hack tool

1. //hk haxk tool V2.0
2. //inits
3. if params.len < 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: hk [ip_address] [port]</b>")
4. metaxploit  = include_lib("/lib/metaxploit.so")
5. if not metaxploit then
6.     currentPath = get_shell.host_computer.current_path
7.     metaxploit  = include_lib(currentPath + "/metaxploit.so")
8. end if
9. address         = params[0]
10. port            = params[1].to_int
11. flag=""
12. if params.len>2 then
13. flag            = params[2]
14. end if
15. net_session = metaxploit.net_use( address, port )
16. if not net_session then exit("Error: can't connect to net session")
17. metalib = net_session.dump_lib
18. // Functions
19. AccessPasswdFile = function(result)
20.     files = result.get_files
21.     for file in files
22.         if file.name == "passwd" then
23.             if file.has_permission("r") then
24.                 print(file.content)
25.             end if
26.         end if
27.     end for
28. end function
29.  
30. AccessMailFile = function(homeFolder)
31.     //  print("Accesing to Mail.txt files...\nSearching users...")
32.     folders = homeFolder.get_folders
33.     for user in folders
34.         //print("User: " + user.name +" found...")
35.         subFolders = user.get_folders
36.         for subFolder in subFolders
37.             if subFolder.name == "Config" then
38.                 files = subFolder.get_files
39.                 for file in files
40.                     if file.name == "Mail.txt" then
41.                         if file.has_permission("r") then // print("failed. Can't access to file contents. Permission denied")
42.                             print(file.content)
43.                         end if
44.                     end if
45.                 end for
46.             end if
47.         end for
48.     end for
49. end function
50. //
51. // VULNERABILITIES
52. //
53. if      port == 22 then // SSH VULNERABILITIES
54.     flaws=      ["2","0x2CF12DCB","scan:1234","daternalco"]
55.     flaws=flaws+["2","0xE85F515","izedeltaddp","_lengthoffset"]
56.     flaws=flaws+["4","0x36266FE","_lengt","selazymatorscro","foredpo:1234","opplayt"]
57.     // place belows flaws that may open a shell  preventing other exploits to run and discover possible usefull informations   
58.     flaws=flaws+["1","0xE85F515","rhsbuild"]
59. else if     port == 21 then // FTP VULNERABILITIES
60.     flaws=      ["3","0x68102CC5","izewi","tresizelazymatchstat:1234","titleob_len."]
61.     flaws=flaws+["4","0x1846609B","extef","olon","minue","bitscolorscheme:1234"]
62.     flaws=flaws+["3","0x5AD401FA","th:1234","donenumer","animaticontextsireon"]
63.     flaws=flaws+["4","0x77807E90","distroybuttonbuttonis","kgroundowmatictreedit","tonobjectsetr","revn"]
64.     flaws=flaws+["2","0x7B8987DA","remodb","codec:1234"]
65.     // place belows flaws that may open a shell  preventing other exploits to run and discover possible usefull informations       
66. else if     port == 80 then // HTTP VULNERABILITIES
67.     flaws=      ["3","0x1D1AF38","coded","insertedis","hrow"]
68.     flaws=flaws+["3","0x7D8B4EE6","tlengthsd:1234","revst","doubline++:1234"]
69.     flaws=flaws+["3","0x661CB8AD","publet","reeletrue:1234","inesizedeltext"]
70.     flaws=flaws+["3","0x68307700","sountextobject","thisics","leventdatei"]
71.     flaws=flaws+["3","0x52FBDD3A","signa:1234","status","viewportmsbin_ltreelengt:1234"]
72.     flaws=flaws+["5","0x33599CC8","mask","putshowanimatio","color_butto","set++:1234","bread"]
73.     flaws=flaws+["5","0x96C44BA","plush_","decommax_colo","ding_lengthofa","end1","tivefalse"]
74.     // place belows flaws that may open a shell  preventing other exploits to run and discover possible usefull informations   
75.     flaws=flaws+["1","0x7EAF046F","noveattimeani"]
76. else if port == 25 then // SMTP VULNERABILITIES
77.     flaws=      ["2","0x7FA74EEA","curschecktyp","nittestenersaddressore:1234"]
78.    flaws=flaws+["2","0x6CFAD570","dent","lazymatorru"]
79.    flaws=flaws+["1","0x1294CF2A","scan_end_bitsstartcontinu"]
80.    flaws=flaws+["1","0x18A9482","sertlinelinestrul"]
81.    flaws=flaws+["1","0x217313B4","ositializex"]
82.    flaws=flaws+["1","0x10DE6C12","meractabled"]
83.    flaws=flaws+["1","0x43F2126E","flush_:1234"]
84.     // place belows flaws that may open a shell  preventing other exploits to run and discover possible usefull informations   
85. else  //SQL VULNERABILITY port info later
86.     flaws= ["2","0x6DAA52E2","oken","pend_comp"]
87.     flaws=flaws+["4","0x72B08A97","kipwhile","ecttransf","art++","endingsupdatapower"]
88.     flaws=flaws+["2","0x74AE711B","charactivetru","uffect"]
89.     flaws=flaws+["5","0x27442409","aluesremo","checked","insicsinittextransforeq","qualedi","guide"]
90.     // place belows flaws that may open a shell  preventing other exploits to run and discover possible usefull informations   
91. end if
92. //
93. // MAIN VULNERABILITY LOOP
94. //
95. print("###################### NEW ATTACK ##########################")
96. nb=0
97. for flaw in flaws  
98. //  print ("DEBUG inloop")
99.     result=null
100.     if nb==0 then
101.         max=flaw.to_int + 1    
102.     else if nb==1 then
103.         memory=flaw
104.     else if nb<= max then // try VULNERABILITIES
105.         print("-------------------------------------------------------")       
106.         spt=flaw.split(":")
107.         if spt.len == 1 then
108.             key=spt[0]
109.             print(memory+":"+key)
110.             result = metalib.overflow(memory,key)
111.         else
112.             key=spt[0]
113.             add=spt[1]
114.             print(memory+":"+key+":"+add)
115.             result = metalib.overflow(memory,key,add)
116.         end if
117.         else
118.     end if
119.    //
120.    if not result then
121.    // failure
122.    else
123.         if typeof(result) == "shell" then
124.             print("Open Shell")
125.             result.start_terminal
126.         else if typeof(result) == "file" then
127.             if flag == "-v" then
128.               print ("file")
129.             end if
130.             if result.is_binary then // file is binary
131.             if flag == "-v" then
132.                 print ("binary")
133.                 end if
134.                 if result.is_folder then
135.                 if flag == "-v" then
136.                     print ("folder")
137.                     end if
138.                     if result.has_permission("r") then
139.                         if flag == "-v" then
140.                             print ("permission r")
141.                         end if
142.                         if result.path == "/home" then
143.                             AccessMailFile(result)
144.                         else
145.                             //print("Searching home folder...")
146.                             while not result.path == "/"
147.                                 result = result.parent
148.                             end while
149.                            
150.                             folders = result.get_folders
151.                             for folder in folders
152.                                 if folder.path == "/home" then
153.                                     AccessMailFile(folder)                                 
154.                                 end if
155.                             end for
156.                         end if                                                                                             
157.                         if result.path == "/etc" then
158.                             AccessPasswdFile(result)                       
159.                         else
160.                             while result.path != "/"
161.                                 result = result.parent
162.                             end while
163.                                 folders = result.get_folders
164.                             for folder in folders
165.                                 if folder.path == "/etc" then
166.                                     AccessPasswdFile(folder)
167.                                 end if
168.                             end for
169.                         end if
170.                     end if
171.                 end if
172.             else // file is not binary
173.                 if file.has_permission("r") then
174.                     print(file.content)
175.                 end if
176.             end if
177.         else if typeof(result)=="computer" then
178.             file = result.File("/etc/passwd")
179.             if file then
180.                 if file.has_permission("r") then
181.                     if not file.is_binary then
182.                         listUsers = file.content.split("\n")
183.                         for line in listUsers
184.                             print(line)
185.                         end for                    
186.                     end if                 
187.                 end if             
188.             end if 
189.             homefolder = result.File("/home")
190.             if homefolder then
191.                 userfolders = homefolder.get_folders
192.                 found = false
193.                 for userfolder in userfolders
194.                     bankFile = result.File("/home/" + userfolder.name + "/Config/Bank.txt")
195.                     if not bankFile then continue
196.                     if bankFile.has_permission("r") then
197.                         print(bankFile.content)
198.                     end if
199.                 end for
200.             end if
201.         //  else if typeof(result)==
202.       end if       
203.     end if
204.     if nb==max then
205.         nb=-1
206.         end if
207.     nb = nb +1
208. end for