script"
  • remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
  • get_custom_object.passwords = passwords
  • remote_shell.launch("/home/guest/tableAttack")
  • root_shell = get_custom_object.shell
  • return root_shell
  • end for
  • return null
  • end function
  • Machine = {}
  • //Machine.passwords_list : required passwords list
  • //Machine.table_attack_script : required table attack script
  • Machine.services_inspect = function(obj, scope)
  • f = function(o)
  • exploits_len = 0
  • if o.hasIndex("exploits") then exploits_len = o.exploits.len
  • return o.inspect(["info", [exploits_len, "exploits_len"], "port"])
  • end function
  • return scope.services.map(@f)
  • end function
  • Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
  • Machine.metaxploit = null //required
  • Machine.init = function(ip)
  • Machine.init = function(ip, passwords)
  • self.ip = ip
  • self.set_services
  • self.passwords = passwords
  • get_custom_object.passwords = self.passwords
  • end function
  • Machine.quick_attack = function(only_routers = true)
  • target_services = self.services
  • if only_routers == true then
  • f = function(o)
  • return o.port == null
  • end function
  • target_services.map(@f)
  • end if
  • for service in target_services
  • service.set_exploits
  • root_shell = service.quick_root_shell(self.passwords_list, self.table_attack_script)
  • if typeof(root_shell) == "shell" then return root_shell
  • end for
  • return null
  • end function
  • Machine.random_ip = function()
  • first_byte_range = range(0, 255)
  • first_byte_range.remove(192) //reserved
  • first_byte_range.remove(191) //reserved
  • first_byte_range.remove(0) //reserved
  • first_byte_range.remove(10) //private
  • first_byte_range.remove(172) //private
  • first_byte_range.remove(128) //reserved
  • first_byte_range.remove(223) //reserved
  • rest_byte_range = range(0,255)
  • ip = []
  • ip.push(floor(rnd() * first_byte_range.len))
  • for i in range(2)
  • ip.push(floor(rnd() * rest_byte_range.len))
  • end for
  • ip = ip.join(".")
  • if is_valid_ip(ip) and get_router(ip) and get_shell.ping(ip) then
  • return ip
  • end if
  • return self.random_ip
  • end function
  • Machine.set_services = function()
  • self.nmap = new Nmap
  • self.nmap.init(self.ip)
  • self.services = self.nmap.services
  • end function
  • // this will get more complicated later on, i want to choose a port that i have the most change of getting in
  • // so i can check a database of exploits see or see the local ip with most ports open etc
  • Machine.most_vulnerable_service = function()
  • if self.services.len == 1 then return self.services[0]
  • if self.services.len == 0 then return null
  • with_smallest_version = self.services[0]
  • for service in self.services[1:]
  • if service.version_to_int < with_smallest_version.version_to_int then
  • with_smallest_version = service
  • end if
  • end for
  • return with_smallest_version
  • end function