diff --git a/Needs_vetting/secure_home_router.src b/Needs_vetting/secure_home_router.src new file mode 100644 index 0000000..289bb5e --- /dev/null +++ b/Needs_vetting/secure_home_router.src @@ -0,0 +1,237 @@ +//looks reliant on outside sources for lib +//original creator rocketorbit +//seems to check if outside source has been compromized. + +if active_user != "root" then exit("Run as root.") +shell = get_shell + +metaxploit = include_lib(current_path + "/metaxploit.so") +if not metaxploit then metaxploit = include_lib("/lib/metaxploit.so") +if not metaxploit then exit("metaxploit.so not found in current path or /lib") + +getCloudExploitAPI = function(metaxploit) + recursiveCheck = function(anyObject, maxDepth = -1) + if maxDepth == 0 then return true + if @anyObject isa map or @anyObject isa list then + for key in indexes(@anyObject) + if not recursiveCheck(@key, maxDepth - 1) then return false + end for + for val in values(@anyObject) + if not recursiveCheck(@val, maxDepth - 1) then return false + end for + end if + if @anyObject isa funcRef then return false + return true + end function + if typeof(metaxploit) != "MetaxploitLib" then return print("metaxploit required for api to work.") + netSession = metaxploit.net_use(nslookup("www.ExploitDatabase.org"), 22) //connect to server with metaxploit on ssh service + if netSession then metaLib = netSession.dump_lib else metaLib = null + if metaLib then remoteShell = metaLib.overflow("0xF8E54A6", "becolo") else remoteShell = null //exploit needed to grab a guest shell to the server + if typeof(remoteShell) != "shell" then print("Server failed. API running in local mode.") + + clearInterface = function(interface) + for k in indexes(interface) + if @k == "classID" or @k == "__isa" then continue + remove(interface, @k) + end for + if not recursiveCheck(@interface) then exit("WARNING, API MAY HAVE BEEN POISONED, ABORTING.") + return null + end function + + api = {} + api.classID = "api" + api.connection = remoteShell + api.metaxploit = metaxploit + api.interface = get_custom_object + + //all api method start + api.testConnection = function(self) //demo method. + clearInterface(self.interface) + if typeof(self.connection) != "shell" then return false + self.interface.ret = null + self.interface.args = ["testConnection"] + self.connection.launch("/interfaces/exploitAPI") + if not hasIndex(self.interface, "ret") then return not (not clearInterface(self.interface)) //not (not) is for casting null to false, false to false, empty set to false, everything else to true. + if @self.interface.ret isa funcRef or @self.interface.ret isa map then return not (not clearInterface(self.interface)) + ret = not (not @self.interface.ret) + clearInterface(self.interface) + return ret + end function + api.scanMetaLib = function(self, metaLib) + clearInterface(self.interface) + self.interface.ret = null + self.interface.args = ["scanMetaLib", metaLib] + if typeof(self.connection) == "shell" then self.connection.launch("/interfaces/exploitAPI") + print("IF YOU SEE ANY WEIRD OUTPUT ABOVE (ESPECIALLY OVERFLOW PROMPT), OR IF YOUR TERMINAL WAS CLEARED (OUTPUT SHOULD ONLY BE A PROGRESS BAR, NOTHING MORE NOTHING LESS), IT MEANS THE SERVER WAS HACKED AND YOU NEED TO STOP USING THIS API RIGHT NOW, AND CONTACT DISCORD:rocketorbit IMMEDIATELY.") + if hasIndex(self.interface, "ret") and @self.interface.ret != null and recursiveCheck(@self.interface.ret) then + ret = @self.interface.ret + clearInterface(self.interface) + return ret + end if + clearInterface(self.interface) + print("Server failed. Using local scan.") + ret = {} + ret.lib_name = lib_name(@metaLib) + ret.version = version(@metaLib) + ret.memorys = {} + memorys = self.metaxploit.scan(@metaLib) + for memory in memorys + addresses = split(self.metaxploit.scan_address(@metaLib, memory), "Unsafe check:") + ret.memorys[memory] = [] + for address in addresses + if address == addresses[0] then continue + value = address[indexOf(address, "") + 3:indexOf(address, "")].replace("\n", "") + ret.memorys[memory] = ret.memorys[memory] + [value] + end for + end for + return ret + end function + api.queryExploit = function(self, libName, libVersion) + clearInterface(self.interface) + if typeof(self.connection) != "shell" then return null + self.interface.ret = null + self.interface.args = ["queryExploit", libName, libVersion] + self.connection.launch("/interfaces/exploitAPI") + if not hasIndex(self.interface, "ret") then return clearInterface(self.interface) + if not recursiveCheck(@self.interface.ret) then return clearInterface(self.interface) + ret = @self.interface.ret + clearInterface(self.interface) + return ret + end function + api.getHashes = function(self) + clearInterface(self.interface) + if typeof(self.connection) != "shell" then return null + self.interface.ret = null + self.interface.args = ["getHashes"] + self.connection.launch("/interfaces/exploitAPI") + if not hasIndex(self.interface, "ret") then return clearInterface(self.interface) + if not recursiveCheck(@self.interface.ret) then return clearInterface(self.interface) + ret = @self.interface.ret + clearInterface(self.interface) + return ret + end function + //all api method end + + if not api.testConnection then print("unable to reach server. API is in local mode.") + + return api +end function +api = getCloudExploitAPI(metaxploit) +hashes = api.getHashes +if not hashes then exit("Server failed. Contact discord: rocketorbit.") + +downloadLibs = function + netSession = metaxploit.net_use(nslookup("www.CFTShrinker.org"), 22) //download libs from CFTShrinker + if netSession then metaLib = netSession.dump_lib else metaLib = null + if metaLib then remoteShell = metaLib.overflow("0xF8E54A6", "becolo") else remoteShell = null + if typeof(remoteShell) != "shell" then exit("Server failed. Contact discord: rocketorbit.") + download = remoteShell.scp("/Public/htdocs/downloads", "/root", shell) + if typeof(download) == "string" then exit(download) + if not shell.host_computer.File("/root/downloads/init1.0.0hm") then exit("Server failed. Contact discord: rocketorbit.") + if not shell.host_computer.File("/root/downloads/net1.0.0df") then exit("Server failed. Contact discord: rocketorbit.") + if not shell.host_computer.File("/root/downloads/libhttp1.1.6Hm") then exit("Server failed. Contact discord: rocketorbit.") + if not shell.host_computer.File("/root/downloads/kernel_router1.9.2nc") then exit("Server failed. Contact discord: rocketorbit.") +end function + +checkAccess = function(shell) + folder = shell.host_computer.File("/root") + if folder.has_permission("w") and folder.has_permission("r") and folder.has_permission("x") then return "root" + return "guest" +end function + +escalate = function(guestShell) + payload = " + hashes = get_custom_object.hashes + get_custom_object.ret = null + for hsh in hashes.values + shell = get_shell(""root"", hsh) + if typeof(shell) != ""shell"" then continue + get_custom_object.ret = shell + exit(hsh) + end for + " + guestShell.host_computer.touch("/home/guest", "dddd.src") + guestShell.host_computer.File("/home/guest/dddd.src").set_content(payload) + guestShell.build("/home/guest/dddd.src", "/home/guest") + interface = get_custom_object + interface.ret = null + interface.hashes = hashes + guestShell.launch("/home/guest/dddd") + if host_computer(@interface.ret) then return interface.ret + return null +end function + +hackPort = function(port) + netSession = metaxploit.net_use("192.168.0.1", port) + netSession = metaxploit.net_use("192.168.0.1", port) + if not netSession then exit("Unknown error. Contact discord: rocketorbit.") + metaLib = netSession.dump_lib + if not metaLib then exit("Unknown error. Contact discord: rocketorbit.") + exploits = api.queryExploit(metaLib.lib_name, metaLib.version) + if not exploits then exploits = api.scanMetaLib(metaLib) + if not exploits then exit("Unknown error. Contact discord: rocketorbit.") + for e in exploits.memorys + for value in e.value + object = metaLib.overflow(e.key, value) + if typeof(object) != "shell" then continue + if checkAccess(object) != "root" then return escalate(object) + return object + end for + end for +end function + +hackRouter = function + routerPort = hackPort(0) + if not routerPort then routerPort = hackPort(8080) + if not routerPort then exit("The home network you are using right now does not provide a shell exploit, therefore this script will not work. However this does not mean it is secured. If you have never tried to secure it and you got this prompt, delete this network on ConfigLan.exe and rent a new one.") + return routerPort +end function + +randomPassword = function + pass = "" + for i in range(14) + pass = pass + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"[floor(rnd * 62)] + end for + return pass +end function + +secureRouter = function(localShell, routerShell) + init = localShell.host_computer.File("/root/downloads/init1.0.0hm") + net = localShell.host_computer.File("/root/downloads/net1.0.0df") + http = localShell.host_computer.File("/root/downloads/libhttp1.1.6Hm") + router = localShell.host_computer.File("/root/downloads/kernel_router1.9.2nc") + if (not init) or (not net) or (not http) or (not router) then exit("Unknown error. Contact discord: rocketorbit.") + localShell.scp(init.path, "/lib", routerShell) + localShell.scp(net.path, "/lib", routerShell) + localShell.scp(http.path, "/lib", routerShell) + localShell.scp(router.path, "/lib", routerShell) + remoteInit = routerShell.host_computer.File("/lib/init1.0.0hm") + remoteNet = routerShell.host_computer.File("/lib/net1.0.0df") + remoteHttp = routerShell.host_computer.File("/lib/libhttp1.1.6Hm") + remoteRouter = routerShell.host_computer.File("/lib/kernel_router1.9.2nc") + if (not remoteInit) or (not remoteNet) or (not remoteHttp) or (not remoteRouter) then exit("Unknown error. Contact discord: rocketorbit.") + remoteInit.move("/lib", "init.so") + remoteNet.move("/lib", "net.so") + remoteHttp.move("/lib", "libhttp.so") + remoteRouter.move("/lib", "kernel_router.so") + if routerShell.host_computer.File("/home") then routerShell.host_computer.File("/home").delete + routerRootFolder = routerShell.host_computer.File("/") + routerRootFolder.set_owner("root", true) + routerRootFolder.set_group("root", true) + routerRootFolder.chmod("o-rwx", true) + routerRootFolder.chmod("g-rwx", true) + routerRootFolder.chmod("u-rwx", true) + routerShell.host_computer.change_password("root", randomPassword) + return true +end function + +main = function + downloadLibs + routerShell = hackRouter + if not routerShell then exit("Unknown error. Contact discord: rocketorbit.") + secureRouter(shell, routerShell) + print("Success! You have secured your home network. This is the last step, enjoy hack free Grey Hack!") + if shell.host_computer.File("/root/downloads") then shell.host_computer.File("/root/downloads").delete + if shell.host_computer.File(program_path) then shell.host_computer.File(program_path).delete +end function +main \ No newline at end of file diff --git a/crack.src b/Util/crack.src similarity index 100% rename from crack.src rename to Util/crack.src diff --git a/Util/get_hackshop.src b/Util/get_hackshop.src new file mode 100644 index 0000000..46f03b5 --- /dev/null +++ b/Util/get_hackshop.src @@ -0,0 +1,36 @@ +randomIp = function() + while true + ip = floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + if not is_valid_ip(ip) then continue + if is_lan_ip(ip) then continue + return ip + end while +end function + +getRouter = function(ip) + router = get_router(ip) + if not router then router = get_switch(ip) + if not router then return null + return router +end function + +hasRepoService = function(router) + for lanIp in router.devices_lan_ip + ports = router.device_ports(lanIp) + for port in ports + if router.port_info(port).split(" ")[0] == "repository" then return true + end for + end for + return null +end function + +main = function() + while true + ip = randomIp + router = getRouter(ip) + if not router then continue + if not hasRepoService(router) then continue + exit(ip) + end while +end function +main \ No newline at end of file diff --git a/Util/nmap.src b/Util/nmap.src new file mode 100644 index 0000000..6ed6c89 --- /dev/null +++ b/Util/nmap.src @@ -0,0 +1,22 @@ +if params.len != 1 or params[0] == "-h" or params[0] == "--help" then exit("Usage: "+program_path.split("/")[-1]+" [ip_address]") + +target_ip = params[0] + +if not (is_valid_ip(target_ip)) then target_ip = nslookup(target_ip) + +if not (is_valid_ip(target_ip)) then + exit("That domain is not valid.") +end if + +target_router = get_router(target_ip) +target_ports = target_router.used_ports + + +column = "Number Type Version IP" +column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip +for port in target_ports + column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip +end for + +print("\nIP Address : " + target_ip) +print(format_columns(column)) diff --git a/Util/passgen.src b/Util/passgen.src new file mode 100644 index 0000000..f4098a8 --- /dev/null +++ b/Util/passgen.src @@ -0,0 +1,10 @@ + +if not params then exit("Usage: " + program_path.split("/")[-1] + " [length]") +length = to_int(params[0]) +if typeof(length) != "number" or length <= 0 then exit("Length must be a positive integer.") +pass = "" +while length > 0 + pass = pass + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"[floor(rnd * 62)] + length = length - 1 +end while +print(pass) \ No newline at end of file diff --git a/direct_fetch_data.src b/direct_fetch_data.src new file mode 100644 index 0000000..e1a58bd --- /dev/null +++ b/direct_fetch_data.src @@ -0,0 +1,68 @@ +// Fetch data any kernel_router.so if you have a Memory_Address and Overflow_Key with a computer object. +if params.len < 4 or params[0] == "-h" or params[0] == "--help" then exit("Usage: "+program_path.split("/")[-1]+" [IP_Address] [Port] [Memory_Address] [Overflow_String]") + +target_ip = params[0] +port = params[1] +memory_Address = params[2] +overflow_String = params[3] + +metaxploit = include_lib("/lib/metaxploit.so") + +if not metaxploit then + metaxploit = include_lib(current_path + "/metaxploit.so") +end if + +if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder") + + +net_session = metaxploit.net_use(target_ip,port.to_int) + +if not net_session then exit("Error: can't connect to net session") +metaLib = net_session.dump_lib +result = metaLib.overflow(memory_Address,overflow_String) + +if not result then exit("Program ended") + +if(typeof(result) == "shell") then result = result.host_computer +if(typeof(result) != "computer") then exit("Error: expected computer, obtained " + typeof(result)) + +passwd = result.File("/etc/passwd") +print("\n------PASSWD------") +if not passwd or passwd.get_content == null then + print("Passwd not found. \n") +else + users = passwd.get_content.split("\n") + for line in users + if not line then continue + content = line.split(":") + print(content[0] + "\n" + content[1] + "\n") + end for +end if + +homeFolder = result.File("/home") +if not homeFolder then + print("/home folder not found.") +else + + print("------MAIL------") + + userFolders = homeFolder.get_folders + + for userFolder in userFolders + mailFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt") + if not mailFile then continue + if not mailFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend") + userPass = mailFile.get_content.split(":") + print(userPass[0] + "\n" + userPass[1] + "\n") + end for + + print("------BANK------") + + for userFolder in userFolders + bankFile = result.File("/home/" + userFolder.name + "/Config/Bank.txt") + if not bankFile then continue + if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend") + userPass = bankFile.get_content.split(":") + print(userPass[0] + "\n" + userPass[1] + "\n") + end for +end if \ No newline at end of file diff --git a/get_shell.src b/get_shell.src new file mode 100644 index 0000000..f59495a --- /dev/null +++ b/get_shell.src @@ -0,0 +1,24 @@ +if params.len < 4 or params[0] == "-h" or params[0] == "--help" then exit("Usage: "+program_path.split("/")[-1]+" [IP_Address] [Port] [Memory_Address] [Overflow_String]") + +target_ip = params[0] +port = params[1] +memory_Address = params[2] +overflow_String = params[3] + +metaxploit = include_lib("/lib/metaxploit.so") + +if not metaxploit then + metaxploit = include_lib(current_path + "/metaxploit.so") +end if + +if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder") +net_session = metaxploit.net_use(target_ip,port.to_int) + +if not net_session then exit("Error: can't connect to net session") +metaLib = net_session.dump_lib +result = metaLib.overflow(memory_Address,overflow_String) + + +if not result then exit("Program ended") + +if typeof(result) == "shell" then result.start_terminal diff --git a/scanner/database.src b/scanner/database.src index 2b34790..9a77f62 100644 --- a/scanner/database.src +++ b/scanner/database.src @@ -1,6 +1,6 @@ // connect to database database = function() - myDB = BinDB.connect("vuln", "", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database") + myDB = BinDB.connect("vuln", "ukBfZkFwR2mutQItMD7Q9KQbUaoIIFo4vZqa3HtUtf1JcSOQbV", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database") end function // insert exploit with check if it already exists. diff --git a/scanner/database_export.src b/scanner/database_export.src new file mode 100644 index 0000000..9c55c1d --- /dev/null +++ b/scanner/database_export.src @@ -0,0 +1,32 @@ +import_code("/dev/scanner/libbindb.src") +import_code("/dev/scanner/database.src") + +export = "/database/export" + +computer = get_shell.host_computer + +file = computer.File(export + "/export.txt") +if(file) then file.delete + +kernel = myDB.fetch("kernel_router.so") +ssh = myDB.fetch("libssh.so") +ftp = myDB.fetch("libftp.so") +sql = myDB.fetch("libsql.so") +smtp = myDB.fetch("libsmtp.so") +http = myDB.fetch("libhttp.so") +cam = myDB.fetch("libcam.so") +repo = myDB.fetch("librepository.so") + +touch(computer,export,"export.txt") +file = computer.File(export + "/export.txt") + + + +file.set_content(file.get_content() + "kernel: " + kernel + char(10)) +file.set_content(file.get_content() + "ssh: " + ssh + char(10)) +file.set_content(file.get_content() + "ftp: " + ftp + char(10)) +file.set_content(file.get_content() + "sql: " + sql + char(10)) +file.set_content(file.get_content() + "smtp: " + smtp + char(10)) +file.set_content(file.get_content() + "http: " + http + char(10)) +file.set_content(file.get_content() + "cam: " + cam + char(10)) +file.set_content(file.get_content() + "repo: " + repo + char(10)) \ No newline at end of file diff --git a/scanner/database-fetch.src b/scanner/database_fetch.src similarity index 60% rename from scanner/database-fetch.src rename to scanner/database_fetch.src index 1734c3b..1fee2d2 100644 --- a/scanner/database-fetch.src +++ b/scanner/database_fetch.src @@ -1,4 +1,7 @@ -import_code("/scanner/database.lib") +import_code("/dev/scanner/libbindb.src") +import_code("/dev/scanner/database.src") + +if len(params) != 2 then exit("fetch [lib.so] [Version]") table = params[0] release = params[1] diff --git a/scanner/database_fetch_all.src b/scanner/database_fetch_all.src new file mode 100644 index 0000000..4463ed3 --- /dev/null +++ b/scanner/database_fetch_all.src @@ -0,0 +1,21 @@ +import_code("/dev/scanner/libbindb.src") +import_code("/dev/scanner/database.src") + +myDB = database() + +print("kernel_router.so") +myDB.printTable("kernel_router.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("libssh.so") +myDB.printTable("libssh.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("libftp.so") +myDB.printTable("libftp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("libsql.so") +myDB.printTable("libsql.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("libsmtp.so") +myDB.printTable("libsmtp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("libhttp.so") +myDB.printTable("libhttp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("libcam.so") +myDB.printTable("libcam.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +print("librepository.so") +myDB.printTable("librepository.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) diff --git a/scanner/database_fetch_ip.src b/scanner/database_fetch_ip.src new file mode 100644 index 0000000..25b5f8c --- /dev/null +++ b/scanner/database_fetch_ip.src @@ -0,0 +1,43 @@ +import_code("/dev/scanner/libbindb.src") +import_code("/dev/scanner/database.src") + +if len(params) != 1 then exit("fetch [IP/Web]") +myDB = database() +target_ip = params[0] + +if not (is_valid_ip(target_ip)) then target_ip = nslookup(target_ip) +if not(is_valid_ip(target_ip)) then exit("Invalid IP") + +target_router = get_router(target_ip) +target_ports = target_router.used_ports + +router_data = [] +router_data.push({"port":"0", "port_info":"kernel_router", "port_info": target_router.kernel_version, "lan_ip":target_router.local_ip}) +for port in target_ports + router_data.push({"port":port.port_number,"port_info":target_router.port_info(port),"lan_ip":port.get_lan_ip}) +end for + +lib = [] + +for item in router_data + known = false + for i in lib + if(item.port_info == i) then known = true + end for + if not known then lib.push(item) +end for + +print("Kernel_router.so") +myDB.printTableBy("kernel_router.so","version",router_data[0].port_info,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + +lib.pull +for item in lib + data = item.port_info.split(" ") + + if(data[0] == "criminals") then data[0] = "sql" + if(data[0] == "employees") then data[0] = "sql" + if(data[0] == "employees") then data[0] = "sql" + if(data[0] == "bank_account") then date[0] = "sql" + print("lib" + data[0] + ".so") + myDB.printTableBy("lib" + data[0] + ".so","version",data[1],{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) +end for \ No newline at end of file diff --git a/scanner/pop_database_test.src b/scanner/pop_database_test.src new file mode 100644 index 0000000..3adb70a --- /dev/null +++ b/scanner/pop_database_test.src @@ -0,0 +1,19 @@ +import_code("/dev/scanner/libbindb.src") +import_code("/dev/scanner/database.src") +import_code("/dev/scanner/util_import.src") +import_code("/dev/scanner/scanner.src") + +//sometimes giving out non existing IP, maybe whois to filter those out. +myDB = database() +count = params[0] + +i = 0 +while true + if(i == count.to_int) then break + ip = randomIp() + print("\n" + ip) + scanner(ip) + i= i + 1 +end while + +print("Done") \ No newline at end of file diff --git a/scanner/scanner.src b/scanner/scanner.src index e9638f4..5988584 100644 --- a/scanner/scanner.src +++ b/scanner/scanner.src @@ -1,43 +1,8 @@ -// name import Database/functions +// import Database/functions +// comment out if importing import_code("/dev/scanner/libbindb.src") import_code("/dev/scanner/database.src") - -myDB = database() - -if params.len == 0 then exit("Usage: scanner [IP/WEB_Address]") - - -// import metaexploit from /lib or current folder -metaxploit = include_lib("/lib/metaxploit.so") -if not metaxploit then - metaxploit = include_lib(current_path + "/metaxploit.so") -end if -if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder") - -// convert argv for easier readability -target_ip = params[0] - -if not is_valid_ip(target_ip) then - target_ip = nslookup(target_ip) - if not is_valid_ip(target_ip) then exit("Usage: scanner [IP/WEB_Address]") -end if - -// fetch router object en configured ports -target_router = get_router(target_ip) -target_ports = target_router.used_ports - -// print details of router and configured ports -// TODO: Add port status -// TODO: Add deepscan for connected devices -column = "Number Type Version IP" - column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip -for port in target_ports - column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip -end for - -print("\nIP Address : " + target_ip) -print(format_columns(column)) - +import_code("/dev/scanner/util_import.src") // Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files. // TODO: Needs confirming, initial tests seem correct. @@ -48,8 +13,15 @@ checkPrivilege = function(result) file = result.File("/lib/init.so") if( file.has_permission("w") != 0) then return "Root" //check user - file = result.File("/etc/passwd") - if( file.has_permission("w")) then return "User" + homeFolders = result.File("/home") + homeFolders = homeFolders.get_folders + if(len(homeFolders) <= 1) then return "Guest" + for folder in homeFolders + file = result.File("/home/" + folder.name + "/Config/Mail.txt") + if(file) then + if(file.has_permission("w")) then return "User" + end if + end for return "Guest" end if @@ -60,10 +32,11 @@ end function // scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits // TODO: figure out how to get proper feedback from firewall exploits and pass change exploits. // TODO: figure out how to get requirments for exploits. -scanPort = function(ip, port, optional) +scanPort = function(ip, port, optional, metaxploit) net_session = metaxploit.net_use(ip,port) lib = net_session.dump_lib + print(lib.lib_name) memList = metaxploit.scan(lib) for address in memList keys = metaxploit.scan_address(lib,address) @@ -77,22 +50,40 @@ scanPort = function(ip, port, optional) result = lib.overflow(address,key,optional) if (typeof(result) != "null") then print(typeof(result)) - insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result)) + insertVuln(lib.lib_name,lib.version,address,key,typeof(result),checkPrivilege(result)) end if - print("\n") end for end for end function +scanner = function(target_ip) + + + metaxploit = mxploit() + target_ip = webToIp(target_ip) + if(target_ip == 1) then exit("Invalid IP") -// DO ALL THE THINGS. needs cleaning -scanPort(target_ip, 0, target_router.local_ip) -for port in target_ports + // fetch router object and configured ports + target_router = get_router(target_ip) + target_ports = target_router.used_ports - if(port.is_closed != 1) then - scanPort(target_ip, port.port_number, "dave") - else - print(port.port_number + " is Closed.") - end if -end for \ No newline at end of file + // DO ALL THE THINGS. needs cleaning + scanPort(target_ip, 0, target_router.local_ip, metaxploit) + for port in target_ports + if(port.is_closed != 1) then + scanPort(target_ip, port.port_number, "dave", metaxploit) + else + print(port.port_number + " is Closed.") + end if + end for + + nmap(target_ip, true) + +end function + +//comment out if using as import + +if params.len == 0 then exit("Usage: scanner [IP/WEB_Address]") +myDB = database() +scanner(params[0]) \ No newline at end of file diff --git a/scanner/util_import.src b/scanner/util_import.src new file mode 100644 index 0000000..0f30d81 --- /dev/null +++ b/scanner/util_import.src @@ -0,0 +1,30 @@ +//loads metaxploit +mxploit = function() + metaxploit = include_lib("/lib/metaxploit.so") + if not metaxploit then + metaxploit = include_lib(current_path + "/metaxploit.so") + end if + if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder") + return metaxploit +end function + +//returns random external IP +randomIp = function() + while true + ip = floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + if not is_valid_ip(ip) then continue + if is_lan_ip(ip) then continue + return ip + end while +end function + +//convert webadress to IP +webToIp = function(target) + if not is_valid_ip(target) then + target = nslookup(target) + if not is_valid_ip(target) then return 1 + return target + end if + return target +end function + diff --git a/tool/get_bank.src b/tool/get_bank.src index 0de6d41..06d65b5 100644 --- a/tool/get_bank.src +++ b/tool/get_bank.src @@ -19,6 +19,7 @@ get_bank = function(target_ip, local_ip, mem, key) if(typeof(result) == "shell") then result = typeObject.host_computer + end if if(typeof(result) != "computer") then exit("Error: expected computer, obtained " + typeof(result)) diff --git a/tool/nmap.src b/tool/nmap.src index a7c3aa6..b1a3c59 100644 --- a/tool/nmap.src +++ b/tool/nmap.src @@ -1,9 +1,5 @@ -//comment out if using a stand alone tool nmap = function(target_ip) - //uncomment if not using as import. - //if params.len != 1 or params[0] == "-h" or params[0] == "--help" then exit("Usage: "+program_path.split("/")[-1]+" [ip_address]") - target_ip = params[0] if not (is_valid_ip(target_ip)) then target_ip = nslookup(target_ip) @@ -29,5 +25,4 @@ nmap = function(target_ip) return router_data -//comment out if using a stand alone tool end function \ No newline at end of file diff --git a/tool/randomIP.src b/tool/randomIP.src new file mode 100644 index 0000000..7c8463d --- /dev/null +++ b/tool/randomIP.src @@ -0,0 +1,8 @@ +randomIp = function() + while true + ip = floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + if not is_valid_ip(ip) then continue + if is_lan_ip(ip) then continue + return ip + end while +end function \ No newline at end of file