Store Page
Grey Hack
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Grey Hack

Store Page
Grey Hack Guides Aradar's Guides
Not enough ratings
@@@@!-UNWANTED GUEST-!@@@@
By Aradar
Unwanted guest is a rootkit/privilege escalation tool
If you are using the version with NMAP module you will need to look in the source for import_code("") And enter here the absolute path of the Nmap.src file make sure when you compile to check the allow import check box.


it takes 2 arguments IP and PORT

Option one scans IP on PORT and executes available exploits, it will attempt to gain a shell or print user credentials each time it asks for additional args (this is sloppy and on success leaves system logs of your intrusion if you run this app from your computer)

Option two is a local attack that scans local library's for exploits and executes available exploits each time it asks for additional args(use this on compromised devices)

Option three if you are using the version with the nmapModule will nmap IP + PORT

Option four exits the program

Unwanted guest Standalone has only 3 options 1,2 & 4
   
Award
Favorite
Favorited
Unfavorite
Created by
Aradar
Offline
Category: Gameplay Basics, Modding or Configuration, Walkthroughs, Workshop
Languages: English
Posted
Updated
3 Aug @ 12:58pm
4 Aug @ 1:27pm
52 Unique Visitors
0 Current Favorites
Guide Index
Overview
UG 
!-UNWANTED GUEST-! 
UG-withNmap.src 
UG-NmapModule.src 
!-UNWANTED GUEST-! STANDALONE 
Comments
UG
!-UNWANTED GUEST-!


UG-withNmap.src
if params.len != 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [port]<U> using 0 as port scans routers</u></b>\n<color=#34c6eb>Use port 0 for Local library scans also")
while true
print("<color=#b00b0b><U><B>My public Ip:" + get_router.public_ip)
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if

address = params[0]
port = params[1].to_int
print("<color=#34c6eb>@@@@@@@@@@@@@@@@<color=#e4f549><size=32px>!-UNWANTED-GUEST-!</size></color>@@@@@@@@@@@@@@@@")
print("<color=#34c6eb>Option 1:FIND and EXPLOIT unsafe checks on <color=#34c6ab><size=32px>port:<color=#c40808><size=32px>"+port)
print("<color=#34c6eb>Option 2:FIND and EXPLOIT Local librarys")
print("<color=#08c43a>Option 3:Run Nmap on Network ip")
print("<color=#34c6eb>Option 4:Exit program")

opt = user_input("Option: ")
if opt == "4" then exit("<color=#b00b0b><size=32px>--EXITING--Unwanted Guest:V1.0.0--</size>")

if opt == "3" then
import_code("/YOUR_ABSOLUTE_PATH_HERE/NMAPmodule.src")
end if

if opt == "2" then
print("Attempting to escalate priviledge via local accounts.....")
metaLib = metaxploit.load(user_input("enter library path: "))
arg1 = user_input("Enter additional arg such as password or Lan IP: ")

print("Scanning local library: "+metaLib.lib_name)
exploits = metaxploit.scan(metaLib)
for exploit in exploits
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]

for result_list in result_lists
target_str = result_list.split("\.")[0]
//target_key = target_str.split(" ")[-1]
target_key = result_list[result_list.indexOf("<b>")+3:result_list.indexOf("</b>")]
result = metaLib.overflow(exploit,target_key,arg1)
if typeof(result) == "shell" then
print("SHELL DETECTED")
print(exploit+" "+target_key)
result.start_terminal
else
if typeof(result) == "computer" then
print("COMPUTER DETECTED")
print(exploit+" "+target_key)

file = get_shell.host_computer.File("/etc/passwd")
if file != null then
print(file.get_content)
end if


end if
end if
print(exploit+" "+target_key+" "+arg1)
//######################################################################
if not result then continue //exit("Program ended")
if typeof(result) != "file" then continue
//print("Error: expected file, obtained: " + result)
if not result.is_folder then exit("Error: expected folder, obtained file: " + result.path)
if not result.has_permission("r") then exit("Error: can't access to " + result.path + ". Permission denied." )
AccessPasswdFile = function(result)
print("Accesing to password file...")
files = result.get_files
for file in files
if file.name == "passwd" then
if not file.has_permission("r") then exit("failed. Can't access to file contents. Permission denied")
exit("success! loading content...\n" + file.get_content)
end if
end for
exit("Error: /etc/passwd file not found. Program aborted");
end function

print("Obtained access to " + result.path)
if result.path == "/etc" then
AccessPasswdFile(result)

else
print("Attempting to reach /etc folder...")
while result.path != "/"
result = result.parent
end while
folders = result.get_folders
for folder in folders
if folder.path == "/etc" then
AccessPasswdFile(folder)
end if
end for
end if
//###############################################################################


end for
end for

//end if


end if
//OPT2

if opt=="1" then

metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if



if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib

exploits = metaxploit.scan(metaLib)
for exploit in exploits
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]

for result_list in result_lists
target_str = result_list.split("\.")[0]
//target_key = target_str.split(" ")[-1]
target_key = result_list[result_list.indexOf("<b>")+3:result_list.indexOf("</b>")]

//####GETEMAIL########
lanIp = user_input("Enter a LAN address: ")
libKernel = net_session.dump_lib
libName = "kernel_router.so"
result = libKernel.overflow(exploit, target_key, lanIp)
if not libKernel then exit("Error: " + libName + " not found.")

if typeof(result) != "shell" then
lanIp = user_input("Enter a LAN address: ")
print("<color=#34c6eb>Through a router, we can find some users. \n<color=#34c6eb>Enter a LAN IP to search for user accounts")
if not net_session then exit("Error: can't connect to net session")

//if result == null then continue
cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")
GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: " + file.path + " targets exausted")
password = cryptools.decipher(userPass[1])
return password
end function
typeObject = typeof(result)
if(typeObject != "computer") then continue //exit("Error: expected computer, obtained " + typeObject)
file = result.File("/etc/passwd")
if not file then continue //exit("Error: file /etc/passwd not found")
if not file.has_permission("r") then continue//exit("Error: can't read /etc/passwd. Permission denied.")
if file.is_binary then continue //exit("Error: invalid /etc/passwd file found.")
listUsers = file.get_content.split("\n")

homeFolder = result.File("/home")
if not homeFolder then continue //exit("Error: /home folder not found")
userFolders = homeFolder.get_folders

found = false

for line in listUsers
for userFolder in userFolders
userPass = line.split(":")
print("<color=#34c6eb>Deciphering user " + userPass[0] +"...")
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#ff0000>=> " + password)
end if

bankFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt")
if not bankFile then continue
if not bankFile.has_permission("r") then continue //exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("<color=#34c6ab>Found Email address for user: " + userFolder.name)
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#34c6eb>Email account: " + userPass[0] +"\n<color=#34c6eb>Mail Password: " + password)
found = true
end if
end for
end for
end if

//####GETEMAIL########



if typeof(result) == "shell" then
result = metaLib.overflow(exploit,target_key)
result.start_terminal
else
end if
print(exploit+" "+target_key)


end for
end for
end if

end while
UG-NmapModule.src
//command: nmap
if not is_valid_ip(params[0]) then exit("nmap: invalid ip address")
if not get_shell.host_computer.is_network_active then exit("nmap: No internet access.")

ipAddress = params[0]
isLanIp = is_lan_ip( ipAddress )

if isLanIp then
router = get_router;
else
router = get_router( ipAddress )
end if

if router == null then exit("nmap: ip address not found")
ports = null

if not isLanIp then
ports = router.used_ports
else
ports = router.device_ports(ipAddress)
end if

if ports == null then exit("nmap: ip address not found")
if typeof(ports) == "string" then exit(ports)

info = "<color=#34c6eb>PORT STATE SERVICE VERSION LAN"
print("\n<color=#34c6eb>Starting <color=#b00b0b>port sniffer</color><color=#34c6eb>........" + current_date)
print("<color=#e0d90b>Interesting ports found on " + params[0] + "\n")
if(ports.len == 0) then exit("Scan finished. No open ports.")

for port in ports
service_info = router.port_info(port)
lan_ips = port.get_lan_ip
port_status = "open"

if(port.is_closed and not isLanIp) then
port_status = "closed"
end if
info = info + "\n<color=#0be00f>" + port.port_number + " " + port_status + " " + service_info + " " + lan_ips
end for
print(format_columns(info) + "\n")
!-UNWANTED GUEST-! STANDALONE
if params.len != 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [port]<U> using 0 as port scans routers</u></b>\n<color=#34c6eb>Use port 0 for Local library scans also")
while true
print("<color=#b00b0b><U><B>My public Ip:" + get_router.public_ip)
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if

address = params[0]
port = params[1].to_int
print("<color=#34c6eb>@@@@@@@@@@@@@@@@<color=#e4f549><size=32px>!-UNWANTED-GUEST-!</size></color>@@@@@@@@@@@@@@@@")
print("<color=#34c6eb>Option 1:FIND and EXPLOIT unsafe checks on <color=#34c6ab><size=32px>port:<color=#c40808><size=32px>"+port)
print("<color=#34c6eb>Option 2:FIND and EXPLOIT Local librarys")
//print("<color=#08c43a>Option 3:Run Nmap on Network ip")
print("<color=#34c6eb>Option 4:Exit program")

opt = user_input("Option: ")
if opt == "4" then exit("<color=#b00b0b><size=32px>--EXITING--Unwanted Guest:V1.0.0--</size>")

if opt == "3" then
//import_code("/home/aradar/BETA_APPS/nmapModule.src")
end if

if opt == "2" then
print("Attempting to escalate priviledge via local accounts.....")
metaLib = metaxploit.load(user_input("enter library path: "))
arg1 = user_input("Enter additional arg such as password or Lan IP: ")

print("Scanning local library: "+metaLib.lib_name)
exploits = metaxploit.scan(metaLib)
for exploit in exploits
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]

for result_list in result_lists
target_str = result_list.split("\.")[0]
//target_key = target_str.split(" ")[-1]
target_key = result_list[result_list.indexOf("<b>")+3:result_list.indexOf("</b>")]
result = metaLib.overflow(exploit,target_key,arg1)
if typeof(result) == "shell" then
print("SHELL DETECTED")
print(exploit+" "+target_key)
result.start_terminal
else
if typeof(result) == "computer" then
print("COMPUTER DETECTED")
print(exploit+" "+target_key)

file = get_shell.host_computer.File("/etc/passwd")
if file != null then
print(file.get_content)
end if


end if
end if
print(exploit+" "+target_key+" "+arg1)
//######################################################################
if not result then continue //exit("Program ended")
if typeof(result) != "file" then continue
//print("Error: expected file, obtained: " + result)
if not result.is_folder then exit("Error: expected folder, obtained file: " + result.path)
if not result.has_permission("r") then exit("Error: can't access to " + result.path + ". Permission denied." )
AccessPasswdFile = function(result)
print("Accesing to password file...")
files = result.get_files
for file in files
if file.name == "passwd" then
if not file.has_permission("r") then exit("failed. Can't access to file contents. Permission denied")
exit("success! loading content...\n" + file.get_content)
end if
end for
exit("Error: /etc/passwd file not found. Program aborted");
end function

print("Obtained access to " + result.path)
if result.path == "/etc" then
AccessPasswdFile(result)

else
print("Attempting to reach /etc folder...")
while result.path != "/"
result = result.parent
end while
folders = result.get_folders
for folder in folders
if folder.path == "/etc" then
AccessPasswdFile(folder)
end if
end for
end if
//###############################################################################


end for
end for

//end if


end if
//OPT2

if opt=="1" then

metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if



if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib

exploits = metaxploit.scan(metaLib)
for exploit in exploits
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]

for result_list in result_lists
target_str = result_list.split("\.")[0]
//target_key = target_str.split(" ")[-1]
target_key = result_list[result_list.indexOf("<b>")+3:result_list.indexOf("</b>")]

//####GETEMAIL########
lanIp = user_input("Enter a LAN address: ")
libKernel = net_session.dump_lib
libName = "kernel_router.so"
result = libKernel.overflow(exploit, target_key, lanIp)
if not libKernel then exit("Error: " + libName + " not found.")

if typeof(result) != "shell" then
lanIp = user_input("Enter a LAN address: ")
print("<color=#34c6eb>Through a router, we can find some users. \n<color=#34c6eb>Enter a LAN IP to search for user accounts")
if not net_session then exit("Error: can't connect to net session")

//if result == null then continue
cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")
GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: " + file.path + " targets exausted")
password = cryptools.decipher(userPass[1])
return password
end function
typeObject = typeof(result)
if(typeObject != "computer") then continue //exit("Error: expected computer, obtained " + typeObject)
file = result.File("/etc/passwd")
if not file then continue //exit("Error: file /etc/passwd not found")
if not file.has_permission("r") then continue//exit("Error: can't read /etc/passwd. Permission denied.")
if file.is_binary then continue //exit("Error: invalid /etc/passwd file found.")
listUsers = file.get_content.split("\n")

homeFolder = result.File("/home")
if not homeFolder then continue //exit("Error: /home folder not found")
userFolders = homeFolder.get_folders

found = false

for line in listUsers
for userFolder in userFolders
userPass = line.split(":")
print("<color=#34c6eb>Deciphering user " + userPass[0] +"...")
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#ff0000>=> " + password)
end if

bankFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt")
if not bankFile then continue
if not bankFile.has_permission("r") then continue //exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("<color=#34c6ab>Found Email address for user: " + userFolder.name)
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#34c6eb>Email account: " + userPass[0] +"\n<color=#34c6eb>Mail Password: " + password)
found = true
end if
end for
end for
end if

//####GETEMAIL########



if typeof(result) == "shell" then
result = metaLib.overflow(exploit,target_key)
result.start_terminal
else
end if
print(exploit+" "+target_key)


end for
end for
end if

end while