版本:Grey Hack v0.7.3619 - Alpha
交互界面
基本功能
使用cd命令和数字选项切换路径
本地攻击
攻击本机
利用net.so和init.so发动攻击
远程攻击
应用程序
扫描功能
更新IP并扫描
深度扫描
黑入功能
通过开放的端口/LAN IP发动攻击
类shell交互界面
选择相应的漏洞后进入类shell交互界面
根据所选漏洞种类的不同(shell, computer, file),能调用的命令也不同
一些特殊命令
bounce
用于部署shellOs环境
run
用于执行脚本
ScanPsw
vim
文本编辑器
使用:help查看帮助
build
编译src文件
脚本源码
// ******************************************************************************
// * @file main.src
// * @brief Shell Os
// * @history
// * Version Date Author Modification
// * v0.1.0 2021-09-05 rocketorbit 1. 创建项目及实现远程攻击
// * v0.1.1 2021-09-07 Royic 1. 实现面向对象的基本框架 实现伪文件夹系统
// * 2. 加入字符串加粗、设定颜色函数
// * v0.1.2 2021-09-09 Royic 1. 初步实现cd命令,修bug
// * v0.1.3 2021-09-10 Royic 1. 完善cd命令,实现相对路径cd
// * v0.1.4 2021-09-11 Royic 1. 重构nmap函数
// * 2. 补全深度扫描功能
// * v0.2.0 2021-09-12 Royic 1. 初步建立remoteShell框架
// * v0.3.0 2021-09-13 Royic 1. 初步完善以file类为基础的命令体系
// * 2. 可用的命令有cd cat cp mv rm ScanPsw exit
// * v0.4.0 2021-09-13 Royic 1. 加入computer命令体系 可用命令有mkdir, touch, ps
// * v0.4.1 2021-09-13 rocketorbit 1. 加入攻击本机功能
// * v0.5.0 2021-09-14 Royic 1. 修复scp
// * 2. 加入shell命令体系, 可用命令有build、run、bounce、ping、Terminal
// * v0.6.0 2021-09-14 Royic 1. 建立vim文字编辑器体系 可用命令有:new, :clr, :clr, :del, :del, :add, :exit/:q, :x/:wq, :change, :replace 暂时不能不保存就退出
// * v0.6.1 2021-09-18 Royic 1. 加入chmod
// * v0.6.2 2021-09-18 Royic 1. 加入应用程序、useradd、userdel
// * v0.6.3 2021-09-21 Royic 1. 修bug
// ******************************************************************************
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
if not metaxploit then
exit("Error: 没有在本路径或/lib找到metaxploit.so")
else
metaxploitPath = current_path + "/metaxploit.so"
end if
else
metaxploitPath = "/lib/metaxploit.so"
end if
cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
if not cryptools then
exit("Error: 没有在本路径或/lib找到crypto.so")
else
cryptoPath = current_path + "/crypto.so"
end if
else
cryptoPath = "/lib/crypto.so"
end if
Folder = {}
Folder.name = ""
Folder.parentFolder = "null"
Folder.subFolder = []
Folder.program = []
// ******************************************************************************
// * @brief 字符串加粗、设定颜色
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// * v0.0.2 2021-09-09 Royic 1.补floor修bug
// ******************************************************************************
Num2Hex = function(Num)
if Num >= 255 then
return "FF"
else if Num <= 0 then
return "00"
end if
HexMap = {0:"0",1:"1",2:"2",3:"3",4:"4",5:"5",6:"6",7:"7",8:"8",9:"9",10:"A",11:"B",12:"C",13:"D",14:"E",15:"F"}
return (HexMap[floor(Num / 16)] + HexMap[Num % 16])
end function
String = function(Str, Bold_Key, R_val, G_val, B_val)
Color = Num2Hex(R_val) + Num2Hex(G_val) + Num2Hex(B_val)
if Bold_Key then
Bold_Start = "<b>"
Bold_End = "</b>"
else
Bold_Start = ""
Bold_End = ""
end if
if Color == "00FF00" then
return (Bold_Start + Str + Bold_End)
else
return ("<color=#" + Color + ">" + Bold_Start + Str + Bold_End + "</color>")
end if
end function
// ******************************************************************************
// * @brief Folder类添加子文件夹
// * @note 直接push会出错,只能利用临时变量
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Folder.addFolder = function(NewFolder)
tempList = []
tempList.push(NewFolder)
self.subFolder = self.subFolder + tempList
NewFolder.parentFolder = self
end function
// ******************************************************************************
// * @brief Folder类打印子文件夹名
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Folder.display = function()
printStr = ""
ID = 0
for _ in self.subFolder
printStr = printStr + String(str(ID) + ".", 1, 255, 255, 255) + String(_.name, 1, 255, 255, 0) + " "
ID = ID + 1
end for
if self.subFolder != [] then
print(String("Folder(s)", 0, 255, 255, 255))
print(printStr)
end if
printStr = ""
for _ in self.program
printStr = printStr + String(str(ID) + ".", 1, 255, 255, 255) + String(_[0], 1, 128, 255, 255) + " "
ID = ID + 1
end for
if self.program != [] then
print(String("Program(s)", 0, 255, 255, 255))
print(printStr)
end if
return self.name
end function
// ******************************************************************************
// * @brief 警告
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
Warn = function()
print(String("Warning: 此功能尚待添加!", 1, 255, 255, 0))
end function
// ******************************************************************************
// * @brief 伪文件夹系统初始化
// ******************************************************************************
root = new Folder
root.name = ""
localAttack = new Folder
localAttack.name = "本地攻击"
root.addFolder(localAttack)
remoteAttack = new Folder
remoteAttack.name = "远程攻击"
root.addFolder(remoteAttack)
Applications = new Folder
Applications.name = "应用程序"
root.addFolder(Applications)
ShellOs = {}
ShellOs.version = "v0.1.0"
ShellOs.input = ""
ShellOs.MenuFloor = 1
ShellOs.currentFolder = root
ShellOs.permission = "null"
ShellOs.TargetIP = ""
ShellOs.OtherRoutersLan = []
ShellOs.KnownComputersLan = []
ShellOs.KernelRouterLib = []
ShellOs.KernelRouterExploits = []
ShellOs.KernelRouterComputerExploit = []
ShellOs.PortExploits = [["shell", []], ["computer", []], ["file", []]]
ShellOs.PortsInfo = ""
// ******************************************************************************
// * @brief ShellOs部分成员初始化
// ******************************************************************************
ShellOs.init = function()
self.OtherRoutersLan = []
self.KnownComputersLan = []
self.KernelRouterLib = []
self.KernelRouterExploits = []
self.KernelRouterComputerExploit = []
self.PortExploits = [["shell", []], ["computer", []], ["file", []]]
self.PortsInfo = ""
end function
// ******************************************************************************
// * @brief 获取当前绝对路径
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
ShellOs.getPath = function()
PathStr = ""
thisFolder = ShellOs.currentFolder
while thisFolder.parentFolder != "null"
PathStr = thisFolder.name + "/" + PathStr
thisFolder = thisFolder.parentFolder
end while
return PathStr[:-1]
end function
// ******************************************************************************
// * @brief 获取IP
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// ******************************************************************************
ShellOs.getIP = function()
Option = self.currentFolder.name
self.TargetIP = ""
if Option == "远程攻击" then
WarnStr = ""
while true
self.TargetIP = user_input(WarnStr + "请输入一个正确的IP/网址:\n")
if self.TargetIP.trim.lower == "exit" then
return
else if self.TargetIP.split(".")[0] == "www" and self.TargetIP.split(".").len == 3 then
self.TargetIP = nslookup(self.TargetIP)
end if
if not get_shell.ping(self.TargetIP) then
WarnStr = "输入错误! "
else if typeof(get_router(self.TargetIP)) == "null" and typeof(get_switch(self.TargetIP)) == "null" then
WarnStr = "输入错误! "
else if get_router(self.TargetIP).local_ip == self.TargetIP then
WarnStr = ""
else
WarnStr = ""
end if
if WarnStr == "" then break
end while
return
else if Option == "本地攻击" then
self.TargetIP = get_router.public_ip
return
end if
end function
// ******************************************************************************
// * @brief cd命令
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-09 Royic 1.实现基本功能
// * v0.0.2 2021-09-10 Royic 1.完善功能,实现相对路径cd
// ******************************************************************************
ShellOs.cdFunc = function()
if self.input == "cd" then
self.currentFolder = root
return
end if
InputPath = []
for _ in self.input.split(" ")[1].split("/")
if _ != "" then InputPath.push(_)
end for
if InputPath == [] or self.input.split(" ")[1][0] == "/" then
self.currentFolder = root
else if self.input.split(" ")[1] == "." or self.input.split(" ")[1][:1] == "./" then
InputPath = InputPath[1:]
else if InputPath[0] == ".." then
if self.currentFolder.parentFolder != "null" then self.currentFolder = self.currentFolder.parentFolder
InputPath = InputPath[1:]
end if
for _ in InputPath
No = 0
for SubFolder in self.currentFolder.subFolder
if SubFolder.name == _ then
self.currentFolder = self.currentFolder.subFolder[No]
break
end if
No = No + 1
end for
end for
return
end function
// ******************************************************************************
// * @brief 显示详细信息
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-07 Royic 1.实现基本功能
// * v0.0.2 2021-09-11 Royic 1.重构
// ******************************************************************************
nmap = function()
ShellOs.init()
ShellOs.getIP()
Target_Router = get_router(ShellOs.TargetIP)
Routers_LAN = []
Computers_LAN = []
Devices_LAN = Target_Router.devices_lan_ip
for Device_LAN in Devices_LAN
Router_Ports = []
for Router_Port in Target_Router.device_ports(Device_LAN)
Router_Ports.push(Router_Port.port_number)
end for
if Router_Ports != [] and Router_Ports[0] == 8080 then
Routers_LAN.push([])
Routers_LAN[Routers_LAN.len - 1].push(Device_LAN)
Routers_LAN[Routers_LAN.len - 1].push(Router_Ports)
else
Computers_LAN.push(Device_LAN)
ShellOs.KnownComputersLan.push(Device_LAN)
end if
if Target_Router.public_ip == get_router().public_ip then
New_Router = get_router(Device_LAN)
New_Switch = get_switch(Device_LAN)
if New_Switch then New_Router = New_Switch
if New_Router then
print("\n" + String("Kernel version: " + New_Router.kernel_version, 0, 255, 255, 255))
print(String(Device_LAN + ": " + Router_Ports, 1, 255, 255, 255))
New_Devices_LAN = New_Router.devices_lan_ip
for New_Device_LAN in New_Devices_LAN
if not get_router(New_Device_LAN) and not get_switch(New_Device_LAN) then
print(String(New_Device_LAN, 0, 255, 255, 0))
end if
end for
Firewall_Rules = "Action Port Source_IP Destination_IP"
for _ in New_Router.firewall_rules
Firewall_Rules = Firewall_Rules + "\n" + _
end for
if Firewall_Rules != "Action Port Source_IP Destination_IP" then
print(format_columns(Firewall_Rules))
end if
end if
end if
end for
Ports = Target_Router.used_ports
Port_Info = String("Port State Service Version LAN", 0, 255, 255, 255)
Port_Info = Port_Info + "\n" + String(0 + " " + "Opened" + " " + "router" + " " + Target_Router.kernel_version + " " + Target_Router.local_ip, 0, 255, 215, 0)
for Port in Ports
if Port.is_closed then
Port_Status = "Closed"
else
Port_Status = "Opened"
end if
Port_Info = Port_Info + "\n" + String(Port.port_number + " " + Port_Status + " " + Target_Router.port_info(Port) + " " + Port.get_lan_ip, 0, 255, 215, 0)
if typeof(ShellOs.KnownComputersLan.indexOf(Port.get_lan_ip)) == "null" then ShellOs.KnownComputersLan.push(Port.get_lan_ip)
end for
if Target_Router.public_ip != get_router().public_ip then
print("\n" + String("Kernel version: " + Target_Router.kernel_version, 0, 255, 255, 255))
if Routers_LAN != [] then
print(String(Routers_LAN[0][0] + ": " + Routers_LAN[0][1], 1, 255, 255, 255))
if Computers_LAN != [] then
Router_LAN_Head = Routers_LAN[0][0].split(".")
Router_LAN_Head = Router_LAN_Head[0] + "." + Router_LAN_Head[1] + "." + Router_LAN_Head[2]
for Computer_LAN in Computers_LAN
Computer_LAN_Head = Computer_LAN.split(".")
Computer_LAN_Head = Computer_LAN_Head[0] + "." + Computer_LAN_Head[1] + "." + Computer_LAN_Head[2]
if Router_LAN_Head == Computer_LAN_Head then print(String(Computer_LAN, 1, 255, 255, 0))
end for
end if
Firewall_Rules = "Action Port Source_IP Destination_IP"
for _ in Target_Router.firewall_rules
Firewall_Rules = Firewall_Rules + "\n" + _
end for
if Firewall_Rules != "Action Port Source_IP Destination_IP" then print(format_columns(Firewall_Rules))
ShellOs.OtherRoutersLan = Routers_LAN[1:]
for Router_LAN_List in ShellOs.OtherRoutersLan
print("\n" + String(Router_LAN_List[0] + ": " + Router_LAN_List[1], 1, 255, 255, 255))
print(String("使用", 0, 255, 255, 0) + String("深度扫描", 1, 128, 255, 255) + String("有可能发现更多主机", 0, 255, 255, 0))
end for
end if
end if
print("\n" + String("Port(s): ", 1, 255, 255, 255))
print(format_columns(Port_Info) + "\n")
Whois_List = whois(ShellOs.TargetIP).split("\n")[1:]
Domain_Name = String("Domain name: ", 0, 0, 255, 0) + String(Whois_List[0].split(": ")[1], 1, 255, 255, 255) + "\n"
Administrator_Name = String("Administrative contact: ", 0, 0, 255, 0) + String(Whois_List[1].split(": ")[1], 1, 255, 255, 255) + "\n"
Email_Address = String("Email address: ", 0, 0, 255, 0) + String(Whois_List[2].split(": ")[1], 1, 255, 255, 255) + "\n"
Phone = String(Whois_List[-1], 0, 0, 255, 0) + "\n"
print(Domain_Name + Administrator_Name + Email_Address + Phone)
ShellOs.PortsInfo = String("Port(s): ", 1, 255, 255, 255) + "\n" + format_columns(Port_Info) + "\n\n" + Domain_Name + Administrator_Name + Email_Address + Phone
end function
// ******************************************************************************
// * @brief 获取路由器Computer类漏洞
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
GetKernelRouterComputerExploit = function()
TestLan = ""
for kernel_router_exploit in ShellOs.KernelRouterExploits
result_lists = metaxploit.scan_address(ShellOs.KernelRouterLib, kernel_router_exploit).split("Unsafe check: ")[1:]
for result_list in result_lists
target_str = result_list.split(".")[0]
target_key = target_str.split(" ")[-1]
if ShellOs.KnownComputersLan != [] then
result = ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], ShellOs.KnownComputersLan[0])
if typeof(result) == "computer" then
ShellOs.KernelRouterComputerExploit = [kernel_router_exploit, target_key[3:-4]]
return
end if
else
if TestLan == "" then
TestLan = user_input("请提供一个此公网内已知的主机LAN地址, 若没有请跳过:\n")
if is_lan_ip(TestLan) then
result = ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], TestLan)
if typeof(result) == "computer" then
ShellOs.KernelRouterComputerExploit = [kernel_router_exploit, target_key[3:-4]]
return
end if
else
TestLan = "null"
end if
end if
for Router in ShellOs.OtherRoutersLan
lanIp = Router[0]
lanIp = lanIp.split(".")
Head = lanIp[0]+"."+lanIp[1]+"."+lanIp[2]+"."
End = lanIp[-1].to_int
for _ in range(1, 255, 1)
if _ != End then
result = ShellOs.KernelRouterLib.overflow(kernel_router_exploit, target_key[3:-4], Head + str(_))
if typeof(result) == "computer" then
ShellOs.KernelRouterComputerExploit = [kernel_router_exploit, target_key[3:-4]]
return
else if typeof(result) != "null" and typeof(result) != "computer" then
break
end if
end if
end for
if typeof(result) != "null" and typeof(result) != "computer" then break
end for
if typeof(result) != "null" and typeof(result) != "computer" then continue
end if
end for
end for
end function
// ******************************************************************************
// * @brief 深度扫描
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
deepScan = function()
if ShellOs.OtherRoutersLan == [] then
print(String("请先扫描网络/该网络没有未知的子网", 1, 255, 255, 0))
return
end if
net_session = metaxploit.net_use(ShellOs.TargetIP)
if not net_session then
print(String("Error: can't connect to net session", 1, 255, 0, 0))
return
end if
ShellOs.KernelRouterLib = net_session.dump_lib
ShellOs.KernelRouterExploits = metaxploit.scan(ShellOs.KernelRouterLib)
GetKernelRouterComputerExploit()
if ShellOs.KernelRouterComputerExploit != [] then
No = 0
for Router in ShellOs.OtherRoutersLan
lanIp = Router[0]
lanIp = lanIp.split(".")
Head = lanIp[0]+"."+lanIp[1]+"."+lanIp[2]+"."
End = lanIp[-1].to_int
for _ in range(1, 255, 1)
if _ != End then
result = ShellOs.KernelRouterLib.overflow(ShellOs.KernelRouterComputerExploit[0], ShellOs.KernelRouterComputerExploit[1], Head + str(_))
if typeof(result) == "computer" then
if ShellOs.OtherRoutersLan[No].len == 2 then ShellOs.OtherRoutersLan[No].push([])
if typeof(ShellOs.OtherRoutersLan[No][2].indexOf(Head + str(_))) == "null" then ShellOs.OtherRoutersLan[No][2].push(Head + str(_))
end if
end if
end for
No = No + 1
end for
print(String("新发现了这些主机: ", 1, 255, 255, 255))
for Router in ShellOs.OtherRoutersLan
if Router.len == 3 then
print("\n" + String(Router[0] + ": " + Router[1], 1, 255, 255, 255))
for ComputerLan in Router[2]
print(String(ComputerLan, 0, 255, 255, 0))
end for
end if
end for
print(" ")
else
print(String("深度扫描失败, 目标IP路由器固件无相关漏洞!\n", 1, 255, 0, 0))
end if
end function
// ******************************************************************************
// * @brief 了解当前身份
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
readPermission = function(result)
if typeof(result) == "shell" then
rootFolder = result.host_computer.File("/root")
homeFolder = result.host_computer.File("/home")
passwdFile = result.host_computer.File("/etc/passwd")
else if typeof(result) == "computer" then
rootFolder = result.File("/root")
homeFolder = result.File("/home")
passwdFile = result.File("/etc/passwd")
else if typeof(result) == "file" then
while not result.path == "/"
result = result.parent
end while
folders = result.get_folders
passwdFile = []
for folder in folders
if folder.name == "root" then
rootFolder = folder
else if folder.name == "home" then
homeFolder = folder
else if folder.name == "etc" then
for File in folder.get_files
if File.name == "passwd" then passwdFile = File
end for
end if
end for
end if
Permission = "null"
if is_folder(rootFolder) and rootFolder.has_permission("w") then
Permission = "root"
else if typeof(passwdFile) == "file" and passwdFile.has_permission("r") then
// if homeFolder then
// Permission = "guest"
// userFolders = homeFolder.get_folders
// for userFolder in userFolders
// if userFolder.has_permission("w") and userFolder.name != "guest" then
// Permission = userFolder.name
// break
// end if
// end for
// else
Permission = "user"
// end if
else
Permission = "guest"
end if
return Permission
end function
remoteShell = {}
remoteShell.Object = ""
remoteShell.Type = ""
remoteShell.input = ""
remoteShell.permission = ""
remoteShell.shellObj = ""
remoteShell.computer = ""
remoteShell.currentFolder = ""
remoteShell.fileFunc = ["cd [绝对路径/相对路径]", "cat [文件名]", "cp [原文件名] [目标文件名]", "mv [原文件名] [目标文件名]", "rm [文件名]", "exit", "ScanPsw", "vim [文件名] (vim中使用':help'查看可用命令)", "chmod [opt:-R] [u,g,o+wrx] [path file/folder]"]
remoteShell.computerFunc = ["mkdir [文件夹名]", "touch [文件名]", "ps", "useradd [new username]", "userdel [opt:-r] [username]"]
remoteShell.shellFunc = ["Terminal", "scp [-u/-d] [原文件名] (可选)[目标文件夹]", "run [命令名] (可选)[参数]", "bounce", "ping [ip address]", "build [源文件] (可选)[目标文件夹]"]
remoteShell.getPath = function(StrPath)
currentFolder = self.currentFolder
InputPath = []
for _ in StrPath.split("/")
if _ != "" then InputPath.push(_)
end for
if InputPath == [] or StrPath[0] == "/" then
while not currentFolder.path == "/"
currentFolder = currentFolder.parent
end while
else if StrPath == "." or StrPath[:1] == "./" then
InputPath = InputPath[1:]
else if InputPath[0] == ".." then
if currentFolder.path != "/" then currentFolder = currentFolder.parent
InputPath = InputPath[1:]
end if
if InputPath != [] then
for _ in InputPath[:-1]
for SubFolder in currentFolder.get_folders
if SubFolder.name == _ then
currentFolder = SubFolder
break
end if
end for
end for
return [currentFolder, InputPath[-1]]
else
return [currentFolder, "null"]
end if
end function
// ******************************************************************************
// * @brief remoteShell cd命令
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cdFunc = function()
if self.input == "cd" then
while not self.currentFolder.path == "/"
self.currentFolder = self.currentFolder.parent
end while
return
end if
InputPath = []
for _ in self.input.split(" ")[1].split("/")
if _ != "" then InputPath.push(_)
end for
if InputPath == [] or self.input.split(" ")[1][0] == "/" then
while not self.currentFolder.path == "/"
self.currentFolder = self.currentFolder.parent
end while
else if self.input.split(" ")[1] == "." or self.input.split(" ")[1][:1] == "./" then
InputPath = InputPath[1:]
else if InputPath[0] == ".." then
if self.currentFolder.path != "/" then self.currentFolder = self.currentFolder.parent
InputPath = InputPath[1:]
end if
for _ in InputPath
for SubFolder in self.currentFolder.get_folders
if SubFolder.name == _ then
self.currentFolder = SubFolder
break
end if
end for
end for
return
end function
// ******************************************************************************
// * @brief remoteShell ls -la命令
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ls_la = function()
subFolders = self.currentFolder.get_folders
output = ""
for subFile in subFolders
nameFile = subFile.name
permission = subFile.permissions
owner = subFile.owner
size = subFile.size
group = subFile.group
output = output + String(permission + " " + owner + " " + group + " " + size + " 00:00 " + "<b>" + nameFile + "</b>", 0, 255, 255, 0) + "\n"
end for
print(String("Folder(s)", 0, 255, 255, 255))
if output != "" then
print(format_columns(output))
else
print(String("Empty", 0, 255, 255, 0) + "\n")
end if
subFiles = self.currentFolder.get_files
output = ""
for subFile in subFiles
nameFile = subFile.name
permission = subFile.permissions
owner = subFile.owner
size = subFile.size
group = subFile.group
output = output + String(permission + " " + owner + " " + group + " " + size + " 00:00 " + "<b>" + nameFile + "</b>", 0, 128, 255, 255) + "\n"
end for
print(String("File(s)", 0, 255, 255, 255))
if output != "" then
print(format_columns(output))
else
print(String("Empty", 0, 128, 255, 255) + "\n")
end if
end function
// ******************************************************************************
// * @brief cat
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cat = function()
Target = self.getPath(self.input.split(" ")[1])
for File in Target[0].get_files
if File.name == Target[1] then
if File.is_binary then
print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")
return
else
if typeof(File.get_content) != "null" then
print(String(File.name + " :", 1, 255, 255, 255))
for Line in File.get_content.split("\n")
print(" " + String(Line, 0, 255, 255, 255))
end for
print(" ")
else
print(String("Permission denied", 1, 255, 0, 0) + "\n")
end if
break
end if
end if
end for
end function
// ******************************************************************************
// * @brief cp
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.cp = function()
Target_Raw = self.getPath(self.input.split(" ")[1])
for File in Target_Raw[0].get_files
if File.name == Target_Raw[1] then
Target_New = self.getPath(self.input.split(" ")[2])
result = File.copy(Target_New[0].path, Target_New[1])
if result == 1 then
print(String("复制成功! ", 1, 0, 255, 0))
else
print(String(result, 1, 255, 0, 0))
end if
end if
end for
end function
// ******************************************************************************
// * @brief mv
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.mv = function()
Target_Raw = self.getPath(self.input.split(" ")[1])
for File in Target_Raw[0].get_files
if File.name == Target_Raw[1] then
Target_New = self.getPath(self.input.split(" ")[2])
result = File.move(Target_New[0].path, Target_New[1])
if result == 1 then
print(String("移动成功! ", 1, 0, 255, 0))
else
print(String(result, 1, 255, 0, 0))
end if
end if
end for
end function
// ******************************************************************************
// * @brief rm
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.rm = function()
if self.input.split(" ")[1].lower == "-r" then
Target = self.getPath(self.input.split(" ")[2])
else
Target = self.getPath(self.input.split(" ")[1])
end if
if self.input.split(" ")[1].lower == "-r" then
for File in Target[0].get_folders
if File.name == Target[1] then
result = File.delete
if result.len == 0 then
print(String("删除成功! ", 1, 0, 255, 0))
else
print(String(result, 1, 255, 0, 0))
end if
end if
end for
else if self.input.split(" ")[1].lower == "*" then
for File in Target[0].get_files
FileName = File.name
result = File.delete
if result.len == 0 then
print(String(FileName + "删除成功! ", 1, 0, 255, 0))
else
print(String(FileName + ": " + result, 1, 255, 0, 0))
end if
end for
else
for File in Target[0].get_files
if File.name == Target[1] then
result = File.delete
if result.len == 0 then
print(String("删除成功! ", 1, 0, 255, 0))
else
print(String(result, 1, 255, 0, 0))
end if
end if
end for
end if
end function
// ******************************************************************************
// * @brief ScanPsw
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ScanPsw = function()
Paths = ["/etc/passwd"]
FileObj = self.currentFolder
homeFolder = ""
while not FileObj.path == "/"
FileObj = FileObj.parent
end while
folders = FileObj.get_folders
for folder in folders
if folder.name == "home" then
homeFolder = folder
end if
end for
if homeFolder != "" then
for folder in homeFolder.get_folders
if folder.name != "guest" then
Paths.push(folder.path + "/Config/Mail.txt")
Paths.push(folder.path + "/Config/Bank.txt")
end if
end for
end if
for Path in Paths
Target = self.getPath(Path)
for File in Target[0].get_files
if File.name == Target[1] then
if File.is_binary then
print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")
return
else
if typeof(File.get_content) != "null" then
print(String(File.name + " :", 1, 255, 255, 255))
for Line in File.get_content.split("\n")
if Line.split(":").len == 2 then
print(String(Line.split(":")[0] + ": ", 0, 255, 255, 255) + String(cryptools.decipher(Line.split(":")[-1]), 1, 255, 255, 0))
end if
end for
print(" ")
else
print(String("Permission denied", 1, 255, 0, 0) + "\n")
end if
break
end if
end if
end for
end for
end function
// ******************************************************************************
// * @brief mkdir
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.mkdir = function()
Target = self.getPath(self.input.split(" ")[1])
self.computer.create_folder(Target[0].path, Target[1])
end function
// ******************************************************************************
// * @brief touch
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.touch = function(InputParams)
Target = self.getPath(InputParams[0])
self.computer.touch(Target[0].path, Target[1])
end function
// ******************************************************************************
// * @brief ps
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ps = function()
print("\n" + self.computer.show_procs + "\n")
end function
// ******************************************************************************
// * @brief Terminal
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.Terminal = function()
self.shellObj.start_terminal
end function
// ******************************************************************************
// * @brief scp
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-13 Royic 1.实现基本功能
// * v0.0.2 2021-09-14 Royic 1.修bug
// ******************************************************************************
remoteShell.scp = function(InputParams)
homeShell = get_shell
result = ""
if InputParams[0].lower == "-u" then
updateFile = homeShell.host_computer.File(InputParams[1])
if updateFile != null then
updateFilePermissions = updateFile.permissions
updateFile.chmod("u+rwx")
updateFile.chmod("g+rwx")
updateFile.chmod("o+rwx")
if InputParams.len == 2 then
result = homeShell.scp(InputParams[1], self.currentFolder.path, self.shellObj)
else if InputParams.len == 3 then
result = homeShell.scp(InputParams[1], InputParams[2], self.shellObj)
end if
if result == 1 then
print(String("传输成功!", 1, 0, 255, 0))
else
print(String("传输失败!", 1, 255, 0, 0))
end if
for _ in [["u", updateFilePermissions[1:4]], ["g", updateFilePermissions[4:7]], ["o", updateFilePermissions[7:]]]
for Permission in ["r", "w", "x"]
if _[1].indexOf(Permission) then
updateFile.chmod(_[0] + "+" + Permission)
else
updateFile.chmod(_[0] + "-" + Permission)
end if
end for
end for
else
print(String("找不到要传输的文件!", 1, 255, 0, 0))
end if
else if InputParams[0].lower == "-d" then
TargetFilePath = self.getPath(InputParams[1])
for File in TargetFilePath[0].get_files
if File.name == TargetFilePath[1] then
TargetFile = File
break
end if
end for
if TargetFile != null then
if InputParams.len == 2 then
DownloadPath = home_dir + "/Downloads"
else if InputParams.len == 3 then
DownloadPath = InputParams[2]
end if
result = self.shellObj.scp(TargetFile.path, DownloadPath, homeShell)
if result == 1 then
print(String("传输成功, 文件已保存至" + DownloadPath + "下!", 1, 0, 255, 0))
else
print(String("传输失败!", 1, 255, 0, 0))
end if
else
print(String("找不到要传输的文件!", 1, 255, 0, 0))
end if
end if
if result == 1 then
return 1
else
return 0
end if
end function
// ******************************************************************************
// * @brief build
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.build = function(InputParams)
Target = self.getPath(InputParams[0])
for File in Target[0].get_files
if File.name == Target[1] then
FuncSrc = File
if InputParams.len == 1 then
self.shellObj.build(FuncSrc.path, Target[0].path)
else if InputParams.len == 2 then
TargetFolder = self.getPath(InputParams[1])
for Folder in TargetFolder[0].get_folders
if Folder.name == TargetFolder[1] then self.shellObj.build(FuncSrc.path, Folder.path)
end for
end if
end if
end for
end function
// ******************************************************************************
// * @brief run
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.run = function()
Target = self.getPath(self.input.split(" ")[1])
for File in Target[0].get_files
if File.name == Target[1] then
Func = File
if self.input.split(" ").len > 2 then
params = self.input.split(" ")[1:]
self.shellObj.launch(Func.path, params)
else
self.shellObj.launch(Func.path, "")
end if
end if
end for
end function
// ******************************************************************************
// * @brief bounce 用于部署环境
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.bounce = function()
if self.scp(["-u", metaxploitPath]) then
if self.scp(["-u", cryptoPath]) then
if self.scp(["-u", program_path]) then
print(String("部署成功!", 1, 0, 255, 0))
return
end if
end if
end if
print(String("部署失败!", 1, 255, 0, 0))
end function
// ******************************************************************************
// * @brief ping
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.ping = function(InputParams)
result = self.shellObj.ping(InputParams[0])
if result then
if typeof(result) == "string" then
print(String(result, 1, 255, 0, 0) + "\n")
else
print(String("Ping successful", 1, 0, 255, 0) + "\n")
end if
else
print(String("ip unreachable", 1, 255, 0, 0) + "\n")
end if
end function
// ******************************************************************************
// * @brief chmod
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.chmod = function(InputParams)
if InputParams.len < 2 or (InputParams.len == 3 and InputParams[0].lower != "-r") then
print(command_info("chmod_usage"))
return
end if
permissions = InputParams[0]
pathFile = InputParams[1]
isRecursive = 0
if InputParams.len == 3 then
permissions = InputParams[1]
pathFile = InputParams[2]
isRecursive = 1
end if
Target = self.getPath(pathFile)
for target in Target[0].get_files + Target[0].get_folders
if target.name == Target[1] then
file = target
output = file.chmod(permissions, isRecursive)
if output then print(String(output, 1, 255, 0, 0))
return
end if
end for
print(String("chmod: can't find " + pathFile, 1, 255, 0, 0))
end function
vimObj = {}
vimObj.input = ""
vimObj.vimFile = ""
vimObj.tempText = ""
vimObj.tempTextLists = []
vimObj.vimFunc = [":new 另起一行", ":clr 清空文本", ":clr [行号] 清空该行", ":del 删除最后一行", ":del [行号] 删除该行", ":add [行号] [文本] 在该行末添加文本", ":exit/:q 退出vim", ":x/:wq 保存并退出vim", ":change [行号] [文本]", ":replace (可选)[行号] [被替换字符串] [替换字符串]"]
vimObj.start = function()
while true
self.tempText = self.vimFile.get_content
self.tempTextLists = self.tempText.split("\n")
print("\n" + String(self.vimFile.name + " :", 1, 255, 255, 255))
LineNo = 1
TabStr = " "
if self.tempTextLists.len > 1 then
for Line in self.tempTextLists[:-1]
if LineNo < 10 then
TabStr = " "
else if LineNo < 100 then
TabStr = " "
else if LineNo < 1000 then
TabStr = " "
else if LineNo < 10000 then
TabStr = ""
end if
print(String(str(LineNo), 0, 192, 192, 192) + TabStr + String(Line, 0, 255, 255, 255))
LineNo = LineNo + 1
end for
end if
self.input = user_input(String(str(LineNo), 0, 192, 192, 192) + TabStr + String(self.tempTextLists[-1], 0, 255, 255, 255))
if self.input.trim.lower == ":exit" or self.input.trim.lower == ":q" then
return
else if self.input.trim.lower == ":new" then
self.tempText = self.tempText + "\n"
self.vimFile.set_content(self.tempText)
else if self.input.trim.lower == ":clr" then
self.tempText = ""
self.vimFile.set_content(self.tempText)
else if self.input.trim.lower.split(" ").len == 2 and self.input.trim.lower.split(" ")[0] == ":clr" then
self.tempText = ""
if typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len then
No = 1
if self.tempTextLists.len > 1 then
for Line in self.tempTextLists
if No != self.input.trim.lower.split(" ")[1].to_int then
self.tempText = self.tempText + Line + "\n"
else
self.tempText = self.tempText + "\n"
end if
No = No + 1
end for
else if self.tempTextLists.len == 1 and self.input.trim.lower.split(" ")[1].to_int == 1 then
self.tempText = ""
else
self.tempText = self.tempTextLists[0] + "\n"
end if
if self.tempText != "" then
self.vimFile.set_content(self.tempText[:-2])
else
self.vimFile.set_content(self.tempText)
end if
end if
else if self.input.trim.lower == ":del" then
self.tempText = ""
if self.tempTextLists.len > 1 then
for Line in self.tempTextLists[:-1]
self.tempText = self.tempText + Line + "\n"
end for
self.vimFile.set_content(self.tempText[:-2])
else
self.vimFile.set_content(self.tempText)
end if
else if self.input.trim.lower.split(" ").len == 2 and self.input.trim.lower.split(" ")[0] == ":del" then
self.tempText = ""
if typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len then
No = 1
for Line in self.tempTextLists
if No != self.input.trim.lower.split(" ")[1].to_int then
self.tempText = self.tempText + Line + "\n"
end if
No = No + 1
end for
if self.tempText != "" then
self.vimFile.set_content(self.tempText[:-2])
else
self.vimFile.set_content(self.tempText)
end if
end if
else if self.input.trim.lower.split(" ").len > 2 and self.input.trim.lower.split(" ")[0] == ":add" then
if typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len then
No = 1
addStr = ""
self.tempText = ""
for _ in self.input.trim.split(" ")[2:]
addStr = addStr + _ + " "
end for
for Line in self.tempTextLists
if No == self.input.trim.lower.split(" ")[1].to_int then
self.tempText = self.tempText + Line + addStr[:-1] + "\n"
else
self.tempText = self.tempText + Line + "\n"
end if
No = No + 1
end for
if self.tempText != "" then
self.vimFile.set_content(self.tempText[:-2])
else
self.vimFile.set_content(self.tempText)
end if
end if
else if self.input.trim.lower.split(" ").len >= 3 and self.input.trim.lower.split(" ").len <= 4 and self.input.trim.lower.split(" ")[0] == ":replace" then
if self.input.trim.split(" ").len == 4 then
targetStr = self.input.trim.split(" ")[2]
replaceStr = self.input.trim.split(" ")[3]
else if self.input.trim.split(" ").len == 3 then
targetStr = self.input.trim.split(" ")[1]
replaceStr = self.input.trim.split(" ")[2]
end if
self.tempText = ""
No = 1
for Line in self.tempTextLists
if self.input.trim.split(" ").len == 4 and typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len then
if No == self.input.trim.lower.split(" ")[1].to_int then
Index = Line.indexOf(targetStr)
self.tempText = self.tempText + Line[:Index] + replaceStr + Line[Index + targetStr.len:] + "\n"
else
self.tempText = self.tempText + Line + "\n"
end if
No = No + 1
else if self.input.trim.split(" ").len == 3 then
Index = Line.indexOf(targetStr)
if typeof(Index) == "number" then
self.tempText = self.tempText + Line[:Index] + replaceStr + Line[Index + targetStr.len:] + "\n"
else
self.tempText = self.tempText + Line + "\n"
end if
end if
end for
if self.tempText != "" then
self.vimFile.set_content(self.tempText[:-2])
else
self.vimFile.set_content(self.tempText)
end if
else if self.input.trim.lower.split(" ").len > 2 and self.input.trim.lower.split(" ")[0] == ":change" then
if typeof(self.input.trim.lower.split(" ")[1].to_int) == "number" and self.input.trim.lower.split(" ")[1].to_int <= self.tempTextLists.len then
No = 1
changeStr = ""
self.tempText = ""
for _ in self.input.trim.lower.split(" ")[2:]
changeStr = changeStr + _ + " "
end for
for Line in self.tempTextLists
if No == self.input.trim.lower.split(" ")[1].to_int then
self.tempText = self.tempText + changeStr[:-1] + "\n"
else
self.tempText = self.tempText + Line + "\n"
end if
No = No + 1
end for
if self.tempText != "" then
self.vimFile.set_content(self.tempText[:-2])
else
self.vimFile.set_content(self.tempText)
end if
end if
else if self.input.trim.lower == ":w" or self.input.trim.lower == ":wq" or self.input.trim.lower == ":x" then
self.vimFile.set_content(self.tempText)
if self.input.trim.lower == ":x" or self.input.trim.lower == ":wq" then return
else if self.input.trim.lower == ":help" then
print(String("可用命令如下: ", 1, 0, 255, 0))
for FuncName in self.vimFunc
print(String(" " + FuncName, 0, 184, 115, 51))
end for
else
self.tempText = self.tempText + self.input
self.vimFile.set_content(self.tempText)
end if
end while
end function
// ******************************************************************************
// * @brief vim
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.vim = function(InputParams)
vimObj.vimFile = ""
vimObj.tempFile = ""
Target = self.getPath(InputParams[0])
for File in Target[0].get_files
if File.name == Target[1] then
if File.is_binary then
print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")
return
else
if typeof(File.get_content) != "null" then
vimObj.vimFile = File
else
print(String("Permission denied", 1, 255, 0, 0) + "\n")
return
end if
break
end if
end if
end for
if typeof(vimObj.vimFile) != "file" and (self.Type == "shell" or self.Type == "computer") then
self.computer.touch(Target[0].path, Target[1])
vimObj.vimFile = self.computer.File(Target[0].path + "/" + Target[1])
end if
if typeof(vimObj.vimFile) == "file" then vimObj.start()
end function
// ******************************************************************************
// * @brief vim
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-14 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.vim = function(InputParams)
vimObj.vimFile = ""
vimObj.tempFile = ""
Target = self.getPath(InputParams[0])
for File in Target[0].get_files
if File.name == Target[1] then
if File.is_binary then
print(String("cat: can't open " + File.path + ". Binary file", 1, 255, 0, 0) + "\n")
return
else
if typeof(File.get_content) != "null" then
vimObj.vimFile = File
else
print(String("Permission denied", 1, 255, 0, 0) + "\n")
return
end if
break
end if
end if
end for
if typeof(vimObj.vimFile) != "file" and (self.Type == "shell" or self.Type == "computer") then
self.computer.touch(Target[0].path, Target[1])
vimObj.vimFile = self.computer.File(Target[0].path + "/" + Target[1])
end if
if typeof(vimObj.vimFile) == "file" then vimObj.start()
end function
// ******************************************************************************
// * @brief useradd
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.useradd = function(InputParams)
if InputParams.len != 1 or InputParams[0] == "-h" or InputParams[0] == "--help" then
print(command_info("useradd_usage"))
return
end if
inputMsg = "Setting password for user " + InputParams[0] +".\nNew password:"
inputPass = user_input(inputMsg, true)
output = self.computer.create_user(InputParams[0], inputPass)
if output == true then
print(String("User created OK", 1, 0, 255, 0))
Create_Folder_Flag = user_input("是否创建用户文件夹目录? [Y/N]\n").trim.lower
if Create_Folder_Flag == "y" then
self.computer.File("/home/" + InputParams[0] + "/Desktop")
self.computer.File("/home/" + InputParams[0] + "/Config")
self.computer.File("/home/" + InputParams[0] + "/Downloads")
self.computer.File("/home/" + InputParams[0] + "/.Trash")
self.computer.File("/home/" + InputParams[0])
end if
return
end if
if output then
print(String(output, 1, 0, 255, 0))
return
end if
print(String("Error: the user could not be created.", 1, 0, 255, 0))
end function
// ******************************************************************************
// * @brief userdel
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.userdel = function(InputParams)
if not InputParams.len or (InputParams.len == 1 and InputParams[0].lower == "-r") or InputParams[0] == "-h" or InputParams[0] == "--help" then
print(command_info("userdel_usage"))
return
end if
delete = 0
if InputParams[0].lower == "-r" then
delete = 1
InputParams.pull
end if
output = self.computer.delete_user(InputParams[0], delete)
if output == true then
print(String("user " + InputParams[0] + " deleted.", 1, 0, 255, 0))
return
end if
if output then
print(String(output, 1, 0, 255, 0))
return
end if
print(String("Error: user not deleted.", 1, 255, 0, 0))
end function
// ******************************************************************************
// * @brief 进入remoteShell while循环
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-12 Royic 1.实现基本功能
// ******************************************************************************
remoteShell.start = function(Exploit, Type, HackInput)
if HackInput != "" then
self.Object = Exploit[3].overflow(Exploit[0], Exploit[1], HackInput)
else
self.Object = Exploit[3].overflow(Exploit[0], Exploit[1])
end if
self.permission = Exploit[2]
self.Type = Type
if self.Type == "shell" then
self.currentFolder = self.Object.host_computer.File("/")
self.computer = self.Object.host_computer
self.shellObj = self.Object
else if self.Type == "computer" then
self.currentFolder = self.Object.File("/")
self.computer = self.Object
else if self.Type == "file" then
while not self.Object.path == "/"
self.Object = self.Object.parent
end while
self.currentFolder = self.Object
end if
while true
self.ls_la()
self.input = user_input("<b>" + ShellOs.TargetIP + "</b>~" + self.permission + "@" + "<b>" + self.Type + "</b>" + ":" + self.currentFolder.path + "> ").trim
if self.input.lower == "exit" then
return
else if self.input.split(" ")[0].lower == "cd" then
self.cdFunc()
else if self.input.split(" ")[0].lower == "cat" and self.input.split(" ").len == 2 then
self.cat()
else if self.input.split(" ")[0].lower == "vim" and self.input.split(" ").len == 2 then
self.vim(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "cp" and self.input.split(" ").len == 3 then
self.cp()
else if self.input.split(" ")[0].lower == "mv" and self.input.split(" ").len == 3 then
self.mv()
else if self.input.split(" ")[0].lower == "rm" and self.input.split(" ").len > 1 then
self.rm()
else if self.input.split(" ")[0].lower == "scanpsw" then
self.ScanPsw()
else if self.input.split(" ")[0].lower == "mkdir" and self.input.split(" ").len == 2 and (self.Type == "shell" or self.Type == "computer") then
self.mkdir()
else if self.input.split(" ")[0].lower == "touch" and self.input.split(" ").len == 2 and (self.Type == "shell" or self.Type == "computer") then
self.touch(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "ps" and (self.Type == "shell" or self.Type == "computer") then
self.ps()
else if self.input.split(" ")[0].lower == "scp" and self.input.split(" ").len >= 3 and self.input.split(" ").len <= 4 and self.Type == "shell" then
self.scp(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "terminal" and self.Type == "shell" then
self.Terminal()
else if self.input.split(" ")[0].lower == "run" and self.Type == "shell" then
self.run()
else if self.input.split(" ")[0].lower == "build" and self.Type == "shell" then
self.build(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "bounce" and self.Type == "shell" then
self.bounce()
else if self.input.split(" ")[0].lower == "ping" and self.Type == "shell" and self.input.split(" ").len == 2 then
self.ping(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "chmod" and self.input.split(" ").len >= 3 and self.input.split(" ").len <= 4 then
self.chmod(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "useradd" and self.input.split(" ").len == 2 and (self.Type == "shell" or self.Type == "computer") then
self.useradd(self.input.split(" ")[1:])
else if self.input.split(" ")[0].lower == "userdel" and self.input.split(" ").len >= 2 and self.input.split(" ").len <= 3 and (self.Type == "shell" or self.Type == "computer") then
self.userdel(self.input.split(" ")[1:])
else if self.input == "help" then
print(String("可用命令如下: ", 1, 0, 255, 0))
if self.Type == "computer" or self.Type == "shell" then
if self.Type == "shell" then
for FuncName in self.shellFunc
print(String(" " + FuncName, 0, 255, 215, 0))
end for
end if
for FuncName in self.computerFunc
print(String(" " + FuncName, 0, 192, 192, 192))
end for
end if
for FuncName in self.fileFunc
print(String(" " + FuncName, 0, 184, 115, 51))
end for
print(" ")
end if
end while
end function
// ******************************************************************************
// * @brief 攻击本机
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-16 Royic 1.实现基本功能
// ******************************************************************************
localHack = function()
ShellOs.TargetIP = get_router.public_ip
ShellOs.PortExploits = [["shell", []], ["computer", []], ["file", []]]
HackInput = user_input("请输入要注入的密码, 不需要则跳过:\n")
metaLibs = []
metaLibs.push(metaxploit.load("/lib/net.so"))
metaLibs.push(metaxploit.load("/lib/init.so"))
for metaLib in metaLibs
print("Founded " + metaLib.lib_name + " "+ metaLib.version)
if not metaLib then
print(String("Error: TargetLib not found.", 1, 255, 0, 0))
else
exploits = metaxploit.scan(metaLib)
for exploit in exploits
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]
for result_list in result_lists
target_str = result_list.split(".")[0]
target_key = target_str.split(" ")[-1]
if HackInput != "" then
result = metaLib.overflow(exploit, target_key[3:-4], HackInput)
else
result = metaLib.overflow(exploit, target_key[3:-4])
end if
netExploitsCount = 0
if typeof(result) == "shell" then
ShellOs.PortExploits[0][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])
else if typeof(result) == "computer" then
ShellOs.PortExploits[1][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])
else if typeof(result) == "file" then
ShellOs.PortExploits[2][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])
else if typeof(result) == "number" and (not is_lan_ip(HackInput) and HackInput != "") then
print(String("密码注入成功!", 1, 255, 255, 0))
end if
end for
end for
end if
end for
if ShellOs.PortExploits != [["shell", []], ["computer", []], ["file", []]] then print(String("扫描到下列漏洞", 1, 255, 255, 255))
No = 0
for Object in ShellOs.PortExploits
if Object[1] != [] then print(String(Object[0] + "", 1, 255, 255, 255))
for _ in Object[1]
if _[2] == "root" then
print(String(No + ". " + _[:-1], 1, 255, 215, 0))
else if _[2] == "guest" then
print(String(No + ". " + _[:-1], 1, 184, 115, 51))
else
print(String(No + ". " + _[:-1], 1, 192, 192, 192))
end if
No = No + 1
end for
end for
if ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len > 0 then
ChosenExploit = user_input("请选择要攻击的漏洞\n").to_int
while ChosenExploit >= No or ChosenExploit < 0
if ChosenExploit.trim.lower == "exit" then
return
else
ChosenExploit = user_input("输入有误! 请选择要攻击的漏洞\n").to_int
end if
end while
if ChosenExploit < ShellOs.PortExploits[0][1].len then
remoteShell.start(ShellOs.PortExploits[0][1][ChosenExploit], "shell", HackInput)
else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len then
remoteShell.start(ShellOs.PortExploits[1][1][ChosenExploit - ShellOs.PortExploits[0][1].len], "computer", HackInput)
else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len then
remoteShell.start(ShellOs.PortExploits[2][1][ChosenExploit - ShellOs.PortExploits[1][1].len - ShellOs.PortExploits[0][1].len], "file", HackInput)
end if
else
print(String("没有可攻击的漏洞!", 1, 255, 0, 0))
end if
end function
// ******************************************************************************
// * @brief 黑入
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-11 Royic 1.实现基本功能
// ******************************************************************************
Hack = function()
ShellOs.PortExploits = [["shell", []], ["computer", []], ["file", []]]
address = ShellOs.TargetIP
HackInput = user_input("请输入要攻击的端口号/LAN地址:\n")
if typeof(HackInput.to_int) == "number" then
port = HackInput.to_int
net_session = metaxploit.net_use(address, port)
else if HackInput == "exit" then
return
else
net_session = metaxploit.net_use(address)
end if
if not net_session then
print(String("Error: can't connect to net session", 1, 255, 0, 0))
return
end if
if not is_lan_ip(HackInput) then HackInput = user_input("请输入要注入的密码, 不需要则跳过:\n")
metaLib = net_session.dump_lib
print("Founded " + metaLib.lib_name + " "+ metaLib.version)
if not metaLib then
print(String("Error: TargetLib not found.", 1, 255, 0, 0))
return
end if
exploits = metaxploit.scan(metaLib)
for exploit in exploits
// print(String(exploit, 1, 255, 0, 0))
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]
for result_list in result_lists
target_str = result_list.split(".")[0]
target_key = target_str.split(" ")[-1]
if HackInput != "" then
result = metaLib.overflow(exploit, target_key[3:-4], HackInput)
else
result = metaLib.overflow(exploit, target_key[3:-4])
end if
// print(String(target_key[3:-4] + ": " + typeof(result), 1, 255, 255, 0))
// print(result_list)
if typeof(result) == "shell" then
ShellOs.PortExploits[0][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])
else if typeof(result) == "computer" then
ShellOs.PortExploits[1][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])
else if typeof(result) == "file" then
ShellOs.PortExploits[2][1].push([exploit, target_key[3:-4], readPermission(result), metaLib])
else if typeof(result) == "number" and (not is_lan_ip(HackInput) and HackInput != "") then
print(String("密码注入成功!", 1, 255, 255, 0))
end if
end for
end for
if ShellOs.PortExploits != [["shell", []], ["computer", []], ["file", []]] then print(String("扫描到下列漏洞", 1, 255, 255, 255))
No = 0
for Object in ShellOs.PortExploits
if Object[1] != [] then print(String(Object[0] + "", 1, 255, 255, 255))
for _ in Object[1]
if _[2] == "root" then
print(String(No + ". " + _[:-1], 1, 255, 215, 0))
else if _[2] == "guest" then
print(String(No + ". " + _[:-1], 1, 184, 115, 51))
else
print(String(No + ". " + _[:-1], 1, 192, 192, 192))
end if
No = No + 1
end for
end for
if ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len > 0 then
ChosenExploit = user_input("请选择要攻击的漏洞\n").to_int
while ChosenExploit >= No or ChosenExploit < 0
if ChosenExploit.trim.lower == "exit" then
return
else
ChosenExploit = user_input("输入有误! 请选择要攻击的漏洞\n").to_int
end if
end while
if ChosenExploit < ShellOs.PortExploits[0][1].len then
remoteShell.start(ShellOs.PortExploits[0][1][ChosenExploit], "shell", HackInput)
else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len then
remoteShell.start(ShellOs.PortExploits[1][1][ChosenExploit - ShellOs.PortExploits[0][1].len], "computer", HackInput)
else if ChosenExploit < ShellOs.PortExploits[0][1].len + ShellOs.PortExploits[1][1].len + ShellOs.PortExploits[2][1].len then
remoteShell.start(ShellOs.PortExploits[2][1][ChosenExploit - ShellOs.PortExploits[1][1].len - ShellOs.PortExploits[0][1].len], "file", HackInput)
end if
else
print(String("没有可攻击的漏洞!", 1, 255, 0, 0))
end if
end function
// ******************************************************************************
// * @brief Wifi万能钥匙
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
WifiCracker = function()
computer = get_shell.host_computer
status = "Unknown Error."
cryptools.airmon("start", "wlan0")
devices = computer.network_devices
networks = computer.wifi_networks("wlan0")
if networks == null then
print(String("Fail...", 1, 255, 0, 0))
end if
network_list = []
ID = 1
info = "No. BSSID PWR ESSID"
for network in networks
info = info + "\n" + str(ID) + ": " + network
ID = ID + 1
network_list.push(network.split(" "))
end for
print(format_columns(info))
Target_ID = 0
while (Target_ID == 0 or Target_ID > len(network_list))
Target_ID = val(user_input("Select a network device\n"))
end while
data = cryptools.aireplay(network_list[Target_ID - 1][0], network_list[Target_ID - 1][2], ceil(300000/network_list[Target_ID - 1][1].split("%")[0].to_int))
if typeof(data) == "string" then
print(data)
end if
file = computer.File(current_path+"/file.cap")
if not file or not file.has_permission("r") or not file.has_permission("w") then
print(String("Permission denied, File Error.", 1, 255, 0, 0))
return
end if
if file then
result = cryptools.aircrack(file.path)
status = computer.connect_wifi("wlan0", network_list[Target_ID - 1][0], network_list[Target_ID - 1][2], result)
file.delete
end if
if status then
print(String("Wifi Online.", 1, 0, 255, 0))
else
print(String("Unknown Error.", 1, 255, 0, 0))
end if
end function
// ******************************************************************************
// * @brief 安全卫士
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
Defender = function()
if active_user != "root" then
print(String("Not Root", 1, 255, 0, 0))
return
end if
computer = get_shell.host_computer
file = computer.File("/")
output = file.chmod("o-rwx",true)
if output then print(output)
file2 = computer.File("/etc")
output2 = file2.chmod("g-rwx",true)
if output2 then print(output2)
output2b = file2.chmod("u-rwx",true)
if output2b then print(output2b)
file3 = computer.File("/sys")
output3 = file3.chmod("g-rwx",true)
if output then print(output3)
output3b = file3.chmod("u-rwx",true)
if output3b then print(output3b)
file4 = computer.File("/boot")
output4 = file4.chmod("g-rwx",true)
if output4 then print(output4)
output4b = file4.chmod("u-rwx",true)
if output4b then print(output4b)
file5 = computer.File("/var")
output5 = file5.chmod("g-rwx",true)
if output5 then print(output5)
output5b = file5.chmod("u-rwx",true)
if output5b then print(output5b)
file6 = computer.File("/root")
output6 = file6.chmod("g-rwx",true)
if output6 then print(output6)
homeFolder = computer.File("/home")
if not homeFolder then
print(String("Error: /home folder not found", 1, 255, 0, 0))
else
userFolders = homeFolder.get_folders
for userFolder in userFolders
ConfigFile = computer.File("/home/" + userFolder.name + "/Config")
Configput = ConfigFile.chmod("g-rwx",true)
if Configput then print(Configput)
end for
end if
filelast = computer.File("/home/guest")
if not filelast then
print(String("No Guest User Directories, Permissions Change Complete", 1, 0, 255, 0))
return
end if
outputlast = filelast.chmod("g-rwx",true)
if outputlast then print(outputlast)
outputlastb = filelast.chmod("u-rwx",true)
if outputlastb then print(outputlastb)
filelast.delete
print(String("Permissions Change Complete", 1, 0, 255, 0))
end function
// ******************************************************************************
// * @brief 服务器安全卫士
// * @history
// * Version Date Author Modification
// * v0.0.1 2021-09-18 Royic 1.实现基本功能
// ******************************************************************************
serverDefender = function()
if active_user != "root" then
print(String("Not Root", 1, 255, 0, 0))
return
else
computer = get_shell.host_computer
end if
file = computer.File("/")
output = file.chmod("o-rwx",true)
if output then print(output)
file2 = computer.File("/etc")
output2 = file2.chmod("g-rwx",true)
if output2 then print(output2)
output2b = file2.chmod("u-rwx",true)
if output2b then print(output2b)
file3 = computer.File("/sys")
output3 = file3.chmod("g-rwx",true)
if output then print(output3)
output3b = file3.chmod("u-rwx",true)
if output3b then print(output3b)
file4 = computer.File("/boot")
output4 = file4.chmod("g-rwx",true)
if output4 then print(output4)
output4b = file4.chmod("u-rwx",true)
if output4b then print(output4b)
file5 = computer.File("/var")
output5 = file5.chmod("g-rwx",true)
if output5 then print(output5)
output5b = file5.chmod("u-rwx",true)
if output5b then print(output5b)
file6 = computer.File("/root")
output6 = file6.chmod("g-rwx",true)
if output6 then print(output6)
file7 = computer.File("/usr")
output7 = file7.chmod("g-rwx",true)
if output7 then print(output7)
LogViewer_Del_Flag = user_input("是否删除LogViewer? [Y/N]\n", 0)
if LogViewer_Del_Flag.trim.lower == "y" then
LogViewer_File = computer.File("/usr/bin/LogViewer.exe")
if LogViewer_File then
LogViewer_File.delete
LogViewer_File = computer.File("/usr/bin/LogViewer.exe")
if not LogViewer_File then print("Done: /usr/bin/LogViewer.exe was deleted")
end if
end if
homeFolder = computer.File("/home")
if not homeFolder then
print(String("Error: /home folder not found", 1, 255, 0, 0))
else
homeoutput = homeFolder.chmod("g-rwx",true)
homeFolder.delete
homeFolder = computer.File("/home")
if not homeFolder then print("Done: /home folder was deleted")
end if
filelast = computer.File("/home/guest")
if not filelast then
print(String("No Guest User Directories, Permissions Change Complete", 1, 0, 255, 0))
return
end if
outputlast = filelast.chmod("g-rwx",true)
if outputlast then print(outputlast)
outputlastb = filelast.chmod("u-rwx",true)
if outputlastb then print(outputlastb)
filelast.delete
print(String("Permissions Change Complete", 1, 0, 255, 0))
end function
// ******************************************************************************
// * @brief 重新显示端口信息
// ******************************************************************************
showPortInfo = function()
print(ShellOs.PortsInfo)
end function
// ******************************************************************************
// * @brief 向伪文件夹添加函数
// ******************************************************************************
localAttack.program = [["更新IP并扫描", @nmap], ["重新显示端口信息", @showPortInfo], ["攻击本机", @localHack], ["黑入", @Hack]]
remoteAttack.program = [["更新IP并扫描", @nmap], ["深度扫描", @deepScan], ["重新显示端口信息", @showPortInfo], ["黑入", @Hack]]
Applications.program = [["Wifi万能钥匙", @WifiCracker], ["安全卫士", @Defender], ["服务器安全卫士", @serverDefender]]
// ******************************************************************************
// * @brief 主循环
// ******************************************************************************
while true
ShellOs.currentFolder.display()
ShellOs.input = user_input("<b>" + ShellOs.TargetIP + "</b>~" + ShellOs.permission + "@ShellOs:/" + ShellOs.getPath + "> ").trim
if ShellOs.input.lower == "exit" then
exit
else if 0 <= ShellOs.input.to_int and ShellOs.input.to_int < ShellOs.currentFolder.subFolder.len + ShellOs.currentFolder.program.len then
if 0 <= ShellOs.input.to_int and ShellOs.input.to_int < ShellOs.currentFolder.subFolder.len then
ShellOs.currentFolder = ShellOs.currentFolder.subFolder[ShellOs.input.to_int]
else if ShellOs.currentFolder.subFolder.len <= ShellOs.input.to_int and ShellOs.input.to_int < ShellOs.currentFolder.subFolder.len + ShellOs.currentFolder.program.len then
ShellOs.currentFolder.program[ShellOs.input.to_int - ShellOs.currentFolder.subFolder.len][1]
end if
else if ShellOs.input.lower == "back" then
if ShellOs.currentFolder.parentFolder != "null" then ShellOs.currentFolder = ShellOs.currentFolder.parentFolder
else if ShellOs.input.split(" ")[0] == "cd" then
ShellOs.cdFunc()
end if
end while