snackhack2 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 372ca14ca412505d62a46eca2603e722242cfc5595f9663c133bb03df4f4e186
-  data.tar.gz: 9db194b2750f3e7657c09057585fb7e86816baecc33ae7a0c1d37c9db1326d31
+  metadata.gz: ab5b9ab3360ee0edf4aebebb39d15bf2d476382a6e49757e5241007ad87dacee
+  data.tar.gz: e0f1ac96d8aa01aab3dfe76e2baa1605b187e1f7eb86547b1e8097fdd9a0ac0d
 SHA512:
-  metadata.gz: aa5ec599be667dca9890ec644d583c80a260736204faf17e45c73843c4aa0500359fc58c48e12e9031aaec87534cac8c86e2444d215e53e276ff472ee742f02e
-  data.tar.gz: f7e9e34b14241326b7df6f6663bb3ec6d234f4dac58d3e7b1da63b7c0db1b64bce61a312d86c6cc5c4d130ee781a0b890b3bdadbf3acab3ce1164b71a77c7c4a
+  metadata.gz: 0a5afe40c0e459cc5ded9dd89a4a52a5f9e571c3f38e8bafc8cb7b6fc0185e2899e5999dbec81624a1b1e25d3ecb67e4397e8fff6355342d42a2844c8d9604d1
+  data.tar.gz: d2f3e5610560723fc9bc0ed0b8cc5e02cd46107f079209584527a45e386ec3ca024d7f027aea4a40eb9473e3756366298c201d6908324ad6a2be401a09aa089a

data/lib/snackhack2/bannergrabber.rb

@@ -13,7 +13,7 @@ module Snackhack2
     end
 
     def site
-      @site.gsub('https://', '')
+      #@site.gsub('https://', '')
     end
 
     def run
@@ -49,7 +49,7 @@ module Snackhack2
 
     def apache2
       if @headers['server'].match(/Apache/)
-        puts "[+] Server is running APACHE2... Now checking #{File.join(@site, "server-status")}..."
+        puts "[+] Server is running Apache2... Now checking #{File.join(@site, "server-status")}..."
         apache = Snackhack2::get(File.join(@site, "server-status"))
         if apache.code == 200
           puts "Check #{@site}/server-status"

data/lib/snackhack2/bypass_403.rb

@@ -0,0 +1,66 @@
+require 'async'
+require 'httparty'
+module Snackhack2
+  class BypassHTTP
+    attr_accessor :site, :wordlist, :bypass
+
+    def initialize
+      @site     = site
+      @wordlist = File.join(__dir__, 'lists', 'directory-list-2.3-big.txt')
+      @bypass   = "//"
+    end
+
+    def forward_for
+      File.readlines(@wordlist).each do |r|
+        r = r.strip
+        Async do
+          url = File.join(@site, @bypass, r)
+          r = HTTParty.get(url, :headers => {
+                             "X-Forwarded-For": "127.0.0.1"
+                           })
+          puts url
+          puts r.code
+          puts "\n"
+        end
+      end
+    end
+
+    def web_request(bypass)
+      File.readlines(@wordlist).each do |r|
+        r = r.strip
+        Async do
+          url = File.join(@site, bypass, r)
+          r = Snackhack2::get(url)
+          puts url
+          puts r.code
+          puts "\n"
+        end
+      end
+    end
+
+    def basic
+      web_request("//")
+    end
+
+    def uppercase
+      File.readlines(@wordlist).each do |r|
+        r = r.strip.gsub(/./) { |s| s.send(%i[upcase downcase].sample) }
+        Async do
+          url = File.join(@site, r)
+          puts url
+          r = Snackhack2::get(url)
+          puts r.code
+          puts "\n"
+        end
+      end
+    end
+
+    def url_encode
+      web_request("%2e")
+    end
+
+    def dots
+      web_request("..;/")
+    end
+  end
+end

data/lib/snackhack2/comments.rb

@@ -0,0 +1,25 @@
+module Snackhack2
+  class Comments
+    attr_accessor :site
+
+    def initialize
+      @site = site
+    end
+
+    def run
+      c = Snackhack2::get(@site)
+
+      if c.code == 200
+        body = c.body.split("\n")
+        body.each_with_index do |l, i|
+          line = l.strip
+          if line.start_with?("<!--")
+            puts body[i].next
+          end
+        end
+      else
+        puts "Status Code: #{c.code}\n"
+      end
+    end
+  end
+end

data/lib/snackhack2/forward_remote.rb

@@ -1,23 +1,24 @@
-require 'net/ssh'
-module Snackhack2
-  class SSHForwardRemote
-    attr_accessor :site, :user, :pass, :key, :lport, :lsite, :rport
-
-    def initialize
-      @site = site
-      @user = user
-      @pass = pass
-      @key  = key
-      @lport = lport
-      @lsite = lsite
-      @rport = rport
-    end
-    def run
-      Net::SSH.start(@site, @user, :password => @pass, :keys => @key) do |ssh|
-        ssh.forward.remote(@lport, @lsite, @rport)
-        puts "[+] Starting SSH remote forward tunnel"
-        ssh.loop { true }
-      end
-    end
-  end
-end
+require 'net/ssh'
+module Snackhack2
+  class SSHForwardRemote
+    attr_accessor :site, :user, :pass, :key, :lport, :lsite, :rport
+
+    def initialize
+      @site = site
+      @user = user
+      @pass = pass
+      @key  = key
+      @lport = lport
+      @lsite = lsite
+      @rport = rport
+    end
+
+    def run
+      Net::SSH.start(@site, @user, :password => @pass, :keys => @key) do |ssh|
+        ssh.forward.remote(@lport, @lsite, @rport)
+        puts "[+] Starting SSH remote forward tunnel"
+        ssh.loop { true }
+      end
+    end
+  end
+end

data/lib/snackhack2/google_analytics.rb

@@ -3,9 +3,9 @@
 require 'httparty'
 module Snackhack2
   class GoogleAnalytics
-    attr_reader :site
+    attr_accessor :site
 
-    def initialize(site)
+    def initialize
       @site = site
     end
 

data/lib/snackhack2/indirect_command_injection.rb

@@ -1,27 +1,32 @@
-module Snackhack2
-	class CommandInjection
-		attr_accessor :exe, :title, :prompt
-		def initialize
-			@exe  = "calc.exe"
-			@title = "Click me!"
-			@prompt = "To run calculator" 
-		end
-		def wlrmdr_With_prompt
-			Process.spawn("wlrmdr.exe -s 3600 -f 0 -t #{title} -m #{@prompt} -a 10 -u #{@exe}")
-		end
-		def wlrmdr_without_prompt
-			Process.spawn("wlrmdr.exe -s 3600 -f 0 -t _ -m _ -a 11 -u #{@exe}")
-		end
-		def conhost
-			Process.spawn("conhost.exe #{@exe}")
-		end
-		def conhost_hide
-			# Specify --headless parameter to hide child process window (if applicable)
-			Process.spawn("conhost.exe --headless #{@exe}")
-		def ssh
-			Process.spawn("ssh -o ProxyCommand=#{@exe} .")
-		end
-	end
-end
-
-
+module Snackhack2
+  class CommandInjection
+    attr_accessor :exe, :title, :prompt
+
+    def initialize
+      @exe = "calc.exe"
+      @title = "Click me!"
+      @prompt = "To run calculator"
+    end
+
+    def wlrmdr_With_prompt
+      Process.spawn("wlrmdr.exe -s 3600 -f 0 -t #{title} -m #{@prompt} -a 10 -u #{@exe}")
+    end
+
+    def wlrmdr_without_prompt
+      Process.spawn("wlrmdr.exe -s 3600 -f 0 -t _ -m _ -a 11 -u #{@exe}")
+    end
+
+    def conhost
+      Process.spawn("conhost.exe #{@exe}")
+    end
+
+    def conhost_hide
+      # Specify --headless parameter to hide child process window (if applicable)
+      Process.spawn("conhost.exe --headless #{@exe}")
+    end
+
+    def ssh
+      Process.spawn("ssh -o ProxyCommand=#{@exe} .")
+    end
+  end
+end

data/lib/snackhack2/iplookup.rb

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
-
+require 'socket'
 module Snackhack2
   class IpLookup
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
     end
 
     def run
       get_ip
       nslookup
+      socket
     end
 
     def get_ip
@@ -22,10 +24,22 @@ module Snackhack2
     end
 
     def nslookup
+      ips = []
       ns = `nslookup #{@site.gsub('https://', '')}`.lines
       ns.each do |ip|
-        puts ip if ip.include?('Address')
+        new_ip = ip.gsub("Address: ", "").strip if ip.include?('Address')
+        if !ips.include?(new_ip)
+          if !new_ip.nil?
+            ips << new_ip
+          end
+        end
       end
+      Snackhack2::file_save(@site, "ip_lookup", ips.to_a.drop(1).join("\n"))
+      
+    end
+
+    def socket
+      puts IPSocket::getaddress(@site.gsub("https://", ""))
     end
   end
 end

data/lib/snackhack2/list_users.rb

@@ -0,0 +1,23 @@
+module Snackhack2
+  class ListUsers
+    attr_accessor :user
+
+    def initialize
+      @user = user
+    end
+
+    def linux
+      `cat /etc/passwd`.split("\n").each do |l|
+        puts l.split(":")[0]
+      end
+    end
+
+    def windows
+      puts `net users`
+    end
+
+    def windows_search_user
+      puts `net user #{@user}`
+    end
+  end
+end