Grey Repo

Files

setup.src cli/libfish.src cli/proxy.src cli/npcRshell.src cli/searchMails.src cli/hostImg.src cli/hack.src src/tableAttack.src src/shell.src src/machine.src

setup.src

import_code("/home/me/h/libs/list.src")
import_code("/home/me/h/libs/disk.src")
import_code("/home/me/h/libs/passwords.src")
get_import_paths = function(code)
lines = code.split(char(10))
r = []
for l in lines
if l.indexOf("import_code" + "(""") != null then r.push(l.split("""")[1])
end for
return r
end function
check_sum_source = function(code)
comp = get_shell.host_computer
codes = [code]
for s in get_import_paths(code)
codes.push comp.File(s).get_content
end for
return md5(codes.join(""))
end function
comp = get_shell.host_computer
print "setup hacking script"
comp.File("/home/me/h/src/tableAttack.src").copy(home_dir + "/Config", "tableAttack.src")
comp.File("/home/me/h/src/rserverInstaller.src").copy(home_dir + "/Config", "rserverInstaller.src")
~~get_shell.host_computer.touch(home_dir + "/Config", "emptyLog")~~
//get_shell.host_computer.touch(home_dir + "/Config", "emptyLog")
print "compiling cli tools"
comp.create_folder(home_dir, "vegaTools")
while true
comp.touch(home_dir, ".vega_watch")
watch_file = comp.File(home_dir + "/.vega_watch")
watch_data = {}
f = function(o)
return o.split("=")
end function
if watch_file.get_content.len > 1 then watch_data = watch_file.get_content.split(char(10)).map(@f).to_map
for f in comp.File("/home/me/h/cli").get_files
if watch_data.hasIndex(f.name) == false then watch_data[f.name] = check_sum_source(f.get_content)
compiled_script = comp.File(home_dir + "/vegaTools/" + f.name[:-4])
if watch_data[f.name] != check_sum_source(f.get_content) or compiled_script == null then
print "compiling " + f.name
f.copy(home_dir + "/vegaTools", f.name)
b = get_shell.build(home_dir + "/vegaTools/" + f.name, home_dir + "/vegaTools")
if b.len > 0 then print(f.name + " error: <color=red>" + b + "</color>")
comp.File(home_dir + "/vegaTools/" + f.name).delete
watch_data[f.name] = check_sum_source(f.get_content)
end if
end for
f = function(o)
return o[0] + "=" + o[1]
end function
watch_file.set_content watch_data.to_list.map(@f).join(char(10))
if params.hasIndex(0) == false or params[0] != "-w" then break
end while
Disk.init(home_dir + "/Config", "passwords")
// setup passwords db
if Disk.read_chars.len > 0 then exit
if(Disk.blobs.len > 1) then exit("password generation setup already completed")
PasswordGenerator.init(PASSWORDS)
print "generating passwords, it will take a while"
HASH_TABLE=PasswordGenerator.AllPasswords
print "done"
print "parsing passwords obj"
f = function(o)
return o[1]
end function
pass_list = HASH_TABLE.to_list.map(@f)
print "done"
print "writing to disk"
Disk.write(pass_list.join(char(10)))
print "done"

cli/libfish.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/json.src") // exports Json
import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
import_code("/home/me/h/src/docDB.src") // exports DocDB
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, DocDB
import_code("/home/me/h/libs/meta.src") // exports Meta
import_code("/home/me/h/src/shell.src") // extend map
~~EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"~~
get_shell.host_computer.create_folder(home_dir + "/Config", "libs")
LIB_STORE_PATH = home_dir + "/Config/libs"
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
Command = {}
Command.libfish_sig = {}
Command.libfish_sig["description"] = "hack random npcs to find libs"
lib_param_desc = []
lib_param_desc.push "libs to search for, if this param is present the command will only search for the specific libs passed "
lib_param_desc.push "but you can pass as many lib names as you want, the valid params are: "
lib_param_desc.push Service.lib_dict.indexes.join(", ")
lib_param_desc = lib_param_desc.join("")
Command.libfish_sig["args"] = [["lib", lib_param_desc]]
Command.libfish_sig["options"] = []
Command.libfish = function(args = [], options = {})
if args.len > 0 then
for arg in args
if Service.lib_dict.hasIndex(arg) == 0 then exit("invalid param, look at the docs")
end for
for i in Service.lib_dict.indexes
if args.indexOf(i) == null then Service.lib_dict.remove(i)
end for
end if
while true
machine = new Machine
machine.init(rnd_ip)
for s in machine.services
known_libs = get_shell.host_computer.File(LIB_STORE_PATH).get_files
for i in known_libs.indexes
known_libs[i] = known_libs[i].name
end for
s.set_exploits
if not Service.lib_dict.hasIndex(s.info.split(" ")[0]) then continue
key = s.info.replace(".", "").replace(" ", "")
if known_libs.indexOf(key) then continue
so_name = Service.lib_dict[s.info.split(" ")[0]]
sh = s.quick_root_shell
if typeof(sh) != "shell" then continue
sh.scp("/lib/" + so_name, LIB_STORE_PATH, get_shell)
sh.clear_logs(EMPTY_LOG_PATH)
get_shell.host_computer.File(LIB_STORE_PATH + "/" + so_name).rename(key)
end for
end while
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Command, "libfish")

cli/proxy.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/json.src") // exports Json
import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
import_code("/home/me/h/src/docDB.src") // exports DocDB
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, DocDB
import_code("/home/me/h/libs/meta.src") // exports Meta
import_code("/home/me/h/src/shell.src") // extend map
~~EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"~~
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
get_shell.host_computer.touch(home_dir + "/Config", "proxy.txt")
PROXY_FILE = get_shell.host_computer.File(home_dir + "/Config/proxy.txt")
Command = {}
Command.proxy_sig = {}
Command.proxy_sig["description"] = "hack a random router to use to hide you ip"
Command.proxy_sig["args"] = []
Command.proxy_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
Command.proxy = function(args = [], options = {})
re_hack = function(ip)
machine = new Machine
machine.init(ip)
root_shell = machine.quick_attack(true)
if root_shell == null then exit("could not reconnect")
~~root_shell.clear_logs(EMPTY_LOG_PATH)~~
root_shell.clear_logs
if options["-w"] then exit
root_shell.start_terminal
end function
proxies = PROXY_FILE.get_content.split(char(10)).compact
if proxies.len > 0 then
print "you arealdy have hacked proxies, do you want to reuse them?" + char(10)
for i in proxies.indexes
proxies[i] = [@re_hack, proxies[i], proxies[i]]
end for
proxies.push ["return", null, "hack a new one"]
option_selector proxies
end if
while true
machine = new Machine
machine.init(rnd_ip)
root_shell = machine.quick_attack(true)
if root_shell == null then continue
PROXY_FILE.set_content(PROXY_FILE.get_content + char(10) + machine.ip)
machine.save_exploits
~~root_shell.clear_logs(EMPTY_LOG_PATH)~~
root_shell.clear_logs
root_shell.start_terminal
end while
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Command, "proxy")

cli/npcRshell.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/json.src") // exports Json
import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
import_code("/home/me/h/src/docDB.src") // exports DocDB
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, DocDB
import_code("/home/me/h/src/shell.src") // extend map
~~EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"~~
~~RSERVER_INSTALLER_SCRIPT = get_shell.host_computer.File(home_dir + "/Config/rserverInstaller.src")~~
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
get_shell.host_computer.touch(home_dir + "/Config", "rservers.txt")
RSERVERS_FILE = get_shell.host_computer.File(home_dir + "/Config/rservers.txt")
Command = {}
Command.npcRsrv_sig = {}
Command.npcRsrv_sig["description"] = "hack a random pc and setup rshell server in it"
Command.npcRsrv_sig["args"] = []
Command.npcRsrv_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
Command.npcRsrv = function(args = [], options = {})
re_hack = function(s)
ip = s.split(":")[0]
port = s.split(":")[1].to_int
machine = new Machine
machine.init(ip)
server_service = null
for s in machine.services
if s.port == port then server_service = s
end for
server_service.set_exploits
server_shell = server_service.quick_root_shell
router_shell = machine.router_service
router_shell.set_exploits
router_shell = router_shell.quick_root_shell
~~router_shell.clear_logs(EMPTY_LOG_PATH)~~
~~server_shell.clear_logs(EMPTY_LOG_PATH)~~
router_shell.clear_logs
server_shell.clear_logs
if options["-w"] then exit
server_shell.start_terminal
end function
rservers = RSERVERS_FILE.get_content.split(char(10)).compact
if rservers.len > 0 then
print "you arealdy have hacked rservers, do you want to reuse them?" + char(10)
for i in rservers.indexes
rservers[i] = [@re_hack, rservers[i], rservers[i]]
end for
rservers.push ["return", null, "hack a new one"]
option_selector rservers
end if
while true
machine = new Machine
machine.init(rnd_ip)
if machine.open_services.len == 0 then continue
router_shell = machine.router_service
router_shell.set_exploits
router_shell = router_shell.quick_root_shell
if router_shell == null then continue
~~router_shell.clear_logs(EMPTY_LOG_PATH)~~
router_shell.clear_logs
server_shell = null
server_port = null
for s in machine.open_services
s.set_exploits
shell = s.quick_root_shell
if shell != null then
server_shell = shell
server_port = s.port
break
end if
end for
if server_shell == null then continue
~~server_shell.clear_logs(EMPTY_LOG_PATH)~~
server_shell.clear_logs
machine.save_exploits
~~server_shell.install_rserver(RSERVER_INSTALLER_SCRIPT)~~
server_shell.install_rserver
RSERVERS_FILE.set_content(RSERVERS_FILE.get_content + char(10) + machine.ip + ":" + server_port)
server_shell.start_terminal
end while
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Command, "npcRsrv")

cli/searchMails.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/json.src") // exports Json
import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
import_code("/home/me/h/src/docDB.src") // exports DocDB
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, DocDB
import_code("/home/me/h/src/shell.src") // extend map
~~EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"~~
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
Command = {}
Command.searchMails_sig = {}
Command.searchMails_sig["description"] = "target router bounce exploits to get mails"
Command.searchMails_sig["args"] = ["ip*"]
Command.searchMails_sig["options"] = []
next_ip = function(ip)
numbers = ip.split(".")
numbers[-1] = numbers[-1].to_int + 1
return numbers.join(".")
end function
Command.searchMails = function(args = [], options = {})
machine = new Machine
machine.init(args[0])
machine.scan_strategy = "scan_everytime"
router_ips = machine.nmap.router.devices_lan_ip
//p machine.router_service
p machine.router_service.info
// find computer bounce exploits
exploits = []
machine.router_service.set_exploits
for x in machine.router_service.exploits
for i in router_ips
x.set_result next_ip(i)
if typeof(x.result) == "computer" then
exploits.push x
break
end if
end for
end for
p exploits.inspect(["value", "address"])
// war dial ips
computers = []
for x in exploits
for ip in router_ips
for i in range(10)
ip = next_ip(ip)
x.set_result(ip)
if typeof(x.result) == "computer" then computers.push x.result
end for
end for
end for
creds = []
mails = []
banks = []
for c in computers
passwdfile = c.File("/etc/passwd")
if passwdfile.has_permission("r") then
passwdfile = passwdfile.get_content.replace(char(10), " from " + c.local_ip + char(10))
creds = passwdfile.split(char(10))
end if
for user_home in c.File("/home").get_folders
mail_file = c.File("/home/" + user_home.name + "/Config/Mail.txt")
bank_file = c.File("/home/" + user_home.name + "/Config/Bank.txt")
if mail_file then mails.push mail_file.get_content + " from " + c.local_ip
if bank_file then banks.push bank_file.get_content + " from " + c.local_ip
end for
end for
mails = mails.uniq
banks = banks.uniq
print "CREDENTIALS"
print creds.join(char(10))
print "BANKS"
print banks.join(char(10))
print "MAILS"
print mails.join(char(10))
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Command, "searchMails")

cli/hostImg.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/json.src") // exports Json
import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
import_code("/home/me/h/src/docDB.src") // exports DocDB
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, DocDB
import_code("/home/me/h/src/shell.src") // extend map
~~EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"~~
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
get_shell.host_computer.touch(home_dir + "/Config", "sites.txt")
SITES_FILE = get_shell.host_computer.File(home_dir + "/Config/sites.txt")
Command = {}
Command.hostImg_sig = {}
Command.hostImg_sig["description"] = "hack a random site"
Command.hostImg_sig["args"] = []
Command.hostImg_sig["options"] = [{["-w", "--wipe"]: "wipe the server logs instead of connecting"}]
Command.hostImg = function(args = [], options = {})
re_hack = function(ip)
machine = new Machine
machine.init(ip)
site_service = null
for s in machine.services
if s.port == 80 then
site_service = s
end if
end for
site_service.set_exploits
site_shell = site_service.quick_root_shell
~~site_shell.clear_logs(EMPTY_LOG_PATH)~~
site_shell.clear_logs
router_shell = machine.router_service
router_shell.set_exploits
router_shell = router_shell.quick_root_shell
~~router_shell.clear_logs(EMPTY_LOG_PATH)~~
router_shell.clear_logs
if options["-w"] then exit
site_shell.start_terminal
end function
sites = SITES_FILE.get_content.split(char(10)).compact
if sites.len > 0 then
print "you arealdy have hacked proxies, do you want to reuse them?" + char(10)
for i in sites.indexes
sites[i] = [@re_hack, sites[i], sites[i]]
end for
sites.push ["return", null, "hack a new one"]
option_selector sites
end if
while true
machine = new Machine
machine.init(rnd_ip)
site_service = null
for s in machine.services
if s.port == 80 then
site_service = s
end if
end for
if not site_service then continue
site_service.set_exploits
site_shell = site_service.quick_root_shell
if site_shell == null then continue
~~site_shell.clear_logs(EMPTY_LOG_PATH)~~
site_shell.clear_logs
router_shell = machine.router_service
router_shell.set_exploits
router_shell = router_shell.quick_root_shell
if router_shell == null then continue
~~router_shell.clear_logs(EMPTY_LOG_PATH)~~
router_shell.clear_logs
SITES_FILE.set_content(SITES_FILE.get_content + char(10) + machine.ip)
machine.save_exploits
site_shell.start_terminal
end while
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Command, "hostImg")

cli/hack.src

import_code("/home/me/h/src/utils.src") // exports map.inspect, p
import_code("/home/me/h/libs/list.src") // exports list utils and map utils
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/json.src") // exports Json
import_code("/home/me/h/src/rndIP.src") // exports rnd_ip
import_code("/home/me/h/libs/optionSelector.src") // exports option_selector
import_code("/home/me/h/src/docDB.src") // exports DocDB
import_code("/home/me/h/src/machine.src") // exports Machine, MachineService, depends on Scan, Nmap , Json, DocDB
import_code("/home/me/h/libs/meta.src") // exports Meta
import_code("/home/me/h/src/shell.src") // extend map
~~EMPTY_LOG_PATH = home_dir + "/Config/emptyLog"~~
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
Command = {}
Command.hack_sig = {}
Command.hack_sig["description"] = "hack shit"
Command.hack_sig["args"] = ["ip*"]
Command.hack_sig["options"] = []
Command.hack = function(args = [], options = {})
machine = new Machine
machine.init(args[0])
services = machine.services
f = function(o)
return [o, o.lan_ip + " " + o.info + " " + o.port]
end function
services = services.map(@f)
print "target which lib?"
service = user_select(services)
service.set_exploits
shell = null
print "do you want to auto root ? (only works on npcs)"
if user_select([[true, "yes"], [false, "no"]]) then
shell = service.quick_root_shell
else
for x in service.exploits
x.set_result
if typeof(x.result) == shell then shell = x.result
end for
end if
if shell == null then
exit("no shells")
end if
print "do you want to clear the logs?"
if user_select([[true, "yes"], [false, "no"]]) then
~~shell.clear_logs(EMPTY_LOG_PATH)~~
shell.clear_logs
end if
shell.start_terminal
end function
import_code("/home/me/h/libs/thor.src") //depends on Listlib, exports Thor
Thor.init(Command, "hack")

src/tableAttack.src

Forcer = {}
Forcer.init = function(passwords = [], options = {"verbose": false})
self.passwords = passwords
self.verbose = options.verbose
end function
Forcer.brute_force = function()
count = 0
pass_len = self.passwords.len
for pass in self.passwords
count = count + 1
shell = get_shell("root", pass)
if shell then
if self.verbose then print("password is: "+pass)
self.password = pass
self.shell = shell
return
else
if self.verbose then print(count+" out of "+pass_len+" not "+pass)
self.password = null
self.shell = null
end if
end for
end function
if get_custom_object.hasIndex("saved_password") then
shell = get_shell("root", get_custom_object.saved_password)
if shell then
print "escalated_with_saved_password"
get_custom_object.password = get_custom_object.saved_password
get_custom_object.shell = shell
exit
end if
end if
Forcer.init(get_custom_object.passwords, {"verbose": false})
Forcer.brute_force
get_custom_object.password = Forcer.password
get_custom_object.shell = Forcer.shell

src/shell.src

// extend shell objs
~~map.clear_logs = function(empty_log_path)~~
map.clear_logs = function
get_shell.host_computer.touch(home_dir + "/Config", "emptyLog")
empty_log_path = home_dir + "/Config/emptyLog"
if typeof(self) != "shell" then
print "<color=red>error obj is not an shell</color>"
end if
shell = self
comp = shell.host_computer
new_log_name = empty_log_path.split("/")[-1]
get_shell.scp(empty_log_path, "/var", shell)
new_log_file = comp.File("/var/"+new_log_name)
copy_out = new_log_file.copy("/var", "system.log")
if copy_out != 1 then print copy_out
new_log_file.rename(".log")
return shell
end function
~~map.install_rserver = function(installer_script)~~
map.install_rserver = function
installer_script = get_shell.host_computer.File(home_dir + "/Config/rserverInstaller.src")
if typeof(self) != "shell" then
print "<color=red>error obj is not an shell</color>"
end if
shell = self
comp = shell.host_computer
if comp.File("/home/guest/rinstaller.src") != null then
comp.File("/home/guest/rinstaller.src").delete
end if
comp.touch("/home/guest", "rinstaller.src")
comp.File("/home/guest/rinstaller.src").set_content(installer_script.get_content)
print "building installer"
shell.build("/home/guest/rinstaller.src", "/home/guest")
shell.launch("/home/guest/rinstaller")
return shell
end function

src/machine.src

MachineServices = {}
//class eval shit
exploits_inspect = function(obj, scope)
exploits_len = 0
if scope.hasIndex("exploits") then exploits_len = scope.exploits.len
return scope.exploits.len
end function
Service.attrs.push("exploits")
Service.load_exploits_from_cache = function()
exploits = self.machine.exploits_cache
if exploits.hasIndex(self.info_to_key) == 0 then return 0
self.scan = new Scan
self.scan.init(self.nmap.ip, self.port)
self.scan.machine = self.machine
self.exploits = []
for x in exploits[self.info_to_key]
exploit = new ScanExploit
exploit.init(self.scan, x)
self.exploits.push(exploit)
end for
return 1
end function
Service.load_exploits_from_scan = function()
exploits = self.machine.exploits_cache
self.scan = new Scan
self.scan.init(self.nmap.ip, self.port)
self.scan.machine = self.machine
self.scan.execute
self.exploits = self.scan.get_exploits
end function
Service.set_exploits = function()
// skip_if_no_cache scan_only_if_no_cache scan_everytime
if self.machine.scan_strategy == "scan_everytime" then
self.load_exploits_from_scan
else if self.machine.scan_strategy == "skip_if_no_cache" then
self.load_exploits_from_cache
else if self.machine.scan_strategy == "scan_only_if_no_cache" then
if self.load_exploits_from_cache == 0 then self.load_exploits_from_scan
end if
end function
// require passwords list set in custom_object
Service.quick_root_shell = function
attack_script = self.machine.TABLEATTACK_SCRIPT
for x in self.exploits
x.set_result
if typeof(x.result) != "shell" then continue
remote_shell = x.result
remote_comp = remote_shell.host_computer
key = remote_comp.public_ip + "|" + remote_comp.local_ip
self.machine.credentials_db.reload
if self.machine.credentials_db.obj.hasIndex(key) then
get_custom_object.saved_password = self.machine.credentials_db.obj[key].password
end if
// escalate to root
if remote_comp.File("/home/guest/tableAttack.src") != null then
remote_comp.File("/home/guest/tableAttack.src").delete
end if
remote_comp.touch("/home/guest", "tableAttack.src")
remote_comp.File("/home/guest/tableAttack.src").set_content(attack_script.get_content)
print "building script"
remote_shell.build("/home/guest/tableAttack.src", "/home/guest")
remote_shell.launch("/home/guest/tableAttack")
// save credentials in a db
~~//pas = get_custom_object.password~~
~~//if pas == null then pas = ""~~
~~//self.machine.entries_db.obj[key].credentials = {"user": "root", "password": pas}~~
~~//self.machine.entries_db.save~~
self.machine.credentials_db.reload
pas = get_custom_object.password
if pas == null then pas = ""
key = remote_comp.public_ip + "|" + remote_comp.local_ip
self.machine.credentials_db.obj[key] = {"user": "root", "password": pas}
self.machine.credentials_db.save
root_shell = get_custom_object.shell
return root_shell
end for
return null
end function
ScanExploit.set_result_callback = function()
// save entry
if typeof(self.result) != "shell" then return
self.scan.machine.entries_db.reload
key = self.scan.machine.entries_db.obj.indexes.len
entry = {}
entry.local_ip = self.result.host_computer.local_ip
entry.public_ip = self.result.host_computer.public_ip
entry.exploit = {"address": self.address, "value": self.value, "port": str(self.scan.port)}
self.scan.machine.entries_db.obj[key] = entry
self.scan.machine.entries_db.save
end function
Machine = {}
Machine.exploits_cache = function
return self.exploits_db.get
end function
//Machine.passwords_list : required passwords list
//Machine.table_attack_script : required table attack script
Machine.services_inspect = function(obj, scope)
f = function(o)
exploits_len = 0
if o.hasIndex("exploits") then exploits_len = o.exploits.len
return o.inspect(["info", [exploits_len, "exploits_len"], "port"])
end function
return scope.services.map(@f)
end function
Machine.attrs = ["ip", [@Machine.services_inspect, "services"]]
Machine.metaxploit = null //required
Machine.config_path = home_dir + "/Config"
Machine.shell = get_shell
Machine.computer = Machine.shell.host_computer
Machine.init = function(ip)
~~self.TABLEATTACK_SCRIPT = self.computer.File(home_dir + "/Config/tableAttack.src")~~
self.TABLEATTACK_SCRIPT = self.computer.File(self.config_path + "/tableAttack.src")
self.PASSWORDS_DISK = new Disk
self.PASSWORDS_DISK.init(self.config_path, "passwords")
self.EXPLOITS_DISK = new Disk
self.EXPLOITS_DISK.init(self.config_path, "exploits")
self.ENTRIES_DISK = new Disk
self.ENTRIES_DISK.init(self.config_path, "entries")
self.CREDENTIALS_DISK = new Disk
self.CREDENTIALS_DISK.init(self.config_path, "credentials")
// skip_if_no_cache scan_only_if_no_cache scan_everytime
self.scan_strategy = "scan_only_if_no_cache"
self.ip = ip
self.set_services
self.passwords = self.PASSWORDS_DISK.read_chars.split(char(10))
self.exploits_db = new DocDB
self.exploits_db.init(self.EXPLOITS_DISK)
self.entries_db = new DocDB
self.entries_db.init(self.ENTRIES_DISK)
self.credentials_db = new DocDB
self.credentials_db.init(self.CREDENTIALS_DISK)
if not get_custom_object.hasIndex("passwords") then
get_custom_object.passwords = self.passwords
end if
end function
Machine.save_exploits = function()
self.exploits_db.reload
for s in self.services
key = s.info_to_key
exploits = []
if s.hasIndex("exploits") == 0 then continue
for x in s.exploits
x_obj = {}
x_obj["address"] = x.address
x_obj["value"] = x.value
x_obj["requirements"] = x.requirements
x_obj["requirements_len"] = x.requirements_len
if x.hasIndex("result") == 1 then x_obj["result"] = typeof(x.result)
exploits.push x_obj
end for
self.exploits_db.obj[key] = exploits
self.exploits_db.save
end for
end function
Machine.quick_attack = function(only_routers = true)
target_services = self.services
if only_routers == true then
target_services = [self.router_service]
end if
for service in target_services
service.set_exploits
root_shell = service.quick_root_shell
if typeof(root_shell) == "shell" then return root_shell
end for
return null
end function
Machine.set_services = function()
self.nmap = new Nmap
self.nmap.init(self.ip)
self.nmap.machine = self
self.services = self.nmap.services
for s in self.services
s.machine = self
end for
end function
Machine.router_service = function()
for s in self.services
if s.port == null then return s
end for
return null
end function
Machine.open_services = function()
f = function(o)
return o.status == "open"
end function
return self.services.select(@f)
end function