Files

cli/hostImg.src libs/optionSelector.src src/machine.src cli/hack.src
cli/hostImg.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, rnd_ip
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • ENTRIES_DISK = new Disk
  • ENTRIES_DISK.init(home_dir + "/Config", "entries")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • get_shell.host_computer.touch(home_dir + "/Config", "sites.txt")
  • SITES_FILE = get_shell.host_computer.File(home_dir + "/Config/sites.txt")
  • Command = {}
  • Command.hostImg_sig = {}
  • Command.hostImg_sig["description"] = "hack a random site"
  • Command.hostImg_sig["args"] = []
  • Command.hostImg_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
  • Command.hostImg = function(args = [], options = {})
  • re_hack = function(ip)
  • machine = new Machine
  • machine.init(ip, PASSWORDS_DISK, EXPLOITS_DISK, ENTRIES_DISK)
  • site_service = null
  • for s in machine.services
  • if s.port == 80 then
  • site_service = s
  • end if
  • end for
  • site_service.set_exploits
  • site_shell = site_service.quick_root_shell(TABLEATTACK_SCRIPT)
  • site_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • if options["-w"] then exit
  • site_shell.start_terminal
  • end function
  • sites = SITES_FILE.get_content.split(char(10)).compact
  • if sites.len > 0 then
  • print "you arealdy have hacked proxies, do you want to reuse them?" + char(10)
  • for i in sites.indexes
  • sites[i] = [@re_hack, sites[i], sites[i]]
  • end for
  • sites.push ["return", null, "hack a new one"]
  • option_selector sites
  • end if
  • while true
  • machine = new Machine
  • machine.init(rnd_ip, PASSWORDS_DISK, EXPLOITS_DISK)
  • machine.init(rnd_ip, PASSWORDS_DISK, EXPLOITS_DISK, ENTRIES_DISK)
  • site_service = null
  • for s in machine.services
  • if s.port == 80 then
  • site_service = s
  • end if
  • end for
  • if not site_service then continue
  • site_service.set_exploits
  • site_shell = site_service.quick_root_shell(TABLEATTACK_SCRIPT)
  • if site_shell == null then continue
  • site_shell.clear_logs(EMPTY_LOG_PATH)
  • router_shell = machine.router_service
  • router_shell.set_exploits
  • router_shell = router_shell.quick_root_shell(TABLEATTACK_SCRIPT)
  • if router_shell == null then continue
  • router_shell.clear_logs(EMPTY_LOG_PATH)
  • SITES_FILE.set_content(SITES_FILE.get_content + char(10) + machine.ip)
  • machine.save_exploits
  • site_shell.start_terminal
  • end while
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "hostImg")
libs/optionSelector.src
  • // expect a l(list) containing this structure [func, params, display_text]
  • // also instead of a func in the first param you can set the string "return" to make the function return instead
  • option_selector = function(m)
  • // expect a l(list) containing this structure [return_obj, display_text]
  • user_select = function(m)
  • while true
  • for i in m.indexes
  • print "[<color=yellow>" + i + "</color>] " + m[i][2]
  • print "[<color=yellow>" + i + "</color>] " + m[i][1]
  • end for
  • selected = user_input("select a option: ").to_int
  • if selected isa string or m.hasIndex(selected) == false then
  • print "<color=red>ERROR: invalid option, try again</color>"
  • continue
  • end if
  • selected = m[selected]
  • if selected[0] == "return" then return
  • selected[0](selected[1])
  • return
  • return selected[0]
  • end while
  • end function
src/machine.src
  • MachineServices = {}
  • //class eval shit
  • exploits_inspect = function(obj, scope)
  • exploits_len = 0
  • if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
  • return scope.exploits.len
  • end function
  • Service.attrs.push("exploits")
  • Service.load_exploits_from_cache = function()
  • exploits = self.machine.exploits_cache
  • if exploits.hasIndex(self.info_to_key) == 0 then return 0
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.exploits = []
  • for x in exploits[self.info_to_key]
  • exploit = new ScanExploit
  • exploit.init(self.scan, x)
  • self.exploits.push(exploit)
  • end for
  • return 1
  • end function
  • Service.load_exploits_from_scan = function()
  • exploits = self.machine.exploits_cache
  • self.scan = new Scan
  • self.scan.init(self.nmap.ip, self.port)
  • self.scan.execute
  • self.exploits = self.scan.get_exploits
  • end function
  • Service.set_exploits = function()
  • // skip_if_no_cache scan_only_if_no_cache scan_everytime
  • if self.machine.scan_strategy == "scan_everytime" then
  • self.load_exploits_from_scan
  • else if self.machine.scan_strategy == "skip_if_no_cache" then
  • self.load_exploits_from_cache
  • else if self.machine.scan_strategy == "scan_only_if_no_cache" then
  • if self.load_exploits_from_cache == 0 then self.load_exploits_from_scan
  • end if
  • end function
  • // require passwords list set in custom_object
  • Service.quick_root_shell = function(attack_script)
  • for x in self.exploits
  • x.set_result
  • if typeof(x.result) != "shell" then continue
  • remote_shell = x.result
  • remote_comp = remote_shell.host_computer
  • // save entry
  • entries = self.machine.json.to_object(self.machine.entries_disk.read_chars)
  • key = entries.indexes.len
  • entry = {}
  • entry.local_ip = remote_comp.local_ip
  • entry.public_ip = remote_comp.public_ip
  • entry.exploit = {"address": x.address, "value": x.value, "port": str(self.port)}
  • entries[key] = entry
  • self.machine.entries_disk.nuke
  • self.machine.entries_disk.write(self.machine.json.to_string(entries))
  • if remote_comp.File("/home/guest/tableAttack.src") != null then
  • remote_comp.File("/home/guest/tableAttack.src").delete
  • end if
  • remote_comp.touch("/home/guest", "tableAttack.src")
  • remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
  • print "building script"
  • remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
  • remote_shell.launch("/home/guest/tableAttack")
  • // update entry
  • entries = self.machine.json.to_object(self.machine.entries_disk.read_chars)
  • entries[key].credentials = {"user": "root", "password": get_custom_object.password}
  • self.machine.entries_disk.nuke
  • self.machine.entries_disk.write(self.machine.json.to_string(entries))
  • root_shell = get_custom_object.shell
  • return root_shell
  • end for
  • return null
  • end function
  • Machine = {}
  • Machine.exploits_cache = function
  • return self.json.to_object(self.exploits_disk.read_chars)
  • end function
  • //Machine.passwords_list : required passwords list
  • //Machine.table_attack_script : required table attack script
  • Machine.services_inspect = function(obj, scope)
  • f = function(o)
  • exploits_len = 0
  • if o.hasIndex("exploits") then exploits_len = o.exploits.len
  • return o.inspect(["info", [exploits_len, "exploits_len"], "port"])
  • end function
  • return scope.services.map(@f)
  • end function
  • Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
  • Machine.metaxploit = null //required
  • Machine.init = function(ip, passwords_disk, exploits_disk, entries_disk)
  • // skip_if_no_cache scan_only_if_no_cache scan_everytime
  • self.scan_strategy = "scan_only_if_no_cache"
  • self.ip = ip
  • self.set_services
  • self.passwords_disk = passwords_disk
  • self.passwords = self.passwords_disk.read_chars.split(char(10))
  • self.exploits_disk = exploits_disk
  • if self.exploits_disk.read_chars.len == 0 then
  • self.exploits_disk.write("{}")
  • end if
  • self.entries_disk = entries_disk
  • if self.entries_disk.read_chars.len == 0 then
  • if self.entries_disk.read_chars.len == 0 then
  • self.entries_disk.write("{}")
  • end if
  • self.json = new JSON
  • if not get_custom_object.hasIndex("passwords") then
  • get_custom_object.passwords = self.passwords
  • end if
  • end function
  • Machine.save_exploits = function()
  • for s in self.services
  • key = s.info_to_key
  • exploits = []
  • if s.hasIndex("exploits") == 0 then continue
  • for x in s.exploits
  • x_obj = {}
  • x_obj["address"] = x.address
  • x_obj["value"] = x.value
  • x_obj["requirements"] = x.requirements
  • x_obj["requirements_len"] = x.requirements_len
  • if x.hasIndex("result") == 1 then x_obj["result"] = typeof(x.result)
  • exploits.push x_obj
  • end for
  • exploits_db = self.json.to_object(self.exploits_disk.read_chars)
  • exploits_db[key] = exploits
  • self.exploits_disk.nuke
  • self.exploits_disk.write(self.json.to_string(exploits_db))
  • end for
  • end function
  • Machine.quick_attack = function(only_routers = true, table_attack_script)
  • target_services = self.services
  • if only_routers == true then
  • target_services = [self.router_service]
  • end if
  • for service in target_services
  • service.set_exploits
  • root_shell = service.quick_root_shell(table_attack_script)
  • if typeof(root_shell) == "shell" then return root_shell
  • end for
  • return null
  • end function
  • Machine.set_services = function()
  • self.nmap = new Nmap
  • self.nmap.init(self.ip)
  • self.nmap.machine = self
  • self.services = self.nmap.services
  • for s in self.services
  • s.machine = self
  • end for
  • end function
  • Machine.router_service = function()
  • for s in self.services
  • if s.port == null then return s
  • end for
  • return null
  • end function
  • Machine.open_services = function()
  • f = function(o)
  • return o.status == "open"
  • end function
  • return self.services.select(@f)
  • end function
  • // this will get more complicated later on, i want to choose a port that i have the most change of getting in
  • // so i can check a database of exploits see or see the local ip with most ports open etc
  • Machine.most_vulnerable_service = function()
  • if self.services.len == 1 then return self.services[0]
  • if self.services.len == 0 then return null
  • with_smallest_version = self.services[0]
  • for service in self.services[1:]
  • if service.version_to_int < with_smallest_version.version_to_int then
  • with_smallest_version = service
  • end if
  • end for
  • return with_smallest_version
  • end function
cli/hack.src
  • import_code("/home/me/h/src/utils.src") // exports map.inspect, p
  • import_code("/home/me/h/libs/list.src") // exports list utils and map utils
  • import_code("/home/me/h/libs/disk.src") // exports Disk, Block
  • import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
  • import_code("/home/me/h/libs/scan.src") // exports Scan
  • import_code("/home/me/h/libs/json.src") // exports Json
  • import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
  • import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
  • import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json
  • import_code("/home/me/h/libs/meta.src") // exports Meta
  • import_code("/home/me/h/src/shell.src") // extend map
  • TABLEATTACK_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/tableAttack.src")
  • EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"
  • PASSWORDS_DISK = new Disk
  • PASSWORDS_DISK.init(home_dir + "/Config", "passwords")
  • EXPLOITS_DISK = new Disk
  • EXPLOITS_DISK.init(home_dir + "/Config", "exploits")
  • ENTRIES_DISK = new Disk
  • ENTRIES_DISK.init(home_dir + "/Config", "entries")
  • Machine.metaxploit = include_lib("/lib/metaxploit.so")
  • Scan.metaxploit = include_lib("/lib/metaxploit.so")
  • Command = {}
  • Command.hack_sig = {}
  • Command.hack_sig["description"] = "hack shit"
  • Command.hack_sig["args"] = ["ip*"]
  • Command.hack_sig["options"] = []
  • Command.hack = function(args = [], options = {})
  • machine = new Machine
  • machine.init(args[0], PASSWORDS_DISK, EXPLOITS_DISK, ENTRIES_DISK)
  • services = machine.services
  • f = function(o)
  • return [o, o.lan_ip + " " + o.info + " " + o.port]
  • end function
  • services = services.map(@f)
  • print "target which lib?"
  • service = user_select(services)
  • service.set_exploits
  • shell = null
  • print "do you want to auto root ? (only works on npcs)"
  • if user_select([[true, "yes"], [false, "no"]]) then
  • shell = service.quick_root_shell(TABLEATTACK_SCRIPT)
  • else
  • for x in service.exploits
  • x.set_result
  • if typeof(x.result) == shell then shell = x.result
  • end for
  • end if
  • if shell == null then
  • exit("no shells")
  • end if
  • print "do you want to clear the logs?"
  • if user_select([[true, "yes"], [false, "no"]]) then
  • shell.clear_logs(EMPTY_LOG_PATH)
  • end if
  • shell.start_terminal
  • end function
  • import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
  • Thor.init(Command, "hack")