Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //hk haxk tool V2.0
- //inits
- if params.len < 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: hk [ip_address] [port]</b>")
- metaxploit = include_lib("/lib/metaxploit.so")
- if not metaxploit then
- currentPath = get_shell.host_computer.current_path
- metaxploit = include_lib(currentPath + "/metaxploit.so")
- end if
- address = params[0]
- port = params[1].to_int
- flag=""
- if params.len>2 then
- flag = params[2]
- end if
- net_session = metaxploit.net_use( address, port )
- if not net_session then exit("Error: can't connect to net session")
- metalib = net_session.dump_lib
- // Functions
- AccessPasswdFile = function(result)
- files = result.get_files
- for file in files
- if file.name == "passwd" then
- if file.has_permission("r") then
- print(file.content)
- end if
- end if
- end for
- end function
- AccessMailFile = function(homeFolder)
- // print("Accesing to Mail.txt files...\nSearching users...")
- folders = homeFolder.get_folders
- for user in folders
- //print("User: " + user.name +" found...")
- subFolders = user.get_folders
- for subFolder in subFolders
- if subFolder.name == "Config" then
- files = subFolder.get_files
- for file in files
- if file.name == "Mail.txt" then
- if file.has_permission("r") then // print("failed. Can't access to file contents. Permission denied")
- print(file.content)
- end if
- end if
- end for
- end if
- end for
- end for
- end function
- //
- // VULNERABILITIES
- //
- if port == 22 then // SSH VULNERABILITIES
- flaws= ["2","0x2CF12DCB","scan:1234","daternalco"]
- flaws=flaws+["2","0xE85F515","izedeltaddp","_lengthoffset"]
- flaws=flaws+["4","0x36266FE","_lengt","selazymatorscro","foredpo:1234","opplayt"]
- // place belows flaws that may open a shell preventing other exploits to run and discover possible usefull informations
- flaws=flaws+["1","0xE85F515","rhsbuild"]
- else if port == 21 then // FTP VULNERABILITIES
- flaws= ["3","0x68102CC5","izewi","tresizelazymatchstat:1234","titleob_len."]
- flaws=flaws+["4","0x1846609B","extef","olon","minue","bitscolorscheme:1234"]
- flaws=flaws+["3","0x5AD401FA","th:1234","donenumer","animaticontextsireon"]
- flaws=flaws+["4","0x77807E90","distroybuttonbuttonis","kgroundowmatictreedit","tonobjectsetr","revn"]
- flaws=flaws+["2","0x7B8987DA","remodb","codec:1234"]
- // place belows flaws that may open a shell preventing other exploits to run and discover possible usefull informations
- else if port == 80 then // HTTP VULNERABILITIES
- flaws= ["3","0x1D1AF38","coded","insertedis","hrow"]
- flaws=flaws+["3","0x7D8B4EE6","tlengthsd:1234","revst","doubline++:1234"]
- flaws=flaws+["3","0x661CB8AD","publet","reeletrue:1234","inesizedeltext"]
- flaws=flaws+["3","0x68307700","sountextobject","thisics","leventdatei"]
- flaws=flaws+["3","0x52FBDD3A","signa:1234","status","viewportmsbin_ltreelengt:1234"]
- flaws=flaws+["5","0x33599CC8","mask","putshowanimatio","color_butto","set++:1234","bread"]
- flaws=flaws+["5","0x96C44BA","plush_","decommax_colo","ding_lengthofa","end1","tivefalse"]
- // place belows flaws that may open a shell preventing other exploits to run and discover possible usefull informations
- flaws=flaws+["1","0x7EAF046F","noveattimeani"]
- else if port == 25 then // SMTP VULNERABILITIES
- flaws= ["2","0x7FA74EEA","curschecktyp","nittestenersaddressore:1234"]
- flaws=flaws+["2","0x6CFAD570","dent","lazymatorru"]
- flaws=flaws+["1","0x1294CF2A","scan_end_bitsstartcontinu"]
- flaws=flaws+["1","0x18A9482","sertlinelinestrul"]
- flaws=flaws+["1","0x217313B4","ositializex"]
- flaws=flaws+["1","0x10DE6C12","meractabled"]
- flaws=flaws+["1","0x43F2126E","flush_:1234"]
- // place belows flaws that may open a shell preventing other exploits to run and discover possible usefull informations
- else //SQL VULNERABILITY port info later
- flaws= ["2","0x6DAA52E2","oken","pend_comp"]
- flaws=flaws+["4","0x72B08A97","kipwhile","ecttransf","art++","endingsupdatapower"]
- flaws=flaws+["2","0x74AE711B","charactivetru","uffect"]
- flaws=flaws+["5","0x27442409","aluesremo","checked","insicsinittextransforeq","qualedi","guide"]
- // place belows flaws that may open a shell preventing other exploits to run and discover possible usefull informations
- end if
- //
- // MAIN VULNERABILITY LOOP
- //
- print("###################### NEW ATTACK ##########################")
- nb=0
- for flaw in flaws
- // print ("DEBUG inloop")
- result=null
- if nb==0 then
- max=flaw.to_int + 1
- else if nb==1 then
- memory=flaw
- else if nb<= max then // try VULNERABILITIES
- print("-------------------------------------------------------")
- spt=flaw.split(":")
- if spt.len == 1 then
- key=spt[0]
- print(memory+":"+key)
- result = metalib.overflow(memory,key)
- else
- key=spt[0]
- add=spt[1]
- print(memory+":"+key+":"+add)
- result = metalib.overflow(memory,key,add)
- end if
- else
- end if
- //
- if not result then
- // failure
- else
- if typeof(result) == "shell" then
- print("Open Shell")
- result.start_terminal
- else if typeof(result) == "file" then
- if flag == "-v" then
- print ("file")
- end if
- if result.is_binary then // file is binary
- if flag == "-v" then
- print ("binary")
- end if
- if result.is_folder then
- if flag == "-v" then
- print ("folder")
- end if
- if result.has_permission("r") then
- if flag == "-v" then
- print ("permission r")
- end if
- if result.path == "/home" then
- AccessMailFile(result)
- else
- //print("Searching home folder...")
- while not result.path == "/"
- result = result.parent
- end while
- folders = result.get_folders
- for folder in folders
- if folder.path == "/home" then
- AccessMailFile(folder)
- end if
- end for
- end if
- if result.path == "/etc" then
- AccessPasswdFile(result)
- else
- while result.path != "/"
- result = result.parent
- end while
- folders = result.get_folders
- for folder in folders
- if folder.path == "/etc" then
- AccessPasswdFile(folder)
- end if
- end for
- end if
- end if
- end if
- else // file is not binary
- if file.has_permission("r") then
- print(file.content)
- end if
- end if
- else if typeof(result)=="computer" then
- file = result.File("/etc/passwd")
- if file then
- if file.has_permission("r") then
- if not file.is_binary then
- listUsers = file.content.split("\n")
- for line in listUsers
- print(line)
- end for
- end if
- end if
- end if
- homefolder = result.File("/home")
- if homefolder then
- userfolders = homefolder.get_folders
- found = false
- for userfolder in userfolders
- bankFile = result.File("/home/" + userfolder.name + "/Config/Bank.txt")
- if not bankFile then continue
- if bankFile.has_permission("r") then
- print(bankFile.content)
- end if
- end for
- end if
- // else if typeof(result)==
- end if
- end if
- if nb==max then
- nb=-1
- end if
- nb = nb +1
- end for
Add Comment
Please, Sign In to add comment