############################################################################### ## ## ## HackIt v.2.0.0 by: I)ruid [CAU] ## ## ## ############################################################################### # # Configuration File: # # Obviously, all blank lines and lines starting with '#' are ignored... # ############################################################################### # Most First Level Modules are designed for scanning of the network and # the individual machines found on that network, as well as identifying # various services provided by the individual machines, and figuring out # what services exist on non-standard ports. # # First Level Modules to Run: ./Level1/scanit # Most Second Level Modules are designed for network vulnerability from # outside the network, based on the services available on each # host, as identified in the files left by First Level Modules, basically # looking for ways to grab the password # file on a unix box, map a drive # on a windows box, etc... # # Second Level Modules to Run: # PhfIt! attempts a phf http query to grab the system's /etc/passwd file, # and if it is successful, writes it out to the tempfile # ./.tmp/phfit-.passwd so CrackIt! can take care of it. # PhfIt! runs off of the www.lst file generated by ScanIt! ./Level2/phfit # PhpIt! attempts a phf http query to grab the system's /etc/passwd file, # and if it is successful, writes it out to the tempfile # ./.tmp/phpit-.passwd so CrackIt! can take care of it. # PhpIt! runs off of the www.lst file generated by ScanIt! ./Level2/phpit # NfsIt! attempts various NFS mounts to try and grab the system's # /etc/passwd file, and if it is successful, writes it out to the tempfile # ./.tmp/nfsit-.passwd so CrackIt! can take care of it. # NfsIt! runs off of the nfs.lst file generated by ScanIt! ./Level2/nfsit # HsIt! attempts a htmlscript http query to grab the system's /etc/passwd # file, and if it is successful, writes it out to the tempfile # ./.tmp/hsit-.passwd so CrackIt! can take care of it. # PhpIt! runs off of the www.lst file generated by ScanIt! ./Level2/hsit # Most Third Level Modules are designed to run based on the temp files # generated by the Second Level Modules. These Modules attempt to mainly # gain logins and passwords by cracking password files from the Second # level modules, mapping a drive found by the Second Level Modules, etc. # # Third Level Modules to Run: # CrackIt! looks in ./.tmp/ and runs the first rules of standard UNIX # Crack on all .passwd files it finds (*.passwd), and writes all cracked # logins and passwords to the tempfile ./.tmp/.cracked # where passwdfile is the filename of the original passwd file # chopped at the ".passwd" #./Level3/crackit # Most Fourth Level Modules are designed to run based on the temp files # generated by the Third Level Modules. Fourth Level Modules are the # ones that attempt to find weaknesses from the inside, using the logins # and passwords obtained by the Third Level Modules. # # Fourth Level Modules # RootIt! looks at all .cracked (*.cracked) files found in ./.tmp/ and # attempts to log in, determine what type of system it is, and obtain, # compile, and run exploits relating to that type of system. # # RootIt! is not yet implemented. #./Level4/rootit # That is the end of the module list. I suggest that you include ALL # modules in this file in order, and simply comment out the ones you do # not wish to use, simply to keep them in the correct order for if you do # choose to use them all. ############################################################################### # Basically, any type of modules can be written to run under HackIt, as # long as your First Level Modules know what to leave in certain # directories for your Second Level Modules to find, etc... the # official directory for all tempfiles is ./.tmp/ and ./.tmp/ is cleaned # of all temp files upon startup of HackIt! All First Level Modules need # to have certain command-line switches and parameters, as follows: # # module -l # Where is a text file of IP's or domain names, # one entry per line, of systems to test. # # module -s # Where is a single system to test. # # Other than that, we encourage you to write your own modules to use with # HackIt!, and if you would like for your modules to be included in the # HackIt! Suite, please send them my way, with brief documentation and # source code, and I will add it to the next release of HackIt! (after a # bit of testing, of course...) # # End of hackit.cf I)ruid ###############################################################################