autoexploit is now listing the results of attacks on the available vulnerabilities - #1

a396520e · Thomas Saquet · 98244243 · a396520e · a396520e · a396520e
--- a/autoexploit.gs
+++ b/autoexploit.gs
@@ -6,12 +6,32 @@
 #import jsonparser.gs
 #import tools.gs

-if params.len < 1 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [vuln_file.json]</b>")
-
 globals.vulnerabilitiesDirectoryName = "/home/" + active_user + "/vulnerabilities/"

-exploitFile = getFile(globals.vulnerabilitiesDirectoryName, params[0])
+myshell = get_shell
+computer = myshell.host_computer
+vulnDirectory = computer.File(globals.vulnerabilitiesDirectoryName)
+vulnFiles = vulnDirectory.get_files
+
+for file in vulnFiles
+	if file.name.indexOf("json") > 0 then
+		vuln = parse(file.content)
+
+		if file.name.indexOf("kernel") > 0 then
+			net_session = metaxploit.net_use(vuln.ExternalIpAddress)
+		else
+			net_session = metaxploit.net_use(vuln.ExternalIpAddress, vuln.portNumber)
+		end if
+
+		if not net_session then exit("Error: can't connect to net session")
+
+		print(char(10) + "Attacking " + vuln.libName +":" + vuln.libVersion + " at memory address: <b>" + vuln.vulnMemoryAddress + "</b> with value <b>" + vuln.vulnUnsecValue + "</b>")
+
+		lib = net_session.dump_lib
+
+		res = lib.overflow(vuln.vulnMemoryAddress, vuln.vulnUnsecValue)

-vuln = parse(exploitFile.content)
+		print("Object obtained: " + typeof(res))

-print(vuln.vulnMemoryAddress)
+	end if
+end for
--- a/univscan.gs
+++ b/univscan.gs
@@ -149,7 +149,6 @@ for vulnerability in vulnerabilitiesArray
 	vulnerabilityFile = vulnerability._toFile
 end for

-count = 0
 for vulnerability in vulnerabilitiesArray
 	myshell = get_shell
 	filePath = globals.vulnerabilitiesDirectoryName
@@ -157,9 +156,8 @@ for vulnerability in vulnerabilitiesArray
 	myshell.host_computer.touch(filePath, fileName)

 	vulnerabilityFile = myshell.host_computer.File(filePath + fileName)
+	vulnerabilityFile.set_content("")
 	vulnerabilityFile.set_content(vulnerabilityFile.content + char(10) + toJSON(vulnerability))
-	count = count + 1
-	print(count)
 end for



--- a/vuln.gs
+++ b/vuln.gs
@@ -103,7 +103,7 @@ Vulnerability.parseVulnDesc = function(vulnDesc)
 	self.vulnType = vulnDescArray[1].remove(".")
 	lastSpaceIndex = vulnDescArray[0].lastIndexOf(" ")
 	self.vulnMethod = vulnDescArray[0][0:lastSpaceIndex]
-	self.vulnUnsecValue = slice(vulnDescArray[0],lastSpaceIndex+1)
+	self.vulnUnsecValue = slice(vulnDescArray[0],lastSpaceIndex+1).remove("<b>").remove("</b>")
 end function

 //END classes definitions