Grey Repo

getShell.src
Code
Copy
//shell attack
if params.len > 0 then ipAddress = params[0] else exit("<color=white>usage: atk <b>[ip] [port(opt)] [passwd(opt)]\n<color=white>   -empty port for router attack\n<color=white>   -will find all shell objects")
if params.len > 1 then attackPort = params[1].to_int else attackPort = null
if params.len > 2 then passwd = params[2] else passwd = ""
 
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
  metaxploit = include_lib(parent_path(program_path) + "/metaxploit.so")
end if
 
  metaLib = null
  libName = null
  libVer = null
  net_session = null
  file = null
  changePass = null
  thisComp = get_shell.host_computer
  if ipAddress == thisComp.local_ip or ipAddress == thisComp.public_ip then isMyIp = true else isMyIp = false
  memory = null
 
  if is_lan_ip(passwd) and not isMyIp then
    print("<color=#75808A>attacking: " + ipAddress + "\n" + "      lan: " + globals.deviceMap["d" + d])
  else
    print("\n<color=#75808A>attacking: " + ipAddress + ":" + attackPort + "...")
  end if
 
  if isMyIp and not attackPort then
    print("\n")
    path = user_input("<color=#75808A>[/library/path.so]\n<color=white><b>></b>")
 
    if metaxploit then
      if file.has_permission("r") then
        metaLib = metaxploit.load(path)
      else
        print("<color=white>bad permissions")
      end if
    else
      print("<color=white>need metaxploit")
    end if
 
  else
    if metaxploit then
 
      if not attackPort then
        net_session = metaxploit.net_use(ipAddress)
      else
        net_session = metaxploit.net_use(ipAddress,attackPort)
      end if
 
      if not net_session then
        print("<color=white>can't reach port " + attackPort)
      else
        metaLib = net_session.dump_lib
        print("<color=#75808A>session established")
      end if
 
    else
      print("<color=white>need metaxploit")
    end if
  end if
 
  if metaLib then
    libName = metaLib.lib_name
    libVer = metaLib.version
    if metaLib then print("<color=#75808A>scanning library: " + libName + " v." + libVer + "\n")
    memory = metaxploit.scan(metaLib)
    if not memory then print("<color=#75808A>no exploits detected.")
    password = null
 
    for mem in memory
      address = metaxploit.scan_address(metaLib, mem).split("Unsafe check:")
      userList = null
 
      for add in address
        if add == address[0] then continue
        value = add[add.indexOf("<b>")+3:add.indexOf("</b>")]
 
        if passwd then
          result = metaLib.overflow(mem, value, passwd)
        else
          result = metaLib.overflow(mem, value)
        end if
 
        if result then print("<color=#75808A> *found: " + result + "*\n") else print("<color=#75808A>no results\n")
        if typeof(result) == "shell" then
          i = user_input("<color=#75808A>connect?\n<color=white>[1]<color=#75808A> or <color=white>[0]\n<b>></b>")
          if i == "1" then result.start_terminal
          if i == "2" then ls(result)
        end if
      end for
    end for
  end if
end if