a Scriptkittys guide to hacking *<|:)*=> V1.0.0 systems in singler player, a tutorial of sorts to get your feet wet in the world of GreyHack if your experiencing difficulties.

With the apps in this guide you should be able to get into any device on a network.

The best intrusions are ones that give you root access immediately, how you obtain this can vary from attack to attack. Some attacks give it immediately, while others may require extra steps ie:privilege escalation,social engineering,software engineering.

Privilege escalation and social engineering can sometimes be hilariously easy. All you need is a "user name" and a "global ip" of a network they are on,running this(whois "ip_address")displays the administrators details, then take the administrators email, email them and ask for the "user names" credentials.

Software engineering, I would say is the most daunting aspect of this game, and also the most rewarding.

Below is grey script source code for a program I call ARAT v1.0.0, a modular network intrusion tool, that can be upgraded as you play as the situation demands.

This program requires metaxploit.so and crypto.so to fully function. If you study the code you will notice there is a section in the email part that is commented out uncomment this if you want to decipher these accounts. I left it turned off just to grab names. The banking option has deciphering turned on use it with caution.

When using this program if you enter 4 arguments a menu will appear with Options, these options will vary in usefulness depending on what Memory/Overflow you are using.

This game is evolving constantly, if any one wants to know more feel free to ask, learning is fun, I know a good bit, but I don't fully understand all of it :D.

I don't know a lot about this stuff but i Do know enough to break stuff really good so :D i hope this helps someone enjoy the game a bit more, the code is not commented very much, but should be fairly obvious as to what's going on when you look at it. <3

Program too large it will be in another section.

print("@@@@@@@@@@@@@@@@@@@ARATv1.0.0@@@@@@@@@@@@@@@@@@@@@@@@@@@@")
print("@#@#@#@#@#@#@#@#@#@#@#@#@#DASHBOARD@#@#@#@#@#@#@#@#@#@#@#")
print("GET BANK ACCOUNTS SEE USER NAMES AND EMAIL ADDRESSES OR GAIN ROOT ACCESS")
print("FTP/ROOT <b><u>port 21</u></b> <b>memory/overflow<b>:0x22E525BA rlengt")
print("http SQL/ROOT port 3306,141 <b><u>memory/overflow:0x6253B93F screelinen")
print("SSH TAKE SHELL ports 22,65390,8002 <b><u>memory/overflow:0x57C3BF1 _isvisible")
print("http SQL/Computer port 3306,141<b><u>memory/overflow:0x2DA03CC7 zedelc")
print("http computer port 80 <b><u>memory/overflow:0x453E184F transfore")
print("http root access port 80 <b><u>memory/overflow:0x539ECFDB pendquot")
print("<u>RoUtER AcCeSs port 0 <b><u>memory/overflow:0x5B844528 constan")
print("<b>Disable Firewall port 0 <b><u>memory/overflow:0x5B844528 value")
print("ENTER AN <u>IP ADDRESS</u> <u>PORT</u> <u>MEMORY ADDRESS</u> <u>BUFFER OVERFLOW")
print("@#@#@#@#@#@#@#@#@#@#@#@#@#DASHBOARD@#@#@#@#@#@#@#@#@#@#@#")
print("@@@@@@@@@@@@@@@@@@@ARATv1.0.0@@@@@@@@@@@@@@@@@@@@@@@@@@@@")
if params.len != 4 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [port] [memory address] [buffer overflow]</b>")
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
port = params[1].to_int
mem = params[2]
memX = params[3]



while true
print("Attack has been configured properly!")
print("Choose an option: ")
print("Option 1:Get Shell")
print("Option 2:Decipher Banking information")
print ("Option 3:Find Email addresses")
print("Option 4:Exit program")
print("Option 5:Take Router")
print("Option 6:Disable Firewall")
opt = user_input("Option: ")
if opt == "4" then exit("--EXITING--ARAT:V1.0.0--")

if opt == "1" then
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
newPass = user_input("Enter new password: ")
result = metaLib.overflow(mem, memX, newPass)
if not result then exit("Program ended")
if typeof(result) != "shell" then exit("Asked for a shell but got a " + result + " instead ...try another option maybe")
if typeof(result) == "shell" then
result.start_terminal
else
print("Error: expected shell, obtained: " + result)
end if

else


if opt == "3" then
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
result = metaLib.overflow(mem, memX)
if not result then exit("Program ended")

if typeof(result) == "computer" then
homeFolder = result.File("/home")
if not homeFolder then exit("Error: /home folder not found")
userFolders = homeFolder.get_folders
found = false
for userFolder in userFolders
bankFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt")

if not bankFile then continue
if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("Found Email address for user: " + userFolder.name)
//password = GetPassword(userPass)
//if not password then
//print("Nothing found...")
//else
//print("Email account: " + userPass[0] +"\nBank Password: " + password)
print("Email account: " +userPass[0])
found = true
//end if
end for
if not found then print("No files found")result.start_terminal
end if
else
//#############################

cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")

GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: wrong syntax")
password = cryptools.decipher(userPass[1])
return password
end function
if opt =="2" then
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
result = metaLib.overflow(mem, memX)
if not result then exit("Program ended")

if typeof(result) == "computer" then
homeFolder = result.File("/home")
if not homeFolder then exit("Error: /home folder not found")
userFolders = homeFolder.get_folders
found = false
for userFolder in userFolders
bankFile = result.File("/home/" + userFolder.name + "/Config/Bank.txt")

if not bankFile then continue
if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("Discovering bank information for user: " + userFolder.name)
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("Bank account: " + userPass[0] +"\nBank Password: " + password)

found = true
end if
end for
if not found then print("No files found")result.start_terminal


end if
end if
if opt == "5" then
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
net_session = metaxploit.net_use( address )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
result = metaLib.overflow(mem, memX)
if not result then exit("Program ended")
if typeof(result) == "shell" then
result.start_terminal
else
print("Error: expected shell, obtained: " + result)
end if
end if
end if
end if
if opt == "6" then
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
net_session = metaxploit.net_use( address )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
result = metaLib.overflow(mem, memX)
if not result then exit("Program ended")
end if
end while

The methods described here are incredibly sloppy and I advise you to take what you learn here and use it with a grain of salt if you decide to try multiplayer.

In the current version I noticed that bank account of NPC in single player are practically broke and not worth stealing so I will not cover the topic. (If you still want to bankrupt people ARAT will give you banking info.)

On systems where file access is restricted you will need root or privileged access to see these files.

On Networks with Switches, you may have run attacks from the switch itself, remember to use ping from the scanLan.exe to see routes from POINT A to POINT B, if the ping is unsuccessful you need to move the attack to another network device.

example systems A,B,c
set up as A>B-c
A (router)B(switch) c(computer)
if ping from AtoB is success but ping from A to c is not successful then MOVE attack to B and try again.

I like to make a folder with my main attack program,nmap,ssh,whois,metaxploit and crypto.so,and an exploitable kernel_router.so, when you get into a router or system copy this folder there, now you have all you need locally on the network to spread to other systems.

USAGE:ARAT IP_ADDRESS PORT MEMORY BUFFEROVERFLOW

ARATs initial Dashboard information is from the game I created this software on, you will have to play and acquire memory hexes and overflows your self as they are different from game to game on single player.

This program takes 4 arguments, running this program from the console with anything less than 4 will display the Dashboard, the Dashboard displays information like usage syntax and exploits that are faverited, for quick access when netrunning.

Finding BufferOverflows with Decipher can be time consuming as hell early game and causes a lot of unneeded damage to your system, I suggest when and if you need a new vector of attack, search the hackshop for something there and use the Overflows from them, it can be cheaper longterm from a system damage standpoint.

Some attacks will not work depending on the system, but also yield a user name, keep an eye out for this! the username is good also! a username can be easily turned into privileged access. If you get Guest access you have got privileged access one email away :D, Navigate to /home check user Folders here, give the network administrator a tearful email about needing your log on information and you are winning.

Computer where there are no ports for missions such as "delete a remote file" or "destroy system" are a little tricky to get into there are several steps you must take to get into these systems.

You must/should find and keep a copy of an exploitable kernel_router.so
(specifically one where you can obtain User email credentials from a router.)

You must have a Reverse shell server.
You must have Email credentials of at least one other User on the network.
You must obtain the Email credentials from your victims IP.
You need Root access in a router on the network.

Once you have root access on a router, Copy the Exploitable kernel_router.so to this routers /lib folder.
(now this router is F@cked)
You must obtain Memory Hex Exploits for kernel_router.so
(more specifically exploits that will give you Email credentials from the victims IP)

If for what ever reason you only obtain the User name from the Victim IP this IS OK, the user name is just as good as the Email. In network every one is using the same email service, so just put the users name @what ever-Email-corp-org, when sending the exploit email.

These exploits are not available immediately you must play the game, either by attacking systems, or by using the exploit reporter on kernel_router.so

After some time has passed and kernel_router.so gets updates you will find exploits as mentioned above I found them in my current game at kernel_router.so version:1.0.2

Now assuming you have everything set up

Rshell server listening for connections
Email credentials of 2 Users on the network one random, one from the Victim IP.
Using the mail program Log into the random user email, send the Victim an Email with the Funny game attachment, if successful, they are connected to the Rshell server now.

Open rshell_interface and connect to the victims computer.

The following source code compiled, makes a Simple yet powerful app that gets User names from isolated LAN IPs.


This program takes 3 arguments "IP MEMORY HEX"
Where IP is the router with the exploitable kernel.so, followed by the LAN computer you want credentials from.

You need to discover the Memory/Hexes for your self, look for ones that have get user credentials/email credentials.

print("<b>USAGE:</b><u>IP MEMORY HEX</u>")
print("Follwed BY VICTIMS LAN IP")

if params.len != 3 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address][memory][hex]</b>")
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
mem = params[1]
memX =params[2]

net_session = metaxploit.net_use( address )
if not net_session then exit("Error: can't connect to net session")
libKernel = net_session.dump_lib
libName = "kernel_router.so"
print("Searching " + libName +" ...")
if not libKernel then exit("Error: " + libName + " not found.")
lanIp = user_input("Enter a LAN address: ")
result = libKernel.overflow(mem, memX, lanIp)
cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")

GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: " + file.path + " targets exhausted")
password = cryptools.decipher(userPass[1])
return password
end function

typeObject = typeof(result)
if(typeObject != "computer") then exit("Error: expected computer, obtained " + typeObject)
file = result.File("/etc/passwd")
if not file then exit("Error: file /etc/passwd not found")
if not file.has_permission("r") then exit("Error: can't read /etc/passwd. Permission denied.")
if file.is_binary then exit("Error: invalid /etc/passwd file found.")
listUsers = file.get_content.split("\n")
for line in listUsers
userPass = line.split(":")
print("Deciphering user " + userPass[0] +"...")
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("=> " + password)
end if
end for

the exploit finder app takes 2 arguments an IP ADDRESS and a PORT then prints all exploits on that port if any.

if params.len != 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [port] [library]</b>")
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")

address = params[0]
port = params[1].to_int


net_session = metaxploit.net_use(address, port)
if not net_session then exit("Error: can't connect to net session")

metaLib = net_session.dump_lib
scan = metaxploit.scan(metaLib)

i = 0
for entry in scan
i = i+1
memory_scan = metaxploit.scan_address(metaLib, entry)
print("<b>"+i+". "+entry+"</b>\n"+memory_scan)
end for
print(metaLib.lib_name+" v"+metaLib.version)

exit("<color=#ff0000>---SCAN COMPLETE---</color>")

After discovering a kernel_router.so that allows searching of LAN IP for Users.

Gain access to router, root preferably, from here nmap and xploitScan the Network for access to a computer. After which change the kernel_router.so to the Exploited version.(you need root to do this)

From this computer Copy and decipher the root password(if you don't have it yet), and the email information of one User.(for the reverse shell attack)

Using kernel_router exploit acquire User credentials.

After this you are in complete control of this network, send emails to users with funny attachments that you wish to add to rshell server.

Acquire credentials,change school grade and, change police records are the quickest hack turn arounds

Spamming these missions is the best way to build funds quickly.

Doing other missions unless you are well versed in Gray Hack take so much more time to complete, they are best left to test your skills and see what you have learned.



While this may get monotonous you may try to turn this into a game in its self and see how many systems you can exploit per xTime.

You'll be building that new rig in no time!!

Good luck out there ✌️

Missions for the police can be found by searching in browser "police"

Missions for the Police, tracking down hackers and finding evidence of crimes are some of the most difficult missions I have played so far.

In these missions you will find your self in some very secure networks! Be ready for heightened security on file access here as you will need bare minimum privileged access to see anything!

In these missions you will have to use the LogViewer to find information to track hackers, make note of suspicious chat logs and pictures.

These missions are not for the faint of heart, good luck out there :)

this program excepts 4 arguments
IP PORT MEMORY HEX
This program aids you with gaining privileged access through reverse shells.

IP is the ip of xploitable router ,PORT = 0

With the right memory/hex this app will give complete information about LAN IP

when Prompted enter the desired information.

print("<color=#34c6eb><b>USAGE:</b><u>IP of XrouterX MEMORY HEX</u>")
print("<color=#34c6eb>Follwed BY VICTIMS LAN IP")

if params.len != 4 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address][memory][hex]</b>")
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
port = params[1].to_int
mem = params[2]
memX =params[3]


cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")

GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: wrong syntax")
password = cryptools.decipher(userPass[1])
return password
end function

net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
newPass = user_input("<color=#34c6eb>Enter LAN IP: ")
result = metaLib.overflow(mem, memX ,newPass)
if not result then exit("Program ended")

if typeof(result) == "computer" then
homeFolder = result.File("/home")
if not homeFolder then exit("Error: /home folder not found")
userFolders = homeFolder.get_folders
found = false
for userFolder in userFolders
bankFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt")

if not bankFile then continue
if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("Found Email address for user: " + userFolder.name)
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("Email account: " + userPass[0] +"\nMail Password: " + password)
//print("Email account: " +userPass[0])
found = true
end if
end for
if not found then print("No files found")result.start_terminal
end if


typeObject = typeof(result)
if(typeObject != "computer") then exit("Error: expected computer, obtained " + typeObject)
file = result.File(user_input("<color=#34c6eb>ENTER FILE PATH: "))
if not file then exit("Error: file not found")
if not file.has_permission("r") then exit("Error:Permission denied.")
if file.is_binary then exit("Error: invalid file found.")
listUsers = file.get_content.split("\n")


for line in listUsers
userPass = line.split(":")
print("Deciphering user " + userPass[0] +"...")
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("=> " + password)
end if
end for