API tools faq
paste
CRYPT70

bitsploit

CRYPT70
Jul 2nd, 2019
240
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 6.49 KB | None | 0 0
raw download clone embed print report
  1. print("<b>Bitsploit</b> v2.0.2 by Bitwise team")
  2. print("Top secret. <b>Only for Bitwise team.</b>")
  3.  
  4. print("On current system must be <b>metaxploit.so</b>, <b>crypto.so</b>, and <b>decipher</b> programme (optional <b>nmap</b>)")
  5.  
  6. host = get_shell().host_computer
  7. currentPath = host.current_path
  8. Metaxploit = include_lib("/lib/metaxploit.so")
  9. if not Metaxploit then
  10.     Metaxploit = include_lib(currentPath + "/metaxploit.so")
  11. end if
  12. Crypto = include_lib("/lib/crypto.so")
  13. if not Crypto then
  14.     Crypto = include_lib(currentPath + "/crypto.so")
  15. end if
  16.  
  17. if params.len < 1 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: bitsploit [victim's ip/domain] (victim's port)</b>")
  18.  
  19. if is_valid_ip(params[0]) == false then
  20.     params[0] = nslookup(params[0])
  21.     if is_valid_ip(params[0]) == false then exit("<b>Invalid ip address!</b>")
  22. end if
  23.  
  24. lanIP = ""
  25. if is_lan_ip(params[0]) == false then
  26.     if host.File("/bin/nmap") != null then
  27.         get_shell().launch("/bin/nmap", params[0])
  28.     else if host.File(currentPath + "/nmap") != null then
  29.         get_shell().launch(currentPath + "/nmap", params[0])
  30.     end if
  31.     lanIP = user_input("Please, type victim's LAN IP (optional): ")
  32. else
  33.     lanIP = params[0]
  34. end if
  35.  
  36. killer = null
  37. passwd = ""
  38.  
  39. while killer == null
  40.     ans = user_input("Do you want to turn on agressive mode? y/n: ").lower()
  41.    
  42.     if ans == "y" or ans == "yes" then
  43.         killer = true
  44.         print("Program will be trying to open shell on non ssh (22) ports and change users's passwords")
  45.        
  46.         passwd = user_input("Type a new password if you want to use nuke exploiting: ")
  47.     else if ans == "n" or ans == "no" then
  48.         killer = false
  49.         print("Program will be trying to exploit only ssh (22) port if no port is specifyed")
  50.     end if
  51. end while
  52.  
  53. libs = []
  54.  
  55. if params.len > 1 then
  56.     libs = Metaxploit.net_use(params[0], params[1].to_int).dump_libs()
  57.     if typeof(libs) != "list" then
  58.         libs = [libs]
  59.     end if
  60. else if killer == false then
  61.     params.push("22")
  62.     libs = Metaxploit.net_use(params[0], params[1].to_int).dump_libs()
  63.     if typeof(libs) != "list" then
  64.         libs = [libs]
  65.     end if
  66. else
  67.     if is_lan_ip(params[0]) then exit("<b>Please, specify port for lan ip's</b>")
  68.    
  69.     libs = Metaxploit.net_use(params[0]).dump_libs()
  70.     if typeof(libs) != "list" then
  71.         libs = [libs]
  72.     end if
  73.    
  74.     ports = get_router(params[0]).used_ports
  75.     if typeof(ports) != "list" then
  76.         ports = [ports]
  77.     end if
  78.    
  79.     for port in ports
  80.         netconn = Metaxploit.net_use(params[0], port.port_number)
  81.         if netconn == null then continue
  82.        
  83.         sublibs = netconn.dump_libs()
  84.         if typeof(sublibs) != "list" then
  85.             sublibs = [sublibs]
  86.         end if
  87.        
  88.         for sublib in sublibs
  89.             libs.push(sublib)
  90.         end for
  91.     end for
  92. end if
  93.  
  94. print("Vzlom zhopi...")
  95.  
  96. shells = []
  97. files = []
  98. comps = []
  99.  
  100. rootpasses = []
  101.  
  102. decpass = function(data)
  103.     print("Doing a try to decipher a password")
  104.    
  105.     index = data.indexOf("root:")
  106.     rootpasses.push(Crypto.decipher("root", data[index+5:index+5+32]))
  107. end function
  108.  
  109. gotpass = false
  110.  
  111. for lib in libs
  112.     addrs = Metaxploit.scan(lib)
  113.    
  114.     for addr in addrs
  115.         info = Metaxploit.scan_address(lib, addr)
  116.        
  117.         info = info.remove("decompiling source...").remove("searching unsecure values...")
  118.         info = info[2:]
  119.         while info.indexOf("Unsafe check: ") != null or info.indexOf("<b>") != null or info.indexOf("</b>") != null
  120.             info = info.remove("Unsafe check: ").remove("<b>").remove("</b>")
  121.         end while
  122.         while info.indexOf("loop in array ") != null
  123.             info = info.replace("loop in array ", "<tag>")
  124.         end while
  125.         while info.indexOf("string copy in ") != null
  126.             info = info.replace("string copy in ", "<tag>")
  127.         end while
  128.        
  129.         result = null
  130.         while info.indexOf("<tag>") != null
  131.             a = info.indexOf("<tag>") + 5
  132.            
  133.             info = info.remove(info[:a])
  134.            
  135.             str = info[:info.indexOf(".")]
  136.             print("Eploiting "+lib.lib_name+" "+lib.version+" "+addr+" "+str+"...")
  137.  
  138.             result = null
  139.             if lib.lib_name == "kernel_router.so" then
  140.                 result = lib.overflow(addr, str, lanIP)
  141.             else if passwd != "" then
  142.                 result = lib.overflow(addr, str, passwd)
  143.             else
  144.                 result = lib.overflow(addr, str)
  145.             end if
  146.            
  147.             if result != null then
  148.                 type = typeof(result)
  149.                
  150.                 print("----- Got result: "+result+" -----")
  151.                
  152.                 if type == "shell" then
  153.                     print("Found shell!")
  154.                     shells.push(result)
  155.                    
  156.                     if gotpass == false then
  157.                         file = result.host_computer.File("/etc/passwd")
  158.                         if file != null then
  159.                             data = file.content
  160.                             if data != null then
  161.                                 decpass(data)
  162.                                 gotpass = true
  163.                             end if
  164.                         end if
  165.                     end if
  166.                 else if gotpass == true then
  167.                     //nothing
  168.                 else if type == "file" then
  169.                     print("Found files! Name: "+result.name+"...")
  170.                     files.push(result)
  171.                    
  172.                     data = null
  173.                    
  174.                     if result.is_folder == true then
  175.                         if result.name == "etc" then
  176.                             files = result.get_files
  177.                             for file in files
  178.                                 if file.name == "passwd" then
  179.                                     data = file.content
  180.                                     break
  181.                                 end if
  182.                             end for
  183.                         end if
  184.                     else if result.name == "passwd" then
  185.                         data = result.content
  186.                     end if
  187.                    
  188.                     if data != null then
  189.                         decpass(data)
  190.                         gotpass = true
  191.                     end if
  192.                 else if type == "computer" then
  193.                     print("Got computer access!")
  194.                     comps.push(result)
  195.                    
  196.                     file = result.File("/etc/passwd")
  197.                     if file != null then
  198.                         data = file.content
  199.                         if data != null then
  200.                             decpass(data)
  201.                             gotpass = true
  202.                         end if
  203.                     end if
  204.                 else if type == "number" then
  205.                     if result == 1 then
  206.                         print("Try to login to above account with the password <b>"+passwd+"</b>. Remeber this password.")
  207.                         user_input("Press <b>enter</b> to continue...")
  208.                     end if
  209.                 end if
  210.             end if
  211.         end while
  212.     end for
  213. end for
  214.  
  215. print("----- Exploiting ended -----")
  216. if rootpasses.len != 0 then
  217.     print("Found some root passwords:")
  218.     for rootpass in rootpasses
  219.         print(" "+rootpass)
  220.     end for
  221.     print("")
  222.     print("Type <b>sudo -s</b> when you connect to shell and enter one of them.")
  223.     print("")
  224. end if
  225. print("Found "+shells.len+" shells")
  226.  
  227. i = 0
  228. for shell in shells
  229.     i = i + 1
  230.     print("--- Shell ["+i+"] ---")
  231.    
  232.     comp = shell.host_computer
  233.    
  234.     print("Lan ip: "+comp.lan_ip)
  235.     portsRaw = comp.get_ports
  236.     ports = []
  237.     for port in portsRaw
  238.         ports.push(port.port_number)
  239.     end for
  240.     print("Ports: "+ports.join(", "))
  241.     print("Processes:")
  242.     print(comp.show_procs)
  243. end for
  244.  
  245. if shells.len != 0 then
  246.     id = user_input("Please, type a shell number:")
  247.    
  248.     shells[id.to_int - 1].start_terminal()
  249. end if
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!