module HackEx module Network require 'net/http' require 'openssl' private def Get urip, params = {} auth_token = params.delete(:auth_token) Signature(params) uri = URI.join(HackEx::Request::URI_BASE, urip) uri.query = URI.encode_www_form(params) request = Net::HTTP::Get.new uri.request_uri request['Content-Type'] = 'application/x-www-form-urlencoded; charset=UTF-8' request['User-Agent'] = HackEx::Request::USER_AGENT request['X-API-KEY'] = auth_token unless auth_token.nil? request end def Post urip, params = {} auth_token = params.delete(:auth_token) Signature(params) uri = URI.join(HackEx::Request::URI_BASE, urip) request = Net::HTTP::Post.new uri.path request['Content-Type'] = 'application/x-www-form-urlencoded; charset=UTF-8' request['User-Agent'] = HackEx::Request::USER_AGENT request['X-API-KEY'] = auth_token unless auth_token.nil? request.body = URI.encode_www_form(params) request end public def Do http, request response = http.request request if response.is_a? Net::HTTPOK json = JSON.parse(response.body) raise HackExError, "Not success: #{json}" unless json['success'] json else raise HackExError, "Not OK: #{response.inspect}, #{response.body}" end end def NetworkDo &proc uri_base = URI(HackEx::Request::URI_BASE) Net::HTTP.start(uri_base.host, uri_base.port, :use_ssl => true, :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http| proc.call(http) end end end end module HackEx class HackExError < StandardError end end module HackEx class Helper class << self SOFTWARE_ID_TO_NAME = { 1 => 'Firewall', 2 => 'Bypasser', 3 => 'Password Cracker', 4 => 'Password Encryptor', 5 => 'Antivirus', 6 => 'Spam', 7 => 'Spyware', 8 => 'Notepad' } SOFTWARE_NAME_TO_ID = SOFTWARE_ID_TO_NAME.invert def SoftwareIdToName id raise HackExError, "SoftwareIdToName - incorrect id #{id}" unless SOFTWARE_ID_TO_NAME.has_key?(id.to_i) SOFTWARE_ID_TO_NAME[id.to_i] end def SoftwareNameToId name raise HackExError, "SoftwareNameToId - incorrect name #{name}" unless SOFTWARE_NAME_TO_ID.has_key?(name) SOFTWARE_NAME_TO_ID[name] end def SoftwareId param return SOFTWARE_NAME_TO_ID[param] if SOFTWARE_NAME_TO_ID.has_key?(param) return param.to_i end PROCESS_TYPE_ID_TO_NAME = { 1 => 'bypass', 2 => 'crack', 3 => 'download', 4 => 'upload' } PROCESS_TYPE_NAME_TO_ID = PROCESS_TYPE_ID_TO_NAME.invert def ProcessTypeIdToName id raise HackExError, "ProcessTypeIdToName - incorrect id #{id}" unless PROCESS_TYPE_ID_TO_NAME.has_key?(id.to_i) PROCESS_TYPE_ID_TO_NAME[id.to_i] end def ProcessTypeNameToId name raise HackExError, "ProcessTypeNameToId - incorrect name #{name}" unless PROCESS_TYPE_NAME_TO_ID.has_key?(name) PROCESS_TYPE_NAME_TO_ID[name] end def ProcessTypeId param return PROCESS_TYPE_NAME_TO_ID[param] if PROCESS_TYPE_NAME_TO_ID.has_key?(param) return param.to_i end PROCESS_STATUS_ID_TO_NAME = { 1 => 'progress', 2 => 'ready', 3 => 'failed' } PROCESS_STATUS_NAME_TO_ID = PROCESS_STATUS_ID_TO_NAME.invert def ProcessStatusId param return PROCESS_STATUS_NAME_TO_ID[param] if PROCESS_STATUS_NAME_TO_ID.has_key?(param) return param.to_i end def FilterHashArray array, filter = {}, include = true, &proc out = [] array.each do |item| #puts "item #{item.inspect}" ok = true filter.each_pair do |k, v| #puts "#{k} = #{v.inspect}" if !item.has_key?(k) || v.is_a?(Array) && !v.map(&:to_s).include?(item[k].to_s) || !v.is_a?(Array) && v.to_s != item[k].to_s ok = false #puts "False" break end end if ok && include || !ok && !include #puts "Ok" out << item proc.call(item) unless proc.nil? end end out end end end end module HackEx class << self public def NetworkDo &proc HackEx::Request::NetworkDo &proc end def LoginDo email, password, &proc NetworkDo do |http| user = HackEx::Action.Login http, email, password token = user['auth_token'] proc.call(http, token, user) end end def VictimProcesses user_processes, victim_user_id, process_type_id = 0 out = [] user_processes = [] if user_processes.nil? user_processes.each do |p| next if (process_type_id.to_i != 0 && process_type_id.to_i != p['process_type_id'].to_i) out << p if p['victim_user_id'].to_i == victim_user_id.to_i end out end def SpamUpload http, auth_token, user_id, level scan = Request.Do(http, HackEx::Request.UserAddProcess(auth_token, user_id, 'scan', '1264694', '100')) begin Request.Do(http, Request.UserAddProcess(auth_token, user_id, 'upload', '1264818', level.to_i.to_s)) rescue puts "Rescued: #{$!}" end Request.Do(http, HackEx::Request.ProcessDelete(auth_token, scan['user_processes'][0]['id'])) puts "Uploading spam #{level} to user #{user_id}"#, scan process #{scan['user_processes'][0]['id']}" end def VictimProcessClean http, auth_token, user_id HackEx::Request.Do(http, HackEx::Request.UserProcesses(auth_token))['user_processes'].each do |p| if p['victim_user_id'].to_i == user_id.to_i puts "Delete process #{p['id']}" HackEx::Request.Do(http, HackEx::Request.ProcessDelete(auth_token, p['id'])) end end end def VictimProcessWait http, auth_token, user_id, process_id = nil finish = false chars = 'abcdefghijklmnopqrstuvwxyz' total_msg = 0 while !finish do finish = true long_wait = false if process_id.nil? processes = HackEx::Request.Do(http, HackEx::Request.UserProcesses(auth_token))['user_processes'] else processes = [ HackEx::Request.Do(http, HackEx::Request.ProcessInfo(auth_token, process_id))['process'] ] end processes.each do |p| if p['victim_user_id'].to_i == user_id.to_i c = chars[total_msg % chars.length] if (p['process_type_id'].to_i == 3 || p['process_type_id'].to_i == 4) && p['status'].to_i == 2 puts "Delete ready process #{p['id']} #{c}" total_msg += 1 HackEx::Request.Do(http, HackEx::Request.ProcessDelete(auth_token, p['id'])) elsif p['status'].to_i == 3 puts "Retry process #{p['id']} #{c}" total_msg += 1 HackEx::Request.Do(http, HackEx::Request.ProcessRetry(auth_token, p['id'])) finish = false elsif p['status'].to_i == 1 puts "Waiting process #{p['id']}, overclocks #{p['overclocks_needed']} #{c}" long_wait = true if p['overclocks_needed'].to_i > 1 total_msg += 1 finish = false end end end sleep (long_wait ? 20 : 5) unless finish print '.' unless finish end end def ProcessClean email, password LoginDo(email, password) do |http, auth_token| json = Request.Do(http, Request.UserProcesses(auth_token)) json['user_processes'].each do |p| if p['status'].to_i == 2 && (p['process_type_id'].to_i == 4 || p['process_type_id'].to_i == 3) puts p.inspect Request.Do(http, Request.ProcessDelete(auth_token, p['id'])) end end end end def ParseSoftware software out = {} software = [] if software.nil? software.each do |s| #puts s out[s['name']] = s['software_level'] end out end def CleanUser user out = user.dup ['reputation', 'pts_to_next_level', 'pts_level_progress', 'overclocks', 'wallpaper', 'created_at'].each do |v| out.delete(v) end out end def CleanBank bank out = bank.dup ['id'].each do |v| out.delete(v) end out end end end module HackEx class Action class << self public def Login http, email, password json = HackEx::Request.Do(http, HackEx::Request.Login(email, password)) json['user'] end def AddContact http, user_id1, auth_token1, user_id2, auth_token2 # prevent failure json = HackEx::Request.Do(http, [HackEx::Request.AddContact(auth_token1, user_id2)]) json = HackEx::Request.Do(http, [HackEx::Request.AcceptContact(auth_token2, user_id1)]) end def UserBank http, auth_token json = HackEx::Request.Do(http, HackEx::Request.UserBank(auth_token)) json['user_bank'] || {} rescue # ok {} end def UserProcesses http, auth_token json = HackEx::Request.Do(http, HackEx::Request.UserProcesses(auth_token)) json['user_processes'] || [] rescue # ok [] end def UserSoftware http, auth_token json = HackEx::Request.Do(http, HackEx::Request.UserSoftware(auth_token)) json['user_software'] || [] rescue # ok [] end def UserSpam http, auth_token json = HackEx::Request.Do(http, HackEx::Request.UserSpam(auth_token)) json['spam'] || [] rescue # ok [] end def VictimSpam http, auth_token,id json = HackEx::Request.Do(http, HackEx::Request.VictimSpam(auth_token,id)) json['spam'] || [] rescue # ok [] end def ProcessClean http, auth_token, params = {} process_types = params.fetch(:process_types, [Helper.ProcessTypeId('download'), Helper.ProcessTypeId('upload')]) process_types = [process_types] unless process_types.is_a?(Array) process_statuses = params.fetch(:process_statuses, Helper.ProcessStatusId('ready')) process_statuses = [] unless process_statuses.is_a?(Array) user_processes = params.fetch(:user_processes, nil) user_processes ||= HackEx::Action.UserProcesses(http, auth_token) to_clean = [] ready_list = Helper.FilterHashArray user_processes, {'status' => process_statuses, 'process_type_id' => process_types} out_list = user_processes - ready_list ready_list.each do |p| to_clean << p['id'] end unless to_clean.empty? HackEx::Request.Do(http, HackEx::Request.ProcessesDelete(auth_token, to_clean)) end out_list end def PrepareToSpam http, auth_token, params = {} PurchaseMissingSoftware http, auth_token, 'Spam', params end def PrepareToCrack http, auth_token, params = {} PurchaseMissingSoftware http, auth_token, 'Password Cracker', params end def PrepareToCrackAndSpam http, auth_token, params = {} PurchaseMissingSoftware http, auth_token, ['Spam', 'Password Cracker'], params end def StartProcess http, auth_token, victim_user_id, mode, params = {} sw_victim = true case mode when 'bypass' action = 'bypass' sw_name = 'Firewall' add_param = params.fetch(:fw_add, 0) when 'crack' action = 'crack' sw_name = 'Password Encryptor' add_param = params.fetch(:enc_add, 0) when 'spam' action = 'upload' sw_name = 'Spam' add_param = 0 sw_victim = false when 'spyware' action = 'upload' sw_name = 'Spyware' add_param = 0 sw_victim = false else raise HackExError, "Incorrect mode #{mode}" end user_processes = params.fetch(:user_processes, nil) user_processes ||= HackEx::Action.UserProcesses(http, auth_token) software_id = params.fetch(:software_id, nil) software_level = params.fetch(:software_level, nil) if software_id.nil? || software_level.nil? if sw_victim victim_user = params.fetch(:victim_user, nil) victim_user ||= HackEx::Request.Do(http, HackEx::Request.VictimInfo(auth_token, victim_user_id)) victim_sws = victim_user['user_software'] else user_software = params.fetch(:user_software, nil) user_software ||= HackEx::Action.UserSoftware(http, auth_token) victim_sws = user_software #puts victim_sws.inspect end victim_sw = Helper.FilterHashArray victim_sws, {'software_type_id' => Helper.SoftwareId(sw_name)} #puts victim_sw.inspect if action == 'upload' unless victim_sw.empty? software_id = victim_sw.first['software_id'] software_level = victim_sw.first['software_level'] else puts "No #{sw_name} on #{sw_victim ? 'victim' : 'us'} is found" software_level = 1 end end # need levels software_need_level = software_level.to_i + add_param.to_i software_need_level = params[:level].to_i if params.has_key?(:level) software_need_level = 1 if software_need_level.to_i < 1 puts "Process #{mode} user #{victim_user_id}, sw level #{software_need_level} (current #{software_level.to_i})" scan_processes = Helper.FilterHashArray user_processes, {'process_type_id' => Helper.ProcessTypeId(action), 'victim_user_id' => victim_user_id} unless scan_processes.empty? # check is it ok or not if scan_processes.size > 1 # todo: handle better more than 1 process at the same time # now - as incorrect situation, just remove everything to_clean = [] scan_processes.each do |p| to_clean << p['id'] end puts "More than 1 existing #{mode} processes, delete everything" HackEx::Request.Do(http, HackEx::Request.ProcessesDelete(auth_token, to_clean)) scan_processes = [] else scan_process = scan_processes.first scan_process_sw_level = scan_process['software_level'] scan_process_sw_id = scan_process['software_id'] if scan_process_sw_level.to_i < software_need_level.to_i || scan_process_sw_id.to_s != software_id.to_s puts "Existing process sw level #{scan_process_sw_level.to_i} < #{software_need_level.to_i} or sw id #{scan_process_sw_id.to_s} != #{software_id.to_s}" HackEx::Request.Do(http, HackEx::Request.ProcessDelete(auth_token, scan_process['id'])) scan_processes = [] elsif scan_process['status'].to_s == Helper.ProcessStatusId('failed').to_s puts "Retry process #{scan_process['id']}" HackEx::Request.Do(http, HackEx::Request.ProcessRetry(auth_token, scan_process['id'])) elsif scan_process['status'].to_s == Helper.ProcessStatusId('ready').to_s puts "Ready process #{scan_process['id']} found" elsif scan_process['status'].to_s == Helper.ProcessStatusId('progress').to_s puts "In progress process #{scan_process['id']} found" end end end if scan_processes.empty? puts "Add #{mode} process user #{victim_user_id} sw id #{software_id} level #{software_need_level}" json = HackEx::Request.Do(http, HackEx::Request.UserAddProcess(auth_token, victim_user_id, action, software_id, software_need_level))['user_processes'][0] puts "Process #{json['id']} is added" json else scan_processes.first end end private :StartProcess def StartBypass http, auth_token, victim_user_id, params = {} StartProcess http, auth_token, victim_user_id, 'bypass', params end def StartCrack http, auth_token, victim_user_id, params = {} StartProcess http, auth_token, victim_user_id, 'crack', params end def StartSpam http, auth_token, victim_user_id, params = {} StartProcess http, auth_token, victim_user_id, 'spam', params end end end end module HackEx module Request URI_BASE = 'https://api.hackex.net/v5/' USER_AGENT = 'Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; Nexus 5) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1' class << self include Network private def Signature params out_params = {} ts = (Time.now.utc.to_f * 1000).to_i.to_s params['sig2'] = ts keys = params.keys.sort_by { |w| w#.downcase } keys.reverse! s = '1101101101' keys.each do |k| s += k.to_s + params[k].to_s out_params[k] = params[k] end keys.each do |k| params.delete(k) end keys.each do |k| params[k] = out_params[k] end sa = 'WqZnwjpaVZNvWDpJhqHCHhWtNfu86CkmtCAVErbQO' hash = Digest::SHA1.hexdigest(s + sa) params['sig'] = hash #puts "#{s + sa}: #{hash}" "#{hash}&sig2=#{ts}" end public def CreateUser username, email, password, facebook_id = nil params = { 'username' => username, 'email' => email, 'os_type_id' => '1' } params['password'] = password unless password.nil? params['facebook_id'] = facebook_id unless facebook_id.nil? Post 'user', params end def Login email, password Post 'auth', 'email' => email, 'password' => password end def RandomUsers auth_token, count = 5 Get 'users_random', 'count' => count, :auth_token => auth_token end def VictimInfo auth_token, user_id Get 'user_victim', 'victim_user_id' => user_id, :auth_token => auth_token end def getVictimContacts auth_token, user_id Get 'victim_contacts', 'victim_user_id' => user_id, :auth_token => auth_token end def VictimBank auth_token, user_id Get 'victim_user_bank', 'victim_user_id' => user_id, :auth_token => auth_token end def StoreInfo auth_token Get 'store', :auth_token => auth_token end def UpdateVictimLog auth_token, user_id, text Post 'victim_user_log', 'victim_user_id' => user_id, 'text' => text, :auth_token => auth_token end def UpdateUserLog auth_token, text Post 'user_log', 'text' => text, :auth_token => auth_token end def UpdateUserNotepad auth_token, text Post 'user_notepad', 'text' => text, :auth_token => auth_token end def TransferBankFundsToSavings auth_token, amount Post 'bank_transfer_savings', 'amount' => amount, :auth_token => auth_token end def TransferBankFundsFromVictim auth_token, user_id, amount Post 'bank_transfer_from_victim', 'victim_user_id' => user_id, 'amount' => amount, :auth_token => auth_token end def TransferBankFundsToContact auth_token, user_id, amount Post 'bank_transfer_to_contact', 'contact_user_id' => user_id, 'amount' => amount, :auth_token => auth_token end def AddContact auth_token, user_id Post 'contact_add', 'contact_user_id' => user_id, :auth_token => auth_token end def AcceptContact auth_token, user_id Post 'contact_accept', 'contact_user_id' => user_id, :auth_token => auth_token end def RemoveContact auth_token, user_id Post 'contact_remove', 'contact_user_id' => user_id, :auth_token => auth_token end def StorePurchase auth_token, type, type_id params = {} case type when 'software' params['software_type_id'] = type_id when 'device' params['device_type_id'] = type_id when 'network' params['network_type_id'] = type_id else raise "Unknown type #{type}" end params[:auth_token] = auth_token Post 'store_purchase', params end def UserByIp auth_token, ip Get 'user', 'user_ip' => ip, 'process_type_id' => 1, :auth_token => auth_token end def UserInfo auth_token Get 'user', 'extras' => 'true', :auth_token => auth_token end def UserBank auth_token Get 'user_bank', :auth_token => auth_token end def UserViruses auth_token Get 'user_viruses', :auth_token => auth_token end def UserSoftware auth_token Get 'user_software', :auth_token => auth_token end def UserProcesses auth_token Get 'user_processes', :auth_token => auth_token end def UserSpam auth_token Get 'user_spam', :auth_token => auth_token end def UserSpyware auth_token Get 'user_spyware', :auth_token => auth_token end def UserRemoveUploadedVirus auth_token, virus_id, software_type_id Post 'user_virus_uploaded_remove', 'virus_id' => virus_id, 'software_type_id' => software_type_id, :auth_token => auth_token end def UserAddProcess auth_token, user_id, process_type, software_id, software_level = nil params = { 'victim_user_id' => user_id, 'software_id' => software_id } case process_type when 'scan', 'bypass' params['process_type_id'] = '1' when 'crack' params['process_type_id'] = '2' when 'download' params['process_type_id'] = '3' when 'upload' params['process_type_id'] = '4' else raise "Unknown type: #{process_type}" end params['software_level'] = software_level unless software_level.nil? params[:auth_token] = auth_token Post 'process', params end def ProcessInfo auth_token, process_id Get 'process', 'process_id' => process_id, :auth_token => auth_token end def ProcessRetry auth_token, process_id Post 'process_retry', 'process_id' => process_id, :auth_token => auth_token end def ProcessOverclock auth_token, process_id Post 'process_overclock', 'process_id' => process_id, :auth_token => auth_token end def ProcessDelete auth_token, process_id Post 'process_delete', 'process_id' => process_id, :auth_token => auth_token end def ProcessesDelete auth_token, process_ids Post 'processes_delete', 'process_ids' => process_ids.join('|'), :auth_token => auth_token end def Leaderboard auth_token, offset = 0 Get 'leaderboards', 'offset' => offset, :auth_token => auth_token end end end end require 'digest/sha1' require 'json'