Open main menu
Posts
Gists
Guilds
Users
Decipher
Docs
Open user menu
Log in
Sign up
Create a new gist
Posts
Gists
Guilds
Users
Decipher
Docs
Files
xmem.src
xmem.src
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
DrawTitle = function()
draw ="
+===========================================+
|__ ____ __ _____ __ __ ___ ______ __|
|\ \/ / \/ | ____| \/ |/ _ \| _ \ \ / /|
| \ /| |\/| | _| | |\/| | | | | |_) \ V / |
| / \| | | | |___| | | | |_| | _ < | | |
|/_/\_\_| |_|_____|_| |_|\___/|_| \_\|_| |
+===========================================+"
return draw
end function
Init = function(address, from)
clear_screen
wait(0.2)
print("Init parameters...")
wait(0.2)
result = null
netSession = null
module = null
module_version = null
module_port = null
target_module = null
target_port = null
exploits = null
memory_exploit = null
buffer_exploit = null
print("Connecting to " + address + "...")
wait(0.2)
netSession = metaxploit.net_use(address)
module =[]
module_version =[]
module_port =[]
router = get_router(address)
if not router then
print("Can't connect to " + address)
print("this program will be closed.")
print()
pause = user_input("## Press Enter key to continue... ")
exit
end if
ports = router.used_ports
print("Connection established on: " + address)
wait(0.2)
print("Init metaxploit...")
wait(0.2)
kernelPort = metaxploit.net_use(address, 0)
print("Init kernel network...")
wait(0.2)
if from == "remote" then
if kernelPort then
metaLib = kernelPort.dump_lib
if metaLib then
module.push(metaLib.lib_name)
module_version.push(metaLib.version)
module_port.push(0)
end if
end if
print("Init open ports from target...")
wait(0.2)
for port in ports
if not (port.is_closed) then
open_ports = metaxploit.net_use(address, port.port_number)
if open_ports then
metaLib = open_ports.dump_lib
if metaLib then
module.push(metaLib.lib_name)
module_version.push(metaLib.version)
module_port.push(port.port_number)
end if
end if
end if
end for
end if
if from == "local" then
computer = host_computer(get_shell)
lib_folder = File(computer, "/lib")
files = get_files(lib_folder)
for file in files
module.push(file.name)
metaLib = load(metaxploit, file.path)
module_version.push(version(metaLib))
module_port.push(null)
end for
end if
print("Starting...")
wait(1)
if from == "local" then
LocalMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if from == "remote" then
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if from == "magic" then
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
end function
DisplaySeparator = function()
separator = "#############################################################"
return separator
end function
DisplayHeader = function(string)
separator = DisplaySeparator()
count_sep = len(separator)
title_string = "# " + string
count_str = len(title_string)
space = (count_sep - count_str) - 2
spaces = null
for i in range(space)
spaces = spaces + "-"
end for
string = title_string + spaces + "#"
string = string.replace("-", " ")
title = separator + "\n" + string + "\n" + separator + "\n"
return title
end function
formatMap = function(type, string)
string = str(string)
if type == "port" then
num = 6
end if
if type == "lib" then
num = 20
end if
if type == "version" then
num = 10
end if
nbspace = num - len(string)
add_space = []
for i in range(nbspace-1)
add_space.push("_")
end for
return_string = add_space.join(" ")
return_string = return_string.replace("_", "")
return_string = "| " + string + return_string
return return_string
end function
SelectPort = function(index_library, module_port)
target_port = module_port[index_library]
return target_port
end function
SelectLibrary = function(module, index_library)
library = module[index_library]
return library
end function
RemoteChoice = function(choice)
if choice == "local" then
router = get_router
address = local_ip(router)
Init(address, choice)
LocalMenu(result, netSession, choice, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if choice == "remote" then
address = user_input("## Enter the ip address of the target: ")
Init(address, choice)
RemoteMenu(result, netSession, choice, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if choice == "magic" then
Init(address, choice)
MagicMenu(address, module_port, module, module_version, netSession, choice)
end if
end function
ShellConnect = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
print()
print(DisplaySeparator())
print()
username = user_input("## Enter the username: ")
password = user_input("## Enter the password: ")
if not username or not password then
print("Please enter valid choice number.")
ShellConnect(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
shell = get_shell(username, password)
if shell == null then
print("Couldn't obtain root shell.")
print()
pause = user_input("## Press Enter key to continue... ")
LocalMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
else
shell.start_terminal
end function
IndexLibrary = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
print(DisplayHeader("Choose target library:"))
print()
index = 1
for i in range(0, len(module)-1)
print(index + ". " + module[i])
index = index+1
end for
print()
print(len(module)+1 + ". return")
print(len(module)+2 + ". exit")
print()
option = user_input("## Type your choice number: ")
if option.val == 0 then
print("Please enter valid choice number.")
IndexLibrary(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val > (len(module)+2) then
print("Please enter valid choice number.")
IndexLibrary(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val == (len(module)+1) then
if from == "local" then
LocalMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if from == "remote" then
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
end if
if option.val == (len(module)+2) then
exit
end if
index_library = option.val - 1
return index_library
end function
MagicMenu = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
router = get_router
router_ip = router.local_ip
print()
print("* This feature is useful for accessing a target computer that <b>doesn't have any open ports</b>.")
print("* This tool must be run from the router located <b>above the target computer</b>.")
print("* You must use an <b>overflow</b> from <b>kernel_router.so</b> capable of obtaining <b>user credentials</b>.")
print("* Ex: memory address: <b>0x54B03178</b> and unsafe string: <b>need</b>, for <b>kernel_router.so v.0.0.1</b>")
print()
router_ip = user_input("## Enter the source router's local ip: ")
target_ip = user_input("## Enter the local ip of the target computer: ")
memory_address = user_input("## Enter the memory address overflow: ")
unsafe_string = user_input("## Enter the unsafe string: ")
if len(router_ip) < 7 or len(target_ip) < 7 or len(memory_address) < 9 or len(unsafe_string) < 2 then
print("Please enter valid choice number.")
MagicMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
MagicGame(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, router_ip, target_ip, memory_address, unsafe_string)
end function
MagicGame = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, router_ip, target_ip, memory_address, unsafe_string)
clear_screen
wait(0.2)
net_session = metaxploit.net_use(router_ip, 0)
metaLib = net_session.dump_lib
result = metaLib.overflow(memory_address, unsafe_string, target_ip)
if not result then
print("Can't perform this attack.")
pause = user_input("## Press Enter key to continue... ")
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
else
if typeof(result) == "computer" then
parentPath = "/"
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
else
print("This object is not a computer.")
pause = user_input("## Press Enter key to continue... ")
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end function
InfoServer = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
print(DisplayHeader("Administrative informations: "))
print()
adminInfo = whois(address)
print(adminInfo)
print()
pause = user_input("## Press Enter key to continue... ")
clear_screen
wait(0.2)
print(DisplayHeader(len(module) + " open port(s): "))
print()
print(" |--------------------------------------|")
print(" | Port | Library | Version |")
for i in range(0, len(module)-1)
port = formatMap("port", module_port[i])
lib = formatMap("lib", module[i])
version = formatMap("version", module_version[i])
print(" |------|--------------------|----------|")
print(" " + port + lib + version + "|")
end for
print(" |--------------------------------------|")
print()
pause = user_input("## Press Enter key to continue... ")
clear_screen
wait(0.2)
print(DisplayHeader("Active accounts on the target: " + address + "..."))
print()
num_users = netSession.get_num_users
num_activeRoot = netSession.is_any_active_user
num_activeUsers = netSession.is_root_active_user
print("1. User accounts: " + num_users)
print("2. Root active: " + num_activeRoot)
print("3. Users active: " + num_activeUsers)
print()
pause = user_input("## Press Enter key to continue... ")
if from == "local" then
LocalMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if from == "remote" then
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
end function
NetworkMap = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
print(DisplayHeader("Network map on " + address + ": "))
print()
metaLib = netSession.dump_lib
router = get_router
devices = router.devices_lan_ip
index = 0
select_ip = []
for ip in devices
index = index + 1
select_ip.push(ip)
print(index + ". +-" + ip)
ports = router.device_ports(ip)
for port in ports
this_port = port.port_number
if not (port.is_closed) then
open_ports = metaxploit.net_use(ip, port.port_number)
if open_ports then
metaLib = open_ports.dump_lib
if metaLib then
print(" |-- " + this_port + " [" + metaLib.lib_name + "]")
end if
end if
else
print(" |-- " + this_port)
end if
end for
end for
print()
index = index + 1
print(index + ". return")
index = index + 1
print(index + ". exit")
print()
option = user_input("## Type your choice number: ")
if option.val == 0 then
print("Please enter valid choice number.")
NetworkMap(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val > index then
print("Please enter valid choice number.")
NetworkMap(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val == index-1 then
LocalMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val == index then
exit
end if
select_index = option.val - 1
address = select_ip[select_index]
clear_screen
wait(0.2)
Init(address, from)
end function
SearchFiles = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
print()
print(DisplayHeader("Search files and contents on: " + address))
print()
if not result then
print("Error occured during the process.")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
else
while result.path != "/"
result = result.parent
end while
folders = result.get_folders
for folder in folders
if folder.path == "/bin" then
print("-[+]- " + folder.path)
files = folder.get_files
for file in files
print(" |")
print(" [+]- " + file.name)
end for
end if
if folder.path == "/etc" then
print("-[+]- " + folder.path)
files = folder.get_files
for file in files
if file.name == "passwd" then
if not file.has_permission("r") then
print("You don't have permission to read this file: " + file.name)
else
print(" |")
print(" [+]-[+]- " + file.name)
print()
print("[Passwd content]: ")
print(file.get_content)
print()
end if
end if
end for
end if
if folder.path == "/home" then
print("-[+]- " + folder.path)
users = folder.get_folders
for config in users
print(" |")
print(" [+]-[+]- " + config.name)
userFolders = config.get_folders
for userFolder in userFolders
print(" |")
print(" [+]-[+]- " + userFolder.name)
files = userFolder.get_files
for file in files
print(" |")
print(" [+]- " + file.name)
if file.name == "Mail.txt" then
if not file.has_permission("r") then
print("You don't have permission to read this file: " + file.name)
else
print()
print("[Mail content]: ")
print(file.get_content)
print()
end if
end if
if file.name == "Bank.txt" then
if not file.has_permission("r") then
print("You don't have permission to read this file: " + file.name)
else
print()
print("[Bank content]: ")
print(file.get_content)
print()
end if
end if
end for
end for
end for
end if
if folder.path == "/lib" then
print("-[+]- " + folder.path)
files = folder.get_files
for file in files
print(" |")
print(" [+]- " + file.name)
end for
end if
end for
end if
print()
pause = user_input("## Press Enter key to continue... ")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end function
BrowseComputer = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
clear_screen
wait(0.2)
print()
print(DisplayHeader("Current Folder:" + parentPath))
print()
path = result.File(parentPath)
permissions = path.permissions
fileType = permissions[0]
permissionsForUser = permissions[1:4]
permissionsForGuest = permissions[7:10]
print("User permissions: " + permissionsForUser)
print("Guest permissions: " + permissionsForGuest)
print()
folders = path.get_folders
files = path.get_files
folder_path = []
for folder in folders
folder_path.push(folder.path)
end for
index = 0
for item in folder_path
index = index + 1
item = item.split("/")
print(index + ". " + item[-1])
end for
for file in files
print(file.name)
if file.get_content != null then
print(file.get_content)
end if
end for
print()
print(index+1 + ". back")
print(index+2 + ". return")
print(index+3 + ". exit")
option = user_input("## Enter your choice number: ")
if option.val < 1 then
print("Please enter valid choice number.")
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
end if
if option.val > index+3 then
print("Please enter valid choice number.")
parentPath = "/"
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
end if
if option.val == index+2 then
if exploits != null then
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
else
if from == "local" then
LocalMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if from == "remote" then
RemoteMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
end if
end if
if option.val == index+3 then
exit
end if
if option.val == index+1 then
parentPath = parentPath.split("/")
if len(parentPath) <= 2 then
parentPath = "/"
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
else
parentPath = parentPath[0:-1]
parentPath = parentPath.join("/")
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
end if
end if
option = option.val - 1
if index != "" then
if len(folder_path) > 0 then
parentPath = folder_path[option]
end if
end if
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
end function
MainMenu = function()
clear_screen
wait(0.2)
publicIp = get_shell.host_computer.public_ip
localIp = get_shell.host_computer.local_ip
netSession = metaxploit.net_use(publicIp)
num_activeRoot = netSession.is_any_active_user
num_activeUsers = netSession.is_root_active_user
print(DisplayHeader("Current public ip: " + publicIp))
print()
print("Current local ip: " + localIp)
print("Root active: " + num_activeRoot)
print("Users active: " + num_activeUsers)
print()
print("1. Local exploits")
print("2. Remote exploits")
print()
print("3. Exit")
print()
option = user_input("## Type your choice number: ")
if option < 1 or option > 3 then
print("Please enter valid choice number.")
MainMenu()
end if
if option == "1" then
choice = "local"
RemoteChoice(choice)
end if
if option == "2" then
choice = "remote"
RemoteChoice(choice)
end if
if option == "3" then
exit
end if
end function
LocalMenu = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
publicIp = get_shell.host_computer.public_ip
localIp = get_shell.host_computer.local_ip
num_activeRoot = netSession.is_any_active_user
num_activeUsers = netSession.is_root_active_user
print(DisplayHeader("Local ip: " + localIp))
print()
print("Root active: " + num_activeRoot)
print("Users active: " + num_activeUsers)
print()
print("1. Server infos")
print("2. Network map (local)")
print("3. Scan memory overflows.")
print("4. Attack memory overflow")
print("5. Shell connect (local)")
print()
print("6. Return")
print("7. Exit")
print()
from = "local"
option = user_input("## Type your choice number: ")
if option < 1 or option > 7 then
print("Please enter valid choice number.")
end if
if option == "1" then
InfoServer(result, netSession, from, publicIp, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "2" then
NetworkMap(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "3" then
ScanMemory(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "4" then
index_library = IndexLibrary(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
target_module = SelectLibrary(module, index_library)
exploits = []
print()
print(DisplaySeparator())
print()
memory_exploit = user_input("## Enter memory adress: ")
buffer_exploit = user_input("## Enter memory buffer: ")
exploit = memory_exploit + ":" + buffer_exploit
exploits.push(exploit)
RunExploit(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "5" then
ShellConnect(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "6" then
MainMenu()
end if
if option == "7" then
exit
end if
end function
RemoteMenu = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
publicIp = get_shell.host_computer.public_ip
localIp = get_shell.host_computer.local_ip
num_activeRoot = netSession.is_any_active_user
num_activeUsers = netSession.is_root_active_user
print(DisplayHeader("Target ip: " + address))
print()
print("Current public ip: " + publicIp)
print("Current local ip: " + localIp)
print("Root active: " + num_activeRoot)
print("Users active: " + num_activeUsers)
print()
print("1. Server infos")
print("2. Scan memory overflows.")
print("3. Attack memory overflow")
print("4. Magic Gate (advanced)")
print()
print("5. Return")
print("6. Exit")
print()
from = "remote"
option = user_input("## Type your choice number: ")
if option < 1 or option > 6 then
print("Please enter valid choice number.")
end if
if option == "1" then
InfoServer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "2" then
ScanMemory(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "3" then
index_library = IndexLibrary(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
target_module = SelectLibrary(module, index_library)
target_port = SelectPort(index_library, module_port)
exploits = []
print()
print(DisplaySeparator())
print()
memory_exploit = user_input("## Enter memory adress: ")
buffer_exploit = user_input("## Enter memory buffer: ")
exploit = memory_exploit + ":" + buffer_exploit
exploits.push(exploit)
RunExploit(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "4" then
MagicMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option == "5" then
MainMenu()
end if
if option == "6" then
exit
end if
end function
ScanMemory = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
index_library = IndexLibrary(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
target_port = SelectPort(index_library, module_port)
target_module = SelectLibrary(module, index_library)
net_session = metaxploit.net_use(address, target_port)
clear_screen
wait(0.2)
print(DisplayHeader("Scanning library for memory overflows: "))
print()
print("Lib: [" + target_module + "] target: [" + address + ":" + target_port + "]")
if from == "remote" then
metaLib = net_session.dump_lib
scanResult = metaxploit.scan(metaLib)
end if
if from == "local" then
filePath = "/lib/" + target_module
metaLib = load(metaxploit, filePath)
scanResult = metaxploit.scan(metaLib)
end if
exploits = []
clear_screen
wait(0.2)
for i in range(0, len(scanResult)-1)
scanAddress = metaxploit.scan_address(metaLib, scanResult[i])
print(DisplayHeader("Memory overflows for adress: [" + scanResult[i] + "]"))
print()
segments = scanAddress.split("Unsafe check: ")[1:]
for segment in segments
labelStart = segment.indexOf("<b>")
labelEnd = segment.indexOf("</b>")
exploits.push(scanResult[i] + ":" + segment[labelStart + 3: labelEnd])
end for
print(scanAddress)
end for
print()
pause = user_input("## Press Enter key to continue... ")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end function
ExploitMenu = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
if len(exploits) <= 1 then
if from == "local" then
LocalMenu(address, module_port, module, module_version, netSession)
end if
if from == "remote" then
RemoteMenu(address, module_port, module, module_version, netSession)
end if
end if
print(DisplayHeader("Available vulnerabilities:"))
print()
num_activeRoot = netSession.is_any_active_user
num_activeUsers = netSession.is_root_active_user
print("Active root: " + num_activeRoot)
print("Active user(s): " + num_activeUsers)
print()
index = 0
for i in range(0, len(exploits)-1)
index = index + 1
format = exploits[i].split(":")
print(index + ". [" + format[0] + "] @ " + format[1])
end for
print()
print(len(exploits)+1 + ". return")
print(len(exploits)+2 + ". exit")
print()
option = user_input("## Type your choice number: ")
if option.val == 0 then
print("Please enter valid choice number.")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val > (len(exploits)+2) then
print("Please enter valid choice number.")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val == (len(exploits)+1) then
ScanMemory(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
if option.val == (len(exploits)+2) then
clear_screen
wait(0.2)
exit
end if
selected_exploit = option.val-1
format = exploits[selected_exploit].split(":")
memory_exploit = format[0]
buffer_exploit = format[1]
RunExploit(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end function
RunExploit = function(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
clear_screen
wait(0.2)
print(DisplayHeader("Starting memory exploit:"))
print()
if from == "remote" then
net_session = metaxploit.net_use(address, target_port)
if not net_session then
print("netSession can't be initialized.")
print()
pause = user_input("## Press Enter key to continue... ")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
metaLib = net_session.dump_lib
result = metaLib.overflow(memory_exploit, buffer_exploit, "1111")
print()
end if
if from == "local" then
print("from" + from)
filePath = "/lib/" + target_module
metaLib = load(metaxploit, filePath)
result = metaLib.overflow(memory_exploit, buffer_exploit, "1111")
print("result" + result)
end if
if typeof(result) == "computer" then
parentPath = "/"
BrowseComputer(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit, parentPath)
end if
if typeof(result) == "shell" then
clear_screen
wait(0.2)
print("WARNING: You will be enter into the remote computer as registered user.")
print()
option = user_input("## Would you like to continue? (Y/N)")
if option == "Y" or option == "y" then
clear_screen
wait(0.2)
result.start_terminal
else
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
end if
if typeof(result) == "file" then
if not result then
print("No result found.")
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
else
SearchFiles(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end if
end if
if typeof(result) == "number" and target_port != 0 then
print()
print(DisplaySeparator())
print()
newPass = user_input("## Enter new password: ")
result = metaLib.overflow(memory_exploit, buffer_exploit, newPass)
print()
pause = user_input("## Press Enter key to continue... ")
else
result = metaLib.overflow(memory_exploit, buffer_exploit)
print()
pause = user_input("## Press Enter key to continue... ")
end if
ExploitMenu(result, netSession, from, address, module, module_version, module_port, target_module, target_port, exploits, memory_exploit, buffer_exploit)
end function
clear_screen
wait(0.2)
print(DrawTitle())
print()
print(DisplayHeader("Xmemory - v.0.1"))
print()
print("Loading...")
wait(3)
MainMenu()