2 KiB
2 KiB
Code Design
- seperate into files
- e.g. planning/exploitation/privesc
- db abstraction in shared lib
CLI Design
- offer wizards
- also offer shell with single steps
Basic AutoHacker MVP
- scan ports
- search exploits
- select remote root ones
- try them all
- root shell
- corrupt logs for safety
- add "rootkit" functionality like 5hell
Worming the LAN
- Planning & Target Selection
- track LAN & WAN ips
- exploit to LAN ips after searching in WAN
- build tree-database of pcs
- simple greedy search
Worming them all
- Add PrivEsc from non-root access kinds
- scan local libraries
- plan based on results with hardcode step rules
- e.g. root file + guest shell = steps abc
- user shell = steps def
- guest shell + user file ?
- e.g. root file + guest shell = steps abc
- save exploit chain to db
- exploits to reach root
- how to derive uniq id ?
- most npc machines should never reconnect ?
- hash usernames / lib versions / sth ?
- lib versions could help invalidations of chain after update
- how to derive uniq id ?
- tackle later
- pathfinding for shortest path to a machine when reconnecting
- single tree for all machines ? (could have 2-per machine or 1 global + 1per machine)
- exploit chains for library sets instead of just machines
- handle multiple paths
Advanced Feats
- convinience/configurability
- search for specific ip
- stop after x machines
- fancy progress dashboard
- security
- special router behaviour to ensure proper cleanup
- manual proxying ? also via non root ?
- machine id
- admin detection
- online user detection
- player detection
- also persist non root access level on machines
- subnet aware crawling
- moar/better hacking techniques
- whatever bouncing is
- more privesc paths
- bruteforce pws
- router exploits
- intentional library downgrades
- install known secure versions from somewhere
- scp or apt ?
- incorporate rshells
- with seperate rshell
- with auto launch somewhere
- sniffing
- unecrypted ssh
- crack ftp/other protos
- crack encryption