ngalongc / autolocalprivilegeescalation Goto Github PK
View Code? Open in Web Editor NEWAn automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
Hi Chan,
I tried to use your script on my centos 7 (or Debian 8) and it´s doesn't work. The error is this:
[*] The base directory is /usr/share/exploitdb/platforms [*] Copying /usr/share/exploitdb/platforms/linux/local/31347.c to /root/AutoLocalPrivilegeEscalation-master/linux_3.10//linux/local/31347.c cp: cannot stat ‘/usr/share/exploit [auto_priv_exploit.zip](https://github.com/ngalongc/AutoLocalPrivilegeEscalation/files/730922/auto_priv_exploit.zip) db/platforms/\033[01;31m\033[Klinux\033[m\033[K/local/31347.c’: No such file or directory [*] Do you wish to compile all the exploit script written in C?
So when I tried to fix it I changed more than a few lines. The attached file is my
new auto_priv_exploit.sh.
Now this script take the kernel version and the os type from the system or you can put the kernel version you will check.
If you need some information of this change please tell me.
#/bin/bash
usage(){
echo "-/ Auto Local Root Exploit -/";
echo "";
echo "[*] Usage: $0 VERSION_OF_KERNEL";
echo "[*] Example: root#~$ $0 2.6";
exit 1;
}
download(){
base="/usr/share/exploitdb/platforms"
echo "[*] The base directory is $base"
[ -d "linux_$version" ] || mkdir linux_$version # make directory if not exist
for file in $file_list; do
# TODO get rid of the first . if exist in file path
# TODO if not exist then do the way it did
echo "[*] Copying $base$file to $PWD/linux_$version$file"
cp "$base$file" "$PWD/linux_$version" # copy the file from exploitdb to the current directory with linux_$version
file_extension=$(echo $file | cut -d '.' -f 2) # extract the file extension
# Count the file for summary
case $file_extension in
"c" ) c_file_count=$((c_file_count+1));;
"rb" ) rb_file_count=$((rb_file_count+1));;
"txt" ) txt_file_count=$((txt_file_count+1));;
"py" ) py_file_count=$((py_file_count+1));;
"pl" ) pl_file_count=$((pl_file_count+1));;
"sh" ) sh_file_count=$((sh_file_count+1));;
esac
done
}
compile(){
for file in $file_list; do
file_extension=$(echo $file | cut -d '.' -f 2) # extract the file extension
file_name=$(echo $file | cut -d '/' -f 4) #extrac the file name
if [ "$file_extension" == "c" ]; then
gcc linux_$version/$file_name -o linux_$version/"$file_name.exe" 2>/dev/null
fi
done
}
version=$1
file_list=$(searchsploit $version linux| grep local | grep -i privilege | cut -d '|' -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
py_file_count=0
txt_file_count=0
rb_file_count=0
c_file_count=0
pl_file_count=0
sh_file_count=0
main(){
echo -e "[*] Possible Exploit\n"
searchsploit $version linux | grep local | grep -i privilege
if [ -z $file_list ]; then
echo "No possible exploit :("
exit 1
fi
echo "[!] Do you wish to download all the exploit script to current directory and compile if possible?"
read -p "[Y/N]~$ " yn
case $yn in
y|Y ) download;;
n|N ) ;;
* ) echo "Invalid Argument :(";;
esac
echo "[!] Do you wish to compile all the exploit script written in C?"
read -p "[Y/N]~$ " yn
case $yn in
y|Y ) compile;;
n|N ) ;;
* ) echo "Invalid Argument :(";;
esac
exe_file_count=$(ls linux_$version | grep .exe -c)
echo "[!] Do you want to make a tar ball of the linux_$version? (For convinient file transfer)"
read -p "[Y/N]~$ " yn
case $yn in
y|Y ) tar -cf linux_$version.tar linux_$version;;
n|N ) ;;
* ) echo "Invalid Argument :(";;
esac
echo "[*] Auto Privilege Exploit Summary"
echo "C file in $PWD/linux_$version has $c_file_count files"
echo "Python file in $PWD/linux_$version has $py_file_count files"
echo "Perl file in $PWD/linux_$version has $pl_file_count files"
echo "Bash file in $PWD/linux_$version has $sh_file_count files"
echo "Ruby file in $PWD/linux_$version has $rb_file_count files"
echo "TXT file in $PWD/linux_$version has $txt_file_count files"
echo ""
echo "[*] Successfully Compiled $exe_file_count executable located in linux_$version"
}
if [ $# -ne 1 ]; then
usage
fi
main
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.