ricok/Grey_Hack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up

Browse Source
This commit is contained in:
Rico Knoop
2025-02-14 19:19:17 +01:00
parent 930d9207d8
commit 4f9a78a82a
8 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scanner/database-fetch.src Normal file
View File

@@ -0,0 +1,7 @@
import_code("/scanner/database.lib")
table = params[0]
release = params[1]
myDB.printTableBy(table,"version",release,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})

20
scanner/database.src Normal file
View File

@@ -0,0 +1,20 @@
// connect to database
database = function()
myDB = BinDB.connect("vuln", "Fizeta7-Nyzi0=Sinuvi5-Golepa4", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database")
end function
// insert exploit with check if it already exists.
// TODO: Add option to update missing data (requirments)
insertVuln = function(libName,libVersion,memAdress,keyValue,requirments,object,priv)
data = myDB.fetchBy(libName, "version", libVersion)
if data.len != 0 then
for entry in data
if(entry.indexOf(memAdress) != null and entry.indexOf(keyValue) != null) then
print("Vuln Already Known")
return 0
end if
end for
end if
myDB.insert(libName, {"version": libVersion, "memory_adress": memAdress, "key_value": keyValue, "object": object, "privilege": priv})
myDB.write()
end function

300
scanner/libbindb.src Normal file
View File

@@ -0,0 +1,300 @@
// BinDB
// author: Damdrara
// original author: tuonux (https://github.com/tuonux/gh-bindb)
// version: 1.0.0
//
// repository: https://github.com/Damdrara/gh-bindb
// documentation: https://github.com/Damdrara/gh-bindb/README.md
//
//
// Core BinDB instance
// in your source code you need to import it with import_code method
//
// Example Usage:
//
// import_code("/path/to/libbindb.src")
//
BinDB = {}
//
// Instantiate the connection with your binary database
//
// dbName: the name of your database. Default is: BinDB
// dbPassword: the password of you binary database. Default is: admin
// dbTables: array with the keys of the tables. Example: ["users", "mails", "banks"]. Default is: ["table"]
// dbPath: the path of your database. Example: /home/<user>.
// * if empty the database will be generated in your project directory
// Example Usage:
//
// mrRobotDb = BinDB.connect("employeers", "mypassword", ["users", "mails", "banks"], "/home/<user>")
//
BinDB.connect = function(dbName="BinDB", dbPassword="admin", dbTables=["table"], dbPath = "")
self.name = dbName
self.password = dbPassword
self.dbTables = dbTables
if dbPath == "" then dbPath = current_path
self.path = dbPath + "/" + self.name + ".db"
self.path = self.path.replace("//", "/")
self.folder = self.path.split("/")[0:-1].join("/")
self.tables = {}
self.read()
return self
end function
//
// Push the new data in your table
//
// table: a string with the name of the table that to want to fetch
// data: a map with the new data. Example {"name": "Elliot", "surname": "Alderson"}
//
// Example Usage:
//
// mrRobotDb.insert("users", {"name": "Elliot", "surname": "Alderson"})
// mrRobotDb.insert("users", {"name": "Tyrell", "surname": "Wellick"})
// mrRobotDb.insert("users", {"name": "Angela", "surname": "Moss"})
// mrRobotDb.insert("users", {"name": "Joanna", "surname": "Olofsson"})
// mrRobotDb.insert("users", {"name": "Gideon", "surname": "Goddard"})
//
BinDB.insert = function(table, data)
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
self.tables[table].push(data)
return self
end function
//
// Fetch all the rows of your table
//
// table: a string with the name of the table that to want to fetch
//
// Example Usage:
//
// for user in mrRobotDb.fetch("users")
// print(user.name)
// end for
//
// then print:
//
// Elliot
// Tyrell
// Angela
// Joanna
// Gideon
//
BinDB.fetch = function(table="")
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
return self.tables[table]
return self
end function
//
// Fetch a row by the index
//
// table: a string with the name of the table that to want to fetch
// id: an integer with the id that you want to get. Ids starts from 1
//
// Example Usage:
//
// userElliot = mrRobotDb.fetchOne("users", 1)
//
// then returns:
//
// {"name": "Elliot", "surname": "Alderson"}
//
BinDB.fetchOne = function(table = "", id = 0)
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
if not self.tables[table].hasIndex(id-1) then return print("ID not found in table " + table)
return self.tables[table][id-1]
return self
end function
//
// Fetch a row by a combination of key -> value
//
// table: a string with the name of the table that to want to fetch
// key: a string with key that you want to filter
// value: a string with the value that you want to filter
//
// Example Usage:
//
// userElliot = mrRobotDb.fetchBy("users", "name", "Elliot")
//
// then returns:
//
// {"name": "Elliot", "surname": "Alderson"}
//
BinDB.fetchBy = function(table = "", key = "", value = "")
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
newArray = []
for v in self.tables[table]
if v.hasIndex(key) and v[key] == value then newArray.push(v)
end for
return newArray
return self
end function
//
// Update a row by the index
//
// table: a string with the name of the table that to want to fetch
// id: an integer with the id that you want to get. Ids starts from 1
//
// Example Usage:
//
// mrRobotDb.update("users", 1, {"name": "Mr.", "surname": "Robot"})
//
BinDB.update = function(table="", id=0, data=null)
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
if not self.tables[table].hasIndex(id) then return print("ID not found in table " + table)
if not data or typeof(data) != "map" then print("data must be a map")
self.tables[table][id-1] = data
return self
end function
//
// Delete a row by the index
//
// table: a string with the name of the table that to want to fetch
// id: an integer with the id that you want to get. Ids starts from 1
//
// Example Usage:
//
// mrRobotDb.delete("users", 5)
//
BinDB.delete = function(table="", id=0)
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
if not self.tables[table].hasIndex(id-1) then return print("ID not found in table " + table)
newArray = []
for k in self.tables[table].indexes
if k == id-1 then continue
newArray.push(self.tables[table][k])
end for
self.tables[table] = newArray
return self
end function
//
// Read binary buffer ( used in rare case )
//
// mrRobotDb.read()
//
BinDB.read = function()
for s in self.dbTables
self.tables[s] = []
end for
self.binaryDbFile = get_shell.host_computer.File(self.path)
if not self.binaryDbFile then return
get_shell.launch(self.path, self.password)
if get_custom_object.hasIndex("BinDB") and get_custom_object.BinDB.hasIndex(self.name) then self.tables = get_custom_object.BinDB[self.name]
return self
end function
//
// Update binary database buffer
//
// Example Usage:
//
// mrRobotDb.write()
//
BinDB.write = function()
randomName = md5(rnd() + current_date)[0:6]
randomSrc = randomName + ".tmp"
randomFullPath = self.folder + "/" + randomSrc
get_shell.host_computer.touch(self.folder, randomSrc)
randomFile = get_shell.host_computer.File(randomFullPath)
randomFile.chmod("o-rwx")
randomFile.chmod("g-rwx")
randomFile.chmod("g+r")
dbBinaryContent = []
dbBinaryContent.push("if params.len == 0 then exit(""\nThis is a binary database generated by BinDB Library\nInfo: <color=yellow>https://github.com/tuonux/gh-bindb\n"")")
hashPass = md5(self.password)
dbBinaryContent.push("if md5(params[0]) != (""" + hashPass + """) then exit(""Permission denied"")")
dbBinaryContent.push("if not get_custom_object.hasIndex(""BinDB"") then")
dbBinaryContent.push(" get_custom_object[""BinDB""] = {}")
dbBinaryContent.push("end if")
dbBinaryContent.push("get_custom_object[""BinDB""]["""+self.name+"""] = {}")
for table in self.tables
dbBinaryContent.push("get_custom_object[""BinDB""]["""+self.name+"""]["""+table.key+"""] = []")
for row in table.value
dbBinaryContent.push("get_custom_object[""BinDB""]["""+self.name+"""]["""+table.key+"""].push("+@row+")")
end for
end for
randomFile.set_content(dbBinaryContent.join(char(10)))
x = get_shell.build(randomFullPath, self.folder, false)
self.binaryDbFile = get_shell.host_computer.File(self.path)
if self.binaryDbFile then self.binaryDbFile.delete
get_shell.host_computer.File(self.folder + "/" + randomName).rename(self.name + ".db")
randomFile.delete
self.read()
return self
end function
//
// Clear and delete the database
//
// Example Usage:
//
// mrRobotDb.wipe()
//
//
BinDB.wipe = function()
self.binaryDbFile = get_shell.host_computer.File(self.path)
if self.binaryDbFile then self.binaryDbFile.delete
self.read()
end function
//
// Utility function that print your table with formatted columns
//
// table: a string with the name of the table that to want to fetch
// labels: an map object that contain the labels of your row keyes
//
// Example Usage:
//
// mrRobotDb.printTable("users", {"name": "Name", "surname": "Surname"})
//
// then print:
//
// # Name Surname
// 1 Mr. Robot
// 2 Tyrell Wellick
// 3 Angela Moss
// 4 Joanna Olofsson
//
BinDB.printTable = function(table="", labels = {})
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
if self.tables[table].len == 0 then return null
out = []
columns = ["#"]
for k in self.tables[table][0].indexes
label = str(k)
if labels.hasIndex(k) then label = labels[k]
columns.push(label.replace(" ", char(160)))
end for
out.push(columns.join(" "))
i = 0
for s in self.tables[table]
i = i + 1
row = [str(i)]
for k in s.values
row.push(str(k).replace(" ", char(160)))
end for
out.push(row.join(" "))
end for
print(format_columns(out.join("\n")))
return self
end function
BinDB.printTableBy = function(table="",key, value , labels = {})
if self.tables.indexes.indexOf(table) == null then return print("Table " + table + " not found")
if self.tables[table].len == 0 then return null
out = []
columns = ["#"]
for k in self.tables[table][0].indexes
label = str(k)
if labels.hasIndex(k) then label = labels[k]
columns.push(label.replace(" ", char(160)))
end for
out.push(columns.join(" "))
i = 0
for s in self.fetchBy(table, key, value)
i = i + 1
row = [str(i)]
for k in s.values
row.push(str(k).replace(" ", char(160)))
end for
out.push(row.join(" "))
end for
print(format_columns(out.join("\n")))
return self
end function

98
scanner/scanner.src Normal file
View File

@@ -0,0 +1,98 @@
// name import Database/functions
import_code("/dev/scanner/libbindb.src")
import_code("/dev/scanner/database.src")
myDB = database()
if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
// import metaexploit from /lib or current folder
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
// convert argv for easier readability
target_ip = params[0]
if not is_valid_ip(target_ip) then
target_ip = nslookup(target_ip)
if not is_valid_ip(target_ip) then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
end if
// fetch router object en configured ports
target_router = get_router(target_ip)
target_ports = target_router.used_ports
// print details of router and configured ports
// TODO: Add port status
// TODO: Add deepscan for connected devices
column = "<b>Number Type Version IP</b>"
column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip
for port in target_ports
column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip
end for
print("\nIP Address : " + target_ip)
print(format_columns(column))
// Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.
// TODO: Needs confirming, initial tests seem correct.
checkPrivilege = function(result)
if(typeof(result) == "shell") then result = result.host_computer
if(typeof(result) == "computer") then
//checking root
file = result.File("/lib/init.so")
if( file.has_permission("w") != 0) then return "Root"
//check user
file = result.File("/etc/passwd")
if( file.has_permission("w")) then return "User"
return "Guest"
end if
return "null"
end function
// scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits
// TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.
// TODO: figure out how to get requirments for exploits.
scanPort = function(ip, port, optional)
net_session = metaxploit.net_use(ip,port)
lib = net_session.dump_lib
memList = metaxploit.scan(lib)
for address in memList
keys = metaxploit.scan_address(lib,address)
vulns = keys.split("Unsafe check: ")
keyList =[]
for string in vulns
keyList.push(string[string.indexOf("<b>")+3:string.indexOf("</b>")])
end for
for key in keyList
result = lib.overflow(address,key,optional)
if (typeof(result) != "null") then
print(typeof(result))
insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result))
end if
print("\n")
end for
end for
end function
// DO ALL THE THINGS. needs cleaning
scanPort(target_ip, 0, target_router.local_ip)
for port in target_ports
if(port.is_closed != 1) then
scanPort(target_ip, port.port_number, "dave")
else
print(port.port_number + " is Closed.")
end if
end for