Open main menu
Posts
Gists
Guilds
Users
Decipher
Docs
Open user menu
Log in
Sign up
Create a new gist
Posts
Gists
Guilds
Users
Decipher
Docs
Files
setup.src
libs/optionSelector.src
src/machine.src
src/rserverInstaller.src
cli/libsAnal.src
setup.src
import_code("/home/me/h/libs/list.src")
import_code("/home/me/h/libs/disk.src")
import_code("/home/me/h/libs/passwords.src")
get_import_paths = function(code)
lines = code.split(char(10))
r = []
for l in lines
if l.indexOf("import_code" + "(""") != null then r.push(l.split("""")[1])
end for
return r
end function
check_sum_source = function(code)
comp = get_shell.host_computer
codes = [code]
for s in get_import_paths(code)
codes.push comp.File(s).get_content
end for
return md5(codes.join(""))
end function
comp = get_shell.host_computer
print "setup hacking script"
comp.File("/home/me/h/src/tableAttack.src").copy(home_dir + "/Config", "tableAttack.src")
comp.File("/home/me/h/src/rserverInstaller.src").copy(home_dir + "/Config", "rserverInstaller.src")
get_shell.host_computer.touch(home_dir + "/Config", "emptyLog")
print "compiling cli tools"
comp.create_folder(home_dir, "vegaTools")
while true
comp.touch(home_dir, ".vega_watch")
watch_file = comp.File(home_dir + "/.vega_watch")
watch_data = {}
f = function(o)
return o.split("=")
end function
if watch_file.get_content.len > 1 then watch_data = watch_file.get_content.split(char(10)).map(@f).to_map
for f in comp.File("/home/me/h/cli").get_files
if watch_data.hasIndex(f.name) == false then watch_data[f.name] = check_sum_source(f.get_content)
compiled_script = comp.File(home_dir + "/vegaTools/" + f.name[:-4])
if watch_data[f.name] != check_sum_source(f.get_content) or compiled_script == null then
print "compiling " + f.name
f.copy(home_dir + "/vegaTools", f.name)
b = get_shell.build(home_dir + "/vegaTools/" + f.name, home_dir + "/vegaTools")
if b.len > 0 then print(f.name + " error: <color=red>" + b + "</color>")
comp.File(home_dir + "/vegaTools/" + f.name).delete
watch_data[f.name] = check_sum_source(f.get_content)
end if
end for
f = function(o)
return o[0] + "=" + o[1]
end function
watch_file.set_content watch_data.to_list.map(@f).join(char(10))
if params.hasIndex(0) == false or params[0] != "-w" then break
end while
Disk.init(
"/
home
/me
/Config", "passwords")
Disk.init(home
_dir + "
/Config", "passwords")
// setup passwords db
if Disk.read_chars.len > 0 then exit
if(Disk.blobs.len > 1) then exit("password generation setup already completed")
PasswordGenerator.init(PASSWORDS)
print "generating passwords, it will take a while"
HASH_TABLE=PasswordGenerator.AllPasswords
print "done"
print "parsing passwords obj"
f = function(o)
return o[1]
end function
pass_list = HASH_TABLE.to_list.map(@f)
print "done"
print "writing to disk"
Disk.write(pass_list.join(char(10)))
print "done"
libs/optionSelector.src
// expect a l(list) containing this structure [return_obj, display_text]
user_select = function(m)
while true
for i in m.indexes
print "[<color=yellow>" + i + "</color>] " + m[i][1]
end for
selected = user_input("select a option: ").to_int
if selected isa string or m.hasIndex(selected) == false then
print "<color=red>ERROR: invalid option, try again</color>"
continue
end if
selected = m[selected]
if selected[0] == "return" then return
return selected[0]
end while
end function
end function
// expect a l(list) containing this structure [func, params, display_text]
// also instead of a func in the first param you can set the string "return" to make the function return instead
option_selector = function(m)
while true
for i in m.indexes
print "[<color=yellow>" + i + "</color>] " + m[i][2]
end for
selected = user_input("select a option: ").to_int
if selected isa string or m.hasIndex(selected) == false then
print "<color=red>ERROR: invalid option, try again</color>"
continue
end if
selected = m[selected]
if selected[0] == "return" then return
selected[0](selected[1])
return
end while
end function
src/machine.src
MachineServices = {}
//class eval shit
exploits_inspect = function(obj, scope)
exploits_len = 0
if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
return scope.exploits.len
end function
Service.attrs.push("exploits")
Service.load_exploits_from_cache = function()
exploits = self.machine.exploits_cache
if exploits.hasIndex(self.info_to_key) == 0 then return 0
self.scan = new Scan
self.scan.init(self.nmap.ip, self.port)
self.exploits = []
for x in exploits[self.info_to_key]
exploit = new ScanExploit
exploit.init(self.scan, x)
self.exploits.push(exploit)
end for
return 1
end function
Service.load_exploits_from_scan = function()
exploits = self.machine.exploits_cache
self.scan = new Scan
self.scan.init(self.nmap.ip, self.port)
self.scan.execute
self.exploits = self.scan.get_exploits
end function
Service.set_exploits = function()
// skip_if_no_cache scan_only_if_no_cache scan_everytime
if self.machine.scan_strategy == "scan_everytime" then
self.load_exploits_from_scan
else if self.machine.scan_strategy == "skip_if_no_cache" then
self.load_exploits_from_cache
else if self.machine.scan_strategy == "scan_only_if_no_cache" then
if self.load_exploits_from_cache == 0 then self.load_exploits_from_scan
end if
end function
// require passwords list set in custom_object
Service.quick_root_shell = function(attack_script)
for x in self.exploits
x.set_result
if typeof(x.result) != "shell" then continue
remote_shell = x.result
remote_comp = remote_shell.host_computer
// save entry
entries = self.machine.json.to_object(self.machine.entries_disk.read_chars)
key = entries.indexes.len
entry = {}
entry.local_ip = remote_comp.local_ip
entry.public_ip = remote_comp.public_ip
entry.exploit = {"address": x.address, "value": x.value, "port": str(self.port)}
entries[key] = entry
self.machine.entries_disk.nuke
self.machine.entries_disk.write(self.machine.json.to_string(entries))
if remote_comp.File("/home/guest/tableAttack.src") != null then
remote_comp.File("/home/guest/tableAttack.src").delete
end if
remote_comp.touch("/home/guest", "tableAttack.src")
remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
print "building script"
remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
remote_shell.launch("/home/guest/tableAttack")
// update entry
entries = self.machine.json.to_object(self.machine.entries_disk.read_chars)
entries[key].credentials = {"user": "root", "password":
get_custom_object.
password}
password = get_custom_object.password
if password == null then password = ""
entries[key].credentials = {"user": "root", "password": password}
self.machine.entries_disk.nuke
self.machine.entries_disk.write(self.machine.json.to_string(entries))
root_shell = get_custom_object.shell
return root_shell
end for
return null
end function
Machine = {}
Machine.exploits_cache = function
return self.json.to_object(self.exploits_disk.read_chars)
end function
//Machine.passwords_list : required passwords list
//Machine.table_attack_script : required table attack script
Machine.services_inspect = function(obj, scope)
f = function(o)
exploits_len = 0
if o.hasIndex("exploits") then exploits_len = o.exploits.len
return o.inspect(["info", [exploits_len, "exploits_len"], "port"])
end function
return scope.services.map(@f)
end function
Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
Machine.metaxploit = null //required
Machine.init = function(ip, passwords_disk, exploits_disk, entries_disk)
// skip_if_no_cache scan_only_if_no_cache scan_everytime
self.scan_strategy = "scan_only_if_no_cache"
self.ip = ip
self.set_services
self.passwords_disk = passwords_disk
self.passwords = self.passwords_disk.read_chars.split(char(10))
self.exploits_disk = exploits_disk
if self.exploits_disk.read_chars.len == 0 then
self.exploits_disk.write("{}")
end if
self.entries_disk = entries_disk
if self.entries_disk.read_chars.len == 0 then
self.entries_disk.write("{}")
end if
self.json = new JSON
if not get_custom_object.hasIndex("passwords") then
get_custom_object.passwords = self.passwords
end if
end function
Machine.save_exploits = function()
for s in self.services
key = s.info_to_key
exploits = []
if s.hasIndex("exploits") == 0 then continue
for x in s.exploits
x_obj = {}
x_obj["address"] = x.address
x_obj["value"] = x.value
x_obj["requirements"] = x.requirements
x_obj["requirements_len"] = x.requirements_len
if x.hasIndex("result") == 1 then x_obj["result"] = typeof(x.result)
exploits.push x_obj
end for
exploits_db = self.json.to_object(self.exploits_disk.read_chars)
exploits_db[key] = exploits
self.exploits_disk.nuke
self.exploits_disk.write(self.json.to_string(exploits_db))
end for
end function
Machine.quick_attack = function(only_routers = true, table_attack_script)
target_services = self.services
if only_routers == true then
target_services = [self.router_service]
end if
for service in target_services
service.set_exploits
root_shell = service.quick_root_shell(table_attack_script)
if typeof(root_shell) == "shell" then return root_shell
end for
return null
end function
Machine.set_services = function()
self.nmap = new Nmap
self.nmap.init(self.ip)
self.nmap.machine = self
self.services = self.nmap.services
for s in self.services
s.machine = self
end for
end function
Machine.router_service = function()
for s in self.services
if s.port == null then return s
end for
return null
end function
Machine.open_services = function()
f = function(o)
return o.status == "open"
end function
return self.services.select(@f)
end function
// this will get more complicated later on, i want to choose a port that i have the most change of getting in
// so i can check a database of exploits see or see the local ip with most ports open etc
Machine.most_vulnerable_service = function()
if self.services.len == 1 then return self.services[0]
if self.services.len == 0 then return null
with_smallest_version = self.services[0]
for service in self.services[1:]
if service.version_to_int < with_smallest_version.version_to_int then
with_smallest_version = service
end if
end for
return with_smallest_version
end function
src/rserverInstaller.src
rnd_ip = function()
first_byte_range = range(0, 255)
first_byte_range.remove(192) //reserved
first_byte_range.remove(191) //reserved
first_byte_range.remove(0) //reserved
first_byte_range.remove(10) //private
first_byte_range.remove(172) //private
first_byte_range.remove(128) //reserved
first_byte_range.remove(223) //reserved
rest_byte_range = range(0,255)
ip = []
ip.push(floor(rnd() * first_byte_range.len))
for i in range(2)
ip.push(floor(rnd() * rest_byte_range.len))
end for
ip = ip.join(".")
if is_valid_ip(ip) and get_router(ip) and get_shell.ping(ip) then
return ip
end if
return rnd_ip
end function
get_hackshop_ip = function()
while true
ip = rnd_ip
router = get_router(ip)
ports = router.used_ports
is_hack_shop = false
for port in ports
info = router.port_info(port)
if info.indexOf("repository") != null then
return ip
end if
end for
end while
end function
repo_ip = get_hackshop_ip
get_shell.launch("/bin/apt-get", "addrepo " + repo_ip)
get_shell.launch("/bin/apt-get", "update")
get_shell.launch("/bin/apt-get", "install librshell.so")
get_shell.launch("/bin/apt-get", "install rshell_interface")
rshelld = include_lib("/lib/librshell.so")
if not rshelld then exit("Error: Missing librshell.so library in the /lib path or the current folder")
output = rshelld.install_service
if output != true then exit(output)
print("<b>Type 'Browser.exe " + get_router.local_ip + ":8080' to access the router configuration to make sure the service it's accesible</b>")
cli/libsAnal.src
libs = get_shell.host_computer.File("/home/me/Config/libs")
names = {}
for f in libs.get_files
name = f.name[:-3]
version = f.name[-3:]
if names.hasIndex(name) == false then names[name] = []
names[name].push version
end for
print names
for i in names.indexes
print i + " LIB--------------"
names[i].sort
for v in names[i]
print v
end for
end for