68 lines
2.2 KiB
Plaintext
68 lines
2.2 KiB
Plaintext
// Fetch data any kernel_router.so if you have a Memory_Address and Overflow_Key with a computer object.
|
|
if params.len < 4 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [IP_Address] [Port] [Memory_Address] [Overflow_String]</b>")
|
|
|
|
target_ip = params[0]
|
|
port = params[1]
|
|
memory_Address = params[2]
|
|
overflow_String = params[3]
|
|
|
|
metaxploit = include_lib("/lib/metaxploit.so")
|
|
|
|
if not metaxploit then
|
|
metaxploit = include_lib(current_path + "/metaxploit.so")
|
|
end if
|
|
|
|
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
|
|
|
|
|
|
net_session = metaxploit.net_use(target_ip,port.to_int)
|
|
|
|
if not net_session then exit("Error: can't connect to net session")
|
|
metaLib = net_session.dump_lib
|
|
result = metaLib.overflow(memory_Address,overflow_String)
|
|
|
|
if not result then exit("Program ended")
|
|
|
|
if(typeof(result) == "shell") then result = result.host_computer
|
|
if(typeof(result) != "computer") then exit("Error: expected computer, obtained " + typeof(result))
|
|
|
|
passwd = result.File("/etc/passwd")
|
|
print("\n------PASSWD------")
|
|
if not passwd or passwd.get_content == null then
|
|
print("Passwd not found. \n")
|
|
else
|
|
users = passwd.get_content.split("\n")
|
|
for line in users
|
|
if not line then continue
|
|
content = line.split(":")
|
|
print(content[0] + "\n" + content[1] + "\n")
|
|
end for
|
|
end if
|
|
|
|
homeFolder = result.File("/home")
|
|
if not homeFolder then
|
|
print("/home folder not found.")
|
|
else
|
|
|
|
print("------MAIL------")
|
|
|
|
userFolders = homeFolder.get_folders
|
|
|
|
for userFolder in userFolders
|
|
mailFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt")
|
|
if not mailFile then continue
|
|
if not mailFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
|
|
userPass = mailFile.get_content.split(":")
|
|
print(userPass[0] + "\n" + userPass[1] + "\n")
|
|
end for
|
|
|
|
print("------BANK------")
|
|
|
|
for userFolder in userFolders
|
|
bankFile = result.File("/home/" + userFolder.name + "/Config/Bank.txt")
|
|
if not bankFile then continue
|
|
if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
|
|
userPass = bankFile.get_content.split(":")
|
|
print(userPass[0] + "\n" + userPass[1] + "\n")
|
|
end for
|
|
end if |