// import_code("/dev/scanner/util_import.src") // import_code("/dev/scanner/libbindb.src") // connect to database database = function() return BinDB.connect("vuln", "ukBfZkFwR2mutQItMD7Q9KQbUaoIIFo4vZqa3HtUtf1JcSOQbV", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database") end function // insert exploit with check if it already exists. // TODO: Add option to update missing data (requirments) insertVuln = function(libName,libVersion,memAdress,keyValue,object,priv) data = myDB.fetchBy(libName, "version", libVersion) if data.len != 0 then for entry in data if(entry.indexOf(memAdress) != null and entry.indexOf(keyValue) != null) then print("Vuln Already Known") return 0 end if end for end if myDB.insert(libName, {"version": libVersion, "memory_adress": memAdress, "key_value": keyValue, "object": object, "privilege": priv}) myDB.write() end function dbExport = function() export = "/database/export" computer = get_shell.host_computer file = computer.File(export + "/export.txt") if(file) then file.delete kernel = myDB.fetch("kernel_router.so") ssh = myDB.fetch("libssh.so") ftp = myDB.fetch("libftp.so") sql = myDB.fetch("libsql.so") smtp = myDB.fetch("libsmtp.so") http = myDB.fetch("libhttp.so") cam = myDB.fetch("libcam.so") repo = myDB.fetch("librepository.so") touch(computer,export,"export.txt") file = computer.File(export + "/export.txt") file.set_content(file.get_content() + "kernel: " + kernel + char(10)) file.set_content(file.get_content() + "ssh: " + ssh + char(10)) file.set_content(file.get_content() + "ftp: " + ftp + char(10)) file.set_content(file.get_content() + "sql: " + sql + char(10)) file.set_content(file.get_content() + "smtp: " + smtp + char(10)) file.set_content(file.get_content() + "http: " + http + char(10)) file.set_content(file.get_content() + "cam: " + cam + char(10)) file.set_content(file.get_content() + "repo: " + repo + char(10)) end function dbFetchAll = function() print("kernel_router.so") myDB.printTable("kernel_router.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("libssh.so") myDB.printTable("libssh.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("libftp.so") myDB.printTable("libftp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("libsql.so") myDB.printTable("libsql.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("libsmtp.so") myDB.printTable("libsmtp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("libhttp.so") myDB.printTable("libhttp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("libcam.so") myDB.printTable("libcam.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) print("librepository.so") myDB.printTable("librepository.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) end function dbFetchLib = function(table,release) myDB.printTableBy(table,"version",release,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) end function dbFetchTarget = function(target_ip) target_ip = webToIp(target_ip) if(target_ip == 1) then exit("Invalid IP/Web Address") target_router = get_router(target_ip) target_ports = target_router.used_ports router_data = [] router_data.push({"port":"0", "port_info":"kernel_router", "port_info": target_router.kernel_version, "lan_ip":target_router.local_ip}) for port in target_ports router_data.push({"port":port.port_number,"port_info":target_router.port_info(port),"lan_ip":port.get_lan_ip}) end for lib = [] for item in router_data known = false for i in lib if(item.port_info == i) then known = true end for if not known then lib.push(item) end for print("Kernel_router.so") myDB.printTableBy("kernel_router.so","version",router_data[0].port_info,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) lib.pull for item in lib data = item.port_info.split(" ") if(data[0] == "criminals") then data[0] = "sql" if(data[0] == "employees") then data[0] = "sql" if(data[0] == "employees") then data[0] = "sql" if(data[0] == "bank_account") then data[0] = "sql" if(data[0] == "students") then data[0] = "sql" print("lib" + data[0] + ".so") myDB.printTableBy("lib" + data[0] + ".so","version",data[1],{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) end for end function