【 Grey Hack 】综合工具 shellOs
2024-05-11 09:27:59
目录
- 交互界面
- 基本功能
- 本地攻击
- 攻击本机
- 远程攻击
- 应用程序
- 扫描功能
- 更新IP并扫描
- 深度扫描
- 黑入功能
- 类shell交互界面
- 一些特殊命令
- bounce
- run
- ScanPsw
- vim
- build
- 脚本源码
版本:Grey Hack v0.7.3619 - Alpha
交互界面
基本功能
使用cd命令和数字选项切换路径
本地攻击
攻击本机
利用net.so和init.so发动攻击
远程攻击
应用程序
扫描功能
更新IP并扫描
深度扫描
黑入功能
通过开放的端口/LAN IP发动攻击
类shell交互界面
选择相应的漏洞后进入类shell交互界面
根据所选漏洞种类的不同(shell, computer, file),能调用的命令也不同
一些特殊命令
bounce
用于部署shellOs环境
run
用于执行脚本
ScanPsw
vim
文本编辑器
使用:help查看帮助
build
编译src文件
脚本源码
// ******************************************************************************
// * @file main.src
// * @brief Shell Os
// * @history
// * Version Date Author Modification
// * v0.1.0 2021-09-05 rocketorbit 1. 创建项目及实现远程攻击
// * v0.1.1 2021-09-07 Royic 1. 实现面向对象的基本框架 实现伪文件夹系统
// * 2. 加入字符串加粗、设定颜色函数
// * v0.1.2 2021-09-09 Royic 1. 初步实现cd命令,修bug
// * v0.1.3 2021-09-10 Royic 1. 完善cd命令,实现相对路径cd
// * v0.1.4 2021-09-11 Royic 1. 重构nmap函数
// * 2. 补全深度扫描功能
// * v0.2.0 2021-09-12 Royic 1. 初步建立remoteShell框架
// * v0.3.0 2021-09-13 Royic 1. 初步完善以file类为基础的命令体系
// * 2. 可用的命令有cd cat cp mv rm ScanPsw exit
// * v0.4.0 2021-09-13 Royic 1. 加入computer命令体系 可用命令有mkdir, touch, ps
// * v0.4.1 2021-09-13 rocketorbit 1. 加入攻击本机功能
// * v0.5.0 2021-09-14 Royic 1. 修复scp
// * 2. 加入shell命令体系, 可用命令有build、run、bounce、ping、Terminal
// * v0.6.0 2021-09-14 Royic 1. 建立vim文字编辑器体系 可用命令有:new, :clr, :clr, :del, :del, :add, :exit/:q, :x/:wq, :change, :replace 暂时不能不保存就退出
// * v0.6.1 2021-09-18 Royic 1. 加入chmod
// * v0.6.2 2021-09-18 Royic 1. 加入应用程序、useradd、userdel
// * v0.6.3 2021-09-21 Royic 1. 修bug
// ******************************************************************************metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit thenmetaxploit = include_lib(current_path + "/metaxploit.so")if not metaxploit then exit("Error: 没有在本路径或/lib找到metaxploit.so")else metaxploitPath = current_path + "/metaxploit.so"end if
elsemetaxploitPath = "/lib/metaxploit.so"
end if
cryptools = include_lib("/lib/crypto.so")
if not cryptools thencryptools = include_lib(current_path + "/crypto.so")if not cryptools then exit("Error: 没有在本路径或/lib找到crypto.so")elsecryptoPath = current_path + "/crypto.so"end if
elsecryptoPath = "/lib/crypto.so"
end ifFolder = {}
Folder.name = ""
Folder.parentFolder = "null"
Folder.subFolder = []
Folder.program = []// ******************************************************************************
// * @brief 字符串加粗、设定颜色
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// * v0.0.2 2021-09-09 Royic 1.补floor修bug
// ******************************************************************************
Num2Hex = function(Num)if Num >= 255 then return "FF"else if Num <= 0 then return "00"end ifHexMap = {0:"0",1:"1",2:"2",3:"3",4:"4",5:"5",6:"6",7:"7",8:"8",9:"9",10:"A",11:"B",12:"C",13:"D",14:"E",15:"F"}return (HexMap[floor(Num / 16)] + HexMap[Num % 16])
end functionString = function(Str, Bold_Key, R_val, G_val, B_val)Color = Num2Hex(R_val) + Num2Hex(G_val) + Num2Hex(B_val)if Bold_Key thenBold_Start = "<b>"Bold_End = "</b>"elseBold_Start = ""Bold_End = ""end ifif Color == "00FF00" then return (Bold_Start + Str + Bold_End)elsereturn ("<color=#" + Color + ">" + Bold_Start + Str + Bold_End + "</color>")end if
end function// ******************************************************************************
// * @brief Folder类添加子文件夹
// * @note 直接push会出错,只能利用临时变量
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Folder.addFolder = function(NewFolder)tempList = []tempList.push(NewFolder)self.subFolder = self.subFolder + tempListNewFolder.parentFolder = self
end function// ******************************************************************************
// * @brief Folder类打印子文件夹名
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Folder.display = function()printStr = ""ID = 0for _ in self.subFolderprintStr = printStr + String(str(ID) + ".", 1, 255, 255, 255) + String(_.name, 1, 255, 255, 0) + " "ID = ID + 1end forif self.subFolder != [] thenprint(String("Folder(s)", 0, 255, 255, 255))print(printStr)end ifprintStr = ""for _ in self.programprintStr = printStr + String(str(ID) + ".", 1, 255, 255, 255) + String(_[0], 1, 128, 255, 255) + " "ID = ID + 1end forif self.program != [] thenprint(String("Program(s)", 0, 255, 255, 255))print(printStr)end ifreturn self.name
end function// ******************************************************************************
// * @brief 警告
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Warn = function()print(String("Warning: 此功能尚待添加!", 1, 255, 255, 0))
end function// ******************************************************************************
// * @brief 伪文件夹系统初始化
// ******************************************************************************
root = new Folder
root.name = ""localAttack = new Folder
localAttack.name = "本地攻击"
root.addFolder(localAttack)remoteAttack = new Folder
remoteAttack.name = "远程攻击"
root.addFolder(remoteAttack)Applications = new Folder
Applications.name = "应用程序"
root.addFolder(Applications)ShellOs = {}
ShellOs.version = "v0.1.0"
ShellOs.input = ""
ShellOs.MenuFloor = 1
ShellOs.currentFolder = root
ShellOs.permission = "null"
ShellOs.TargetIP = ""
ShellOs.OtherRoutersLan = []
ShellOs.KnownComputersLan = []
ShellOs.KernelRouterLib = []
ShellOs.KernelRouterExploits = []
ShellOs.KernelRouterComputerExploit = []
ShellOs.PortExploits = [["shell", []], ["computer", []], ["file", []]]
ShellOs.PortsInfo = ""// ******************************************************************************
// * @brief ShellOs部分成员初始化
// ******************************************************************************
ShellOs.init = function()self.OtherRoutersLan = []self.KnownComputersLan = []self.KernelRouterLib = []self.KernelRouterExploits = []self.KernelRouterComputerExploit = []self.PortExploits = [["shell", []], ["computer", []], ["file", []]]self.PortsInfo = ""
end function// ******************************************************************************
// * @brief 获取当前绝对路径
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
ShellOs.getPath = function()PathStr = ""thisFolder = ShellOs.currentFolderwhile thisFolder.parentFolder != "null" PathStr = thisFolder.name + "/" + PathStrthisFolder = thisFolder.parentFolderend whilereturn PathStr[:-1]
end function// ******************************************************************************
// * @brief 获取IP
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
ShellOs.getIP = function()Option = self.currentFolder.nameself.TargetIP = ""if Option == "远程攻击" thenWarnStr = ""while trueself.TargetIP = user_input(WarnStr + "请输入一个正确的IP/网址:\n")if self.TargetIP.trim.lower == "exit" then returnelse if self.TargetIP.split(".")[0] == "www" and self.TargetIP.split(".").len == 3 thenself.TargetIP = nslookup(self.TargetIP)end ifif not get_shell.ping(self.TargetIP) thenWarnStr = "输入错误! "else if typeof(get_router(self.TargetIP)) == "null" and typeof(get_switch(self.TargetIP)) == "null" thenWarnStr = "输入错误! "else if get_router(self.TargetIP).local_ip == self.TargetIP then WarnStr = ""elseWarnStr = ""end ifif WarnStr == "" then breakend whilereturnelse if Option == "本地攻击" then self.TargetIP = get_router.public_ipreturnend if
end function// ******************************************************************************
// * @brief cd命令
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-09 Royic 1.实现基本功能
// * v0.0.2 2021-09-10 Royic 1.完善功能,实现相对路径cd
// ******************************************************************************
ShellOs.cdFunc = function()if self.input == "cd" then self.currentFolder = rootreturnend ifInputPath = []for _ in self.input.split(" ")[1].split("/")if _ != "" then InputPath.push(_)end forif InputPath == [] or self.input.split(" ")[1][0] == "/" thenself.currentFolder = rootelse if self.input.split(" ")[1] == "." or self.input.split(" ")[1][:1] == "./" thenInputPath = InputPath[1:]else if InputPath[0] == ".." thenif self.currentFolder.parentFolder != "null" then self.currentFolder = self.currentFolder.parentFolderInputPath = InputPath[1:]end iffor _ in InputPathNo = 0for SubFolder in self.currentFolder.subFolderif SubFolder.name == _ then self.currentFolder = self.currentFolder.subFolder[No]breakend if No = No + 1end forend forreturn
end function// ******************************************************************************
// * @brief 显示详细信息
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// * v0.0.2 2021-09-11 Royic 1.重构
// ******************************************************************************
nmap = function()ShellOs.init()ShellOs.getIP()Target_Router = get_router(ShellOs.TargetIP)Routers_LAN = []Computers_LAN = []Devices_LAN = Target_Router.devices_lan_ipfor Device_LAN in Devices_LANRouter_Ports = []for Router_Port in Target_Router.device_ports(Device_LAN)Router_Ports.push(Router_Port.port_number)end forif Router_Ports != [] and Router_Ports[0] == 8080 thenRouters_LAN.push([])Routers_LAN[Routers_LAN.len - 1].push(Device_LAN)Routers_LAN[Routers_LAN.len - 1].push(Router_Ports)elseComputers_LAN.push(Device_LAN)ShellOs.KnownComputersLan.push(Device_LAN)end ifif Target_Router.public_ip == get_router().public_ip thenNew_Router = get_router(Device_LAN)New_Switch = get_switch(Device_LAN)if New_Switch then New_Router = New_Switchif New_Router thenprint("\n" + String("Kernel version: " + New_Router.kernel_version, 0, 255, 255, 255)) print(String(Device_LAN + ": " + Router_Ports, 1, 255, 255, 255))New_Devices_LAN = New_Router.devices_lan_ip for New_Device_LAN in New_Devices_LAN if not get_router(New_Device_LAN) and not get_switch(New_Device_LAN) thenprint(String(New_Device_LAN, 0, 255, 255, 0))end ifend forFirewall_Rules = "Action Port Source_IP Destination_IP"for _ in New_Router.firewall_rulesFirewall_Rules = Firewall_Rules + "\n" + _end forif Firewall_Rules != "Action Port Source_IP Destination_IP" then print(format_columns(Firewall_Rules))end ifend if end ifend forPorts = Target_Router.used_portsPort_Info = String("Port State Service Version LAN", 0, 255, 255, 255)Port_Info = Port_Info + "\n" + String(0 + " " + "Opened" + " " + "router" + " " + Target_Router.kernel_version + " " + Target_Router.local_ip, 0, 255, 215, 0)for Port in Portsif Port.is_closed thenPort_Status = "Closed"elsePort_Status = "Opened"end ifPort_Info = Port_Info + "\n" + String(Port.port_number + " " + Port_Status + " " + Target_Router.port_info(Port) + " " + Port.get_lan_ip, 0, 255, 215, 0)if typeof(ShellOs.KnownComputersLan.indexOf(Port.get_lan_ip)) == "null" then ShellOs.KnownComputersLan.push(Port.get_lan_ip) end forif Target_Router.public_ip != get_router().public_ip thenprint("\n" + String("Kernel version: " + Target_Router.kernel_version, 0, 255, 255, 255))if Routers_LAN != [] thenprint(String(Routers_LAN[0][0] + ": " + Routers_LAN[0][1], 1, 255, 255, 255))if Computers_LAN != [] thenRouter_LAN_Head = Routers_LAN[0][0].split(".")Router_LAN_Head = Router_LAN_Head[0] + "." + Router_LAN_Head[1] + "." + Router_LAN_Head[2]for Computer_LAN in Computers_LANComputer_LAN_Head = Computer_LAN.split(".")Computer_LAN_Head = Computer_LAN_Head[0] + "." + Computer_LAN_Head[1] + "." + Computer_LAN_Head[2]if Router_LAN_Head == Computer_LAN_Head then print(String(Computer_LAN, 1, 255, 255, 0))end forend ifFirewall_Rules = "Action Port Source_IP Destination_IP"for _ in Target_Router.firewall_rulesFirewall_Rules = Firewall_Rules + "\n" + _end forif Firewall_Rules != "Action Port Source_IP Destination_IP" then print(format_columns(Firewall_Rules))ShellOs.OtherRoutersLan = Routers_LAN[1:]for Router_LAN_List in ShellOs.OtherRoutersLanprint("\n" + String(Router_LAN_List[0] + ": " + Router_LAN_List[1], 1, 255, 255, 255))print(String("使用", 0, 255, 255, 0) + String("深度扫描", 1, 128, 255, 255) + String("有可能发现更多主机", 0, 255, 255, 0))end forend ifend ifprint("\n" + String("Port(s): ", 1, 255, 255, 255))print(format_columns(Port_Info) + "\n")Whois_List = whois(ShellOs.TargetIP).split("\n")[1:]Domain_Name = String("Domain name: ", 0, 0, 255, 0) + String(Whois_List[0].split(": ")[1], 1, 255, 255, 255) + "\n"Administrator_Name = String("Administrative contact: ", 0, 0, 255, 0) + String(Whois_List[1].split(": ")[1], 1, 255, 255, 255) + "\n"Email_Address = String("Email address: ", 0, 0, 255, 0) + String(Whois_List[2].split(": ")[1], 1, 255, 255, 255) + "\n"Phone = String(Whois_List[-1], 0, 0, 255, 0) + "\n"print(Domain_Name + Administrator_Name + Email_Address + Phone)ShellOs.PortsInfo = String("Port(s): ", 1, 255, 255, 255) + "\n" + format_columns(Port_Info) + "\n\n" + Domain_Name + Administrator_Name + Email_Address + Phone
end function// ******************************************************************************
// * @brief 获取路由器Computer类漏洞
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
GetKernelRouterComputerExploit = function()TestLan = ""for kernel_router_exploit in ShellOs.KernelRouterExploitsresult_lists = metaxploit.scan_address(ShellOs.KernelRouterLib, kernel_router_exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]if ShellOs.KnownComputersLan != [] thenresult = ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], ShellOs.KnownComputersLan[0])if typeof(result) == "computer" thenShellOs.KernelRouterComputerExploit = [kernel_router_exploit, target_key[3:-4]]return end ifelseif TestLan == "" then TestLan = user_input("请提供一个此公网内已知的主机LAN地址, 若没有请跳过:\n")if is_lan_ip(TestLan) then result = ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], TestLan)if typeof(result) == "computer" thenShellOs.KernelRouterComputerExploit = [kernel_router_exploit, target_key[3:-4]]return end ifelse TestLan = "null"end ifend iffor Router in ShellOs.OtherRoutersLanlanIp = Router[0]lanIp = lanIp.split(".")Head = lanIp[0]+"."+lanIp[1]+"."+lanIp[2]+"."End = lanIp[-1].to_intfor _ in range(1, 255, 1)if _ != End thenresult = ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], Head + str(_))if typeof(result) == "computer" thenShellOs.KernelRouterComputerExploit = [kernel_router_exploit, target_key[3:-4]]return else if typeof(result) != "null" and typeof(result) != "computer" thenbreakend ifend ifend forif typeof(result) != "null" and typeof(result) != "computer" then breakend forif typeof(result) != "null" and typeof(result) != "computer" then continueend ifend forend for
end function// ******************************************************************************
// * @brief 深度扫描
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
deepScan = function()if ShellOs.OtherRoutersLan == [] then print(String("请先扫描网络/该网络没有未知的子网", 1, 255, 255, 0))returnend ifnet_session = metaxploit.net_use(ShellOs.TargetIP)if not net_session then print(String("Error: can't connect to net session", 1, 255, 0, 0))returnend ifShellOs.KernelRouterLib = net_session.dump_libShellOs.KernelRouterExploits = metaxploit.scan(ShellOs.KernelRouterLib)GetKernelRouterComputerExploit()if ShellOs.KernelRouterComputerExploit != [] thenNo = 0for Router in ShellOs.OtherRoutersLanlanIp = Router[0]lanIp = lanIp.split(".")Head = lanIp[0]+"."+lanIp[1]+"."+lanIp[2]+"."End = lanIp[-1].to_intfor _ in range(1, 255, 1)if _ != End thenresult = ShellOs.KernelRouterLib.overflow(ShellOs.KernelRouterComputerExploit[0], ShellOs.KernelRouterComputerExploit[1], Head + str(_))if typeof(result) == "computer" thenif ShellOs.OtherRoutersLan[No].len == 2 then ShellOs.OtherRoutersLan[No].push([])if typeof(ShellOs.OtherRoutersLan[No][2].indexOf(Head + str(_))) == "null" then ShellOs.OtherRoutersLan[No][2].push(Head + str(_))end ifend ifend for No = No + 1end for print(String("新发现了这些主机: ", 1, 255, 255, 255))for Router in ShellOs.OtherRoutersLanif Router.len == 3 thenprint("\n" + String(Router[0] + ": " + Router[1], 1, 255, 255, 255))for ComputerLan in Router[2]print(String(ComputerLan, 0, 255, 255, 0))end forend ifend forprint(" ")else print(String("深度扫描失败, 目标IP路由器固件无相关漏洞!\n", 1, 255, 0, 0))end if
end function// ******************************************************************************
// * @brief 了解当前身份
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
readPermission = function(result)if typeof(result) == "shell" thenrootFolder = result.host_computer.File("/root")homeFolder = result.host_computer.File("/home")passwdFile = result.host_computer.File("/etc/passwd")else if typeof(result) == "computer" thenrootFolder = result.File("/root")homeFolder = result.File("/home")passwdFile = result.File("/etc/passwd")else if typeof(result) == "file" thenwhile not result.path == "/"result = result.parentend whilefolders = result.get_folderspasswdFile = []for folder in foldersif folder.name == "root" thenrootFolder = folderelse if folder.name == "home" thenhomeFolder = folderelse if folder.name == "etc" thenfor File in folder.get_filesif File.name == "passwd" then passwdFile = Fileend forend ifend forend ifPermission = "null"if is_folder(rootFolder) and rootFolder.has_permission("w") thenPermission = "root"else if typeof(passwdFile) == "file" and passwdFile.has_permission("r") then // if homeFolder then// Permission = "guest"// userFolders = homeFolder.get_folders// for userFolder in userFolders// if userFolder.has_permission("w") and userFolder.name != "guest" then // Permission = userFolder.name// break// end if// end for// else Permission = "user"// end ifelsePermission = "guest"end ifreturn Permission
end function remoteShell = {}
remoteShell.Object = ""
remoteShell.Type = ""
remoteShell.input = ""
remoteShell.permission = ""
remoteShell.shellObj = ""
remoteShell.computer = ""
remoteShell.currentFolder = ""
remoteShell.fileFunc = ["cd [绝对路径/相对路径]", "cat [文件名]", "cp [原文件名] [目标文件名]", "mv [原文件名] [目标文件名]", "rm [文件名]", "exit", "ScanPsw", "vim [文件名] (vim中使用':help'查看可用命令)", "chmod [opt:-R] [u,g,o+wrx] [path file/folder]"]
remoteShell.computerFunc = ["mkdir [文件夹名]", "touch [文件名]", "ps", "useradd [new username]", "userdel [opt:-r] [username]"]
remoteShell.shellFunc = ["Terminal", "scp [-u/-d] [原文件名] (可选)[目标文件夹]", "run [命令名] (可选)[参数]", "bounce", "ping [ip address]", "build [源文件] (可选)[目标文件夹]"]remoteShell.getPath = function(StrPath)currentFolder = self.currentFolderInputPath = []for _ in StrPath.split("/")if _ != "" then InputPath.push(_)end forif InputPath == [] or StrPath[0] == "/" thenwhile not currentFolder.path == "/"currentFolder = currentFolder.parentend whileelse if StrPath == "." or StrPath[:1] == "./" thenInputPath = InputPath[1:]else if InputPath[0] == ".." thenif currentFolder.path != "/" then currentFolder = currentFolder.parentInputPath = InputPath[1:]end ifif InputPath != [] thenfor _ in InputPath[:-1]for SubFolder in currentFolder.get_foldersif SubFolder.name == _ then currentFolder = SubFolderbreakend if end forend forreturn [currentFolder, InputPath[-1]]else return [currentFolder, "null"]end if
end function// ******************************************************************************
// * @brief remoteShell cd命令
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cdFunc = function()if self.input == "cd" then while not self.currentFolder.path == "/"self.currentFolder = self.currentFolder.parentend whilereturnend ifInputPath = []for _ in self.input.split(" ")[1].split("/")if _ != "" then InputPath.push(_)end forif InputPath == [] or self.input.split(" ")[1][0] == "/" thenwhile not self.currentFolder.path == "/"self.currentFolder = self.currentFolder.parentend whileelse if self.input.split(" ")[1] == "." or self.input.split(" ")[1][:1] == "./" thenInputPath = InputPath[1:]else if InputPath[0] == ".." thenif self.currentFolder.path != "/" then self.currentFolder = self.currentFolder.parentInputPath = InputPath[1:]end iffor _ in InputPathfor SubFolder in self.currentFolder.get_foldersif SubFolder.name == _ then self.currentFolder = SubFolderbreakend if end forend forreturn
end function// ******************************************************************************
// * @brief remoteShell ls -la命令
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ls_la = function()subFolders = self.currentFolder.get_foldersoutput = ""for subFile in subFoldersnameFile = subFile.namepermission = subFile.permissionsowner = subFile.ownersize = subFile.sizegroup = subFile.groupoutput = output + String(permission + " " + owner + " " + group + " " + size + " 00:00 " + "<b>" + nameFile + "</b>", 0, 255, 255, 0) + "\n"end for print(String("Folder(s)", 0, 255, 255, 255))if output != "" thenprint(format_columns(output))elseprint(String("Empty", 0, 255, 255, 0) + "\n")end ifsubFiles = self.currentFolder.get_filesoutput = ""for subFile in subFilesnameFile = subFile.namepermission = subFile.permissionsowner = subFile.ownersize = subFile.sizegroup = subFile.groupoutput = output + String(permission + " " + owner + " " + group + " " + size + " 00:00 " + "<b>" + nameFile + "</b>", 0, 128, 255, 255) + "\n"end for print(String("File(s)", 0, 255, 255, 255))if output != "" then print(format_columns(output))elseprint(String("Empty", 0, 128, 255, 255) + "\n")end if
end function// ******************************************************************************
// * @brief cat
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cat = function()Target = self.getPath(self.input.split(" ")[1])for File in Target[0].get_filesif File.name == Target[1] thenif File.is_binary then print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")returnelseif typeof(File.get_content) != "null" thenprint(String(File.name + " :", 1, 255, 255, 255))for Line in File.get_content.split("\n")print(" " + String(Line, 0, 255, 255, 255))end forprint(" ")else print(String("Permission denied", 1, 255, 0, 0) + "\n")end ifbreakend ifend ifend for
end function// ******************************************************************************
// * @brief cp
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cp = function()Target_Raw = self.getPath(self.input.split(" ")[1])for File in Target_Raw[0].get_filesif File.name == Target_Raw[1] thenTarget_New = self.getPath(self.input.split(" ")[2])result = File.copy(Target_New[0].path, Target_New[1])if result == 1 thenprint(String("复制成功! ", 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend for
end function// ******************************************************************************
// * @brief mv
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.mv = function()Target_Raw = self.getPath(self.input.split(" ")[1])for File in Target_Raw[0].get_filesif File.name == Target_Raw[1] thenTarget_New = self.getPath(self.input.split(" ")[2])result = File.move(Target_New[0].path, Target_New[1])if result == 1 thenprint(String("移动成功! ", 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend for
end function// ******************************************************************************
// * @brief rm
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.rm = function()if self.input.split(" ")[1].lower == "-r" thenTarget = self.getPath(self.input.split(" ")[2])elseTarget = self.getPath(self.input.split(" ")[1])end ifif self.input.split(" ")[1].lower == "-r" thenfor File in Target[0].get_foldersif File.name == Target[1] thenresult = File.deleteif result.len == 0 thenprint(String("删除成功! ", 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend forelse if self.input.split(" ")[1].lower == "*" thenfor File in Target[0].get_filesFileName = File.nameresult = File.deleteif result.len == 0 thenprint(String(FileName + "删除成功! ", 1, 0, 255, 0))else print(String(FileName + ": " + result, 1, 255, 0, 0))end ifend forelsefor File in Target[0].get_filesif File.name == Target[1] thenresult = File.deleteif result.len == 0 thenprint(String("删除成功! ", 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend forend if
end function// ******************************************************************************
// * @brief ScanPsw
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ScanPsw = function()Paths = ["/etc/passwd"]FileObj = self.currentFolderhomeFolder = ""while not FileObj.path == "/"FileObj = FileObj.parentend whilefolders = FileObj.get_foldersfor folder in foldersif folder.name == "home" thenhomeFolder = folderend ifend forif homeFolder != "" thenfor folder in homeFolder.get_foldersif folder.name != "guest" then Paths.push(folder.path + "/Config/Mail.txt")Paths.push(folder.path + "/Config/Bank.txt")end ifend forend iffor Path in PathsTarget = self.getPath(Path)for File in Target[0].get_filesif File.name == Target[1] thenif File.is_binary then print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")returnelseif typeof(File.get_content) != "null" thenprint(String(File.name + " :", 1, 255, 255, 255))for Line in File.get_content.split("\n")if Line.split(":").len == 2 thenprint(String(Line.split(":")[0] + ": ", 0, 255, 255, 255) + String(cryptools.decipher(Line.split(":")[-1]), 1, 255, 255, 0))end ifend forprint(" ")else print(String("Permission denied", 1, 255, 0, 0) + "\n")end ifbreakend ifend ifend forend for
end function// ******************************************************************************
// * @brief mkdir
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.mkdir = function()Target = self.getPath(self.input.split(" ")[1])self.computer.create_folder(Target[0].path, Target[1])
end function// ******************************************************************************
// * @brief touch
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.touch = function(InputParams)Target = self.getPath(InputParams[0])self.computer.touch(Target[0].path, Target[1])
end function// ******************************************************************************
// * @brief ps
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ps = function()print("\n" + self.computer.show_procs + "\n")
end function// ******************************************************************************
// * @brief Terminal
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.Terminal = function()self.shellObj.start_terminal
end function// ******************************************************************************
// * @brief scp
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// * v0.0.2 2021-09-14 Royic 1.修bug
// ******************************************************************************
remoteShell.scp = function(InputParams)homeShell = get_shellresult = ""if InputParams[0].lower == "-u" thenupdateFile = homeShell.host_computer.File(InputParams[1])if updateFile != null thenupdateFilePermissions = updateFile.permissionsupdateFile.chmod("u+rwx")updateFile.chmod("g+rwx")updateFile.chmod("o+rwx")if InputParams.len == 2 thenresult = homeShell.scp(InputParams[1], self.currentFolder.path, self.shellObj)else if InputParams.len == 3 thenresult = homeShell.scp(InputParams[1], InputParams[2], self.shellObj)end ifif result == 1 then print(String("传输成功!", 1, 0, 255, 0))elseprint(String("传输失败!", 1, 255, 0, 0))end iffor _ in [["u", updateFilePermissions[1:4]], ["g", updateFilePermissions[4:7]], ["o", updateFilePermissions[7:]]]for Permission in ["r", "w", "x"]if _[1].indexOf(Permission) then updateFile.chmod(_[0] + "+" + Permission)else updateFile.chmod(_[0] + "-" + Permission)end ifend forend forelse print(String("找不到要传输的文件!", 1, 255, 0, 0))end ifelse if InputParams[0].lower == "-d" thenTargetFilePath = self.getPath(InputParams[1])for File in TargetFilePath[0].get_filesif File.name == TargetFilePath[1] thenTargetFile = Filebreakend ifend forif TargetFile != null thenif InputParams.len == 2 then DownloadPath = home_dir + "/Downloads"else if InputParams.len == 3 thenDownloadPath = InputParams[2]end ifresult = self.shellObj.scp(TargetFile.path, DownloadPath, homeShell)if result == 1 then print(String("传输成功, 文件已保存至" + DownloadPath + "下!", 1, 0, 255, 0))elseprint(String("传输失败!", 1, 255, 0, 0))end ifelseprint(String("找不到要传输的文件!", 1, 255, 0, 0))end ifend ifif result == 1 then return 1elsereturn 0end if
end function// ******************************************************************************
// * @brief build
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.build = function(InputParams)Target = self.getPath(InputParams[0])for File in Target[0].get_filesif File.name == Target[1] thenFuncSrc = Fileif InputParams.len == 1 thenself.shellObj.build(FuncSrc.path, Target[0].path)else if InputParams.len == 2 thenTargetFolder = self.getPath(InputParams[1]) for Folder in TargetFolder[0].get_foldersif Folder.name == TargetFolder[1] then self.shellObj.build(FuncSrc.path, Folder.path)end forend ifend ifend for
end function// ******************************************************************************
// * @brief run
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.run = function()Target = self.getPath(self.input.split(" ")[1])for File in Target[0].get_filesif File.name == Target[1] thenFunc = Fileif self.input.split(" ").len > 2 thenparams = self.input.split(" ")[1:]self.shellObj.launch(Func.path, params)elseself.shellObj.launch(Func.path, "")end ifend ifend for
end function// ******************************************************************************
// * @brief bounce 用于部署环境
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.bounce = function()if self.scp(["-u", metaxploitPath]) thenif self.scp(["-u", cryptoPath]) thenif self.scp(["-u", program_path]) thenprint(String("部署成功!", 1, 0, 255, 0))returnend ifend ifend ifprint(String("部署失败!", 1, 255, 0, 0))
end function// ******************************************************************************
// * @brief ping
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ping = function(InputParams)result = self.shellObj.ping(InputParams[0])if result thenif typeof(result) == "string" thenprint(String(result, 1, 255, 0, 0) + "\n") elseprint(String("Ping successful", 1, 0, 255, 0) + "\n")end ifelseprint(String("ip unreachable", 1, 255, 0, 0) + "\n")
end if
end function// ******************************************************************************
// * @brief chmod
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.chmod = function(InputParams)if InputParams.len < 2 or (InputParams.len == 3 and InputParams[0].lower != "-r") then print(command_info("chmod_usage"))returnend ifpermissions = InputParams[0]pathFile = InputParams[1]isRecursive = 0if InputParams.len == 3 thenpermissions = InputParams[1]pathFile = InputParams[2]isRecursive = 1end ifTarget = self.getPath(pathFile)for target in Target[0].get_files + Target[0].get_foldersif target.name == Target[1] thenfile = targetoutput = file.chmod(permissions, isRecursive)if output then print(String(output, 1, 255, 0, 0))returnend ifend forprint(String("chmod: can't find " + pathFile, 1, 255, 0, 0))
end functionvimObj = {}
vimObj.input = ""
vimObj.vimFile = ""
vimObj.tempText = ""
vimObj.tempTextLists = []
vimObj.vimFunc = [":new 另起一行", ":clr 清空文本", ":clr [行号] 清空该行", ":del 删除最后一行", ":del [行号] 删除该行", ":add [行号] [文本] 在该行末添加文本", ":exit/:q 退出vim", ":x/:wq 保存并退出vim", ":change [行号] [文本]", ":replace (可选)[行号] [被替换字符串] [替换字符串]"]vimObj.start = function()while trueself.tempText = self.vimFile.get_contentself.tempTextLists = self.tempText.split("\n")print("\n" + String(self.vimFile.name + " :", 1, 255, 255, 255))LineNo = 1TabStr = " "if self.tempTextLists.len > 1 thenfor Line in self.tempTextLists[:-1]if LineNo < 10 thenTabStr = " "else if LineNo < 100 thenTabStr = " "else if LineNo < 1000 thenTabStr = " "else if LineNo < 10000 thenTabStr = "" end ifprint(String(str(LineNo), 0, 192, 192, 192) + TabStr + String(Line, 0, 255, 255, 255))LineNo = LineNo + 1end forend ifself.input = user_input(String(str(LineNo), 0, 192, 192, 192) + TabStr + String(self.tempTextLists[-1], 0, 255, 255, 255))if self.input.trim.lower == ":exit" or self.input.trim.lower == ":q" thenreturnelse if self.input.trim.lower == ":new" thenself.tempText = self.tempText + "\n"self.vimFile.set_content(self.tempText)else if self.input.trim.lower == ":clr" thenself.tempText = ""self.vimFile.set_content(self.tempText)else if self.input.trim.lower.split(" ").len == 2 and self.input.trim.lower.split(" ")[0] == ":clr" thenself.tempText = ""if typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len thenNo = 1if self.tempTextLists.len > 1 thenfor Line in self.tempTextListsif No != self.input.trim.lower.split(" ")[1].to_int thenself.tempText = self.tempText + Line + "\n"elseself.tempText = self.tempText + "\n"end ifNo = No + 1end forelse if self.tempTextLists.len == 1 and self.input.trim.lower.split(" ")[1].to_int == 1 thenself.tempText = ""elseself.tempText = self.tempTextLists[0] + "\n"end ifif self.tempText != "" thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower == ":del" thenself.tempText = ""if self.tempTextLists.len > 1 thenfor Line in self.tempTextLists[:-1]self.tempText = self.tempText + Line + "\n"end forself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifelse if self.input.trim.lower.split(" ").len == 2 and self.input.trim.lower.split(" ")[0] == ":del" thenself.tempText = ""if typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len thenNo = 1for Line in self.tempTextListsif No != self.input.trim.lower.split(" ")[1].to_int thenself.tempText = self.tempText + Line + "\n"end ifNo = No + 1end forif self.tempText != "" thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower.split(" ").len > 2 and self.input.trim.lower.split(" ")[0] == ":add" thenif typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len thenNo = 1addStr = ""self.tempText = ""for _ in self.input.trim.split(" ")[2:]addStr = addStr + _ + " "end forfor Line in self.tempTextListsif No == self.input.trim.lower.split(" ")[1].to_int thenself.tempText = self.tempText + Line + addStr[:-1] + "\n"elseself.tempText = self.tempText + Line + "\n"end ifNo = No + 1end forif self.tempText != "" thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower.split(" ").len >= 3 and self.input.trim.lower.split(" ").len <= 4 and self.input.trim.lower.split(" ")[0] == ":replace" thenif self.input.trim.split(" ").len == 4 thentargetStr = self.input.trim.split(" ")[2]replaceStr = self.input.trim.split(" ")[3]else if self.input.trim.split(" ").len == 3 thentargetStr = self.input.trim.split(" ")[1]replaceStr = self.input.trim.split(" ")[2]end ifself.tempText = ""No = 1for Line in self.tempTextListsif self.input.trim.split(" ").len == 4 and typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len thenif No == self.input.trim.lower.split(" ")[1].to_int thenIndex = Line.indexOf(targetStr)self.tempText = self.tempText + Line[:Index] + replaceStr + Line[Index + targetStr.len:] + "\n"elseself.tempText = self.tempText + Line + "\n"end ifNo = No + 1else if self.input.trim.split(" ").len == 3 thenIndex = Line.indexOf(targetStr)if typeof(Index) == "number" thenself.tempText = self.tempText + Line[:Index] + replaceStr + Line[Index + targetStr.len:] + "\n"else self.tempText = self.tempText + Line + "\n"end ifend ifend forif self.tempText != "" thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifelse if self.input.trim.lower.split(" ").len > 2 and self.input.trim.lower.split(" ")[0] == ":change" thenif typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len thenNo = 1changeStr = ""self.tempText = ""for _ in self.input.trim.lower.split(" ")[2:]changeStr = changeStr + _ + " "end forfor Line in self.tempTextListsif No == self.input.trim.lower.split(" ")[1].to_int thenself.tempText = self.tempText + changeStr[:-1] + "\n"elseself.tempText = self.tempText + Line + "\n"end ifNo = No + 1end forif self.tempText != "" thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower == ":w" or self.input.trim.lower == ":wq" or self.input.trim.lower == ":x" thenself.vimFile.set_content(self.tempText)if self.input.trim.lower == ":x" or self.input.trim.lower == ":wq" then returnelse if self.input.trim.lower == ":help" thenprint(String("可用命令如下: ", 1, 0, 255, 0))for FuncName in self.vimFuncprint(String(" " + FuncName, 0, 184, 115, 51))end forelseself.tempText = self.tempText + self.inputself.vimFile.set_content(self.tempText)end ifend while
end function// ******************************************************************************
// * @brief vim
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.vim = function(InputParams)vimObj.vimFile = ""vimObj.tempFile = ""Target = self.getPath(InputParams[0])for File in Target[0].get_filesif File.name == Target[1] thenif File.is_binary then print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")returnelseif typeof(File.get_content) != "null" thenvimObj.vimFile = Fileelse print(String("Permission denied", 1, 255, 0, 0) + "\n")returnend ifbreakend ifend ifend forif typeof(vimObj.vimFile) != "file" and (self.Type == "shell" or self.Type == "computer") thenself.computer.touch(Target[0].path, Target[1])vimObj.vimFile = self.computer.File(Target[0].path + "/" + Target[1])end ifif typeof(vimObj.vimFile) == "file" then vimObj.start()
end function// ******************************************************************************
// * @brief vim
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.vim = function(InputParams)vimObj.vimFile = ""vimObj.tempFile = ""Target = self.getPath(InputParams[0])for File in Target[0].get_filesif File.name == Target[1] thenif File.is_binary then print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")returnelseif typeof(File.get_content) != "null" thenvimObj.vimFile = Fileelse print(String("Permission denied", 1, 255, 0, 0) + "\n")returnend ifbreakend ifend ifend forif typeof(vimObj.vimFile) != "file" and (self.Type == "shell" or self.Type == "computer") thenself.computer.touch(Target[0].path, Target[1])vimObj.vimFile = self.computer.File(Target[0].path + "/" + Target[1])end ifif typeof(vimObj.vimFile) == "file" then vimObj.start()
end function// ******************************************************************************
// * @brief useradd
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.useradd = function(InputParams)if InputParams.len != 1 or InputParams[0] == "-h" or InputParams[0] == "--help" then print(command_info("useradd_usage"))returnend ifinputMsg = "Setting password for user " + InputParams[0] +".\nNew password:"inputPass = user_input(inputMsg, true)output = self.computer.create_user(InputParams[0], inputPass)if output == true then print(String("User created OK", 1, 0, 255, 0))Create_Folder_Flag = user_input("是否创建用户文件夹目录? [Y/N]\n").trim.lowerif Create_Folder_Flag == "y" thenself.computer.File("/home/" + InputParams[0] + "/Desktop")self.computer.File("/home/" + InputParams[0] + "/Config")self.computer.File("/home/" + InputParams[0] + "/Downloads")self.computer.File("/home/" + InputParams[0] + "/.Trash")self.computer.File("/home/" + InputParams[0])end ifreturnend ifif output then print(String(output, 1, 0, 255, 0))returnend ifprint(String("Error: the user could not be created.", 1, 0, 255, 0))
end function// ******************************************************************************
// * @brief userdel
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.userdel = function(InputParams)if not InputParams.len or (InputParams.len == 1 and InputParams[0].lower == "-r") or InputParams[0] == "-h" or InputParams[0] == "--help" then print(command_info("userdel_usage"))returnend ifdelete = 0if InputParams[0].lower == "-r" thendelete = 1InputParams.pullend ifoutput = self.computer.delete_user(InputParams[0], delete)if output == true then print(String("user " + InputParams[0] + " deleted.", 1, 0, 255, 0))returnend ifif output then print(String(output, 1, 0, 255, 0))returnend ifprint(String("Error: user not deleted.", 1, 255, 0, 0))
end function// ******************************************************************************
// * @brief 进入remoteShell while循环
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.start = function(Exploit, Type, HackInput)if HackInput != "" thenself.Object = Exploit[3].overflow(Exploit[0], Exploit[1], HackInput)elseself.Object = Exploit[3].overflow(Exploit[0], Exploit[1])end ifself.permission = Exploit[2]self.Type = Typeif self.Type == "shell" thenself.currentFolder = self.Object.host_computer.File("/")self.computer = self.Object.host_computerself.shellObj = self.Objectelse if self.Type == "computer" thenself.currentFolder = self.Object.File("/")self.computer = self.Objectelse if self.Type == "file" thenwhile not self.Object.path == "/"self.Object = self.Object.parentend whileself.currentFolder = self.Objectend ifwhile trueself.ls_la()self.input = user_input("<b>" + ShellOs.TargetIP + "</b>~" + self.permission + "@" + "<b>" + self.Type + "</b>" + ":" + self.currentFolder.path + "> ").trimif self.input.lower == "exit" then return else if self.input.split(" ")[0].lower == "cd" thenself.cdFunc()else if self.input.split(" ")[0].lower == "cat" and self.input.split(" ").len == 2 thenself.cat()else if self.input.split(" ")[0].lower == "vim" and self.input.split(" ").len == 2 thenself.vim(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "cp" and self.input.split(" ").len == 3 thenself.cp()else if self.input.split(" ")[0].lower == "mv" and self.input.split(" ").len == 3 thenself.mv()else if self.input.split(" ")[0].lower == "rm" and self.input.split(" ").len > 1 thenself.rm()else if self.input.split(" ")[0].lower == "scanpsw" thenself.ScanPsw()else if self.input.split(" ")[0].lower == "mkdir" and self.input.split(" ").len == 2 and (self.Type == "shell" or self.Type == "computer") thenself.mkdir()else if self.input.split(" ")[0].lower == "touch" and self.input.split(" ").len == 2 and (self.Type == "shell" or self.Type == "computer") thenself.touch(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "ps" and (self.Type == "shell" or self.Type == "computer") thenself.ps()else if self.input.split(" ")[0].lower == "scp" and self.input.split(" ").len >= 3 and self.input.split(" ").len <= 4 and self.Type == "shell" then self.scp(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "terminal" and self.Type == "shell" thenself.Terminal()else if self.input.split(" ")[0].lower == "run" and self.Type == "shell" thenself.run()else if self.input.split(" ")[0].lower == "build" and self.Type == "shell" thenself.build(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "bounce" and self.Type == "shell" thenself.bounce()else if self.input.split(" ")[0].lower == "ping" and self.Type == "shell" and self.input.split(" ").len == 2 thenself.ping(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "chmod" and self.input.split(" ").len >= 3 and self.input.split(" ").len <= 4 thenself.chmod(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "useradd" and self.input.split(" ").len == 2 and (self.Type == "shell" or self.Type == "computer") thenself.useradd(self.input.split(" ")[1:])else if self.input.split(" ")[0].lower == "userdel" and self.input.split(" ").len >= 2 and self.input.split(" ").len <= 3 and (self.Type == "shell" or self.Type == "computer") thenself.userdel(self.input.split(" ")[1:])else if self.input == "help" thenprint(String("可用命令如下: ", 1, 0, 255, 0))if self.Type == "computer" or self.Type == "shell" thenif self.Type == "shell" thenfor FuncName in self.shellFuncprint(String(" " + FuncName, 0, 255, 215, 0))end forend iffor FuncName in self.computerFuncprint(String(" " + FuncName, 0, 192, 192, 192))end forend iffor FuncName in self.fileFuncprint(String(" " + FuncName, 0, 184, 115, 51))end for print(" ")end ifend while
end function// ******************************************************************************
// * @brief 攻击本机
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-16 Royic 1.实现基本功能
// ******************************************************************************
localHack = function()ShellOs.TargetIP = get_router.public_ipShellOs.PortExploits = [["shell", []], ["computer", []], ["file", []]]HackInput = user_input("请输入要注入的密码, 不需要则跳过:\n")metaLibs = []metaLibs.push(metaxploit.load("/lib/net.so"))metaLibs.push(metaxploit.load("/lib/init.so"))for metaLib in metaLibsprint("Founded " + metaLib.lib_name + " "+ metaLib.version)if not metaLib then print(String("Error: TargetLib not found.", 1, 255, 0, 0))elseexploits = metaxploit.scan(metaLib)for exploit in exploitsresult_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]if HackInput != "" thenresult = metaLib.overflow(exploit, target_key[3:-4], HackInput)elseresult = metaLib.overflow(exploit, target_key[3:-4])end ifnetExploitsCount = 0if typeof(result) == "shell" thenShellOs.PortExploits[0][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) == "computer" thenShellOs.PortExploits[1][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) == "file" thenShellOs.PortExploits[2][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) == "number" and (not is_lan_ip(HackInput) and HackInput != "") thenprint(String("密码注入成功!", 1, 255, 255, 0))end ifend forend forend ifend forif ShellOs.PortExploits != [["shell", []], ["computer", []], ["file", []]] then print(String("扫描到下列漏洞", 1, 255, 255, 255))No = 0for Object in ShellOs.PortExploitsif Object[1] != [] then print(String(Object[0] + "", 1, 255, 255, 255))for _ in Object[1]if _[2] == "root" thenprint(String(No + ". " + _[:-1], 1, 255, 215, 0))else if _[2] == "guest" thenprint(String(No + ". " + _[:-1], 1, 184, 115, 51))elseprint(String(No + ". " + _[:-1], 1, 192, 192, 192))end ifNo = No + 1end forend forif ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len > 0 thenChosenExploit = user_input("请选择要攻击的漏洞\n").to_intwhile ChosenExploit >= No or ChosenExploit < 0if ChosenExploit.trim.lower == "exit" then returnelseChosenExploit = user_input("输入有误! 请选择要攻击的漏洞\n").to_intend ifend whileif ChosenExploit < ShellOs.PortExploits[0][1].len thenremoteShell.start(ShellOs.PortExploits[0][1][ChosenExploit], "shell", HackInput)else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len thenremoteShell.start(ShellOs.PortExploits[1][1][ChosenExploit - ShellOs.PortExploits[0][1].len], "computer", HackInput)else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len thenremoteShell.start(ShellOs.PortExploits[2][1][ChosenExploit - ShellOs.PortExploits[1][1].len - ShellOs.PortExploits[0][1].len], "file", HackInput)end ifelse print(String("没有可攻击的漏洞!", 1, 255, 0, 0))end if
end function// ******************************************************************************
// * @brief 黑入
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
Hack = function()ShellOs.PortExploits = [["shell", []], ["computer", []], ["file", []]]address = ShellOs.TargetIPHackInput = user_input("请输入要攻击的端口号/LAN地址:\n")if typeof(HackInput.to_int) == "number" thenport = HackInput.to_intnet_session = metaxploit.net_use(address, port)else if HackInput == "exit" thenreturnelsenet_session = metaxploit.net_use(address)end if if not net_session then print(String("Error: can't connect to net session", 1, 255, 0, 0))returnend ifif not is_lan_ip(HackInput) then HackInput = user_input("请输入要注入的密码, 不需要则跳过:\n")metaLib = net_session.dump_libprint("Founded " + metaLib.lib_name + " "+ metaLib.version)if not metaLib then print(String("Error: TargetLib not found.", 1, 255, 0, 0))returnend ifexploits = metaxploit.scan(metaLib)for exploit in exploits// print(String(exploit, 1, 255, 0, 0))result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]if HackInput != "" thenresult = metaLib.overflow(exploit, target_key[3:-4], HackInput)elseresult = metaLib.overflow(exploit, target_key[3:-4])end if// print(String(target_key[3:-4] + ": " + typeof(result), 1, 255, 255, 0))// print(result_list)if typeof(result) == "shell" thenShellOs.PortExploits[0][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) == "computer" thenShellOs.PortExploits[1][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) == "file" thenShellOs.PortExploits[2][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) == "number" and (not is_lan_ip(HackInput) and HackInput != "") thenprint(String("密码注入成功!", 1, 255, 255, 0))end ifend forend forif ShellOs.PortExploits != [["shell", []], ["computer", []], ["file", []]] then print(String("扫描到下列漏洞", 1, 255, 255, 255))No = 0for Object in ShellOs.PortExploitsif Object[1] != [] then print(String(Object[0] + "", 1, 255, 255, 255))for _ in Object[1]if _[2] == "root" thenprint(String(No + ". " + _[:-1], 1, 255, 215, 0))else if _[2] == "guest" thenprint(String(No + ". " + _[:-1], 1, 184, 115, 51))elseprint(String(No + ". " + _[:-1], 1, 192, 192, 192))end ifNo = No + 1end forend forif ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len > 0 thenChosenExploit = user_input("请选择要攻击的漏洞\n").to_intwhile ChosenExploit >= No or ChosenExploit < 0if ChosenExploit.trim.lower == "exit" then returnelseChosenExploit = user_input("输入有误! 请选择要攻击的漏洞\n").to_intend ifend whileif ChosenExploit < ShellOs.PortExploits[0][1].len thenremoteShell.start(ShellOs.PortExploits[0][1][ChosenExploit], "shell", HackInput)else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len thenremoteShell.start(ShellOs.PortExploits[1][1][ChosenExploit - ShellOs.PortExploits[0][1].len], "computer", HackInput)else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len thenremoteShell.start(ShellOs.PortExploits[2][1][ChosenExploit - ShellOs.PortExploits[1][1].len - ShellOs.PortExploits[0][1].len], "file", HackInput)end ifelse print(String("没有可攻击的漏洞!", 1, 255, 0, 0))end if
end function// ******************************************************************************
// * @brief Wifi万能钥匙
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
WifiCracker = function()computer = get_shell.host_computerstatus = "Unknown Error."cryptools.airmon("start", "wlan0")devices = computer.network_devicesnetworks = computer.wifi_networks("wlan0")if networks == null then print(String("Fail...", 1, 255, 0, 0))end ifnetwork_list = []ID = 1info = "No. BSSID PWR ESSID"for network in networksinfo = info + "\n" + str(ID) + ": " + networkID = ID + 1network_list.push(network.split(" "))end forprint(format_columns(info))Target_ID = 0while (Target_ID == 0 or Target_ID > len(network_list))Target_ID = val(user_input("Select a network device\n"))end whiledata = cryptools.aireplay(network_list[Target_ID - 1][0], network_list[Target_ID - 1][2], ceil(300000/network_list[Target_ID - 1][1].split("%")[0].to_int))if typeof(data) == "string" then print(data)end iffile = computer.File(current_path+"/file.cap")if not file or not file.has_permission("r") or not file.has_permission("w") then print(String("Permission denied, File Error.", 1, 255, 0, 0))returnend ifif file thenresult = cryptools.aircrack(file.path)status = computer.connect_wifi("wlan0", network_list[Target_ID - 1][0], network_list[Target_ID - 1][2], result) file.deleteend ifif status then print(String("Wifi Online.", 1, 0, 255, 0))elseprint(String("Unknown Error.", 1, 255, 0, 0))end if
end function// ******************************************************************************
// * @brief 安全卫士
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
Defender = function()if active_user != "root" then print(String("Not Root", 1, 255, 0, 0))returnend ifcomputer = get_shell.host_computerfile = computer.File("/")output = file.chmod("o-rwx",true)if output then print(output)file2 = computer.File("/etc")output2 = file2.chmod("g-rwx",true)if output2 then print(output2)output2b = file2.chmod("u-rwx",true)if output2b then print(output2b)file3 = computer.File("/sys")output3 = file3.chmod("g-rwx",true)if output then print(output3)output3b = file3.chmod("u-rwx",true)if output3b then print(output3b)file4 = computer.File("/boot")output4 = file4.chmod("g-rwx",true)if output4 then print(output4)output4b = file4.chmod("u-rwx",true)if output4b then print(output4b)file5 = computer.File("/var")output5 = file5.chmod("g-rwx",true)if output5 then print(output5)output5b = file5.chmod("u-rwx",true)if output5b then print(output5b)file6 = computer.File("/root")output6 = file6.chmod("g-rwx",true)if output6 then print(output6)homeFolder = computer.File("/home")if not homeFolder then print(String("Error: /home folder not found", 1, 255, 0, 0))elseuserFolders = homeFolder.get_foldersfor userFolder in userFoldersConfigFile = computer.File("/home/" + userFolder.name + "/Config")Configput = ConfigFile.chmod("g-rwx",true)if Configput then print(Configput)end forend iffilelast = computer.File("/home/guest")if not filelast then print(String("No Guest User Directories, Permissions Change Complete", 1, 0, 255, 0))returnend ifoutputlast = filelast.chmod("g-rwx",true)if outputlast then print(outputlast)outputlastb = filelast.chmod("u-rwx",true)if outputlastb then print(outputlastb)filelast.deleteprint(String("Permissions Change Complete", 1, 0, 255, 0))
end function// ******************************************************************************
// * @brief 服务器安全卫士
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
serverDefender = function()if active_user != "root" then print(String("Not Root", 1, 255, 0, 0))returnelsecomputer = get_shell.host_computerend iffile = computer.File("/")output = file.chmod("o-rwx",true)if output then print(output)file2 = computer.File("/etc")output2 = file2.chmod("g-rwx",true)if output2 then print(output2)output2b = file2.chmod("u-rwx",true)if output2b then print(output2b)file3 = computer.File("/sys")output3 = file3.chmod("g-rwx",true)if output then print(output3)output3b = file3.chmod("u-rwx",true)if output3b then print(output3b)file4 = computer.File("/boot")output4 = file4.chmod("g-rwx",true)if output4 then print(output4)output4b = file4.chmod("u-rwx",true)if output4b then print(output4b)file5 = computer.File("/var")output5 = file5.chmod("g-rwx",true)if output5 then print(output5)output5b = file5.chmod("u-rwx",true)if output5b then print(output5b)file6 = computer.File("/root")output6 = file6.chmod("g-rwx",true)if output6 then print(output6)file7 = computer.File("/usr")output7 = file7.chmod("g-rwx",true)if output7 then print(output7)LogViewer_Del_Flag = user_input("是否删除LogViewer? [Y/N]\n", 0)if LogViewer_Del_Flag.trim.lower == "y" thenLogViewer_File = computer.File("/usr/bin/LogViewer.exe")if LogViewer_File thenLogViewer_File.deleteLogViewer_File = computer.File("/usr/bin/LogViewer.exe")if not LogViewer_File then print("Done: /usr/bin/LogViewer.exe was deleted")end ifend ifhomeFolder = computer.File("/home")if not homeFolder then print(String("Error: /home folder not found", 1, 255, 0, 0))elsehomeoutput = homeFolder.chmod("g-rwx",true)homeFolder.deletehomeFolder = computer.File("/home")if not homeFolder then print("Done: /home folder was deleted")end iffilelast = computer.File("/home/guest")if not filelast then print(String("No Guest User Directories, Permissions Change Complete", 1, 0, 255, 0))returnend ifoutputlast = filelast.chmod("g-rwx",true)if outputlast then print(outputlast)outputlastb = filelast.chmod("u-rwx",true)if outputlastb then print(outputlastb)filelast.deleteprint(String("Permissions Change Complete", 1, 0, 255, 0))end function// ******************************************************************************
// * @brief 重新显示端口信息
// ******************************************************************************
showPortInfo = function()print(ShellOs.PortsInfo)
end function// ******************************************************************************
// * @brief 向伪文件夹添加函数
// ******************************************************************************
localAttack.program = [["更新IP并扫描", @nmap], ["重新显示端口信息", @showPortInfo], ["攻击本机", @localHack], ["黑入", @Hack]]
remoteAttack.program = [["更新IP并扫描", @nmap], ["深度扫描", @deepScan], ["重新显示端口信息", @showPortInfo], ["黑入", @Hack]]
Applications.program = [["Wifi万能钥匙", @WifiCracker], ["安全卫士", @Defender], ["服务器安全卫士", @serverDefender]]// ******************************************************************************
// * @brief 主循环
// ******************************************************************************
while trueShellOs.currentFolder.display()ShellOs.input = user_input("<b>" + ShellOs.TargetIP + "</b>~" + ShellOs.permission + "@ShellOs:/" + ShellOs.getPath + "> ").trimif ShellOs.input.lower == "exit" then exit else if 0 <= ShellOs.input.to_int and ShellOs.input.to_int < ShellOs.currentFolder.subFolder.len + ShellOs.currentFolder.program.len thenif 0 <= ShellOs.input.to_int and ShellOs.input.to_int < ShellOs.currentFolder.subFolder.len thenShellOs.currentFolder = ShellOs.currentFolder.subFolder[ShellOs.input.to_int]else if ShellOs.currentFolder.subFolder.len <= ShellOs.input.to_int and ShellOs.input.to_int < ShellOs.currentFolder.subFolder.len + ShellOs.currentFolder.program.len thenShellOs.currentFolder.program[ShellOs.input.to_int - ShellOs.currentFolder.subFolder.len][1]end ifelse if ShellOs.input.lower == "back" thenif ShellOs.currentFolder.parentFolder != "null" then ShellOs.currentFolder = ShellOs.currentFolder.parentFolder else if ShellOs.input.split(" ")[0] == "cd" thenShellOs.cdFunc()end if
end while【 Grey Hack 】综合工具 shellOs相关推荐
- 【 Grey Hack 】万金油脚本:原地提权工具
目录 脚本源码 用法 效果及示例 版本:Grey Hack v0.7.3618 - Alpha 脚本源码 metaxploit = include_lib("/lib/metaxploit. ...
- 【 Grey Hack 】大数四则运算
目录 效果 加 减 乘 除 乘方 源码 版本:Grey Hack v0.7.3619 - Alpha 在Gs中,位数大于15的整数将以科学计数法显示,故这里提供一种基于字符串加法的四则大数运算算法.由 ...
- 【 Grey Hack 】WIFI万能钥匙
目录 脚本源码 使用方法 效果 版本:Grey Hack v0.7.3618 - Alpha 脚本源码 computer = get_shell.host_computer status = &quo ...
- 【 Grey Hack 】加强版nmap
目录 probe 使用方法 效果 routerpcscan 使用方法 效果 版本:Grey Hack v0.7.3618 - Alpha probe if params.len != 1 or par ...
- 【 Grey Hack 】记一次被黑经历
目录 又被搞了 版本:Grey Hack v0.7.3618 - Alpha 胆大包天的我黑进游戏内shop的IP后,顺着其上面的日志溯源到不少疑似其他玩家租的服务器,暂时没什么进展 不久后回到桌面才 ...
- 【 Grey Hack 】万金油脚本:常见端口修改Password
目录 脚本源码 用法 效果及示例 版本:Grey Hack v0.7.3618 - Alpha 适用于SSH (22) 端口.FTP (21) 端口.HTTP (80) 端口.SMTP (25) 端口 ...
- 【 Grey Hack 】反向Shell
目录 调查 准备反向shell 反向shell 提权 版本:Grey Hack v0.7.3618 - Alpha 如图,本案例中目标IP尚未开放常见端口 调查 通过路由器获得目标PC的用户邮箱账号和 ...
- 【 Grey Hack 】万金油脚本:在路由器上获取shell
目录 脚本源码 用法 效果及示例 版本:Grey Hack v0.7.3618 - Alpha 脚本源码 if params.len != 2 or params[0] == "-h&quo ...
- 【 Grey Hack 】万金油脚本:从路由器获取Password
目录 脚本源码 用法 效果及示例 版本:Grey Hack v0.7.3618 - Alpha 脚本源码 if params.len != 2 or params[0] == "-h&quo ...
最新文章
- Jmeter响应结果unicode转成中文显示
- a1278 win10声卡驱动_windows安装系列教程—驱动安装
- 公众号质量改进调查问卷
- redhat制作本地光盘yum源
- 【牛客网多校】19-7-25-H题 Magic Line
- 海量特征按照缺失值null/NAN数量异同进行分组归类
- 如何把python文件发给别人没_如何把自己写的python程序给别人用
- GB28181心跳机制探讨和技术实现
- 关于Linux内核的一些问题
- Linux的grep命令源码详解,Linux下的grep命令详解
- java课程设计实验报告_《java课程设计实验报告.doc
- 【论文笔记】Semantic Parsing on Freebase from Question-Answer Pairs
- word如何关闭批注模式【教程】
- 关于视频变速播放软件
- 程序员每日英语2021-08-25
- android 仿微信聊天气泡显示图片,eoe资源:仿微信聊天气泡界面的实现(dota小黑与大马的对白)...
- pip 安装时报错Double requirement given: numpy==1.12.1....
- StringUtils.join的详解---LPF
- 最新M1专用LRC更新Adobe Lightroom CC 2021中文直装版,已解决M1安装不上闪退等问题!
- axure 9 如何根据下拉框选值,动态展现内容