Jump to content

Exploit grabber


Guest

Recommended Posts

This program will check the milw0rm database for exploits and then give you a list of exploits. You then tell it which exploit you would like and the script will fetch the exploit from milw0rm for you and save it to your hard drive.

#!/usr/bin/ruby

#Programmed by: Spider

require 'net/http'

require 'uri'



class Milw0rmResults

    def initialize(id, des, link, site)

        @id            =id

        @des        =des

        @link        =link

        @site        =site

    end

    

    def getID()

        return @id

    end

        

    def getDes()

        return @des

    end

    

    def getExploit()

        url = URI.parse(@site)

    res = Net::HTTP.start(url.host, url.port) {|http|

      http.get(@link)

    }

    return res.body

    end

end



class Milw0rm

    def initialize(site)

        @site =site

        @sResult

    end

    

    def Search(search)

        res =Net::HTTP.post_form(URI.parse(@site), {'dong'=>search});

        @sResult =res.body();

    end

    

    def getList()

        search =[]

        @sResult =@sResult.split('<TR class=submit>')

        

        #Once we have located the position that the search result starts at we then find its length and drop 2 of this

        #the reasion we need to do this is because the last search result needs to be handled seperatly

        max =@sResult.length

        max -=1

        #process the search results and store them in Milw0rmSearch

        for i in 1..max            

            tmp =@sResult[i].split('<TD nowrap="nowrap" width=62 class=style14>')

            tmp =tmp[1].split('</TD><TD nowrap="nowrap" width=375>')

            

            des =tmp[1].split('>')

                

            link =des[0].split('<a href=')

            link =link[1].split(' target=')

            link =link[0]



            des =des[1].split('</A') #the description is stored in des[0]

            

            search[i] =Milw0rmResults::new(i, des[0], link, @site)

        end

        return search

    end

end



def Intro()

    result ="Exploiter v1n"

    result +="Programmed by: Spidern"

    result +="irc: irc.hackedyourbox.netn"

    result +="A product of:nt"

    result +="www.cyber-t3ch.net www.hackedyourbox.net www.striknyne.net & www.j4ck4lz.netn"

    return result;

end



#a function to remove all the html shit from the bottom

def removeBottom(str)



    count =0

    tmp =str.reverse #reverse the string so we can work from the top

    str =""

    tmp.each{ |i|

        if(count >3) #once we have read the first two lines in we can start saving the file again

            str +=i

        end

            count +=1

    }



    return str.reverse #reverse the file again so its the correct way up

end



print(Intro(), "n")



print("Exploit>")

find =gets

find =find.split("n")



#Exploiter starts here

milw0rm =Milw0rm::new("http://www.milw0rm.com/search.php")

milw0rm.Search(find[0])

exploits =milw0rm.getList()



max =exploits.length

max -=1

for i in 1..max

    print(exploits[i].getID() ," : " ,exploits[i].getDes() ,"n")

end



id =0

while(id.to_i >max or id.to_i ==0)

    print("(press q to exit)n")

    print("exploit ID> ")

    id =gets

    if(id =="qn")

        exit 1

    end

end



print("Filename> ")

filename =gets

filename =filename.split("n") #we need to remove the new line from the filename



outfile =File::new(filename[0], 'w')

count =0

ex =exploits[id.to_i].getExploit()

ex =removeBottom(ex) #we need to remove all the html shit from the bottom of the file

ex.each{ |i|

    if(count >4) #drop the first four lines from the file, this is so we dont get all the html shit in the file

        outfile.write(i)

    end



    count +=1

}



outfile.close()

Link to comment
Share on other sites

I tried it and was given an Exploit> prompt. Not knowing the paramaters or programs I gave it "list" and it listed 22 exploits. I choose number 20, "MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045)" and was asked for a filename. Not knowing if it was going to give me the article or code I dumped it to a .txt and opened it. It's the article and code. I'm not sure if it's just this article but the file I ended up with contained an enormous amount of single forward and back slashes on new lines, and extra linebreaks.

That said, this tool looks very nifty. I'm starting to really like ruby. On a related topic if anyone has some beginers tutorials on ruby they could send my way I'd really appreciate it. I'm familiar with C and PHP and have been thinking of picking up another language and this one looks really elegant and useful. (just PM me, I don't want to derail this thread into a ruby tutorial thread)

Link to comment
Share on other sites

That said, this tool looks very nifty. I'm starting to really like ruby. On a related topic if anyone has some beginers tutorials on ruby they could send my way I'd really appreciate it. I'm familiar with C and PHP

No post them on the forum, im having a hard time finding some decent tutorials on ruby.

and have been thinking of picking up another language and this one looks really elegant and useful. (just PM me, I don't want to derail this thread into a ruby tutorial thread)

Thats the reasion why i just picked up ruby, i seen an exploit coded in it and thought it just looked alot nicer then all the exploits i see coded in perl.

Link to comment
Share on other sites

aardwolf pointed out a little bug in the scrirpt so i have fixed that bug and also added the ability to pull down shell code from milw0rm.

exploiter.rb

#!/usr/bin/ruby

require 'exploitCode'

require 'shellCode'



def Intro()

    result ="Exploiter v2n"

    result +="Programmed by: Spidern"

    result +="irc: irc.hackedyourbox.netn"

    result +="A product of:nt"

    result +="www.cyber-t3ch.net www.hackedyourbox.net www.striknyne.net & www.j4ck4lz.netn"

    return result;

end



def Help()

    result ="e : Pull down an exploit from milw0rm.com and save it to diskn"

    result +="h : Display this messagen"

    result +="q : Exit Exploitern"

    result +="s : Pull down a shell code from milw0rm.com and save it to diskn"

    return result

end



print(Intro(), "n")



while(true)

    print("Exploiter>")

    option =gets

    if(option =="qn")

        exit 1

    elsif(option =="hn")

        print(Help())

    elsif(option =="en")

        data =getExploit()

        if(data !=-1)

            print("Filename> ")

            filename =gets

            filename =filename.split("n") #we need to remove the new line from the filename

            

            outfile =File::new(filename[0], 'w')

            data.each{ |i| outfile.write(i) }

            outfile.close() 

        end

    elsif(option =="sn")

        data =getShell()

        if(data !=-1)

            print("Filename> ")

            filename =gets

            filename =filename.split("n") #we need to remove the new line from the filename

            

            outfile =File::new(filename[0], 'w')

            data.each{ |i| outfile.write(i) }

            outfile.close() 

        end

    else

        print("I do not understand what you want from men")

        print("Press h to see a list of commandsn")

    end

end

milw0rmParser.rb

class Milw0rmParser

        def initialize(html)

            @html =html

        end

        

        def parse()

            copy =false

            tmp =""

            

            @html.each{ |i|

                if(i =="<pre>n")

                    copy =true

                elsif(i =="</pre>n")

                    copy =false

                else

                    if(copy)

                        tmp +=i

                    end

                end

            }

            @html =tmp

        end

        

        def getHTML()

            return @html

        end

end

milw0rm.rb

require 'net/http'

require 'uri'

require 'milw0rmParser'



class Milw0rm

    def initialize(site)

        @site =site

        @sResult

    end

    

    def SearchExploit(search)

        res =Net::HTTP.post_form(URI.parse(@site), {'dong'=>search});

        @sResult =res.body();

    end

    

    def SearchShell(page)

        url = URI.parse(@site)

    res = Net::HTTP.start(url.host, url.port) {|http|

      http.get(page)

    }

    @sResult =res.body

    end

    

    def getShellCodeList()

        search =[]

        @sResult =@sResult.split('<TR class=style13><TD width=597><center>')

        max =@sResult.length

        max -=1

        

        for i in 1..max

            name =@sResult[i].split('>')

            name =name[1].split('<')

            link ="shellcode/" +name[0]

            search[i] =Milw0rmResults::new(i, name[0], link, @site)

        end

        return search

    end

    

    def getList()

        search =[]

        @sResult =@sResult.split('<TR class=submit>')

        

        #Once we have located the position that the search result starts at we then find its length and drop 2 of this

        #the reasion we need to do this is because the last search result needs to be handled seperatly

        max =@sResult.length

        max -=1

        #process the search results and store them in Milw0rmSearch

        for i in 1..max            

            tmp =@sResult[i].split('<TD nowrap="nowrap" width=62 class=style14>')

            tmp =tmp[1].split('</TD><TD nowrap="nowrap" width=375>')

            

            des =tmp[1].split('>')

                

            link =des[0].split('<a href=')

            link =link[1].split(' target=')

            link =link[0]



            des =des[1].split('</A') #the description is stored in des[0]

            

            search[i] =Milw0rmResults::new(i, des[0], link, @site)

        end

        return search

    end

end



class Milw0rmResults

    def initialize(id, des, link, site)

        @id            =id

        @des        =des

        @link        =link

        @site        =site

    end

    

    def getID()

        return @id

    end

        

    def getDes()

        return @des

    end

    

    def getExploit()

        url = URI.parse(@site)

    res = Net::HTTP.start(url.host, url.port) {|http|

      http.get(@link)

    }

    parse =Milw0rmParser::new(res.body)

    parse.parse()

    return parse.getHTML()

    end

end

exploitCode.rb

require 'milw0rm'



def getExploit()

    print("Exploit>")

    find =gets

    find =find.split("n")

    

    milw0rm =Milw0rm::new("http://www.milw0rm.com/search.php")

    milw0rm.SearchExploit(find[0])

    exploits =milw0rm.getList()



    max =exploits.length

    max -=1

    for i in 1..max

       print(exploits[i].getID() ," : " ,exploits[i].getDes() ,"n")

    end



    id =0

    while(id.to_i >max or id.to_i ==0)

       print("(press b to go back)n")

       print("exploit ID> ")

       id =gets

       if(id =="bn")

          return -1

       end

    end



    return exploits[id.to_i].getExploit()

end

shellCode.rb

def getShell()

    milw0rm =Milw0rm::new("http://www.milw0rm.com")

    milw0rm.SearchShell("/shellcode/")

    

    shell =milw0rm.getShellCodeList()

    

    max =shell.length

    max -=1

    for i in 1..max

       print(shell[i].getID() ," : " ,shell[i].getDes() ,"n")

    end

    

    id =0

    while(id.to_i >max or id.to_i ==0)

       print("(press b to go back)n")

       print("System ID> ")

       id =gets

       if(id =="bn")

          return -1

       end

    end

    

    milw0rm.SearchShell("/shellcode/" +shell[id.to_i].getDes())

    shell =milw0rm.getList()

    max =shell.length

    max -=1

    for i in 1..max

       print(shell[i].getID() ," : " ,shell[i].getDes() ,"n")

    end

    

    id =0

    while(id.to_i >max or id.to_i ==0)

       print("(press b to go back)n")

       print("shell ID> ")

       id =gets

       if(id =="bn")

          return -1

       end

    end

    return shell[id.to_i].getExploit()

end

----------------------------

aardwold if your still looking for a tutorial to a look at http://www.rubycentral.com/book/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...