ver="0.0.1" mxf="/lib/metaxploit.so" if not get_shell.host_computer.File(mxf) then mxf=current_path+"/metaxploit.so" if not get_shell.host_computer.File(mxf) then exit("Metaxploit.so not found in /lib or current path") mx=include_lib(mxf) cpf="/lib/crypto.so" if not get_shell.host_computer.File(cpf) then cpf=current_path+"/crypto.so" if not get_shell.host_computer.File(cpf) then exit("Crypto.so not found in /lib or current path") cp=include_lib(cpf) apt=include_lib("/lib/aptclient.so") msc=program_path //if apt then // sources=get_shell.host_computer.File("/etc/apt/sources.txt") // if sources and sources.has_permission("r") then // inSource=0 // minSource=0 // sources=sources.get_content.split("\n") // for source in sources // source=source.split(":") // if source[0] == " ""15.15.15.15""" then inSource=1 // if source[0] == " ""72.248.196.250""" then inSource=1 // end for // if not inSource then // apt.add_repo("15.15.15.15",1542) // apt.update // end if // //if not minSource then // //apt.add_repo("72.248.196.250",1542) // //apt.update // //end if // //out=apt.check_upgrade(msc) // outm=apt.check_upgrade(mxf) // //if out then // //print("Updating Metasploit\n") // //apt.install("msfc",parent_path(msc)) // //end if // if outm then // print("Updating Metaxploit.so\n") // apt.install("metaxploit.so",parent_path(mxf)) // end if // end if //end if logos=get_shell.host_computer.File(current_path+"/logos.src") if not logos then get_shell.host_computer.touch(current_path,"logos.src") logos=get_shell.host_computer.File(current_path+"/logos.src") end if logos=logos.get_content.split("//logo/") logos.remove("") newlogos=[] for logo in logos logo=logo.split("\n") logo.pull if logo[-1] == "" then logo.pop logo=logo.join("\n") newlogos.push(logo) end for logos=newlogos num=floor(rnd()*logos.len) print(logos[num]) shiftChars=function(pass,shift,list) enc="" for chr in pass newChar=shift[list.indexOf(chr)] enc=enc+newChar end for return enc end function encrypt = function(pass,type) allowedChars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/_.@=!#$%^&*()-+\|?<>" shiftedChars="W/d.YMF6Ua+bP2DZ^ch>&SkB#m1ITwynO\=HN*pjvQfu5A8CRx4L%G|Ji<()r0q7t@goXE_$sl?ezK!V93-" shiftedCharsZERO="dk>I&T(s9RU4^-)h=a\g#LYQbXzlnV5<*AMu.KBvo2e6C_DJ3x0cHwpt%$SPiyZE!WN|OrGf+?7mq8@j/1F" shiftedCharsONE="^y76twkU.mca!q*QPL+/|eJ3zOX9(p4Vvh)80R=BK-1HZWl52MYu@\_sg%#rdEiTG?AojF&fbNCxS" shiftedCharsTWO="*ly8e7DqW(mL\4<1F%MiS296TNwEZoI_p=rbVtc0?Pkh/K#&BXua@|-$fHG3.QCJOYjz!+>RxA5^sgnUvd)" shiftedCharsTHREE="HxR>EQqKt/WCrBl_TikyDAY6g9wen1sMG)|OPSa8z-F+.p0^37V&L2d(*joUc<@Z!f54?INmuXvJ$b%h\=#" shiftedCharsFOUR="42gUiwe%IJT>CFVlLkm8G-W0b1pBD^AoxPcz5d\|YsjE/3Nt$)_HyhnR&+<=a(QS.Mq9#*?@Z76v!rKXufO" passLen=pass.len if type == "enc" then if passLen < 5 then pass=pass+"/30291949172649172647158" shifted=shiftChars(pass,shiftedCharsZERO,allowedChars)+"0" end if if passLen > 5 or passLen == 5 then pass=pass+"/14018738716961863141344" shifted=shiftChars(pass,shiftedCharsONE,allowedChars)+"1" end if if passLen == 10 then pass=pass+"/10210849175165987169487" shifted=shiftChars(pass,shiftedCharsTWO,allowedChars)+"2" end if if passLen > 10 then pass=pass+"/02910841705671976198764" shifted=shiftChars(pass,shiftedCharsTHREE,allowedChars)+"3" end if if passLen == 15 or passLen > 15 then pass=pass+"/08173479165691740176565" shifted=shiftChars(pass,shiftedCharsFOUR,allowedChars)+"4" end if shift=shiftChars(shifted,shiftedChars,allowedChars) return shift else if type == "dec" then dec=shiftChars(pass,allowedChars,shiftedChars) if dec[-1] == "0" then dec=shiftChars(dec[:-1],allowedChars,shiftedCharsZERO).split("/")[0] else if dec[-1] == "1" then dec=shiftChars(dec[:-1],allowedChars,shiftedCharsONE).split("/")[0] else if dec[-1] == "2" then dec=shiftChars(dec[:-1],allowedChars,shiftedCharsTWO).split("/")[0] else if dec[-1] == "3" then dec=shiftChars(dec[:-1],allowedChars,shiftedCharsTHREE).split("/")[0] else if dec[-1] == "4" then dec=shiftChars(dec[:-1],allowedChars,shiftedCharsFOUR).split("/")[0] end if return dec end if end function decrypt = function(hash) GetPassword = function(userPass) password=cp.decipher(userPass) return(password) end function origFile = hash if origFile.len < 32 then exit lines=[origFile] for line in lines userPass=line.split(":") if userPass.len == 2 then user=userPass[0] userPass=userPass[1] password=GetPassword(userPass) if not password then print("password for "+user+" not found") if password then password=user+":"+password return password end if else userPass=userPass[0] password=GetPassword(userPass) if not password then print ("could not decipher "+userPass) if password then return password end if end for end function defaultScan=function(ml,num,results) scan=mx.scan(ml) for mem in scan mems=mx.scan_address(ml,mem).split("Unsafe check: ") for ent in mems if ent == mems[0] then continue exp=ent[ent.indexOf("")+3:ent.indexOf("")] print(mem+" "+exp) if not args then result=ml.overflow(mem,exp) else result=ml.overflow(mem,exp,args) if typeof(result) == "shell" or typeof(result) == "computer" then obj=typeof(result) print(obj) if obj=="shell" then rcomp=result.host_computer else rcomp=result rfile=rcomp.File("/root") ruser="guest" if rfile and rfile.has_permission("w") then ruser="root" else rfile=rcomp.File("/home") if rfile then for user in rfile.get_folders if user.name == "guest" then continue if user.has_permission("w") then ruser=user.name end for end if end if explan=rcomp.local_ip exploit={} exploit.num=num exploit.obj=obj exploit.user=ruser exploit.mem=mem exploit.lan=explan if args then exploit.args=args exploit.lib=lib results.push(exploit) globals.num=num+1 else if typeof(result) == "file" then if not result.has_permission("w") then continue exploit={} exploit.num=num exploit.obj=typeof(result) exploit.user=result.name exploit.mem=mem exploit.exp=exp exploit.lan="unknown" if args then exploit.args=args exploit.lib=lib results.push(exploit) globals.num=num+1 end if end for end for return results end function exploits=get_shell.host_computer.File(current_path+"/msf.db") if not exploits then print("It looks like you don't have a supported Metasploit exploit database.") print("Would you like to connect to the server and download the latest database?") opt=user_input("[Y/N]~$ ").lower if opt == "y" then server=get_shell.connect_service("72.248.196.250",22,"root","CAR9LtzG2bcy6GN") if typeof(server) != "shell" then print("Connection failed.") else print("Downloading database. . .\n") server.scp("/root/msf.db",current_path,get_shell) print("Downloaded!") end if else print("Creating empty database file. . .") get_shell.host_computer.touch(current_path,"msf.db") end if end if exploitsf=get_shell.host_computer.File(current_path+"/msf.db") nums=exploitsf.get_content.split("\n").len-1 //num=0 exploitsenc=exploitsf.get_content.split("\n") // /[lib]/[ver]/[memory]/[vuln]/[type] exploits=[] for exp in exploitsenc if exp == "" then continue exp=exp.split("/") exploit={} exp.pull exploit.lib=exp[0] exploit.ver=exp[1] exploit.mem=exp[2] exploit.exp=exp[3] exploit.obj=exp[4] //exploit.num=num exploits.push(exploit) //num=num+1 end for print("-=||||||||||||||||||||||||||||||||=-") print("-=[ metasploit v"+ver+" ]=-") print("-=[ "+nums+" exploits found ]=-") print("-=[ by clover ]=-") print("-=||||||||||||||||||||||||||||||||=-") print("-=[ Type ""help"" for a list of commands ]=-") currentShell=get_shell currentUser=active_user currentPath=current_path currExploitS="No exploit" currExploit=null origShell=1 while 1 shellType=typeof(currentShell) if shellType == "shell" then comp=currentShell.host_computer sstat="Shell" cmdlist="- = Metasploit = - help - Print this list banner - Print a random logo exploits - List available exploits use [exploit] - Set an exploit as active scan [address/local lib] (port) - Scan an address or local library - = Defaults = - exit - Exit shell or MS clr - Clear screen" else if shellType == "computer" then comp=currentShell sstat="Computer" cmdlist="- = Metasploit = - help - Print this list banner - Print a random logo exploits - List available exploits use [exploit] - Set an exploit as active - = Defaults = - exit - Exit shell or MS clr - Clear screen" end if pubIp=comp.public_ip locIp=comp.local_ip print("\nMetasploit - ("+sstat+") - ("+currentUser+") - ["+currentPath+"]") TERM=user_input("{"+currExploitS+"}~$") SPLIT=TERM.split(" ") term=TERM.lower split=SPLIT[0].lower if term == "exit" then if not origShell then currentShell=get_shell currentUser=active_user currentPath=current_path else exit("-={Leaving Metasploit}=-") end if end if if term == "help" then print(cmdlist) if term == "clr" then clear_screen if term == "banner" then print(logos[floor(rnd()*logos.len)]) if term == "exploits" then print("- = Exploits = -") for ex in exploits if ex.obj == "shell" then color="white" else if ex.obj == "computer" then color="yellow" else color="grey" end if print("/"+ex.lib+"/"+ex.ver+"/"+ex.mem+"/"+ex.exp+"/"+ex.obj+"") end for else if split == "use" then if SPLIT.len > 2 then print("Invalid command usage") continue end if sel=SPLIT[1].split("/") sel.pull selLib=sel[0] selVer=sel[1] selMem=sel[2] selExp=sel[3] selObj=sel[4] for ex in exploits if ex.lib == selLib and ex.ver == selVer and ex.mem == selMem and ex.exp == selExp then currExploit=exploits[exploits.indexOf(ex)] currExploitS=SPLIT[1] break end if end for else if split == "scan" then if SPLIT.len == 1 then print("- = Local libraries = -") for file in comp.File("/lib/").get_files print(file.name) end for continue end if localScan=1 if SPLIT.hasIndex(2) then localScan=0 if localScan then if not origShell then print("Cannot scan local libs on a connected system") continue end if lib=SPLIT[1] if not comp.File("/lib/"+lib) then print("Lib does not exist") print("Run scan with no parameters to list all libs") continue end if ml=mx.load("/lib/"+lib) else ip=SPLIT[2] port=SPLIT[3].to_int if not is_valid_ip(ip) or not get_router(ip) then print("Invalid IP") continue end if if typeof(port) != "number" then print("Invalid port") continue end if ns=mx.net_use(ip,port) ml=ns.dump_lib end if name=ml.lib_name ver=ml.version num=0 inDB=0 for ex in exploits if ex.lib == name and ex.ver == ver then inDB=1 break end if end for if inDB then print("Exploits already in database!") print("If you are certain you wish to continue, we can clear the database of exploits for this lib and resume scanning") confirm=user_input("[Y/N]~$").lower if confirm == "y" then for ex in exploits if ex.lib == name and ex.ver == ver then exploits.remove(exploits.indexOf(ex)) end for else continue end if end if scan=mx.scan(ml) for mem in scan mems=mx.scan_address(ml,mem).split("Unsafe check: ") for ent in mems if ent == mems[0] then continue exp=ent[ent.indexOf("")+3:ent.indexOf("")] print(mem+" "+exp) result=ml.overflow(mem,exp) if typeof(result) != "null" then obj=typeof(result) if obj == "number" and name != "kernel_router.so" then obj="passwd" else if obj == "number" and name == "kernel_router.so" then obj="firewall" end if exploit={} exploit.obj=obj exploit.mem=mem exploit.exp=exp exploit.lib=lib exploit.ver=ver exploits.push(exploit) num=num+1 end if end for end for exploitsf.set_content("") for ex in exploits exploitsf.set_content(exploitsf.get_content+"/"+ex.lib+"/"+ex.ver+"/"+ex.mem+"/"+ex.exp+"/"+ex.obj+char(10)) end for end if end while