# Code Design - seperate into files - e.g. planning/exploitation/privesc - db abstraction in shared lib # CLI Design - offer wizards - also offer shell with single steps # Basic AutoHacker MVP - scan ports - search exploits - select remote root ones - try them all - root shell - corrupt logs for safety - add "rootkit" functionality like 5hell # Worming the LAN - Planning & Target Selection - track LAN & WAN ips - exploit to LAN ips after searching in WAN - build tree-database of pcs - simple greedy search # Worming them all - Add PrivEsc from non-root access kinds - scan local libraries - plan based on results with hardcode step rules - e.g. root file + guest shell = steps abc - user shell = steps def - guest shell + user file ? - save exploit chain to db - exploits to reach root - how to derive uniq id ? - most npc machines should never reconnect ? - hash usernames / lib versions / sth ? - lib versions could help invalidations of chain after update - tackle later - pathfinding for shortest path to a machine when reconnecting - single tree for all machines ? (could have 2-per machine or 1 global + 1per machine) - exploit chains for library sets instead of just machines - handle multiple paths # Advanced Feats - convinience/configurability - search for specific ip - stop after x machines - fancy progress dashboard - security - special router behaviour to ensure proper cleanup - manual proxying ? also via non root ? - machine id - admin detection - online user detection - player detection - also persist non root access level on machines - subnet aware crawling - moar/better hacking techniques - whatever bouncing is - more privesc paths - bruteforce pws - router exploits - intentional library downgrades - install known secure versions from somewhere - scp or apt ? - incorporate rshells - with seperate rshell - with auto launch somewhere - sniffing - unecrypted ssh - crack ftp/other protos - crack encryption