cred.src
// Credentail Gather Script
// Purpose of this script is to search the /home directory for any users' Mail.txt, Bank.txt, and passwd files and store that information
mx = include_lib("/lib/metaxploit.so")
if not mx then mx = include_lib(current_path + "/metaxploit.so")
if not mx then print("Missing metaxploit.so")
cr = include_lib("/lib/crypto.so")
if not cr then cr = include_lib(current_path + "/crypto.so")
if not cr then print("Missing crypto.so")
comp = get_shell.host_computer
main_root = comp.File("/")
GetPassword = function(userPass)
password = cr.decipher(userPass)
return(password)
end function
cred = function()
ip = user_input("<color=orange>Enter target ip or URL</color>: <color=red>></color> ")
if not is_valid_ip(ip) then ip = nslookup(ip)
if not is_valid_ip(ip) then exit("Not a valid IP or URL, try again.")
for root in main_root.get_folders
if root == "bank.db" or root == "mail.db" or root == "passwd.db" then
userBankFile = comp.File(current_path + "/bank.db")
userMailFile = comp.File(current_path + "/mail.db")
userPasswdFile = comp.File(current_path + "/passwd.db")
else
comp.touch(current_path, "bank.db")
comp.touch(current_path, "mail.db")
comp.touch(current_path, "passwd.db")
userBankFile = comp.File(current_path + "/bank.db")
userMailFile = comp.File(current_path + "/mail.db")
userPasswdFile = comp.File(current_path + "/passwd.db")
end if
end for
// Check if it's a LAN IP
if is_lan_ip(ip) then
print("It's a LAN IP :(")
return // Return instead of calling cred() recursively
end if
router = get_router(ip)
if router == null then
print("Failed to get router") // Return instead of calling cred() recursively
return
end if
dports = router.used_ports
for port in dports
portping = router.ping_port(port)
if is_closed(portping) then
status = "closed"
else
status = "open"
end if
lan = port.get_lan_ip()
port = port.port_number
netsess = mx.net_use(ip, port)
if netsess == null then
print("Failed to establish a connection on port " + port)
continue
end if
lib = netsess.dump_lib
if lib == null then
print("Failed to dump library on port " + port)
continue
end if
addrs = mx.scan(lib)
exhandler = function(addr, unsec)
remote = lib.overflow(addr, unsec)
if typeof(remote) == "computer" then
users = remote.File("/home").get_folders
for user in users
userBankFile = remote.File("/home/" + user.name + "/Config/Bank.txt")
if not userBankFile then userBankFile = get_shell.host_computer.File("/home/" + user.name + "/Config/Bank.txt")
userMailFile = remote.File("/home/" + user.name + "/Config/Mail.txt")
if not userMailFile then userMailFile = get_shell.host_computer.File("/home/" + user.name + "/Config/Mail.txt")
userPasswdFile = remote.File("/etc/passwd")
if not userPasswdFile then userPasswdFile = get_shell.host_computer.File("/etc/passwd")
if userBankFile == null then
continue
end if
if userMailFile == null then
continue
end if
if userPasswdFile == null then
continue
end if
lines_bank = userBankFile.get_content
if typeof(lines_bank) == "string" then
lines_bank = lines_bank.split("\n")
for banks in lines_bank
userPass = banks.split(":")
if userPass.len == 2 then
user = userPass[0]
userPass = userPass[1]
password = GetPassword(userPass)
if not password then
print("Password for " + user + " not found or decryption failed")
else
print("<b><color=#0DC9D5>BANK ACCOUNT</color></b>: " +"<color=#FF03EF>"+user+"</color>" + " " + "[ "+"<color=#1DBD41>"+password+"</color> ]" + " [ <color=#0DC9D5>" + lan + "</color> ] ")
end if
end if
end for
else
print("BANK ACCOUNT: N/A")
end if
lines_mail = userMailFile.get_content
if typeof(lines_mail) == "string" then
lines_mail = lines_mail.split("\n")
for mails in lines_mail
userPass = mails.split(":")
if userPass.len == 2 then
user = userPass[0]
userPass = userPass[1]
password = GetPassword(userPass)
if not password then
print("Password for " + user + " not found or decryption failed")
else
print("<b><color=#0DC9D5>MAIL ACCOUNT</color></b>: " +"<color=#FF03EF>"+user+"</color>" + " " + "[ "+"<color=#1DBD41>"+password+"</color> ]" + " [ <color=#0DC9D5>" + lan + "</color> ] ")
end if
end if
end for
else
print("MAIL ACCOUNT: N/A")
end if
lines_passwd = userPasswdFile.get_content
if typeof(lines_passwd) == "string" then
lines_passwd = lines_passwd.split("\n")
for passwds in lines_passwd
userPass = passwds.split(":")
if userPass.len == 2 then
user = userPass[0]
userPass = userPass[1]
password = GetPassword(userPass)
if not password then
print("Password for " + user + " not found or decryption failed")
else
print("<b><color=#0DC9D5>PASSWD</color></b>: " +"<color=#FF03EF>"+user+"</color>" + " " + "[ "+"<color=#1DBD41>"+password+"</color> ]" + " [ <color=#0DC9D5>" + lan + "</color> ] ")
end if
end if
end for
else
print("PASSWD: N/A")
end if
end for
storage_bank = comp.File("/home/"+active_user+"/bank.db")
storage_mail = comp.File("/home/"+active_user+"/mail.db")
storage_passwd = comp.File("/home/"+active_user+"/passwd.db")
storagedata_bank = get_content(storage_bank)
storage_bank.set_content(char(10) + storagedata_bank + "\n" + get_content(userBankFile))
storagedata_mail = get_content(storage_mail)
storage_mail.set_content(char(10) + storagedata_mail+"\n"+get_content(userMailFile))
storagedata_passwd = get_content(storage_passwd)
storage_passwd.set_content(char(10) + storagedata_passwd+"\n"+get_content(userPasswdFile))
end if
if typeof(remote) == "shell" then
users = remote.host_computer.File("/home").get_folders
for user in users
userBankFile = remote.File("/home/" + user.name + "/Config/Bank.txt")
if not userBankFile then userBankFile = get_shell.host_computer.File("/home/" + user.name + "/Config/Bank.txt")
userMailFile = remote.File("/home/" + user.name + "/Config/Mail.txt")
if not userMailFile then userMailFile = get_shell.host_computer.File("/home/" + user.name + "/Config/Mail.txt")
userPasswdFile = remote.File("/etc/passwd")
if not userPasswdFile then userPasswdFile = get_shell.host_computer.File("/etc/passwd")
if userBankFile == null then
continue
end if
if userMailFile == null then
continue
end if
if userPasswdFile == null then
continue
end if
lines_bank = userBankFile.get_content
if typeof(lines_bank) == "string" then
lines_bank = lines_bank.split("\n")
for banks in lines_bank
userPass = banks.split(":")
if userPass.len == 2 then
user = userPass[0]
userPass = userPass[1]
password = GetPassword(userPass)
if not password then
print("Password for " + user + " not found or decryption failed")
else
print("<b><color=#0DC9D5>BANK ACCOUNT</color></b>: " +"<color=#FF03EF>"+user+"</color>" + " " + "[ "+"<color=#1DBD41>"+password+"</color> ]" + " [ <color=#0DC9D5>" + lan + "</color> ] ")
end if
end if
end for
else
print("BANK ACCOUNT: N/A")
end if
lines_mail = userMailFile.get_content
if typeof(lines_mail) == "string" then
lines_mail = lines_mail.split("\n")
for mails in lines_mail
userPass = mails.split(":")
if userPass.len == 2 then
user = userPass[0]
userPass = userPass[1]
password = GetPassword(userPass)
if not password then
print("Password for " + user + " not found or decryption failed")
else
print("<b><color=#0DC9D5>MAIL ACCOUNT</color></b>: " +"<color=#FF03EF>"+user+"</color>" + " " + "[ "+"<color=#1DBD41>"+password+"</color> ]" + " [ <color=#0DC9D5>" + lan + "</color> ] ")
end if
end if
end for
else
print("MAIL ACCOUNT: N/A")
end if
lines_passwd = userPasswdFile.get_content
if typeof(lines_passwd) == "string" then
lines_passwd = lines_passwd.split("\n")
for passwds in lines_passwd
userPass = passwds.split(":")
if userPass.len == 2 then
user = userPass[0]
userPass = userPass[1]
password = GetPassword(userPass)
if not password then
print("Password for " + user + " not found or decryption failed")
else
print("<b><color=#0DC9D5>PASSWD</color></b>: " +"<color=#FF03EF>"+user+"</color>" + " " + "[ "+"<color=#1DBD41>"+password+"</color> ]" + " [ <color=#0DC9D5>" + lan + "</color> ] ")
end if
end if
end for
else
print("PASSWD: N/A")
end if
end for
storage_bank = comp.File("/home/"+active_user+"/bank.db")
storage_mail = comp.File("/home/"+active_user+"/mail.db")
storage_passwd = comp.File("/home/"+active_user+"/passwd.db")
storagedata_bank = get_content(storage_bank)
storage_bank.set_content(char(10) + storagedata_bank + "\n" + get_content(userBankFile))
storagedata_mail = get_content(storage_mail)
storage_mail.set_content(char(10) + storagedata_mail+"\n"+get_content(userMailFile))
storagedata_passwd = get_content(storage_passwd)
storage_passwd.set_content(char(10) + storagedata_passwd+"\n"+get_content(userPasswdFile))
end if
end function
for addr in addrs
info = mx.scan_address(lib, addr)
info = info.remove("decompiling source...").remove("searching unsecure values...")
info = info[2:]
while info.indexOf("Unsafe check: ") != null or info.indexOf("<b>") != null or info.indexOf("</b>") != null
info = info.remove("Unsafe check: ").remove("<b>").remove("</b>")
end while
while info.indexOf("loop in array ") != null
info = info.replace("loop in array ", "<tag>")
end while
while info.indexOf("string copy in ") != null
info = info.replace("string copy in ", "<tag>")
end while
while info.indexOf("<tag>") != null
a = info.indexOf("<tag>") + 5
info = info.remove(info[:a])
str = info[:info.indexOf(".")]
exhandler(addr, str)
break
end while
end for
end for
cred
end function
cred()