建站需要什么软件,网站开发 注意事项,网站建设优化兰州,如何开发游戏目录交互界面基本功能本地攻击攻击本机远程攻击应用程序扫描功能更新IP并扫描深度扫描黑入功能类shell交互界面一些特殊命令bouncerunScanPswvimbuild脚本源码版本#xff1a;Grey Hack v0.7.3619 - Alpha 交互界面
基本功能
使用cd命令和数字选项切换路径
本地攻击 攻击本…
目录交互界面基本功能本地攻击攻击本机远程攻击应用程序扫描功能更新IP并扫描深度扫描黑入功能类shell交互界面一些特殊命令bouncerunScanPswvimbuild脚本源码版本Grey Hack v0.7.3619 - Alpha 交互界面
基本功能
使用cd命令和数字选项切换路径
本地攻击 攻击本机
利用net.so和init.so发动攻击
远程攻击 应用程序 扫描功能
更新IP并扫描 深度扫描 黑入功能
通过开放的端口/LAN IP发动攻击
类shell交互界面
选择相应的漏洞后进入类shell交互界面 根据所选漏洞种类的不同(shell, computer, file)能调用的命令也不同
一些特殊命令
bounce
用于部署shellOs环境
run
用于执行脚本 ScanPsw vim
文本编辑器 使用:help查看帮助
build
编译src文件
脚本源码
// ******************************************************************************
// * file main.src
// * brief Shell Os
// * history
// * Version Date Author Modification
// * v0.1.0 2021-09-05 rocketorbit 1. 创建项目及实现远程攻击
// * v0.1.1 2021-09-07 Royic 1. 实现面向对象的基本框架 实现伪文件夹系统
// * 2. 加入字符串加粗、设定颜色函数
// * v0.1.2 2021-09-09 Royic 1. 初步实现cd命令修bug
// * v0.1.3 2021-09-10 Royic 1. 完善cd命令实现相对路径cd
// * v0.1.4 2021-09-11 Royic 1. 重构nmap函数
// * 2. 补全深度扫描功能
// * v0.2.0 2021-09-12 Royic 1. 初步建立remoteShell框架
// * v0.3.0 2021-09-13 Royic 1. 初步完善以file类为基础的命令体系
// * 2. 可用的命令有cd cat cp mv rm ScanPsw exit
// * v0.4.0 2021-09-13 Royic 1. 加入computer命令体系 可用命令有mkdir, touch, ps
// * v0.4.1 2021-09-13 rocketorbit 1. 加入攻击本机功能
// * v0.5.0 2021-09-14 Royic 1. 修复scp
// * 2. 加入shell命令体系, 可用命令有build、run、bounce、ping、Terminal
// * v0.6.0 2021-09-14 Royic 1. 建立vim文字编辑器体系 可用命令有:new, :clr, :clr, :del, :del, :add, :exit/:q, :x/:wq, :change, :replace 暂时不能不保存就退出
// * v0.6.1 2021-09-18 Royic 1. 加入chmod
// * v0.6.2 2021-09-18 Royic 1. 加入应用程序、useradd、userdel
// * v0.6.3 2021-09-21 Royic 1. 修bug
// ******************************************************************************metaxploit include_lib(/lib/metaxploit.so)
if not metaxploit thenmetaxploit include_lib(current_path /metaxploit.so)if not metaxploit then exit(Error: 没有在本路径或/lib找到metaxploit.so)else metaxploitPath current_path /metaxploit.soend if
elsemetaxploitPath /lib/metaxploit.so
end if
cryptools include_lib(/lib/crypto.so)
if not cryptools thencryptools include_lib(current_path /crypto.so)if not cryptools then exit(Error: 没有在本路径或/lib找到crypto.so)elsecryptoPath current_path /crypto.soend if
elsecryptoPath /lib/crypto.so
end ifFolder {}
Folder.name
Folder.parentFolder null
Folder.subFolder []
Folder.program []// ******************************************************************************
// * brief 字符串加粗、设定颜色
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// * v0.0.2 2021-09-09 Royic 1.补floor修bug
// ******************************************************************************
Num2Hex function(Num)if Num 255 then return FFelse if Num 0 then return 00end ifHexMap {0:0,1:1,2:2,3:3,4:4,5:5,6:6,7:7,8:8,9:9,10:A,11:B,12:C,13:D,14:E,15:F}return (HexMap[floor(Num / 16)] HexMap[Num % 16])
end functionString function(Str, Bold_Key, R_val, G_val, B_val)Color Num2Hex(R_val) Num2Hex(G_val) Num2Hex(B_val)if Bold_Key thenBold_Start bBold_End /belseBold_Start Bold_End end ifif Color 00FF00 then return (Bold_Start Str Bold_End)elsereturn (color# Color Bold_Start Str Bold_End /color)end if
end function// ******************************************************************************
// * brief Folder类添加子文件夹
// * note 直接push会出错只能利用临时变量
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Folder.addFolder function(NewFolder)tempList []tempList.push(NewFolder)self.subFolder self.subFolder tempListNewFolder.parentFolder self
end function// ******************************************************************************
// * brief Folder类打印子文件夹名
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Folder.display function()printStr ID 0for _ in self.subFolderprintStr printStr String(str(ID) ., 1, 255, 255, 255) String(_.name, 1, 255, 255, 0) ID ID 1end forif self.subFolder ! [] thenprint(String(Folder(s), 0, 255, 255, 255))print(printStr)end ifprintStr for _ in self.programprintStr printStr String(str(ID) ., 1, 255, 255, 255) String(_[0], 1, 128, 255, 255) ID ID 1end forif self.program ! [] thenprint(String(Program(s), 0, 255, 255, 255))print(printStr)end ifreturn self.name
end function// ******************************************************************************
// * brief 警告
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Warn function()print(String(Warning: 此功能尚待添加!, 1, 255, 255, 0))
end function// ******************************************************************************
// * brief 伪文件夹系统初始化
// ******************************************************************************
root new Folder
root.name localAttack new Folder
localAttack.name 本地攻击
root.addFolder(localAttack)remoteAttack new Folder
remoteAttack.name 远程攻击
root.addFolder(remoteAttack)Applications new Folder
Applications.name 应用程序
root.addFolder(Applications)ShellOs {}
ShellOs.version v0.1.0
ShellOs.input
ShellOs.MenuFloor 1
ShellOs.currentFolder root
ShellOs.permission null
ShellOs.TargetIP
ShellOs.OtherRoutersLan []
ShellOs.KnownComputersLan []
ShellOs.KernelRouterLib []
ShellOs.KernelRouterExploits []
ShellOs.KernelRouterComputerExploit []
ShellOs.PortExploits [[shell, []], [computer, []], [file, []]]
ShellOs.PortsInfo // ******************************************************************************
// * brief ShellOs部分成员初始化
// ******************************************************************************
ShellOs.init function()self.OtherRoutersLan []self.KnownComputersLan []self.KernelRouterLib []self.KernelRouterExploits []self.KernelRouterComputerExploit []self.PortExploits [[shell, []], [computer, []], [file, []]]self.PortsInfo
end function// ******************************************************************************
// * brief 获取当前绝对路径
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
ShellOs.getPath function()PathStr thisFolder ShellOs.currentFolderwhile thisFolder.parentFolder ! null PathStr thisFolder.name / PathStrthisFolder thisFolder.parentFolderend whilereturn PathStr[:-1]
end function// ******************************************************************************
// * brief 获取IP
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
ShellOs.getIP function()Option self.currentFolder.nameself.TargetIP if Option 远程攻击 thenWarnStr while trueself.TargetIP user_input(WarnStr 请输入一个正确的IP/网址:\n)if self.TargetIP.trim.lower exit then returnelse if self.TargetIP.split(.)[0] www and self.TargetIP.split(.).len 3 thenself.TargetIP nslookup(self.TargetIP)end ifif not get_shell.ping(self.TargetIP) thenWarnStr 输入错误! else if typeof(get_router(self.TargetIP)) null and typeof(get_switch(self.TargetIP)) null thenWarnStr 输入错误! else if get_router(self.TargetIP).local_ip self.TargetIP then WarnStr elseWarnStr end ifif WarnStr then breakend whilereturnelse if Option 本地攻击 then self.TargetIP get_router.public_ipreturnend if
end function// ******************************************************************************
// * brief cd命令
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-09 Royic 1.实现基本功能
// * v0.0.2 2021-09-10 Royic 1.完善功能实现相对路径cd
// ******************************************************************************
ShellOs.cdFunc function()if self.input cd then self.currentFolder rootreturnend ifInputPath []for _ in self.input.split( )[1].split(/)if _ ! then InputPath.push(_)end forif InputPath [] or self.input.split( )[1][0] / thenself.currentFolder rootelse if self.input.split( )[1] . or self.input.split( )[1][:1] ./ thenInputPath InputPath[1:]else if InputPath[0] .. thenif self.currentFolder.parentFolder ! null then self.currentFolder self.currentFolder.parentFolderInputPath InputPath[1:]end iffor _ in InputPathNo 0for SubFolder in self.currentFolder.subFolderif SubFolder.name _ then self.currentFolder self.currentFolder.subFolder[No]breakend if No No 1end forend forreturn
end function// ******************************************************************************
// * brief 显示详细信息
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// * v0.0.2 2021-09-11 Royic 1.重构
// ******************************************************************************
nmap function()ShellOs.init()ShellOs.getIP()Target_Router get_router(ShellOs.TargetIP)Routers_LAN []Computers_LAN []Devices_LAN Target_Router.devices_lan_ipfor Device_LAN in Devices_LANRouter_Ports []for Router_Port in Target_Router.device_ports(Device_LAN)Router_Ports.push(Router_Port.port_number)end forif Router_Ports ! [] and Router_Ports[0] 8080 thenRouters_LAN.push([])Routers_LAN[Routers_LAN.len - 1].push(Device_LAN)Routers_LAN[Routers_LAN.len - 1].push(Router_Ports)elseComputers_LAN.push(Device_LAN)ShellOs.KnownComputersLan.push(Device_LAN)end ifif Target_Router.public_ip get_router().public_ip thenNew_Router get_router(Device_LAN)New_Switch get_switch(Device_LAN)if New_Switch then New_Router New_Switchif New_Router thenprint(\n String(Kernel version: New_Router.kernel_version, 0, 255, 255, 255)) print(String(Device_LAN : Router_Ports, 1, 255, 255, 255))New_Devices_LAN New_Router.devices_lan_ip for New_Device_LAN in New_Devices_LAN if not get_router(New_Device_LAN) and not get_switch(New_Device_LAN) thenprint(String(New_Device_LAN, 0, 255, 255, 0))end ifend forFirewall_Rules Action Port Source_IP Destination_IPfor _ in New_Router.firewall_rulesFirewall_Rules Firewall_Rules \n _end forif Firewall_Rules ! Action Port Source_IP Destination_IP then print(format_columns(Firewall_Rules))end ifend if end ifend forPorts Target_Router.used_portsPort_Info String(Port State Service Version LAN, 0, 255, 255, 255)Port_Info Port_Info \n String(0 Opened router Target_Router.kernel_version Target_Router.local_ip, 0, 255, 215, 0)for Port in Portsif Port.is_closed thenPort_Status ClosedelsePort_Status Openedend ifPort_Info Port_Info \n String(Port.port_number Port_Status Target_Router.port_info(Port) Port.get_lan_ip, 0, 255, 215, 0)if typeof(ShellOs.KnownComputersLan.indexOf(Port.get_lan_ip)) null then ShellOs.KnownComputersLan.push(Port.get_lan_ip) end forif Target_Router.public_ip ! get_router().public_ip thenprint(\n String(Kernel version: Target_Router.kernel_version, 0, 255, 255, 255))if Routers_LAN ! [] thenprint(String(Routers_LAN[0][0] : Routers_LAN[0][1], 1, 255, 255, 255))if Computers_LAN ! [] thenRouter_LAN_Head Routers_LAN[0][0].split(.)Router_LAN_Head Router_LAN_Head[0] . Router_LAN_Head[1] . Router_LAN_Head[2]for Computer_LAN in Computers_LANComputer_LAN_Head Computer_LAN.split(.)Computer_LAN_Head Computer_LAN_Head[0] . Computer_LAN_Head[1] . Computer_LAN_Head[2]if Router_LAN_Head Computer_LAN_Head then print(String(Computer_LAN, 1, 255, 255, 0))end forend ifFirewall_Rules Action Port Source_IP Destination_IPfor _ in Target_Router.firewall_rulesFirewall_Rules Firewall_Rules \n _end forif Firewall_Rules ! Action Port Source_IP Destination_IP then print(format_columns(Firewall_Rules))ShellOs.OtherRoutersLan Routers_LAN[1:]for Router_LAN_List in ShellOs.OtherRoutersLanprint(\n String(Router_LAN_List[0] : Router_LAN_List[1], 1, 255, 255, 255))print(String(使用, 0, 255, 255, 0) String(深度扫描, 1, 128, 255, 255) String(有可能发现更多主机, 0, 255, 255, 0))end forend ifend ifprint(\n String(Port(s): , 1, 255, 255, 255))print(format_columns(Port_Info) \n)Whois_List whois(ShellOs.TargetIP).split(\n)[1:]Domain_Name String(Domain name: , 0, 0, 255, 0) String(Whois_List[0].split(: )[1], 1, 255, 255, 255) \nAdministrator_Name String(Administrative contact: , 0, 0, 255, 0) String(Whois_List[1].split(: )[1], 1, 255, 255, 255) \nEmail_Address String(Email address: , 0, 0, 255, 0) String(Whois_List[2].split(: )[1], 1, 255, 255, 255) \nPhone String(Whois_List[-1], 0, 0, 255, 0) \nprint(Domain_Name Administrator_Name Email_Address Phone)ShellOs.PortsInfo String(Port(s): , 1, 255, 255, 255) \n format_columns(Port_Info) \n\n Domain_Name Administrator_Name Email_Address Phone
end function// ******************************************************************************
// * brief 获取路由器Computer类漏洞
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
GetKernelRouterComputerExploit function()TestLan for kernel_router_exploit in ShellOs.KernelRouterExploitsresult_lists metaxploit.scan_address(ShellOs.KernelRouterLib, kernel_router_exploit).split(Unsafe check: )[1:]for result_list in result_liststarget_str result_list.split(.)[0]target_key target_str.split( )[-1]if ShellOs.KnownComputersLan ! [] thenresult ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], ShellOs.KnownComputersLan[0])if typeof(result) computer thenShellOs.KernelRouterComputerExploit [kernel_router_exploit, target_key[3:-4]]return end ifelseif TestLan then TestLan user_input(请提供一个此公网内已知的主机LAN地址, 若没有请跳过:\n)if is_lan_ip(TestLan) then result ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], TestLan)if typeof(result) computer thenShellOs.KernelRouterComputerExploit [kernel_router_exploit, target_key[3:-4]]return end ifelse TestLan nullend ifend iffor Router in ShellOs.OtherRoutersLanlanIp Router[0]lanIp lanIp.split(.)Head lanIp[0].lanIp[1].lanIp[2].End lanIp[-1].to_intfor _ in range(1, 255, 1)if _ ! End thenresult ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], Head str(_))if typeof(result) computer thenShellOs.KernelRouterComputerExploit [kernel_router_exploit, target_key[3:-4]]return else if typeof(result) ! null and typeof(result) ! computer thenbreakend ifend ifend forif typeof(result) ! null and typeof(result) ! computer then breakend forif typeof(result) ! null and typeof(result) ! computer then continueend ifend forend for
end function// ******************************************************************************
// * brief 深度扫描
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
deepScan function()if ShellOs.OtherRoutersLan [] then print(String(请先扫描网络/该网络没有未知的子网, 1, 255, 255, 0))returnend ifnet_session metaxploit.net_use(ShellOs.TargetIP)if not net_session then print(String(Error: cant connect to net session, 1, 255, 0, 0))returnend ifShellOs.KernelRouterLib net_session.dump_libShellOs.KernelRouterExploits metaxploit.scan(ShellOs.KernelRouterLib)GetKernelRouterComputerExploit()if ShellOs.KernelRouterComputerExploit ! [] thenNo 0for Router in ShellOs.OtherRoutersLanlanIp Router[0]lanIp lanIp.split(.)Head lanIp[0].lanIp[1].lanIp[2].End lanIp[-1].to_intfor _ in range(1, 255, 1)if _ ! End thenresult ShellOs.KernelRouterLib.overflow(ShellOs.KernelRouterComputerExploit[0], ShellOs.KernelRouterComputerExploit[1], Head str(_))if typeof(result) computer thenif ShellOs.OtherRoutersLan[No].len 2 then ShellOs.OtherRoutersLan[No].push([])if typeof(ShellOs.OtherRoutersLan[No][2].indexOf(Head str(_))) null then ShellOs.OtherRoutersLan[No][2].push(Head str(_))end ifend ifend for No No 1end for print(String(新发现了这些主机: , 1, 255, 255, 255))for Router in ShellOs.OtherRoutersLanif Router.len 3 thenprint(\n String(Router[0] : Router[1], 1, 255, 255, 255))for ComputerLan in Router[2]print(String(ComputerLan, 0, 255, 255, 0))end forend ifend forprint( )else print(String(深度扫描失败, 目标IP路由器固件无相关漏洞!\n, 1, 255, 0, 0))end if
end function// ******************************************************************************
// * brief 了解当前身份
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
readPermission function(result)if typeof(result) shell thenrootFolder result.host_computer.File(/root)homeFolder result.host_computer.File(/home)passwdFile result.host_computer.File(/etc/passwd)else if typeof(result) computer thenrootFolder result.File(/root)homeFolder result.File(/home)passwdFile result.File(/etc/passwd)else if typeof(result) file thenwhile not result.path /result result.parentend whilefolders result.get_folderspasswdFile []for folder in foldersif folder.name root thenrootFolder folderelse if folder.name home thenhomeFolder folderelse if folder.name etc thenfor File in folder.get_filesif File.name passwd then passwdFile Fileend forend ifend forend ifPermission nullif is_folder(rootFolder) and rootFolder.has_permission(w) thenPermission rootelse if typeof(passwdFile) file and passwdFile.has_permission(r) then // if homeFolder then// Permission guest// userFolders homeFolder.get_folders// for userFolder in userFolders// if userFolder.has_permission(w) and userFolder.name ! guest then // Permission userFolder.name// break// end if// end for// else Permission user// end ifelsePermission guestend ifreturn Permission
end function remoteShell {}
remoteShell.Object
remoteShell.Type
remoteShell.input
remoteShell.permission
remoteShell.shellObj
remoteShell.computer
remoteShell.currentFolder
remoteShell.fileFunc [cd [绝对路径/相对路径], cat [文件名], cp [原文件名] [目标文件名], mv [原文件名] [目标文件名], rm [文件名], exit, ScanPsw, vim [文件名] (vim中使用:help查看可用命令), chmod [opt:-R] [u,g,owrx] [path file/folder]]
remoteShell.computerFunc [mkdir [文件夹名], touch [文件名], ps, useradd [new username], userdel [opt:-r] [username]]
remoteShell.shellFunc [Terminal, scp [-u/-d] [原文件名] (可选)[目标文件夹], run [命令名] (可选)[参数], bounce, ping [ip address], build [源文件] (可选)[目标文件夹]]remoteShell.getPath function(StrPath)currentFolder self.currentFolderInputPath []for _ in StrPath.split(/)if _ ! then InputPath.push(_)end forif InputPath [] or StrPath[0] / thenwhile not currentFolder.path /currentFolder currentFolder.parentend whileelse if StrPath . or StrPath[:1] ./ thenInputPath InputPath[1:]else if InputPath[0] .. thenif currentFolder.path ! / then currentFolder currentFolder.parentInputPath InputPath[1:]end ifif InputPath ! [] thenfor _ in InputPath[:-1]for SubFolder in currentFolder.get_foldersif SubFolder.name _ then currentFolder SubFolderbreakend if end forend forreturn [currentFolder, InputPath[-1]]else return [currentFolder, null]end if
end function// ******************************************************************************
// * brief remoteShell cd命令
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cdFunc function()if self.input cd then while not self.currentFolder.path /self.currentFolder self.currentFolder.parentend whilereturnend ifInputPath []for _ in self.input.split( )[1].split(/)if _ ! then InputPath.push(_)end forif InputPath [] or self.input.split( )[1][0] / thenwhile not self.currentFolder.path /self.currentFolder self.currentFolder.parentend whileelse if self.input.split( )[1] . or self.input.split( )[1][:1] ./ thenInputPath InputPath[1:]else if InputPath[0] .. thenif self.currentFolder.path ! / then self.currentFolder self.currentFolder.parentInputPath InputPath[1:]end iffor _ in InputPathfor SubFolder in self.currentFolder.get_foldersif SubFolder.name _ then self.currentFolder SubFolderbreakend if end forend forreturn
end function// ******************************************************************************
// * brief remoteShell ls -la命令
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ls_la function()subFolders self.currentFolder.get_foldersoutput for subFile in subFoldersnameFile subFile.namepermission subFile.permissionsowner subFile.ownersize subFile.sizegroup subFile.groupoutput output String(permission owner group size 00:00 b nameFile /b, 0, 255, 255, 0) \nend for print(String(Folder(s), 0, 255, 255, 255))if output ! thenprint(format_columns(output))elseprint(String(Empty, 0, 255, 255, 0) \n)end ifsubFiles self.currentFolder.get_filesoutput for subFile in subFilesnameFile subFile.namepermission subFile.permissionsowner subFile.ownersize subFile.sizegroup subFile.groupoutput output String(permission owner group size 00:00 b nameFile /b, 0, 128, 255, 255) \nend for print(String(File(s), 0, 255, 255, 255))if output ! then print(format_columns(output))elseprint(String(Empty, 0, 128, 255, 255) \n)end if
end function// ******************************************************************************
// * brief cat
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cat function()Target self.getPath(self.input.split( )[1])for File in Target[0].get_filesif File.name Target[1] thenif File.is_binary then print(String(cat: cant open File.path . Binary file, 1, 255, 0, 0) \n)returnelseif typeof(File.get_content) ! null thenprint(String(File.name :, 1, 255, 255, 255))for Line in File.get_content.split(\n)print( String(Line, 0, 255, 255, 255))end forprint( )else print(String(Permission denied, 1, 255, 0, 0) \n)end ifbreakend ifend ifend for
end function// ******************************************************************************
// * brief cp
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cp function()Target_Raw self.getPath(self.input.split( )[1])for File in Target_Raw[0].get_filesif File.name Target_Raw[1] thenTarget_New self.getPath(self.input.split( )[2])result File.copy(Target_New[0].path, Target_New[1])if result 1 thenprint(String(复制成功! , 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend for
end function// ******************************************************************************
// * brief mv
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.mv function()Target_Raw self.getPath(self.input.split( )[1])for File in Target_Raw[0].get_filesif File.name Target_Raw[1] thenTarget_New self.getPath(self.input.split( )[2])result File.move(Target_New[0].path, Target_New[1])if result 1 thenprint(String(移动成功! , 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend for
end function// ******************************************************************************
// * brief rm
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.rm function()if self.input.split( )[1].lower -r thenTarget self.getPath(self.input.split( )[2])elseTarget self.getPath(self.input.split( )[1])end ifif self.input.split( )[1].lower -r thenfor File in Target[0].get_foldersif File.name Target[1] thenresult File.deleteif result.len 0 thenprint(String(删除成功! , 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend forelse if self.input.split( )[1].lower * thenfor File in Target[0].get_filesFileName File.nameresult File.deleteif result.len 0 thenprint(String(FileName 删除成功! , 1, 0, 255, 0))else print(String(FileName : result, 1, 255, 0, 0))end ifend forelsefor File in Target[0].get_filesif File.name Target[1] thenresult File.deleteif result.len 0 thenprint(String(删除成功! , 1, 0, 255, 0))else print(String(result, 1, 255, 0, 0))end ifend ifend forend if
end function// ******************************************************************************
// * brief ScanPsw
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ScanPsw function()Paths [/etc/passwd]FileObj self.currentFolderhomeFolder while not FileObj.path /FileObj FileObj.parentend whilefolders FileObj.get_foldersfor folder in foldersif folder.name home thenhomeFolder folderend ifend forif homeFolder ! thenfor folder in homeFolder.get_foldersif folder.name ! guest then Paths.push(folder.path /Config/Mail.txt)Paths.push(folder.path /Config/Bank.txt)end ifend forend iffor Path in PathsTarget self.getPath(Path)for File in Target[0].get_filesif File.name Target[1] thenif File.is_binary then print(String(cat: cant open File.path . Binary file, 1, 255, 0, 0) \n)returnelseif typeof(File.get_content) ! null thenprint(String(File.name :, 1, 255, 255, 255))for Line in File.get_content.split(\n)if Line.split(:).len 2 thenprint(String(Line.split(:)[0] : , 0, 255, 255, 255) String(cryptools.decipher(Line.split(:)[-1]), 1, 255, 255, 0))end ifend forprint( )else print(String(Permission denied, 1, 255, 0, 0) \n)end ifbreakend ifend ifend forend for
end function// ******************************************************************************
// * brief mkdir
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.mkdir function()Target self.getPath(self.input.split( )[1])self.computer.create_folder(Target[0].path, Target[1])
end function// ******************************************************************************
// * brief touch
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.touch function(InputParams)Target self.getPath(InputParams[0])self.computer.touch(Target[0].path, Target[1])
end function// ******************************************************************************
// * brief ps
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ps function()print(\n self.computer.show_procs \n)
end function// ******************************************************************************
// * brief Terminal
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.Terminal function()self.shellObj.start_terminal
end function// ******************************************************************************
// * brief scp
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// * v0.0.2 2021-09-14 Royic 1.修bug
// ******************************************************************************
remoteShell.scp function(InputParams)homeShell get_shellresult if InputParams[0].lower -u thenupdateFile homeShell.host_computer.File(InputParams[1])if updateFile ! null thenupdateFilePermissions updateFile.permissionsupdateFile.chmod(urwx)updateFile.chmod(grwx)updateFile.chmod(orwx)if InputParams.len 2 thenresult homeShell.scp(InputParams[1], self.currentFolder.path, self.shellObj)else if InputParams.len 3 thenresult homeShell.scp(InputParams[1], InputParams[2], self.shellObj)end ifif result 1 then print(String(传输成功!, 1, 0, 255, 0))elseprint(String(传输失败!, 1, 255, 0, 0))end iffor _ in [[u, updateFilePermissions[1:4]], [g, updateFilePermissions[4:7]], [o, updateFilePermissions[7:]]]for Permission in [r, w, x]if _[1].indexOf(Permission) then updateFile.chmod(_[0] Permission)else updateFile.chmod(_[0] - Permission)end ifend forend forelse print(String(找不到要传输的文件!, 1, 255, 0, 0))end ifelse if InputParams[0].lower -d thenTargetFilePath self.getPath(InputParams[1])for File in TargetFilePath[0].get_filesif File.name TargetFilePath[1] thenTargetFile Filebreakend ifend forif TargetFile ! null thenif InputParams.len 2 then DownloadPath home_dir /Downloadselse if InputParams.len 3 thenDownloadPath InputParams[2]end ifresult self.shellObj.scp(TargetFile.path, DownloadPath, homeShell)if result 1 then print(String(传输成功, 文件已保存至 DownloadPath 下!, 1, 0, 255, 0))elseprint(String(传输失败!, 1, 255, 0, 0))end ifelseprint(String(找不到要传输的文件!, 1, 255, 0, 0))end ifend ifif result 1 then return 1elsereturn 0end if
end function// ******************************************************************************
// * brief build
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.build function(InputParams)Target self.getPath(InputParams[0])for File in Target[0].get_filesif File.name Target[1] thenFuncSrc Fileif InputParams.len 1 thenself.shellObj.build(FuncSrc.path, Target[0].path)else if InputParams.len 2 thenTargetFolder self.getPath(InputParams[1]) for Folder in TargetFolder[0].get_foldersif Folder.name TargetFolder[1] then self.shellObj.build(FuncSrc.path, Folder.path)end forend ifend ifend for
end function// ******************************************************************************
// * brief run
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.run function()Target self.getPath(self.input.split( )[1])for File in Target[0].get_filesif File.name Target[1] thenFunc Fileif self.input.split( ).len 2 thenparams self.input.split( )[1:]self.shellObj.launch(Func.path, params)elseself.shellObj.launch(Func.path, )end ifend ifend for
end function// ******************************************************************************
// * brief bounce 用于部署环境
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.bounce function()if self.scp([-u, metaxploitPath]) thenif self.scp([-u, cryptoPath]) thenif self.scp([-u, program_path]) thenprint(String(部署成功!, 1, 0, 255, 0))returnend ifend ifend ifprint(String(部署失败!, 1, 255, 0, 0))
end function// ******************************************************************************
// * brief ping
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ping function(InputParams)result self.shellObj.ping(InputParams[0])if result thenif typeof(result) string thenprint(String(result, 1, 255, 0, 0) \n) elseprint(String(Ping successful, 1, 0, 255, 0) \n)end ifelseprint(String(ip unreachable, 1, 255, 0, 0) \n)
end if
end function// ******************************************************************************
// * brief chmod
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.chmod function(InputParams)if InputParams.len 2 or (InputParams.len 3 and InputParams[0].lower ! -r) then print(command_info(chmod_usage))returnend ifpermissions InputParams[0]pathFile InputParams[1]isRecursive 0if InputParams.len 3 thenpermissions InputParams[1]pathFile InputParams[2]isRecursive 1end ifTarget self.getPath(pathFile)for target in Target[0].get_files Target[0].get_foldersif target.name Target[1] thenfile targetoutput file.chmod(permissions, isRecursive)if output then print(String(output, 1, 255, 0, 0))returnend ifend forprint(String(chmod: cant find pathFile, 1, 255, 0, 0))
end functionvimObj {}
vimObj.input
vimObj.vimFile
vimObj.tempText
vimObj.tempTextLists []
vimObj.vimFunc [:new 另起一行, :clr 清空文本, :clr [行号] 清空该行, :del 删除最后一行, :del [行号] 删除该行, :add [行号] [文本] 在该行末添加文本, :exit/:q 退出vim, :x/:wq 保存并退出vim, :change [行号] [文本], :replace (可选)[行号] [被替换字符串] [替换字符串]]vimObj.start function()while trueself.tempText self.vimFile.get_contentself.tempTextLists self.tempText.split(\n)print(\n String(self.vimFile.name :, 1, 255, 255, 255))LineNo 1TabStr if self.tempTextLists.len 1 thenfor Line in self.tempTextLists[:-1]if LineNo 10 thenTabStr else if LineNo 100 thenTabStr else if LineNo 1000 thenTabStr else if LineNo 10000 thenTabStr end ifprint(String(str(LineNo), 0, 192, 192, 192) TabStr String(Line, 0, 255, 255, 255))LineNo LineNo 1end forend ifself.input user_input(String(str(LineNo), 0, 192, 192, 192) TabStr String(self.tempTextLists[-1], 0, 255, 255, 255))if self.input.trim.lower :exit or self.input.trim.lower :q thenreturnelse if self.input.trim.lower :new thenself.tempText self.tempText \nself.vimFile.set_content(self.tempText)else if self.input.trim.lower :clr thenself.tempText self.vimFile.set_content(self.tempText)else if self.input.trim.lower.split( ).len 2 and self.input.trim.lower.split( )[0] :clr thenself.tempText if typeof(self.input.trim.lower.split( )[1].to_int) number and self.input.trim.lower.split( )[1].to_int self.tempTextLists.len thenNo 1if self.tempTextLists.len 1 thenfor Line in self.tempTextListsif No ! self.input.trim.lower.split( )[1].to_int thenself.tempText self.tempText Line \nelseself.tempText self.tempText \nend ifNo No 1end forelse if self.tempTextLists.len 1 and self.input.trim.lower.split( )[1].to_int 1 thenself.tempText elseself.tempText self.tempTextLists[0] \nend ifif self.tempText ! thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower :del thenself.tempText if self.tempTextLists.len 1 thenfor Line in self.tempTextLists[:-1]self.tempText self.tempText Line \nend forself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifelse if self.input.trim.lower.split( ).len 2 and self.input.trim.lower.split( )[0] :del thenself.tempText if typeof(self.input.trim.lower.split( )[1].to_int) number and self.input.trim.lower.split( )[1].to_int self.tempTextLists.len thenNo 1for Line in self.tempTextListsif No ! self.input.trim.lower.split( )[1].to_int thenself.tempText self.tempText Line \nend ifNo No 1end forif self.tempText ! thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower.split( ).len 2 and self.input.trim.lower.split( )[0] :add thenif typeof(self.input.trim.lower.split( )[1].to_int) number and self.input.trim.lower.split( )[1].to_int self.tempTextLists.len thenNo 1addStr self.tempText for _ in self.input.trim.split( )[2:]addStr addStr _ end forfor Line in self.tempTextListsif No self.input.trim.lower.split( )[1].to_int thenself.tempText self.tempText Line addStr[:-1] \nelseself.tempText self.tempText Line \nend ifNo No 1end forif self.tempText ! thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower.split( ).len 3 and self.input.trim.lower.split( ).len 4 and self.input.trim.lower.split( )[0] :replace thenif self.input.trim.split( ).len 4 thentargetStr self.input.trim.split( )[2]replaceStr self.input.trim.split( )[3]else if self.input.trim.split( ).len 3 thentargetStr self.input.trim.split( )[1]replaceStr self.input.trim.split( )[2]end ifself.tempText No 1for Line in self.tempTextListsif self.input.trim.split( ).len 4 and typeof(self.input.trim.lower.split( )[1].to_int) number and self.input.trim.lower.split( )[1].to_int self.tempTextLists.len thenif No self.input.trim.lower.split( )[1].to_int thenIndex Line.indexOf(targetStr)self.tempText self.tempText Line[:Index] replaceStr Line[Index targetStr.len:] \nelseself.tempText self.tempText Line \nend ifNo No 1else if self.input.trim.split( ).len 3 thenIndex Line.indexOf(targetStr)if typeof(Index) number thenself.tempText self.tempText Line[:Index] replaceStr Line[Index targetStr.len:] \nelse self.tempText self.tempText Line \nend ifend ifend forif self.tempText ! thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifelse if self.input.trim.lower.split( ).len 2 and self.input.trim.lower.split( )[0] :change thenif typeof(self.input.trim.lower.split( )[1].to_int) number and self.input.trim.lower.split( )[1].to_int self.tempTextLists.len thenNo 1changeStr self.tempText for _ in self.input.trim.lower.split( )[2:]changeStr changeStr _ end forfor Line in self.tempTextListsif No self.input.trim.lower.split( )[1].to_int thenself.tempText self.tempText changeStr[:-1] \nelseself.tempText self.tempText Line \nend ifNo No 1end forif self.tempText ! thenself.vimFile.set_content(self.tempText[:-2])else self.vimFile.set_content(self.tempText)end ifend ifelse if self.input.trim.lower :w or self.input.trim.lower :wq or self.input.trim.lower :x thenself.vimFile.set_content(self.tempText)if self.input.trim.lower :x or self.input.trim.lower :wq then returnelse if self.input.trim.lower :help thenprint(String(可用命令如下: , 1, 0, 255, 0))for FuncName in self.vimFuncprint(String( FuncName, 0, 184, 115, 51))end forelseself.tempText self.tempText self.inputself.vimFile.set_content(self.tempText)end ifend while
end function// ******************************************************************************
// * brief vim
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.vim function(InputParams)vimObj.vimFile vimObj.tempFile Target self.getPath(InputParams[0])for File in Target[0].get_filesif File.name Target[1] thenif File.is_binary then print(String(cat: cant open File.path . Binary file, 1, 255, 0, 0) \n)returnelseif typeof(File.get_content) ! null thenvimObj.vimFile Fileelse print(String(Permission denied, 1, 255, 0, 0) \n)returnend ifbreakend ifend ifend forif typeof(vimObj.vimFile) ! file and (self.Type shell or self.Type computer) thenself.computer.touch(Target[0].path, Target[1])vimObj.vimFile self.computer.File(Target[0].path / Target[1])end ifif typeof(vimObj.vimFile) file then vimObj.start()
end function// ******************************************************************************
// * brief vim
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.vim function(InputParams)vimObj.vimFile vimObj.tempFile Target self.getPath(InputParams[0])for File in Target[0].get_filesif File.name Target[1] thenif File.is_binary then print(String(cat: cant open File.path . Binary file, 1, 255, 0, 0) \n)returnelseif typeof(File.get_content) ! null thenvimObj.vimFile Fileelse print(String(Permission denied, 1, 255, 0, 0) \n)returnend ifbreakend ifend ifend forif typeof(vimObj.vimFile) ! file and (self.Type shell or self.Type computer) thenself.computer.touch(Target[0].path, Target[1])vimObj.vimFile self.computer.File(Target[0].path / Target[1])end ifif typeof(vimObj.vimFile) file then vimObj.start()
end function// ******************************************************************************
// * brief useradd
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.useradd function(InputParams)if InputParams.len ! 1 or InputParams[0] -h or InputParams[0] --help then print(command_info(useradd_usage))returnend ifinputMsg Setting password for user InputParams[0] .\nNew password:inputPass user_input(inputMsg, true)output self.computer.create_user(InputParams[0], inputPass)if output true then print(String(User created OK, 1, 0, 255, 0))Create_Folder_Flag user_input(是否创建用户文件夹目录? [Y/N]\n).trim.lowerif Create_Folder_Flag y thenself.computer.File(/home/ InputParams[0] /Desktop)self.computer.File(/home/ InputParams[0] /Config)self.computer.File(/home/ InputParams[0] /Downloads)self.computer.File(/home/ InputParams[0] /.Trash)self.computer.File(/home/ InputParams[0])end ifreturnend ifif output then print(String(output, 1, 0, 255, 0))returnend ifprint(String(Error: the user could not be created., 1, 0, 255, 0))
end function// ******************************************************************************
// * brief userdel
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.userdel function(InputParams)if not InputParams.len or (InputParams.len 1 and InputParams[0].lower -r) or InputParams[0] -h or InputParams[0] --help then print(command_info(userdel_usage))returnend ifdelete 0if InputParams[0].lower -r thendelete 1InputParams.pullend ifoutput self.computer.delete_user(InputParams[0], delete)if output true then print(String(user InputParams[0] deleted., 1, 0, 255, 0))returnend ifif output then print(String(output, 1, 0, 255, 0))returnend ifprint(String(Error: user not deleted., 1, 255, 0, 0))
end function// ******************************************************************************
// * brief 进入remoteShell while循环
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.start function(Exploit, Type, HackInput)if HackInput ! thenself.Object Exploit[3].overflow(Exploit[0], Exploit[1], HackInput)elseself.Object Exploit[3].overflow(Exploit[0], Exploit[1])end ifself.permission Exploit[2]self.Type Typeif self.Type shell thenself.currentFolder self.Object.host_computer.File(/)self.computer self.Object.host_computerself.shellObj self.Objectelse if self.Type computer thenself.currentFolder self.Object.File(/)self.computer self.Objectelse if self.Type file thenwhile not self.Object.path /self.Object self.Object.parentend whileself.currentFolder self.Objectend ifwhile trueself.ls_la()self.input user_input(b ShellOs.TargetIP /b~ self.permission b self.Type /b : self.currentFolder.path ).trimif self.input.lower exit then return else if self.input.split( )[0].lower cd thenself.cdFunc()else if self.input.split( )[0].lower cat and self.input.split( ).len 2 thenself.cat()else if self.input.split( )[0].lower vim and self.input.split( ).len 2 thenself.vim(self.input.split( )[1:])else if self.input.split( )[0].lower cp and self.input.split( ).len 3 thenself.cp()else if self.input.split( )[0].lower mv and self.input.split( ).len 3 thenself.mv()else if self.input.split( )[0].lower rm and self.input.split( ).len 1 thenself.rm()else if self.input.split( )[0].lower scanpsw thenself.ScanPsw()else if self.input.split( )[0].lower mkdir and self.input.split( ).len 2 and (self.Type shell or self.Type computer) thenself.mkdir()else if self.input.split( )[0].lower touch and self.input.split( ).len 2 and (self.Type shell or self.Type computer) thenself.touch(self.input.split( )[1:])else if self.input.split( )[0].lower ps and (self.Type shell or self.Type computer) thenself.ps()else if self.input.split( )[0].lower scp and self.input.split( ).len 3 and self.input.split( ).len 4 and self.Type shell then self.scp(self.input.split( )[1:])else if self.input.split( )[0].lower terminal and self.Type shell thenself.Terminal()else if self.input.split( )[0].lower run and self.Type shell thenself.run()else if self.input.split( )[0].lower build and self.Type shell thenself.build(self.input.split( )[1:])else if self.input.split( )[0].lower bounce and self.Type shell thenself.bounce()else if self.input.split( )[0].lower ping and self.Type shell and self.input.split( ).len 2 thenself.ping(self.input.split( )[1:])else if self.input.split( )[0].lower chmod and self.input.split( ).len 3 and self.input.split( ).len 4 thenself.chmod(self.input.split( )[1:])else if self.input.split( )[0].lower useradd and self.input.split( ).len 2 and (self.Type shell or self.Type computer) thenself.useradd(self.input.split( )[1:])else if self.input.split( )[0].lower userdel and self.input.split( ).len 2 and self.input.split( ).len 3 and (self.Type shell or self.Type computer) thenself.userdel(self.input.split( )[1:])else if self.input help thenprint(String(可用命令如下: , 1, 0, 255, 0))if self.Type computer or self.Type shell thenif self.Type shell thenfor FuncName in self.shellFuncprint(String( FuncName, 0, 255, 215, 0))end forend iffor FuncName in self.computerFuncprint(String( FuncName, 0, 192, 192, 192))end forend iffor FuncName in self.fileFuncprint(String( FuncName, 0, 184, 115, 51))end for print( )end ifend while
end function// ******************************************************************************
// * brief 攻击本机
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-16 Royic 1.实现基本功能
// ******************************************************************************
localHack function()ShellOs.TargetIP get_router.public_ipShellOs.PortExploits [[shell, []], [computer, []], [file, []]]HackInput user_input(请输入要注入的密码, 不需要则跳过:\n)metaLibs []metaLibs.push(metaxploit.load(/lib/net.so))metaLibs.push(metaxploit.load(/lib/init.so))for metaLib in metaLibsprint(Founded metaLib.lib_name metaLib.version)if not metaLib then print(String(Error: TargetLib not found., 1, 255, 0, 0))elseexploits metaxploit.scan(metaLib)for exploit in exploitsresult_lists metaxploit.scan_address(metaLib, exploit).split(Unsafe check: )[1:]for result_list in result_liststarget_str result_list.split(.)[0]target_key target_str.split( )[-1]if HackInput ! thenresult metaLib.overflow(exploit, target_key[3:-4], HackInput)elseresult metaLib.overflow(exploit, target_key[3:-4])end ifnetExploitsCount 0if typeof(result) shell thenShellOs.PortExploits[0][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) computer thenShellOs.PortExploits[1][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) file thenShellOs.PortExploits[2][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) number and (not is_lan_ip(HackInput) and HackInput ! ) thenprint(String(密码注入成功!, 1, 255, 255, 0))end ifend forend forend ifend forif ShellOs.PortExploits ! [[shell, []], [computer, []], [file, []]] then print(String(扫描到下列漏洞, 1, 255, 255, 255))No 0for Object in ShellOs.PortExploitsif Object[1] ! [] then print(String(Object[0] , 1, 255, 255, 255))for _ in Object[1]if _[2] root thenprint(String(No . _[:-1], 1, 255, 215, 0))else if _[2] guest thenprint(String(No . _[:-1], 1, 184, 115, 51))elseprint(String(No . _[:-1], 1, 192, 192, 192))end ifNo No 1end forend forif ShellOs.PortExploits[0][1].len ShellOs.PortExploits[1][1].len ShellOs.PortExploits[2][1].len 0 thenChosenExploit user_input(请选择要攻击的漏洞\n).to_intwhile ChosenExploit No or ChosenExploit 0if ChosenExploit.trim.lower exit then returnelseChosenExploit user_input(输入有误! 请选择要攻击的漏洞\n).to_intend ifend whileif ChosenExploit ShellOs.PortExploits[0][1].len thenremoteShell.start(ShellOs.PortExploits[0][1][ChosenExploit], shell, HackInput)else if ChosenExploit ShellOs.PortExploits[0][1].len ShellOs.PortExploits[1][1].len thenremoteShell.start(ShellOs.PortExploits[1][1][ChosenExploit - ShellOs.PortExploits[0][1].len], computer, HackInput)else if ChosenExploit ShellOs.PortExploits[0][1].len ShellOs.PortExploits[1][1].len ShellOs.PortExploits[2][1].len thenremoteShell.start(ShellOs.PortExploits[2][1][ChosenExploit - ShellOs.PortExploits[1][1].len - ShellOs.PortExploits[0][1].len], file, HackInput)end ifelse print(String(没有可攻击的漏洞!, 1, 255, 0, 0))end if
end function// ******************************************************************************
// * brief 黑入
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
Hack function()ShellOs.PortExploits [[shell, []], [computer, []], [file, []]]address ShellOs.TargetIPHackInput user_input(请输入要攻击的端口号/LAN地址:\n)if typeof(HackInput.to_int) number thenport HackInput.to_intnet_session metaxploit.net_use(address, port)else if HackInput exit thenreturnelsenet_session metaxploit.net_use(address)end if if not net_session then print(String(Error: cant connect to net session, 1, 255, 0, 0))returnend ifif not is_lan_ip(HackInput) then HackInput user_input(请输入要注入的密码, 不需要则跳过:\n)metaLib net_session.dump_libprint(Founded metaLib.lib_name metaLib.version)if not metaLib then print(String(Error: TargetLib not found., 1, 255, 0, 0))returnend ifexploits metaxploit.scan(metaLib)for exploit in exploits// print(String(exploit, 1, 255, 0, 0))result_lists metaxploit.scan_address(metaLib, exploit).split(Unsafe check: )[1:]for result_list in result_liststarget_str result_list.split(.)[0]target_key target_str.split( )[-1]if HackInput ! thenresult metaLib.overflow(exploit, target_key[3:-4], HackInput)elseresult metaLib.overflow(exploit, target_key[3:-4])end if// print(String(target_key[3:-4] : typeof(result), 1, 255, 255, 0))// print(result_list)if typeof(result) shell thenShellOs.PortExploits[0][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) computer thenShellOs.PortExploits[1][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) file thenShellOs.PortExploits[2][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])else if typeof(result) number and (not is_lan_ip(HackInput) and HackInput ! ) thenprint(String(密码注入成功!, 1, 255, 255, 0))end ifend forend forif ShellOs.PortExploits ! [[shell, []], [computer, []], [file, []]] then print(String(扫描到下列漏洞, 1, 255, 255, 255))No 0for Object in ShellOs.PortExploitsif Object[1] ! [] then print(String(Object[0] , 1, 255, 255, 255))for _ in Object[1]if _[2] root thenprint(String(No . _[:-1], 1, 255, 215, 0))else if _[2] guest thenprint(String(No . _[:-1], 1, 184, 115, 51))elseprint(String(No . _[:-1], 1, 192, 192, 192))end ifNo No 1end forend forif ShellOs.PortExploits[0][1].len ShellOs.PortExploits[1][1].len ShellOs.PortExploits[2][1].len 0 thenChosenExploit user_input(请选择要攻击的漏洞\n).to_intwhile ChosenExploit No or ChosenExploit 0if ChosenExploit.trim.lower exit then returnelseChosenExploit user_input(输入有误! 请选择要攻击的漏洞\n).to_intend ifend whileif ChosenExploit ShellOs.PortExploits[0][1].len thenremoteShell.start(ShellOs.PortExploits[0][1][ChosenExploit], shell, HackInput)else if ChosenExploit ShellOs.PortExploits[0][1].len ShellOs.PortExploits[1][1].len thenremoteShell.start(ShellOs.PortExploits[1][1][ChosenExploit - ShellOs.PortExploits[0][1].len], computer, HackInput)else if ChosenExploit ShellOs.PortExploits[0][1].len ShellOs.PortExploits[1][1].len ShellOs.PortExploits[2][1].len thenremoteShell.start(ShellOs.PortExploits[2][1][ChosenExploit - ShellOs.PortExploits[1][1].len - ShellOs.PortExploits[0][1].len], file, HackInput)end ifelse print(String(没有可攻击的漏洞!, 1, 255, 0, 0))end if
end function// ******************************************************************************
// * brief Wifi万能钥匙
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
WifiCracker function()computer get_shell.host_computerstatus Unknown Error.cryptools.airmon(start, wlan0)devices computer.network_devicesnetworks computer.wifi_networks(wlan0)if networks null then print(String(Fail..., 1, 255, 0, 0))end ifnetwork_list []ID 1info No. BSSID PWR ESSIDfor network in networksinfo info \n str(ID) : networkID ID 1network_list.push(network.split( ))end forprint(format_columns(info))Target_ID 0while (Target_ID 0 or Target_ID len(network_list))Target_ID val(user_input(Select a network device\n))end whiledata cryptools.aireplay(network_list[Target_ID - 1][0], network_list[Target_ID - 1][2], ceil(300000/network_list[Target_ID - 1][1].split(%)[0].to_int))if typeof(data) string then print(data)end iffile computer.File(current_path/file.cap)if not file or not file.has_permission(r) or not file.has_permission(w) then print(String(Permission denied, File Error., 1, 255, 0, 0))returnend ifif file thenresult cryptools.aircrack(file.path)status computer.connect_wifi(wlan0, network_list[Target_ID - 1][0], network_list[Target_ID - 1][2], result) file.deleteend ifif status then print(String(Wifi Online., 1, 0, 255, 0))elseprint(String(Unknown Error., 1, 255, 0, 0))end if
end function// ******************************************************************************
// * brief 安全卫士
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
Defender function()if active_user ! root then print(String(Not Root, 1, 255, 0, 0))returnend ifcomputer get_shell.host_computerfile computer.File(/)output file.chmod(o-rwx,true)if output then print(output)file2 computer.File(/etc)output2 file2.chmod(g-rwx,true)if output2 then print(output2)output2b file2.chmod(u-rwx,true)if output2b then print(output2b)file3 computer.File(/sys)output3 file3.chmod(g-rwx,true)if output then print(output3)output3b file3.chmod(u-rwx,true)if output3b then print(output3b)file4 computer.File(/boot)output4 file4.chmod(g-rwx,true)if output4 then print(output4)output4b file4.chmod(u-rwx,true)if output4b then print(output4b)file5 computer.File(/var)output5 file5.chmod(g-rwx,true)if output5 then print(output5)output5b file5.chmod(u-rwx,true)if output5b then print(output5b)file6 computer.File(/root)output6 file6.chmod(g-rwx,true)if output6 then print(output6)homeFolder computer.File(/home)if not homeFolder then print(String(Error: /home folder not found, 1, 255, 0, 0))elseuserFolders homeFolder.get_foldersfor userFolder in userFoldersConfigFile computer.File(/home/ userFolder.name /Config)Configput ConfigFile.chmod(g-rwx,true)if Configput then print(Configput)end forend iffilelast computer.File(/home/guest)if not filelast then print(String(No Guest User Directories, Permissions Change Complete, 1, 0, 255, 0))returnend ifoutputlast filelast.chmod(g-rwx,true)if outputlast then print(outputlast)outputlastb filelast.chmod(u-rwx,true)if outputlastb then print(outputlastb)filelast.deleteprint(String(Permissions Change Complete, 1, 0, 255, 0))
end function// ******************************************************************************
// * brief 服务器安全卫士
// * history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
serverDefender function()if active_user ! root then print(String(Not Root, 1, 255, 0, 0))returnelsecomputer get_shell.host_computerend iffile computer.File(/)output file.chmod(o-rwx,true)if output then print(output)file2 computer.File(/etc)output2 file2.chmod(g-rwx,true)if output2 then print(output2)output2b file2.chmod(u-rwx,true)if output2b then print(output2b)file3 computer.File(/sys)output3 file3.chmod(g-rwx,true)if output then print(output3)output3b file3.chmod(u-rwx,true)if output3b then print(output3b)file4 computer.File(/boot)output4 file4.chmod(g-rwx,true)if output4 then print(output4)output4b file4.chmod(u-rwx,true)if output4b then print(output4b)file5 computer.File(/var)output5 file5.chmod(g-rwx,true)if output5 then print(output5)output5b file5.chmod(u-rwx,true)if output5b then print(output5b)file6 computer.File(/root)output6 file6.chmod(g-rwx,true)if output6 then print(output6)file7 computer.File(/usr)output7 file7.chmod(g-rwx,true)if output7 then print(output7)LogViewer_Del_Flag user_input(是否删除LogViewer? [Y/N]\n, 0)if LogViewer_Del_Flag.trim.lower y thenLogViewer_File computer.File(/usr/bin/LogViewer.exe)if LogViewer_File thenLogViewer_File.deleteLogViewer_File computer.File(/usr/bin/LogViewer.exe)if not LogViewer_File then print(Done: /usr/bin/LogViewer.exe was deleted)end ifend ifhomeFolder computer.File(/home)if not homeFolder then print(String(Error: /home folder not found, 1, 255, 0, 0))elsehomeoutput homeFolder.chmod(g-rwx,true)homeFolder.deletehomeFolder computer.File(/home)if not homeFolder then print(Done: /home folder was deleted)end iffilelast computer.File(/home/guest)if not filelast then print(String(No Guest User Directories, Permissions Change Complete, 1, 0, 255, 0))returnend ifoutputlast filelast.chmod(g-rwx,true)if outputlast then print(outputlast)outputlastb filelast.chmod(u-rwx,true)if outputlastb then print(outputlastb)filelast.deleteprint(String(Permissions Change Complete, 1, 0, 255, 0))end function// ******************************************************************************
// * brief 重新显示端口信息
// ******************************************************************************
showPortInfo function()print(ShellOs.PortsInfo)
end function// ******************************************************************************
// * brief 向伪文件夹添加函数
// ******************************************************************************
localAttack.program [[更新IP并扫描, nmap], [重新显示端口信息, showPortInfo], [攻击本机, localHack], [黑入, Hack]]
remoteAttack.program [[更新IP并扫描, nmap], [深度扫描, deepScan], [重新显示端口信息, showPortInfo], [黑入, Hack]]
Applications.program [[Wifi万能钥匙, WifiCracker], [安全卫士, Defender], [服务器安全卫士, serverDefender]]// ******************************************************************************
// * brief 主循环
// ******************************************************************************
while trueShellOs.currentFolder.display()ShellOs.input user_input(b ShellOs.TargetIP /b~ ShellOs.permission ShellOs:/ ShellOs.getPath ).trimif ShellOs.input.lower exit then exit else if 0 ShellOs.input.to_int and ShellOs.input.to_int ShellOs.currentFolder.subFolder.len ShellOs.currentFolder.program.len thenif 0 ShellOs.input.to_int and ShellOs.input.to_int ShellOs.currentFolder.subFolder.len thenShellOs.currentFolder ShellOs.currentFolder.subFolder[ShellOs.input.to_int]else if ShellOs.currentFolder.subFolder.len ShellOs.input.to_int and ShellOs.input.to_int ShellOs.currentFolder.subFolder.len ShellOs.currentFolder.program.len thenShellOs.currentFolder.program[ShellOs.input.to_int - ShellOs.currentFolder.subFolder.len][1]end ifelse if ShellOs.input.lower back thenif ShellOs.currentFolder.parentFolder ! null then ShellOs.currentFolder ShellOs.currentFolder.parentFolder else if ShellOs.input.split( )[0] cd thenShellOs.cdFunc()end if
end while
