Last active
December 31, 2023 04:50
-
-
Save tjmonsi/62c1a339119bcb9896fb29b8a2656f6b to your computer and use it in GitHub Desktop.
Greyhack metaxploit scan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tjx_metaxploit_scan = function (ip, port) | |
| content = [] | |
| printText = function (text) | |
| print(text) | |
| content = content.push(text) | |
| end function | |
| metaxploit = include_lib("/lib/metaxploit.so") | |
| if not metaxploit then exit("<color=#ff0000>Error: Unable to find 'metaxploit.so'. Put missing library in the 'lib' folder.</color>") | |
| net_session = null | |
| router = get_router(ip) | |
| if router then | |
| usedPorts = router.used_ports | |
| firewall = router.firewall_rules | |
| if port then | |
| printText("Scan report: " + ip + ":" + port) | |
| else | |
| printText("Scan report: " + ip) | |
| end if | |
| printText("") | |
| printText("==============") | |
| printText("version of kernel_router.so: " + router.kernel_version) | |
| if firewall.len > 0 then | |
| printText("==============") | |
| printText("firewall rules") | |
| for firewall_string in firewall | |
| printText("rule: " + firewall_string) | |
| end for | |
| end if | |
| printText("==============") | |
| end if | |
| if port then | |
| net_session = metaxploit.net_use(ip, port) | |
| port_object = router.ping_port(port) | |
| printText("Port library info") | |
| if port_object then | |
| printText(router.port_info(port_object)) | |
| end if | |
| printText("==============") | |
| else | |
| net_session = metaxploit.net_use(ip) | |
| end if | |
| if not net_session then return printText("No session connected for: " + ip + ":" + port) | |
| printText("=============") | |
| printText("Number of connected devices: " + net_session.get_num_conn_gateway) | |
| printText("Number of port forwarded: " + net_session.get_num_portforward) | |
| printText("Number of users: " + net_session.get_num_users) | |
| printText("Are there active users: " + net_session.is_any_active_user) | |
| printText("Are there active root: " + net_session.is_root_active_user) | |
| printText("=============") | |
| lib = net_session.dump_lib | |
| printText("starting scanning on " + ip + ":" + port) | |
| memory = metaxploit.scan(lib) | |
| memIndex = 0 | |
| for mem in memory | |
| memIndex = memIndex + 1 | |
| if port then | |
| printText("<color=#ff0000><b>" + memIndex + ": Exploit on " + ip + ":" + port + " - " + mem + "</b></color>") | |
| else | |
| printText("<color=#ff0000><b>" + memIndex + ": Exploit on " + ip + " - " + mem + "</b></color>") | |
| end if | |
| outputmem = metaxploit.scan_address(lib, mem) | |
| segments = outputmem.split("Unsafe check: ") | |
| segmentIndex = 0 | |
| for segment in segments | |
| labelStart = segment.indexOf("<b>") | |
| labelEnd = segment.indexOf("</b>") | |
| exploit = segment[labelStart + 3: labelEnd] | |
| if exploit and exploit != segment then | |
| segmentIndex = segmentIndex + 1 | |
| printText("=================================") | |
| printText("<b><color=#FFFF00>" + memIndex + "." + segmentIndex + ": found " + exploit + " </color></b>") | |
| printText("<color=#00ffff>Copy line: " + "<b>" + ip + " " + port + " " + mem + " " + exploit + "</b></color>") | |
| printText("=================================") | |
| printText(segment) | |
| printText("=================================") | |
| // SAFETY | |
| if not net_session.is_root_active_user then | |
| result = lib.overflow(mem, exploit) | |
| type = typeof(result) | |
| if result != null then | |
| if type == "shell" then | |
| printText("<color=#ff0000>" + type + "</color>") | |
| printText("<color=#ff0000>Target this using root and remove log</color>") | |
| else if type == "file" then | |
| printText("<color=#00ff00>" + type + "</color>") | |
| text = tjx_get_etc_passwd(result) | |
| items = tjx_print_decipher(text) | |
| for item in items | |
| printText(item) | |
| end for | |
| else if type == "computer" then | |
| printText("<color=#0000ff>" + type + "</color>") | |
| text = tjx_get_etc_passwd(result.File("/")) | |
| items = tjx_print_decipher(text) | |
| items = tjx_print_decipher(text) | |
| for item in items | |
| printText(item) | |
| end for | |
| else | |
| printText("<color=#ffffff>" + type + "</color>") | |
| printText(result) | |
| end if | |
| end if | |
| end if | |
| printText("") | |
| end if | |
| end for | |
| end for | |
| print("") | |
| filename = ip | |
| if port then | |
| filename = filename + "." + port + ".txt" | |
| else | |
| filename = filename + ".txt" | |
| end if | |
| pathname = home_dir + "/" + filename | |
| result = get_shell.host_computer.touch(home_dir, filename) | |
| if result != 1 then print(result) | |
| result = get_shell.host_computer.File(pathname).set_content(content.join(char(10))) | |
| print(result) | |
| end function |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment