Files

cli/npcRshell.src src/machine.src cli/searchMails.src
cli/npcRshell.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, rnd_ip
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • RSERVER_INSTALLER_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/rserverInstaller.src")
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • Command = {}
  • Command.npcRsrv_sig = {}
  • Command.npcRsrv_sig["description"] = "hack a random pc and setup rshell server in it"
  • Command.npcRsrv_sig["args"] = []
  • Command.npcRsrv_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
  • Command.npcRsrv_sig["options"] = []
  • Command.npcRsrv = function(args = [], options = {})
  • while true
  • machine = new Machine
  • machine.init(rnd_ip, PASSWORDS_DISK, EXPLOITS_DISK)
  • if machine.open_services.len == 0 then continue
  • server_shell = null
  • server_port = null
  • for s in machine.open_services
  • s.set_exploits
  • shell = s.quick_root_shell(TABLEATTACK_SCRIPT)
  • if shell != null then
  • server_shell = shell
  • server_port = s.port
  • break
  • end if
  • end for
  • if server_shell == null then continue
  • server_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • if router_shell == null then continue
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • machine.save_exploits
  • server_shell.install_rserver(RSERVER_INSTALLER_SCRIPT)
  • server_shell.start_terminal
  • end while
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "npcRsrv")
src/machine.src
  • MachineServices = {}
  • //class eval shit
  • exploits_inspect = function(obj, scope)
  • exploits_len = 0
  • if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
  • return scope.exploits.len
  • end function
  • Service.attrs.push("exploits")
  • Service.load_exploits_from_cache = function()
  • exploits = self.machine.exploits_cache
  • if exploits.hasIndex(self.info_to_key) == 0 then return 0
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.exploits = []
  • for x in exploits[self.info_to_key]
  • exploit = new ScanExploit
  • exploit.init(self.scan, x)
  • self.exploits.push(exploit)
  • end for
  • return 1
  • end function
  • Service.load_exploits_from_scan = function()
  • exploits = self.machine.exploits_cache
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.scan.execute
  • self.exploits = self.scan.get_exploits
  • end function
  • Service.set_exploits = function()
  • exploits = self.machine.json.to_object(self.machine.exploits_disk.read_chars)
  • // skip_if_no_cache scan_only_if_no_cache scan_everytime
  • if exploits.hasIndex(self.info_to_key) then
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.exploits = []
  • for x in exploits[self.info_to_key]
  • exploit = new ScanExploit
  • exploit.init(self.scan, x)
  • self.exploits.push(exploit)
  • end for
  • else
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.scan.execute
  • self.exploits = self.scan.get_exploits
  • if self.machine.scan_strategy == "scan_everytime" then
  • self.load_exploits_from_scan
  • else if self.machine.scan_strategy == "skip_if_no_cache" then
  • self.load_exploits_from_cache
  • else if self.machine.scan_strategy == "scan_only_if_no_cache" then
  • if self.load_exploits_from_cache == 0 then self.load_exploits_from_scan
  • end if
  • end function
  • // require passwords list set in custom_object
  • Service.quick_root_shell = function(attack_script)
  • for x in self.exploits
  • x.set_result
  • if typeof(x.result) != "shell" then continue
  • remote_shell = x.result
  • remote_comp = remote_shell.host_computer
  • if remote_comp.File("/home/guest/tableAttack.src") != null then
  • remote_comp.File("/home/guest/tableAttack.src").delete
  • end if
  • remote_comp.touch("/home/guest", "tableAttack.src")
  • remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
  • print "building script"
  • remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
  • remote_shell.launch("/home/guest/tableAttack")
  • root_shell = get_custom_object.shell
  • return root_shell
  • end for
  • return null
  • end function
  • Machine = {}
  • Machine.exploits_cache = function
  • return self.json.to_object(self.exploits_disk.read_chars)
  • end function
  • //Machine.passwords_list : required passwords list
  • //Machine.table_attack_script : required table attack script
  • Machine.services_inspect = function(obj, scope)
  • f = function(o)
  • exploits_len = 0
  • if o.hasIndex("exploits") then exploits_len = o.exploits.len
  • return o.inspect(["info", [exploits_len, "exploits_len"], "port"])
  • end function
  • return scope.services.map(@f)
  • end function
  • Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
  • Machine.metaxploit = null //required
  • Machine.init = function(ip, passwords_disk, exploits_disk)
  • // skip_if_no_cache scan_only_if_no_cache scan_everytime
  • self.scan_strategy = "scan_only_if_no_cache"
  • self.ip = ip
  • self.set_services
  • self.passwords_disk = passwords_disk
  • self.passwords = self.passwords_disk.read_chars.split(char(10))
  • self.exploits_disk = exploits_disk
  • if self.exploits_disk.read_chars.len == 0 then
  • self.exploits_disk.write("{}")
  • end if
  • self.json = new JSON
  • if not get_custom_object.hasIndex("passwords") then
  • get_custom_object.passwords = self.passwords
  • end if
  • end function
  • Machine.save_exploits = function()
  • for s in self.services
  • key = s.info_to_key
  • exploits = []
  • if s.hasIndex("exploits") == 0 then continue
  • for x in s.exploits
  • x_obj = {}
  • x_obj["address"] = x.address
  • x_obj["value"] = x.value
  • x_obj["requirements"] = x.requirements
  • x_obj["requirements_len"] = x.requirements_len
  • if x.hasIndex("result") == 1 then x_obj["result"] = typeof(x.result)
  • exploits.push x_obj
  • end for
  • exploits_db = self.json.to_object(self.exploits_disk.read_chars)
  • exploits_db[key] = exploits
  • self.exploits_disk.nuke
  • self.exploits_disk.write(self.json.to_string(exploits_db))
  • end for
  • end function
  • Machine.quick_attack = function(only_routers = true, table_attack_script)
  • target_services = self.services
  • if only_routers == true then
  • target_services = [self.router_service]
  • end if
  • for service in target_services
  • service.set_exploits
  • root_shell = service.quick_root_shell(table_attack_script)
  • if typeof(root_shell) == "shell" then return root_shell
  • end for
  • return null
  • end function
  • Machine.set_services = function()
  • self.nmap = new Nmap
  • self.nmap.init(self.ip)
  • self.nmap.machine = self
  • self.services = self.nmap.services
  • for s in self.services
  • s.machine = self
  • end for
  • end function
  • Machine.router_service = function()
  • for s in self.services
  • if s.port == null then return s
  • end for
  • return null
  • end function
  • Machine.open_services = function()
  • f = function(o)
  • return o.status == "open"
  • end function
  • return self.services.select(@f)
  • end function
  • // this will get more complicated later on, i want to choose a port that i have the most change of getting in
  • // so i can check a database of exploits see or see the local ip with most ports open etc
  • Machine.most_vulnerable_service = function()
  • if self.services.len == 1 then return self.services[0]
  • if self.services.len == 0 then return null
  • with_smallest_version = self.services[0]
  • for service in self.services[1:]
  • if service.version_to_int < with_smallest_version.version_to_int then
  • with_smallest_version = service
  • end if
  • end for
  • return with_smallest_version
  • end function
cli/searchMails.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, rnd_ip
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • Command = {}
  • Command.searchMails_sig = {}
  • Command.searchMails_sig["description"] = "target router bounce exploits to get mails"
  • Command.searchMails_sig["args"] = ["ip*"]
  • Command.searchMails_sig["options"] = []
  • next_ip = function(ip)
  • numbers = ip.split(".")
  • numbers[-1] = numbers[-1].to_int + 1
  • return numbers.join(".")
  • end function
  • Command.searchMails = function(args = [], options = {})
  • machine = new Machine
  • machine.init(args[0], PASSWORDS_DISK, EXPLOITS_DISK)
  • machine.scan_strategy = "scan_everytime"
  • router_ips = machine.nmap.router.devices_lan_ip
  • //p machine.router_service
  • p machine.router_service.info
  • // find computer bounce exploits
  • exploits = []
  • machine.router_service.set_exploits
  • for x in machine.router_service.exploits
  • for i in router_ips
  • x.set_result next_ip(i)
  • if typeof(x.result) == "computer" then
  • exploits.push x
  • break
  • end if
  • end for
  • end for
  • p exploits.inspect(["value", "address"])
  • // war dial ips
  • computers = []
  • for x in exploits
  • for ip in router_ips
  • for i in range(10)
  • ip = next_ip(ip)
  • x.set_result(ip)
  • if typeof(x.result) == "computer" then computers.push x.result
  • end for
  • end for
  • end for
  • p computers
  • mails = []
  • banks = []
  • for c in computers
  • for user_home in c.File("/home").get_folders
  • mail_file = c.File("/home/" + user_home.name + "/Config/Mail.txt")
  • bank_file = c.File("/home/" + user_home.name + "/Config/Bank.txt")
  • if mail_file then mails.push mail_file.get_content + "from " + c.local_ip
  • if bank_file then banks.push bank_file.get_content + "from " + c.local_ip
  • end for
  • end for
  • mails = mails.uniq
  • banks = banks.uniq
  • print "BANKS"
  • print banks.join(char(10))
  • print "MAILS"
  • print mails.join(char(10))
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "searchMails")