grey-hack-exploit-builder/ebtemplate.src at main · Tech0ne/grey-hack-exploit-builder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
xplt = include_lib("/lib/metaxploit.so")
if not xplt then
    xplt = include_lib(current_path + "/metaxploit.so")
end if
if not xplt then exit("Could not find metaxploit.so in /lib/metaxploit.so or " + current_path + "/metaxploit.so !")

crypto = include_lib("/lib/crypto.so")
if not crypto then
    crypto = include_lib(current_path + "/crypto.so")
end if
if not crypto then print("crypto.so library not found. Won't be able to crack passwords in case of File Disclosure")

metaLib = null

if params.len == 1 and params[0] == "-h" then
    exit("Usage: [lib path] | [IP] [PORT]")
else if params.len != 2 then
    metaLib = xplt.load("LIBPATH")
else
    ip = params[0]
    port = params[1].to_int
    net_session = xplt.net_use(ip, port)
    if not net_session then exit("Could not port net session with " + ip + " on port " + port)
    metaLib = net_session.dump_lib
end if

if not metaLib then exit("Failed to load lib !")

address = "ADDRESS"
value = "VALUE"

result = metaLib.overflow(address, value)
if not result then
    print("== Default overflow failed. Trying to overwrite password to ""<color=#0000ff>password</color>"" ==")
    result = metaLib.overflow(address, value, "password")
    if typeof(result) == "number" then
        if result then
            exit("== Successfully changed password to ""<color=#0000ff>password</color>"" ==")
        else
            exit("== Password reset failed ==")
        end if
    else
        print("== Password reset failed. Please add an IP as parameter (router based exploits)")
        result = metaLib.overflow(address, value, user_input("IP> "))
    end if
end if
if not result then exit("== Exploit failed")
if typeof(result) == "shell" then
    print("== Retreived a shell ==")
    result.start_terminal
else if typeof(result) == "computer" then
    print("== Retreived a computer ==")
    if result.is_network_active then
        print("<color=#00ff00>Network active</color>")
    else
        print("<color=#ff0000>Network inactive</color>")
    end if
    print("Public IP       : " + result.public_ip)
    print("Private IP      : " + result.local_ip)
    print("Hostname        : " + result.get_name)
    print("Active net card : " + result.active_net_card)
    print("Open ports      :")
    for port in result.get_ports.split(" ")
        print("- " + port)
    end for
    print("Network devices :")
    for device in result.network_devices.split(" ")
        print("- " + device)
    end for
    print("WiFi networks   :")
    for wifi in result.wifi_networks.split(" ")
        print("- " + wifi)
    end for
    print("Processes       :")
    for process in result.show_procs.split(" ")
        print("- " + process)
    end for
else if typeof(result == "file") then
    try_decipher = function(line)
        splited_line = line.split(":")
        if splited_line.len != 2 then return
        if not crypto then
            print("Could not decipher: crypto.so not found")
            return false
        end if
        print("Cracking user " + splited_line[0] + "...")
        password = crypto.decipher(splited_line[1])
        if not password then
            print("-- Invalid password syntax")
            return false
        end if
        print(splited_line[0] + " - " + password)
        return true
    end function

    print("== Retreived a file ==")
    print("Name        : " + result.name)
    print("Path        : " + result.path)
    print("Size        : " + result.size)
    print("Owner       : " + result.owner)
    print("Group       : " + result.group)
    print("Permissions : " + result.permissions)
    if result.is_binary and not result.is_folder then
        exit("Is binary   : " + result.is_binary)
    end if
    if not result.is_folder then
        for line in result.get_content.split("\n")
            if not try_decipher(line) then break
        end for
        exit("Is symlink  : " + result.is_symlink)
    end if
    print("Files       :")
    for file in result.get_files
        print("- " + file.path)
    end for
    print("Folders     :")
    for folder in result.get_folders
        print("- " + folder.path)
    end for
end if