Store Page
Grey Hack
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Grey Hack

Store Page
Grey Hack Guides Aradar's Guides
Not enough ratings
RAT-LITE toolkit
By Aradar
RAT-LITE is a Toolkit to aid in network/exploit discovery for Single player for beginner to intermediate player.

It consists of 5 source files that need to be in the same folder when compiled.
Some lines in Rat-lite.src that need to be changed to the current absolute path of src files, import_code("/home") .
When compiling make sure to check the import src box.

When compiled and ran from console it requires four parameters, IP, Port,Memory address,Unsafe check
You can set Memory address and Unsafe check to 0 when Rating Routers and Switches.
From the Main menu option 1 you can manually attempt exploits depending on the port, if port is 0 router/switches are targeted
Option two will scan targeted port for unsafe checks
Option three exits the program
Option four runs Xscan this automatically looks for and applies exploits to the target depending on the port.
router usage: 1.1.1.1 0 0 0
Http usage: 1.1.1.1 80 0 0

Option Five runs the Banker if a Router is targeted Banker asks for LAN IP to steal banking credentials from.
to steal bank credentials you will need to supply the correct Memory address and Unsafe check.

Studying the src code you can learn how to load metaLib and libKernel objects to exploit computers, routers, and switches to discover user accounts, mail and banking credentials. The Xscan module can show you how to parse text from scan output and how to apply that text.

known bug when running port 0 attack to get user credentials and email accounts the output is repeated several times, this didnt bother me enough to figure it out.

known bug when scanning a network whos global IP has no visable ports the Nmap Module will fail and program will exit
   
Award
Favorite
Favorited
Unfavorite
Created by
Aradar
Offline
Category: Game Modes, Modding or Configuration, Workshop
Languages: English
Posted
Updated
29 Jul @ 10:48pm
1 Aug @ 5:51pm
27 Unique Visitors
0 Current Favorites
Guide Index
Overview
Rat-lite 
RAT-LITE.SRC 
RAT_ASCII.SRC 
nmapModule.SRC 
bankerModule.SRC 
XSCAN.SRC 
Comments
Rat-lite
RAT-LITE.SRC

if params.len != 4 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [port] [memory address] [buffer overflow]</b> \n<color=#34c6eb> example 21.21.21.21 0 0 0 \n ----------------------<color=#ff0000>^</color>-<color=#ff0000>^</color> Zeros here will start exploit discovery")
while true
print("<color=#34c6eb><U><b><:3~~RAT LITE<:3~~</u>")
print("<color=#b00b0b><U><B>My public Ip:" + get_router.public_ip)
import_code("YOURPATH/nmapModule.src")
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
port = params[1].to_int
mem = params[2]
memX = params[3]

import_code("YOURPATH/RAT_ASCII.src")

print("<color=#34c6eb>.....................<:3~~.....")
print("<color=#34c6eb>RAT has been configured properly!")
print("<color=#34c6eb>MAIN MENU: ")
print("<color=#34c6eb>Option 1:RAT target machine/router/switch")
print("<color=#34c6eb>Option 2:Scan unsafe checks on port")
print("<color=#34c6eb>Option 3:Exit program")
print("<color=#34c6eb>Option 4:Launch XScan")
print("<color=#34c6eb>Option 5:Launch Banker")
print("<color=#e0d90b>Attack Target:"+address+" "+port+" "+mem+" "+memX)
opt = user_input("Main Menu: ")
if opt == "3" then exit("<color=#b00b0b>-<:}3~~-EXITING-<:3~~~-RAT:V1.0.0--")
if opt == "1" then
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session try a different ip or port")
metaLib = net_session.dump_lib
Arg1 = user_input("Enter additional argument if available: ")
result = metaLib.overflow(mem, memX, Arg1)
if typeof(result) == "shell" then
print("<color=#34c6eb>Your...In....~now do some damage")
result.start_terminal
else
print("Error: expected shell, obtained: " + result)
end if
if typeof(result) != "shell" then
if not net_session then exit("Error: can't connect to net session")
if port == 0 then
print("<color=#34c6eb>Through a router, we can find some users. \n<color=#34c6eb>Enter a LAN IP to search for user accounts")
if not net_session then exit("Error: can't connect to net session")
libKernel = net_session.dump_lib
libName = "kernel_router.so"
if not libKernel then exit("Error: " + libName + " not found.")
lanIp = user_input("Enter a LAN address: ")
newMem = mem
meMx = memX
opt = user_input("Do you want to change exploit?<color=#ff0000> Y or N: ")
if opt == "Y" then
if opt == "N" then continue
newMem = user_input("Enter memory address: ")
meMx = user_input("Enter unsafe check: ")
end if
result = libKernel.overflow(newMem, meMx, lanIp)
if result == null then continue
cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")
GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: " + file.path + " targets exausted")
password = cryptools.decipher(userPass[1])
return password
end function
typeObject = typeof(result)
if(typeObject != "computer") then exit("Error: expected computer, obtained " + typeObject)
file = result.File("/etc/passwd")
if not file then exit("Error: file /etc/passwd not found")
if not file.has_permission("r") then exit("Error: can't read /etc/passwd. Permission denied.")
if file.is_binary then exit("Error: invalid /etc/passwd file found.")
listUsers = file.get_content.split("\n")

homeFolder = result.File("/home")
if not homeFolder then exit("Error: /home folder not found")
userFolders = homeFolder.get_folders

found = false

for line in listUsers
for userFolder in userFolders
userPass = line.split(":")
print("<color=#34c6eb>Deciphering user " + userPass[0] +"...")
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#ff0000>=> " + password)
end if

bankFile = result.File("/home/" + userFolder.name + "/Config/Mail.txt")
if not bankFile then continue
if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("<color=#34c6ab>Found Email address for user: " + userFolder.name)
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#34c6eb>Email account: " + userPass[0] +"\n<color=#34c6eb>Mail Password: " + password)
found = true
end if
end for
end for
end if
end if
end if

if opt=="2" then
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
scan = metaxploit.scan(metaLib)
i = 0
for entry in scan
i = i+1
memory_scan = metaxploit.scan_address(metaLib, entry)
print("<B>"+i)
print("<U>"+entry)
print("<I><color=#34c6eb>"+memory_scan)
end for
print("<color=#ff0000>---SCAN---OF '</color><color=#34c6eb>"+metaLib.lib_name+" v"+metaLib.version+"<color=#ff0000>' COMPLETE</color>")



end if



if opt =="4" then
import_code("YOURPATH/RATL/xscan.src")
end if
if opt == "5" then
import_code("YOURPATH/RATL/bankrobber.src")
end if

end while
RAT_ASCII.SRC
ascii_print = function() print("<color=#e0d90b>"+" _ ____") print("<color=#e0d90b>"+"/ \ / \") print("<color=#e0d90b>"+"' |Oo o| \") print("<color=#e0d90b>"+"| \ |OOOo........oOO| / |"+"<size=72px><color=#b00b0b>RAT-LITE") print("<color=#e0d90b>"+" ' \\OOOOOOOOOOOOOOOO\// |") print("<color=#e0d90b>"+" \ _o\\OOOOOOOOOOOOOOOO//._____/") print("<color=#e0d90b>"+" _______OOOOOOOOOOOOOOOOOOOo._______") print("<color=#e0d90b>"+" ---OO'*'OOOOOOOOO'*'OOO---") print("<color=#e0d90b>"+" OO. @OOOOOOOOO'@ OOOo") print("<color=#e0d90b>"+" 'OOOOOOOOOOOOOOOOOOOO") print("<color=#e0d90b>"+" OOOOOOOOOOOOOOOOOO") print("<color=#e0d90b>"+" OOOOOOOOOOOOOOOO") print("<color=#e0d90b>"+" OOOOOOOOOOOOOO") print("<color=#e0d90b>"+" OOOOOOOOOOOO") print("<color=#e0d90b>"+"_____OOOOOOOO______") print("<color=#e0d90b>"+"______OOOOOOOO______") print("<color=#e0d90b>"+" / \'(____)'/ \") print("<color=#e0d90b>"+" | \VVVVVV/ |") print("<color=#e0d90b>"+" | /^^^^^^\ /") print("<color=#e0d90b>"+" \____________/" ) end function ascii_print()
nmapModule.SRC
//command: nmap
if not is_valid_ip(params[0]) then exit("nmap: invalid ip address")
if not get_shell.host_computer.is_network_active then exit("nmap: No internet access.")

ipAddress = params[0]
isLanIp = is_lan_ip( ipAddress )

if isLanIp then
router = get_router;
else
router = get_router( ipAddress )
end if

if router == null then exit("nmap: ip address not found")
ports = null

if not isLanIp then
ports = router.used_ports
else
ports = router.device_ports(ipAddress)
end if

if ports == null then exit("nmap: ip address not found")
if typeof(ports) == "string" then exit(ports)

info = "<color=#34c6eb>PORT STATE SERVICE VERSION LAN"
print("\n<color=#34c6eb>Starting <color=#b00b0b>RAT</color><color=#34c6eb> nmap v1.0 at " + current_date)
print("<color=#e0d90b>Interesting ports on " + params[0] + "\n")
if(ports.len == 0) then exit("Scan finished. No open ports.")

for port in ports
service_info = router.port_info(port)
lan_ips = port.get_lan_ip
port_status = "open"

if(port.is_closed and not isLanIp) then
port_status = "closed"
end if
info = info + "\n<color=#0be00f>" + port.port_number + " " + port_status + " " + service_info + " " + lan_ips
end for
print(format_columns(info) + "\n")
bankerModule.SRC
address = params[0]
port = params[1].to_int

while true
print("<color=#34c6ab>BANKER MODULE LOADED")
print("<color=#34c6ab>Choose OPTION '4' to launch Banker\n<color=#34c6ab>enter any other value to exit module")
print("<color=#34c6eb><b><:3~~Bank-ratter C|<:3~~</u>")
print("<color=#b00b0b><U><B>My public Ip:" + get_router.public_ip)
opt = user_input("Banker Menu: ")
if opt == "" then break
if opt != "4" then break
if opt == "4" then
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")


net_session = metaxploit.net_use( address, port )
libKernel = net_session.dump_lib
libName = "kernel_router.so"
print("Searching " + libName +" ...")
if not libKernel then exit("Error: " + libName + " not found.")
lanIp = user_input("Enter a LAN address: ")
newMem = user_input("Enter memory address: ")
meMx =user_input("Enter unsafe check: ")
result = libKernel.overflow(newMem, meMx, lanIp)
cryptools = include_lib("/lib/crypto.so")
if not cryptools then
cryptools = include_lib(current_path + "/crypto.so")
end if
if not cryptools then exit("Error: Can't find crypto.so library in the /lib path or the current folder")
GetPassword = function(userPass)
if userPass.len != 2 then exit("decipher: " + file.path + " targets exausted")
password = cryptools.decipher(userPass[1])
return password
end function
typeObject = typeof(result)
if(typeObject != "computer") then continue //("Error: expected computer, obtained " + typeObject)
homeFolder = result.File("/home")
if not homeFolder then exit("Error: /home folder not found")
userFolders = homeFolder.get_folders
found = false
for userFolder in userFolders
bankFile = result.File("/home/" + userFolder.name + "/Config/Bank.txt")
if not bankFile then continue
if not bankFile.has_permission("r") then exit("Error: can't read file contents. Permission deniend")
userPass = bankFile.get_content.split(":")
print("<color=#34c6ab>Found Bank info for user: " + userFolder.name)
password = GetPassword(userPass)
if not password then
print("Nothing found...")
else
print("<color=#34c6eb>Bank account: " + userPass[0] +"\n<color=#34c6eb>Bank Password: " + password)
found = true
end if
end for

end if
end while
XSCAN.SRC
//if params.len != 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [port]<U> using 0 as port scans routers</u></b> \n<color=#34c6eb>")
while true
print("<color=#b00b0b><U><B>My public Ip:" + get_router.public_ip)

metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
address = params[0]
port = params[1].to_int
print("<color=#34c6ab>xscan loaded")
print("<color=#34c6eb>XSCAN MAIN MENU")
print("<color=#34c6eb>.....................<:3~~..")
print("<color=#34c6eb>Option 1:XSCAN unsafe checks")
print("<color=#34c6eb>Option 2:Exit program")
opt = user_input("XSCAN MENU: ")
if opt == "2" then break
if opt=="1" then
net_session = metaxploit.net_use( address, port )
if not net_session then exit("Error: can't connect to net session")
metaLib = net_session.dump_lib
libKernel = net_session.dump_lib
libName = "kernel_router.so"
exploits = metaxploit.scan(metaLib)
for exploit in exploits
result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]
for result_list in result_lists
target_str = result_list.split("\.")[0]
//target_key = target_str.split(" ")[-1]
target_key = result_list[result_list.indexOf("<b>")+3:result_list.indexOf("</b>")]
arg = user_input("Enter LAN ADDRESS: ")
result = libKernel.overflow(exploit,target_key,arg)
if typeof(result) == "shell" then
if port == "0" then
if not libKernel then exit("Error: " + libName + " not found.")
end if
result = metaLib.overflow(exploit,target_key)
result.start_terminal
else
end if
print("<color=#34c6eb>"+exploit+" "+target_key)
end for
end for

end if

end while