Files

setup.src cli/npcRshell.src cli/searchMails.src cli/hostImg.src cli.src
setup.src
  • import_code("/home/me/h/libs/list.src")
  • import_code("/home/me/h/libs/disk.src")
  • import_code("/home/me/h/libs/passwords.src")
  • Disk.init("/home/me/h/disks", "passwords")
  • Disk.init("/home/me/Config", "passwords")
  • if(Disk.blobs.len > 1) then exit("password generation setup already completed")
  • PasswordGenerator.init(PASSWORDS)
  • print "generating passwords, it will take a while"
  • HASH_TABLE=PasswordGenerator.AllPasswords
  • print "done"
  • print "parsing passwords obj"
  • f = function(o)
  • return o[1]
  • end function
  • pass_list = HASH_TABLE.to_list.map(@f)
  • print "done"
  • print "writing to disk"
  • Disk.write(pass_list.join(char(10)))
  • print "done"
cli/npcRshell.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, rnd_ip
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • RSERVER_INSTALLER_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/rserverInstaller.src")
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • get_shell.host_computer.touch(home_dir + "/Config", "rservers.txt")
  • RSERVERS_FILE = get_shell.host_computer.File(home_dir + "/Config/rservers.txt")
  • Command = {}
  • Command.npcRsrv_sig = {}
  • Command.npcRsrv_sig["description"] = "hack a random pc and setup rshell server in it"
  • Command.npcRsrv_sig["args"] = []
  • Command.npcRsrv_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
  • Command.npcRsrv = function(args = [], options = {})
  • re_hack = function(s)
  • ip = s.split(":")[0]
  • port = s.split(":")[1].to_int
  • machine = new Machine
  • machine.init(ip, PASSWORDS_DISK, EXPLOITS_DISK)
  • server_service = null
  • for s in machine.services
  • if s.port == port then server_service = s
  • end for
  • server_service.set_exploits
  • server_shell = server_service.quick_root_shell(TABLEATTACK_SCRIPT)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • server_shell.clear_logs(EMPTY_LOG_PATH)
  • if options["-w"] then exit
  • server_shell.start_terminal
  • end function
  • rservers = RSERVERS_FILE.get_content.split(char(10)).compact
  • if rservers.len > 0 then
  • print "you arealdy have hacked rservers, do you want to reuse them?" + char(10)
  • for i in rservers.indexes
  • rservers[i] = [@re_hack, rservers[i], rservers[i]]
  • end for
  • rservers.push ["return", null, "hack a new one"]
  • option_selector rservers
  • end if
  • while true
  • machine = new Machine
  • machine.init(rnd_ip, PASSWORDS_DISK, EXPLOITS_DISK)
  • if machine.open_services.len == 0 then continue
  • server_shell = null
  • server_port = null
  • for s in machine.open_services
  • s.set_exploits
  • shell = s.quick_root_shell(TABLEATTACK_SCRIPT)
  • if shell != null then
  • server_shell = shell
  • server_port = s.port
  • break
  • end if
  • end for
  • if server_shell == null then continue
  • server_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • if router_shell == null then continue
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • machine.save_exploits
  • server_shell.install_rserver(RSERVER_INSTALLER_SCRIPT)
  • RSERVERS_FILE.set_content(RSERVERS_FILE.get_content + char(10) + machine.ip + ":" + server_port)
  • server_shell.start_terminal
  • end while
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "npcRsrv")
cli/searchMails.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, rnd_ip
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • Command = {}
  • Command.searchMails_sig = {}
  • Command.searchMails_sig["description"] = "target router bounce exploits to get mails"
  • Command.searchMails_sig["args"] = ["ip*"]
  • Command.searchMails_sig["options"] = []
  • next_ip = function(ip)
  • numbers = ip.split(".")
  • numbers[-1] = numbers[-1].to_int + 1
  • return numbers.join(".")
  • end function
  • Command.searchMails = function(args = [], options = {})
  • machine = new Machine
  • machine.init(args[0], PASSWORDS_DISK, EXPLOITS_DISK)
  • machine.scan_strategy = "scan_everytime"
  • router_ips = machine.nmap.router.devices_lan_ip
  • //p machine.router_service
  • p machine.router_service.info
  • // find computer bounce exploits
  • exploits = []
  • machine.router_service.set_exploits
  • for x in machine.router_service.exploits
  • for i in router_ips
  • x.set_result next_ip(i)
  • if typeof(x.result) == "computer" then
  • exploits.push x
  • break
  • end if
  • end for
  • end for
  • p exploits.inspect(["value", "address"])
  • // war dial ips
  • computers = []
  • for x in exploits
  • for ip in router_ips
  • for i in range(10)
  • ip = next_ip(ip)
  • x.set_result(ip)
  • if typeof(x.result) == "computer" then computers.push x.result
  • end for
  • end for
  • end for
  • p computers
  • creds = []
  • mails = []
  • banks = []
  • for c in computers
  • passwdfile = c.File("/etc/passwd")
  • if passwdfile.has_permission("r") then
  • passwdfile = passwdfile.get_content.replace(char(10), " from " + c.local_ip + char(10))
  • creds = passwdfile.split(char(10))
  • end if
  • for user_home in c.File("/home").get_folders
  • mail_file = c.File("/home/" + user_home.name + "/Config/Mail.txt")
  • bank_file = c.File("/home/" + user_home.name + "/Config/Bank.txt")
  • if mail_file then mails.push mail_file.get_content + "from " + c.local_ip
  • if bank_file then banks.push bank_file.get_content + "from " + c.local_ip
  • if mail_file then mails.push mail_file.get_content + " from " + c.local_ip
  • if bank_file then banks.push bank_file.get_content + " from " + c.local_ip
  • end for
  • end for
  • mails = mails.uniq
  • banks = banks.uniq
  • print "CREDENTIALS"
  • print creds.join(char(10))
  • print "BANKS"
  • print banks.join(char(10))
  • print "MAILS"
  • print mails.join(char(10))
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "searchMails")
cli/hostImg.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, rnd_ip
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • IMG_HTML = get_shell.host_computer.File(home_dir + "/Config/img.html")
  • IMG_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/IMGsite.src")
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • get_shell.host_computer.touch(home_dir + "/Config", "sites.txt")
  • SITES_FILE = get_shell.host_computer.File(home_dir + "/Config/sites.txt")
  • Command = {}
  • Command.hostImg_sig = {}
  • Command.hostImg_sig["description"] = "hack a random site and host a img"
  • Command.hostImg_sig["description"] = "hack a random site"
  • Command.hostImg_sig["args"] = []
  • Command.hostImg_sig["options"] = []
  • Command.hostImg_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
  • Command.hostImg = function(args = [], options = {})
  • img_data = user_input("image data: ")
  • Command.hostImg = function(args = [], options = {})
  • re_hack = function(ip)
  • machine = new Machine
  • machine.init(ip, PASSWORDS_DISK, EXPLOITS_DISK)
  • site_service = null
  • for s in machine.services
  • if s.port == 80 then
  • site_service = s
  • end if
  • end for
  • site_service.set_exploits
  • site_shell = site_service.quick_root_shell(TABLEATTACK_SCRIPT)
  • site_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • if options["-w"] then exit
  • site_shell.start_terminal
  • end function
  • sites = SITES_FILE.get_content.split(char(10)).compact
  • if sites.len > 0 then
  • print "you arealdy have hacked proxies, do you want to reuse them?" + char(10)
  • for i in sites.indexes
  • sites[i] = [@re_hack, sites[i], sites[i]]
  • end for
  • sites.push ["return", null, "hack a new one"]
  • option_selector sites
  • end if
  • while true
  • machine = new Machine
  • machine.init(rnd_ip, PASSWORDS_DISK, EXPLOITS_DISK)
  • site_service = null
  • for s in machine.services
  • if s.port == 80 then
  • site_service = s
  • end if
  • end for
  • if not site_service then continue
  • site_service.set_exploits
  • site_shell = site_service.quick_root_shell(TABLEATTACK_SCRIPT)
  • if site_shell == null then continue
  • site_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • if router_shell == null then continue
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • machine.save_exploits
  • img_html = IMG_HTML.get_content
  • img_html = img_html.replace("IMG_DATA_HERE", img_data)
  • print img_html
  • site_shell.host_computer.touch("/home/guest", "img.html")
  • site_shell.host_computer.File("/home/guest/img.html").set_content(img_html)
  • site_shell.host_computer.touch("/home/guest", "IMGsite.src")
  • site_shell.host_computer.File("/home/guest/IMGsite.src").set_content(IMG_SCRIPT.get_content)
  • site_shell.build("/home/guest/IMGsite.src", "/home/guest")
  • site_shell.launch("/home/guest/IMGsite")
  • SITES_FILE.set_content(SITES_FILE.get_content + char(10) + machine.ip)
  • site_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • print "here is the img site: " + machine.ip
  • machine.save_exploits
  • site_shell.start_terminal
  • exit
  • end while
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "hostImg")
cli.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap
  • import_code("/home/me/h/libs/meta.src") // exports Meta
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • LIBS_DISK = new Disk
  • LIBS_DISK.init(home_dir + "/Config", "libsDB")
  • LIB_STORE_PATH = home_dir + "/Config/libs"
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • fish_lib = {"router": "kernel_router.so", "http": "libhttp.so", "ssh": "libssh.so", "repository": "librepository.so"}
  • Vega = {}
  • Vega.vega_sig = {}
  • Vega.vega_sig["description"] = "auto hacking tool"
  • Vega.vega_sig["args"] = [""]
  • Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
  • Vega.vega = function(args = [], options = {})
  • has_verbose = options["-v"]
  • machine = new Machine
  • machine.init(machine.random_ip, PASSWORDS_DISK.read_chars.split(char(10)))
  • for s in machine.services
  • known_libs = get_shell.host_computer.File(LIB_STORE_PATH).get_files
  • for i in known_libs.indexes
  • known_libs[i] = known_libs[i].name
  • end for
  • s.set_exploits
  • if not fish_lib.hasIndex(s.info.split(" ")[0]) then continue
  • key = s.info.replace(".", "").replace(" ", "")
  • if known_libs.indexOf(key) then continue
  • so_name = fish_lib[s.info.split(" ")[0]]
  • sh = s.quick_root_shell(TABLEATTACK_SCRIPT)
  • if typeof(sh) != "shell" then continue
  • o = sh.scp("/lib/" + so_name, LIB_STORE_PATH, get_shell)
  • sh.clear_logs(EMPTY_LOG_PATH)
  • o = get_shell.host_computer.File(LIB_STORE_PATH + "/" + so_name)
  • if typeof(o) != "file" then
  • print o
  • else
  • o.rename(key)
  • end if
  • end for
  • end function
  • Vega.root_random_router = function()
  • while true
  • machine = new Machine
  • machine.init(machine.random_ip)
  • root_shell = machine.quick_attack(true)
  • if root_shell == null then continue
  • return root_shell.clear_logs(EMPTY_LOG_PATH)
  • end while
  • end function
  • Vega.exploit_all_services = function(machine)
  • for s in machine.services
  • s.set_exploits
  • for x in s.exploits
  • x.set_result
  • end for
  • end for
  • print "services"
  • for s in machine.services
  • print s.inspect(["info"])
  • end for
  • print "exploits"
  • for s in machine.services
  • for x in s.exploits
  • print x.inspect(["address", "value", "result_class"])
  • end for
  • end for
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Vega, "vega")