aboutsummaryrefslogtreecommitdiff
path: root/ShiftOS.WinForms/HackerCommands.cs
diff options
context:
space:
mode:
authorMichael <[email protected]>2017-03-07 14:56:48 -0500
committerMichael <[email protected]>2017-03-07 14:56:57 -0500
commit2a747334bd926d79537b9e8d4f38c79a815752e5 (patch)
tree0691439372e8584890a429c78591a0e8d7681573 /ShiftOS.WinForms/HackerCommands.cs
parentc64333d0f57c50a2519b5c631d44243ff41ca815 (diff)
downloadshiftos_thereturn-2a747334bd926d79537b9e8d4f38c79a815752e5.tar.gz
shiftos_thereturn-2a747334bd926d79537b9e8d4f38c79a815752e5.tar.bz2
shiftos_thereturn-2a747334bd926d79537b9e8d4f38c79a815752e5.zip
WHOA HACKING
Diffstat (limited to 'ShiftOS.WinForms/HackerCommands.cs')
-rw-r--r--ShiftOS.WinForms/HackerCommands.cs484
1 files changed, 476 insertions, 8 deletions
diff --git a/ShiftOS.WinForms/HackerCommands.cs b/ShiftOS.WinForms/HackerCommands.cs
index ebe25a2..7938fd0 100644
--- a/ShiftOS.WinForms/HackerCommands.cs
+++ b/ShiftOS.WinForms/HackerCommands.cs
@@ -1,27 +1,67 @@
using System;
using System.Collections.Generic;
+using System.Diagnostics;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
+using Newtonsoft.Json;
using ShiftOS.Engine;
+using ShiftOS.Objects;
using ShiftOS.WinForms.Applications;
+using static ShiftOS.Objects.ShiftFS.Utils;
namespace ShiftOS.WinForms
{
- [Namespace("l337")]
+ [Namespace("puppy")]
+ [RequiresUpgrade("hacker101_deadaccts")]
+ [KernelMode]
+ public static class KernelPuppyCommands
+ {
+ [Command("clear", true)]
+ public static bool ClearLogs()
+ {
+ WriteAllText("0:/system/data/kernel.log", "");
+ Console.WriteLine("<watchdog> logs cleared successfully.");
+ return true;
+ }
+ }
+
+ [Namespace("krnl")]
+ public static class KernelCommands
+ {
+ [Command("control", true)]
+ [RequiresArgument("pass")]
+ public static bool Control(Dictionary<string, object> args)
+ {
+ if(args["pass"].ToString() == ServerManager.thisGuid.ToString())
+ {
+ KernelWatchdog.Log("warn", "User has breached the kernel.");
+ KernelWatchdog.EnterKernelMode();
+ }
+ return true;
+ }
+
+ [Command("lock_session")]
+ [KernelMode]
+ public static bool LeaveControl()
+ {
+ KernelWatchdog.Log("inf", "User has left the kernel-mode session.");
+ KernelWatchdog.LeaveKernelMode();
+ KernelWatchdog.MudConnected = true;
+ return true;
+ }
+ }
+
+ [Namespace("hacker101")]
[RequiresUpgrade("hacker101_deadaccts")]
public static class HackerCommands
{
private static void writeSlow(string text)
{
Console.Write("[hacker101@undisclosed]: ");
- foreach(var c in text.ToCharArray())
- {
- Console.Write(c);
- Thread.Sleep(125);
- }
- Console.WriteLine();
+ Thread.Sleep(200);
+ Console.WriteLine(text);
Thread.Sleep(1000);
}
@@ -88,9 +128,217 @@ namespace ShiftOS.WinForms
internal static void StartHackerTutorial()
{
- //nyi
+ Desktop.InvokeOnWorkerThread(() =>
+ {
+ var tut = new TutorialBox();
+ AppearanceManager.SetupWindow(tut);
+
+ new Thread(() =>
+ {
+
+
+ int tutPos = 0;
+ Action ondec = () =>
+ {
+ if (tutPos == 2)
+ tutPos++;
+ };
+ TerminalBackend.CommandProcessed += (o, a) =>
+ {
+ switch (tutPos)
+ {
+
+ case 0:
+ case 10:
+ if (o.ToLower().StartsWith("mud.disconnect"))
+ {
+ tutPos++;
+ }
+ break;
+ case 11:
+ if (o.ToLower().StartsWith("krnl.lock_session"))
+ tutPos++;
+ break;
+ case 1:
+ if (o.ToLower().StartsWith("hacker101.brute_decrypt"))
+ {
+ if (a.Contains("0:/system/data/kernel.log"))
+ {
+ tutPos++;
+ }
+ }
+ break;
+ case 3:
+ if (o.ToLower().StartsWith("krnl.control"))
+ {
+ tutPos++;
+ }
+ break;
+ case 4:
+ if (o.ToLower().StartsWith("puppy.clear"))
+ tutPos++;
+ break;
+ case 5:
+ if (o.ToLower().StartsWith("mud.reconnect"))
+ tutPos++;
+ break;
+ case 6:
+ if (o.ToLower().StartsWith("mud.sendmsg"))
+ {
+ var msg = JsonConvert.DeserializeObject<dynamic>(a);
+ try
+ {
+ if (msg.header == "getusers" && msg.body == "dead")
+ tutPos++;
+ }
+ catch
+ {
+
+ }
+ }
+ break;
+ case 7:
+ if (o.ToLower().StartsWith("hacker101.breach_user_password"))
+ tutPos++;
+ break;
+ case 8:
+ if (o.ToLower().StartsWith("hacker101.print_user_info"))
+ tutPos++;
+ break;
+ case 9:
+ if (o.ToLower().StartsWith("hacker101.steal_codepoints"))
+ tutPos++;
+ break;
+ }
+ };
+ tut.SetObjective("Welcome to the dead account exploitation tutorial. In this tutorial you will learn the basics of hacking within the multi-user domain.");
+ Thread.Sleep(1000);
+ tut.SetObjective("We will start with a simple system exploit - gaining kernel-level access to ShiftOS. This can help you perform actions not ever possible in the user level.");
+ Thread.Sleep(1000);
+ tut.SetObjective("To gain root access, you will first need to breach the system watchdog to keep it from dialing home to DevX.");
+ Thread.Sleep(1000);
+ tut.SetObjective("The watchdog can only function when it has a successful connection to the multi-user domain. You will need to use the MUD Control Centre to disconnect yourself from the MUD. This will lock you out of most features. To disconnect from the multi-user domain, simply run the 'mud.disconnect' command.");
+ while(tutPos == 0)
+ {
+
+ }
+ tut.SetObjective("As you can see, the kernel watchdog has shut down temporarily, however before the disconnect it was able to tell DevX that it has gone offline.");
+ Thread.Sleep(1000);
+ tut.SetObjective("You'll also notice that commands like the shiftorium, MUD control centre and various applications that utilize these system components no longer function.");
+ Thread.Sleep(1000);
+ tut.SetObjective("The watchdog, however, is still watching. DevX was smart and programmed the kernel to log all events to a local file in 0:/system/data/kernel.log.");
+ Thread.Sleep(1000);
+ tut.SetObjective("You will need to empty out this file before you can connect to the multi-user domain, as the watchdog will send the contents of this file straight to DevX.");
+ Thread.Sleep(1000);
+ tut.SetObjective("Or, you can do what we're about to do and attempt to decrypt the log and sniff out the kernel-mode access password.");
+ Thread.Sleep(1000);
+ tut.SetObjective("This will allow us to gain kernel-level access to our system using the krnl.control{pass:} command.");
+ Thread.Sleep(1000);
+ tut.SetObjective("Let's start decrypting the log file using the hacker101.brute_decrypt{file:} script. The file: argument is a string and should point to a .log file. When the script succeeds, you will see a TextPad open with the decrypted contents.");
+ while(tutPos == 1)
+ {
+
+ }
+ onCompleteDecrypt += ondec;
+ tut.SetObjective("This script isn't the most agile script ever, but it'll get the job done.");
+ while(tutPos == 2)
+ {
+
+ }
+ onCompleteDecrypt -= ondec;
+ tut.SetObjective("Alright - it's done. Here's how it's laid out. In each log entry, you have the timestamp, then the event name, then the event description.");
+ Thread.Sleep(1000);
+ tut.SetObjective("Look for the most recent 'mudhandshake' event. This contains the kernel access code.");
+ Thread.Sleep(1000);
+ tut.SetObjective("Once you have it, run 'krnl.control{pass:\"the-kernel-code-here\"}. This will allow you to gain access to the kernel.");
+ while(tutPos == 3)
+ {
+
+ }
+ tut.SetObjective("You are now in kernel mode. Every command you enter will run on the kernel. Now, let's clear the watchdog's logfile and reconnect to the multi-user domain.");
+ Thread.Sleep(1000);
+ tut.SetObjective("To clear the log, simply run 'puppy.clear'.");
+ while(tutPos == 4)
+ {
+
+ }
+ tut.SetObjective("Who's a good dog... You are, ShiftOS. Now, we can connect back to the MUD using 'mud.reconnect'.");
+ Thread.Sleep(1000);
+ while(tutPos == 5)
+ {
+
+ }
+ tut.SetObjective("We have now snuck by the watchdog and DevX has no idea. With kernel-level access, everything you do is not logged, however if you perform too much in one shot, you'll get kicked off and locked out of the multi-user domain temporarily.");
+ Thread.Sleep(1000);
+ tut.SetObjective("So, let's focus on the job. You want to get into one of those fancy dead accounts, don't ya? Well, first, we need to talk with the MUD to get a list of these accounts.");
+ Thread.Sleep(1000);
+ tut.SetObjective("Simply run the `mud.sendmsg` command, specifying a 'header' of \"getusers\", and a body of \"dead\".");
+ while(tutPos == 6)
+ {
+
+ }
+ tut.SetObjective("Great. We now have the usernames and sysnames of all dead accounts on the MUD. Now let's use the hacker101.breach_user_password{user:,sys:} command to breach one of these accounts' passwords.");
+ while(tutPos == 7)
+ {
+
+ }
+ tut.SetObjective("There - you now have access to that account. Use its password, username and sysname and run the hacker101.print_user_info{user:,pass:,sys:} command to print the entirety of this user's information.");
+ while(tutPos == 8)
+ {
+
+ }
+ tut.SetObjective("Now you can see a list of the user's Codepoints among other things. Now you can steal their codepoints by using the hacker101.steal_codepoints{user:,pass:,sys;,amount:} command. Be careful. This may alert DevX.");
+ while(tutPos == 9)
+ {
+
+ }
+ if(devx_alerted == true)
+ {
+ tut.SetObjective("Alright... enough fun and games. DevX just found out we were doing this.");
+ Thread.Sleep(500);
+ tut.SetObjective("Quick! Disconnect from the MUD!!");
+ while(tutPos == 10)
+ {
+
+ }
+ tut.SetObjective("Now, get out of kernel mode! To do that, run krnl.lock_session.");
+ while(tutPos == 11)
+ {
+
+ }
+
+ }
+ else
+ {
+ tut.SetObjective("OK, that was risky, but we pulled it off. Treat yourself! But first, let's get you out of kernel mode.");
+ Thread.Sleep(500);
+ tut.SetObjective("First we need to get you off the MUD. Simply run mud.disconnect again.");
+ while (tutPos == 10)
+ {
+
+ }
+ tut.SetObjective("Now, let's run krnl.lock_session. This will lock you back into the user mode, and reconnect you to the MUD.");
+ while (tutPos == 11)
+ {
+
+ }
+ tut.SetObjective("If, for some reason, DevX DOES find out, you have to be QUICK to get off of kernel mode. You don't want to make him mad.");
+ }
+
+ Thread.Sleep(1000);
+ tut.SetObjective("So that's all for now. Whenever you're in kernel mode again, and you have access to a user account, try breaching their filesystem next time. You can use sos.help{ns:} to show commands from a specific namespace to help you find more commands easily.");
+ Thread.Sleep(1000);
+ tut.SetObjective("You can now close this window.");
+ tut.IsComplete = true;
+
+ }).Start();
+ });
}
+ private static bool devx_alerted = false;
+
+ private static event Action onCompleteDecrypt;
+
private static bool terminalIsOpen()
{
foreach(var win in AppearanceManager.OpenForms)
@@ -100,6 +348,226 @@ namespace ShiftOS.WinForms
}
return false;
}
+
+ const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-_";
+
+ [Command("breach_user_password")]
+ [KernelMode]
+ [RequiresArgument("user")]
+ [RequiresArgument("sys")]
+ [RequiresUpgrade("hacker101_deadaccts")]
+ public static bool BreachUserPassword(Dictionary<string, object> args)
+ {
+ string usr = args["user"].ToString();
+ string sys = args["sys"].ToString();
+
+ ServerMessageReceived msgReceived = null;
+
+ Console.WriteLine("--hooking system thread...");
+
+ msgReceived = (msg) =>
+ {
+ if(msg.Name == "user_data")
+ {
+ var sve = JsonConvert.DeserializeObject<Save>(msg.Contents);
+ var rnd = new Random();
+ var sw = new Stopwatch();
+ sw.Start();
+ string pass = "";
+ for(int i = 0; i < sve.Password.Length; i++)
+ {
+ char c = '\0';
+ while (c != sve.Password[i])
+ c = chars[rnd.Next(0, chars.Length)];
+ pass += c;
+ Thread.Sleep(rnd.Next(25,75));
+ }
+ sw.Stop();
+ Console.WriteLine(pass);
+ Console.WriteLine();
+ Console.WriteLine("--password breached. Operation took " + sw.ElapsedMilliseconds + " milliseconds.");
+ }
+ else if(msg.Name == "user_data_not_found")
+ {
+ Console.WriteLine("--access denied.");
+ }
+ ServerManager.MessageReceived -= msgReceived;
+ };
+
+ Console.WriteLine("--beginning brute-force attack on " + usr + "@" + sys + "...");
+ Thread.Sleep(500);
+ ServerManager.MessageReceived += msgReceived;
+
+ ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new
+ {
+ user = usr,
+ sysname = sys
+ }));
+ return true;
+ }
+
+ [Command("print_user_info")]
+ [KernelMode]
+ [RequiresArgument("pass")]
+ [RequiresArgument("user")]
+ [RequiresArgument("sys")]
+ [RequiresUpgrade("hacker101_deadaccts")]
+ public static bool PrintUserInfo(Dictionary<string, object> args)
+ {
+ string usr = args["user"].ToString();
+ string sys = args["sys"].ToString();
+ string pass = args["pass"].ToString();
+
+ ServerMessageReceived msgReceived = null;
+
+ Console.WriteLine("--hooking multi-user domain response call...");
+
+ msgReceived = (msg) =>
+ {
+ if (msg.Name == "user_data")
+ {
+ var sve = JsonConvert.DeserializeObject<Save>(msg.Contents);
+ if(sve.Password == pass)
+ {
+ Console.WriteLine("Username: " + sve.Username);
+ Console.WriteLine("Password: " + sve.Password);
+ Console.WriteLine("System name: " + sve.SystemName);
+ Console.WriteLine();
+ Console.WriteLine("Codepoints: " + sve.Codepoints.ToString());
+
+ }
+ else
+ {
+ Console.WriteLine("--access denied.");
+ }
+
+ }
+ else if (msg.Name == "user_data_not_found")
+ {
+ Console.WriteLine("--access denied.");
+ }
+ ServerManager.MessageReceived -= msgReceived;
+ };
+
+ Console.WriteLine("--contacting multi-user domain...");
+ Thread.Sleep(500);
+ ServerManager.MessageReceived += msgReceived;
+
+ ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new
+ {
+ user = usr,
+ sysname = sys
+ }));
+ return true;
+ }
+
+ [Command("steal_codepoints")]
+ [KernelMode]
+ [RequiresArgument("amount")]
+ [RequiresArgument("pass")]
+ [RequiresArgument("user")]
+ [RequiresArgument("sys")]
+ [RequiresUpgrade("hacker101_deadaccts")]
+ public static bool StealCodepoints(Dictionary<string, object> args)
+ {
+ string usr = args["user"].ToString();
+ string sys = args["sys"].ToString();
+ string pass = args["pass"].ToString();
+ long amount = (long)args["amount"];
+
+ if(amount < 0)
+ {
+ Console.WriteLine("--invalid codepoint amount - halting...");
+ return true;
+ }
+
+ ServerMessageReceived msgReceived = null;
+
+ Console.WriteLine("--hooking multi-user domain response call...");
+
+ msgReceived = (msg) =>
+ {
+ if (msg.Name == "user_data")
+ {
+ var sve = JsonConvert.DeserializeObject<Save>(msg.Contents);
+ if (sve.Password == pass)
+ {
+ if(amount > sve.Codepoints)
+ {
+ Console.WriteLine("--can't steal this many codepoints from user.");
+ return;
+ }
+
+ sve.Codepoints -= amount;
+ SaveSystem.TransferCodepointsFrom(sve.Username, amount);
+ ServerManager.SendMessage("mud_save_allow_dead", JsonConvert.SerializeObject(sve));
+ SaveSystem.SaveGame();
+ }
+ else
+ {
+ Console.WriteLine("--access denied.");
+ }
+
+ }
+ else if (msg.Name == "user_data_not_found")
+ {
+ Console.WriteLine("--access denied.");
+ }
+ ServerManager.MessageReceived -= msgReceived;
+ };
+
+ Console.WriteLine("--contacting multi-user domain...");
+ Thread.Sleep(500);
+ ServerManager.MessageReceived += msgReceived;
+
+ ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new
+ {
+ user = usr,
+ sysname = sys
+ }));
+ return true;
+ }
+
+
+
+ [Command("brute_decrypt", true)]
+ [RequiresArgument("file")]
+ public static bool BruteDecrypt(Dictionary<string, object> args)
+ {
+ if (FileExists(args["file"].ToString()))
+ {
+ string pass = new Random().Next(1000, 10000).ToString();
+ string fake = "";
+ Console.WriteLine("Beginning brute-force attack on password.");
+ var s = new Stopwatch();
+ s.Start();
+ for(int i = 0; i < pass.Length; i++)
+ {
+ for(int num = 0; num < 10; num++)
+ {
+ if(pass[i].ToString() == num.ToString())
+ {
+ fake += num.ToString();
+ Console.Write(num);
+ }
+ }
+ }
+ s.Stop();
+
+ Console.WriteLine("...password cracked - operation took " + s.ElapsedMilliseconds + " milliseconds.");
+ var tp = new TextPad();
+ AppearanceManager.SetupWindow(tp);
+ WriteAllText("0:/temp.txt", ReadAllText(args["file"].ToString()));
+ tp.LoadFile("0:/temp.txt");
+ Delete("0:/temp.txt");
+ onCompleteDecrypt?.Invoke();
+ }
+ else
+ {
+ Console.WriteLine("brute_decrypt: file not found");
+ }
+ return true;
+ }
}
[Namespace("storydev")]
generated by cgit v1.2.3 (git 2.46.0) at 2026-06-04 13:35:39 +0000