Guest Posted September 22, 2006 Share Posted September 22, 2006 This program will check the milw0rm database for exploits and then give you a list of exploits. You then tell it which exploit you would like and the script will fetch the exploit from milw0rm for you and save it to your hard drive. #!/usr/bin/ruby #Programmed by: Spider require 'net/http' require 'uri' class Milw0rmResults def initialize(id, des, link, site) @id =id @des =des @link =link @site =site end def getID() return @id end def getDes() return @des end def getExploit() url = URI.parse(@site) res = Net::HTTP.start(url.host, url.port) {|http| http.get(@link) } return res.body end end class Milw0rm def initialize(site) @site =site @sResult end def Search(search) res =Net::HTTP.post_form(URI.parse(@site), {'dong'=>search}); @sResult =res.body(); end def getList() search =[] @sResult =@sResult.split('<TR class=submit>') #Once we have located the position that the search result starts at we then find its length and drop 2 of this #the reasion we need to do this is because the last search result needs to be handled seperatly max =@sResult.length max -=1 #process the search results and store them in Milw0rmSearch for i in 1..max tmp =@sResult[i].split('<TD nowrap="nowrap" width=62 class=style14>') tmp =tmp[1].split('</TD><TD nowrap="nowrap" width=375>') des =tmp[1].split('>') link =des[0].split('<a href=') link =link[1].split(' target=') link =link[0] des =des[1].split('</A') #the description is stored in des[0] search[i] =Milw0rmResults::new(i, des[0], link, @site) end return search end end def Intro() result ="Exploiter v1n" result +="Programmed by: Spidern" result +="irc: irc.hackedyourbox.netn" result +="A product of:nt" result +="www.cyber-t3ch.net www.hackedyourbox.net www.striknyne.net & www.j4ck4lz.netn" return result; end #a function to remove all the html shit from the bottom def removeBottom(str) count =0 tmp =str.reverse #reverse the string so we can work from the top str ="" tmp.each{ |i| if(count >3) #once we have read the first two lines in we can start saving the file again str +=i end count +=1 } return str.reverse #reverse the file again so its the correct way up end print(Intro(), "n") print("Exploit>") find =gets find =find.split("n") #Exploiter starts here milw0rm =Milw0rm::new("http://www.milw0rm.com/search.php") milw0rm.Search(find[0]) exploits =milw0rm.getList() max =exploits.length max -=1 for i in 1..max print(exploits[i].getID() ," : " ,exploits[i].getDes() ,"n") end id =0 while(id.to_i >max or id.to_i ==0) print("(press q to exit)n") print("exploit ID> ") id =gets if(id =="qn") exit 1 end end print("Filename> ") filename =gets filename =filename.split("n") #we need to remove the new line from the filename outfile =File::new(filename[0], 'w') count =0 ex =exploits[id.to_i].getExploit() ex =removeBottom(ex) #we need to remove all the html shit from the bottom of the file ex.each{ |i| if(count >4) #drop the first four lines from the file, this is so we dont get all the html shit in the file outfile.write(i) end count +=1 } outfile.close() Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 22, 2006 Share Posted September 22, 2006 i can see its ruby and appreciate the source , but could u post a compiled version aswell ? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 22, 2006 Share Posted September 22, 2006 I tried it and was given an Exploit> prompt. Not knowing the paramaters or programs I gave it "list" and it listed 22 exploits. I choose number 20, "MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045)" and was asked for a filename. Not knowing if it was going to give me the article or code I dumped it to a .txt and opened it. It's the article and code. I'm not sure if it's just this article but the file I ended up with contained an enormous amount of single forward and back slashes on new lines, and extra linebreaks. That said, this tool looks very nifty. I'm starting to really like ruby. On a related topic if anyone has some beginers tutorials on ruby they could send my way I'd really appreciate it. I'm familiar with C and PHP and have been thinking of picking up another language and this one looks really elegant and useful. (just PM me, I don't want to derail this thread into a ruby tutorial thread) Quote Link to comment Share on other sites More sharing options...
Guest Posted September 22, 2006 Share Posted September 22, 2006 That said, this tool looks very nifty. I'm starting to really like ruby. On a related topic if anyone has some beginers tutorials on ruby they could send my way I'd really appreciate it. I'm familiar with C and PHP No post them on the forum, im having a hard time finding some decent tutorials on ruby. and have been thinking of picking up another language and this one looks really elegant and useful. (just PM me, I don't want to derail this thread into a ruby tutorial thread) Thats the reasion why i just picked up ruby, i seen an exploit coded in it and thought it just looked alot nicer then all the exploits i see coded in perl. Quote Link to comment Share on other sites More sharing options...
Guest Posted September 23, 2006 Share Posted September 23, 2006 aardwolf pointed out a little bug in the scrirpt so i have fixed that bug and also added the ability to pull down shell code from milw0rm. exploiter.rb #!/usr/bin/ruby require 'exploitCode' require 'shellCode' def Intro() result ="Exploiter v2n" result +="Programmed by: Spidern" result +="irc: irc.hackedyourbox.netn" result +="A product of:nt" result +="www.cyber-t3ch.net www.hackedyourbox.net www.striknyne.net & www.j4ck4lz.netn" return result; end def Help() result ="e : Pull down an exploit from milw0rm.com and save it to diskn" result +="h : Display this messagen" result +="q : Exit Exploitern" result +="s : Pull down a shell code from milw0rm.com and save it to diskn" return result end print(Intro(), "n") while(true) print("Exploiter>") option =gets if(option =="qn") exit 1 elsif(option =="hn") print(Help()) elsif(option =="en") data =getExploit() if(data !=-1) print("Filename> ") filename =gets filename =filename.split("n") #we need to remove the new line from the filename outfile =File::new(filename[0], 'w') data.each{ |i| outfile.write(i) } outfile.close() end elsif(option =="sn") data =getShell() if(data !=-1) print("Filename> ") filename =gets filename =filename.split("n") #we need to remove the new line from the filename outfile =File::new(filename[0], 'w') data.each{ |i| outfile.write(i) } outfile.close() end else print("I do not understand what you want from men") print("Press h to see a list of commandsn") end end milw0rmParser.rb class Milw0rmParser def initialize(html) @html =html end def parse() copy =false tmp ="" @html.each{ |i| if(i =="<pre>n") copy =true elsif(i =="</pre>n") copy =false else if(copy) tmp +=i end end } @html =tmp end def getHTML() return @html end end milw0rm.rb require 'net/http' require 'uri' require 'milw0rmParser' class Milw0rm def initialize(site) @site =site @sResult end def SearchExploit(search) res =Net::HTTP.post_form(URI.parse(@site), {'dong'=>search}); @sResult =res.body(); end def SearchShell(page) url = URI.parse(@site) res = Net::HTTP.start(url.host, url.port) {|http| http.get(page) } @sResult =res.body end def getShellCodeList() search =[] @sResult =@sResult.split('<TR class=style13><TD width=597><center>') max =@sResult.length max -=1 for i in 1..max name =@sResult[i].split('>') name =name[1].split('<') link ="shellcode/" +name[0] search[i] =Milw0rmResults::new(i, name[0], link, @site) end return search end def getList() search =[] @sResult =@sResult.split('<TR class=submit>') #Once we have located the position that the search result starts at we then find its length and drop 2 of this #the reasion we need to do this is because the last search result needs to be handled seperatly max =@sResult.length max -=1 #process the search results and store them in Milw0rmSearch for i in 1..max tmp =@sResult[i].split('<TD nowrap="nowrap" width=62 class=style14>') tmp =tmp[1].split('</TD><TD nowrap="nowrap" width=375>') des =tmp[1].split('>') link =des[0].split('<a href=') link =link[1].split(' target=') link =link[0] des =des[1].split('</A') #the description is stored in des[0] search[i] =Milw0rmResults::new(i, des[0], link, @site) end return search end end class Milw0rmResults def initialize(id, des, link, site) @id =id @des =des @link =link @site =site end def getID() return @id end def getDes() return @des end def getExploit() url = URI.parse(@site) res = Net::HTTP.start(url.host, url.port) {|http| http.get(@link) } parse =Milw0rmParser::new(res.body) parse.parse() return parse.getHTML() end end exploitCode.rb require 'milw0rm' def getExploit() print("Exploit>") find =gets find =find.split("n") milw0rm =Milw0rm::new("http://www.milw0rm.com/search.php") milw0rm.SearchExploit(find[0]) exploits =milw0rm.getList() max =exploits.length max -=1 for i in 1..max print(exploits[i].getID() ," : " ,exploits[i].getDes() ,"n") end id =0 while(id.to_i >max or id.to_i ==0) print("(press b to go back)n") print("exploit ID> ") id =gets if(id =="bn") return -1 end end return exploits[id.to_i].getExploit() end shellCode.rb def getShell() milw0rm =Milw0rm::new("http://www.milw0rm.com") milw0rm.SearchShell("/shellcode/") shell =milw0rm.getShellCodeList() max =shell.length max -=1 for i in 1..max print(shell[i].getID() ," : " ,shell[i].getDes() ,"n") end id =0 while(id.to_i >max or id.to_i ==0) print("(press b to go back)n") print("System ID> ") id =gets if(id =="bn") return -1 end end milw0rm.SearchShell("/shellcode/" +shell[id.to_i].getDes()) shell =milw0rm.getList() max =shell.length max -=1 for i in 1..max print(shell[i].getID() ," : " ,shell[i].getDes() ,"n") end id =0 while(id.to_i >max or id.to_i ==0) print("(press b to go back)n") print("shell ID> ") id =gets if(id =="bn") return -1 end end return shell[id.to_i].getExploit() end ---------------------------- aardwold if your still looking for a tutorial to a look at http://www.rubycentral.com/book/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.