-
Notifications
You must be signed in to change notification settings - Fork 2
/
libReset.ms
157 lines (149 loc) · 5.13 KB
/
libReset.ms
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
//resets global libraries
//useful for creating vulnerabilities for missions
// or hunting secure libraries
//launch with 'reset [port# or /file/path.so]'
//use file path for local attacks and port for random remote attacks
//must attack the most recent version of target library
//must have the most recent version of metaxploit.so
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then metaxploit = include_lib(parent_path(program_path) + "/metaxploit.so")
if not metaxploit then exit("\n<color=white>no metaxploit")
c = get_shell.host_computer
count = 0
metaLib = null
globals.deviceList = []
if params.len > 0 then i1 = params[0] else i1 = user_input("<color=white>[/file/path.so(local)] or [port#] >")
rng = function()
return floor((rnd * 255) + 1)
end function
getMeta = function()
print("scanning...")
net_session = null
if typeof(i1.to_int) != "number" then
return metaxploit.load(i1)
else
while true
ip = rng + "." + rng + "." + rng + "." + rng
if is_valid_ip(ip) then
router = get_router(ip)
if router != null then
globals.deviceList = []
globals.deviceList = router.devices_lan_ip
ports = router.used_ports
if ports.len > 0 then
for port in ports
net_session = null
if router.port_info(port).hasIndex(i1 + "\n") then
net_session = metaxploit.net_use(ip,i1.to_int)
if net_session then
return net_session.dump_lib
continue
end if
end if
end for
end if
end if
end if
end while
end if
end function
libReset = function(lib)
metaLib = getMeta
if metaLib then
while true
if count > 0 then
vCheck = true
if count % 100 then clear_screen
while vCheck
metaLib = getMeta
if metaLib.version != memVer then
if count != 1 then exit("\n<color=white>" + metaLib.lib_name + " updated to " + " v." + metaLib.version + "\n")
metaLib = getMeta
else
vCheck = false
end if
end while
libInfo = metaLib.lib_name + " v." + metaLib.version
print("<color=white>scanning " + libInfo + "...")
else if count == 0 then
vCheck = false
while not vCheck
libInfo = metaLib.lib_name + " v." + metaLib.version
print("<color=white>scanning " + libInfo + "...")
if user_input("<color=white>correct version? [y/n] >") == "n" then
metaLib = getMeta
else
memVer = metaLib.version
vCheck = true
end if
end while
end if
vulnMap = {}
fileMap = {}
count = count + 1
c.touch(current_path, "vuln.db")
file = c.File(current_path + "/vuln.db")
content = file.get_content
if content.indexOf(libInfo) != null then
libIndex = content.indexOf(libInfo)
memFile = slice(content, libIndex, content.indexOf(">",libIndex)).split(char(10))
memFile.remove(0)
memFile.remove(memFile.len - 1)
if i1.indexOf("/") == 0 then num = 100000 else num = 100
for x in range(num)
for line in memFile
line = line.split(":")
mem = line[0]
values = line[1].split(" ")
for value in values
if i1.to_int == 0 and globals.deviceList.len > 0 then
for device in globals.deviceList
print(device)
result = metaLib.overflow(mem, value, device)
end for
else
result = metaLib.overflow(mem, value, "pass")
end if
end for
end for
end for
else
memory = metaxploit.scan(metaLib)
if not memory then print("no exploits detected.")
password = null
for mem in memory
address = metaxploit.scan_address(metaLib, mem).split("Unsafe check:")
userList = null
for add in address
if add == address[0] then continue
value = add[add.indexOf("<b>")+3:add.indexOf("</b>")]
if i1.to_int == 0 and globals.deviceList.len > 0 then
for device in globals.deviceList
print(device)
result = metaLib.overflow(mem, value, device)
end for
else
result = metaLib.overflow(mem, value, "pass")
end if
if result then
if vulnMap.hasIndex(mem) then
if vulnMap[mem].indexOf(value) == null then
vulnMap[mem] = (vulnMap[mem] + [value])
end if
else
vulnMap[mem] = [value]
end if
end if
end for
end for
vulnCont = ""
for vuln in vulnMap
value = vuln.value.join(" ")
vulnCont = vulnCont + vuln.key + ":" + value + char(10)
end for
if content.indexOf(libInfo) == null then file.set_content(content + char(10) + libInfo + char(10) + vulnCont + ">")
end if
end while
end if
end function
libReset(i1)