-
Notifications
You must be signed in to change notification settings - Fork 2
/
7attack.src
80 lines (74 loc) · 2.91 KB
/
7attack.src
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
// NAME: 7attack (try all exploids and if it works, start /bin/7ssh to get bank infos and install backdoor and cleanup)
if params.len != 2 then exit("<b>Usage: 7attack [ip-ipAddress] [port]")
metaxploit = include_lib("/lib/metaxploit.so"); if not metaxploit then exit("Error: Can't find /lib/metaxploit.so")
cryptools = include_lib("/lib/crypto.so"); if not cryptools then exit("Error: Can't find /lib/crypto.so")
ipAddress = params[0]
port = params[1].to_int
localShell = get_shell
localComputer = localShell.host_computer
PrintYellow=function(string); print("<color=yellow>" + string + "</color>"); end function
PrintWhite=function(string); print("<color=white>" + string + "</color>"); end function
PrintRed=function(string); print("<color=red>" + string + "</color>"); end function
GetPassword=function(userPass)
if userPass.len != 2 then
return null
else
password = cryptools.decipher(userPass[1])
return password
end function
CheckPasswd=function(file)
if not file then return false
if not file.has_permission("r") then return false
if file.is_binary then return false
PrintWhite("decipher root password ...")
print("")
listUsers = file.get_content.split("\n")
for line in listUsers
userPass = line.split(":")
if userPass[0] == "root" then
password = GetPassword(userPass)
if password then localShell.launch("/bin/7ssh", "root@" + password + " " + ipAddress + " " + port) // script you want to start
end if
end for
end function
FileExploid=function(result)
if result.is_folder and result.path == "/etc" then
AccessPasswdFile(result)
else
while result.path != "/"
result = result.parent
end while
folders = result.get_folders
for folder in folders
if folder.path == "/etc" then AccessPasswdFile(folder)
end for
end if
end function
AccessPasswdFile=function(result)
files = result.get_files
for file in files
if file.name == "passwd" then CheckPasswd(file)
end for
end function
PrintYellow("running: /bin/7attack " + ipAddress + " " + port)
PrintWhite("scanning libs ...\n")
net_session = metaxploit.net_use(ipAddress, port)
metaLib = net_session.dump_lib
memoryZones = metaxploit.scan(metaLib)
for memoryZone in memoryZones
unsafeChecks = metaxploit.scan_address(metaLib, memoryZone)
for unsafeCheck in unsafeChecks.split("<b>")[1:unsafeChecks.len]
bufferString = unsafeCheck.split("</b>")[0]
if (bufferString.split(".so").len != 2) or (bufferString.split(".").len != 3) then
PrintWhite("trying: memoryZone: " + memoryZone + " bufferString: " + bufferString + " ...")
result = metaLib.overflow(memoryZone, bufferString)
end if
if result and result != null then
if typeof(result) == "shell" then CheckPasswd(result.host_computer.File("/etc/passwd"))
if typeof(result) == "file" then FileExploid(result)
if typeof(result) == "computer" then CheckPasswd(result.File("/etc/passwd"))
else
return false
end if
end for
end for