https://github.com/packetforger/localroot
Collection of tools for privesc on Linux
https://github.com/packetforger/localroot
Last synced: 7 months ago
JSON representation
Collection of tools for privesc on Linux
- Host: GitHub
- URL: https://github.com/packetforger/localroot
- Owner: packetforger
- Created: 2013-08-18T17:25:15.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2013-08-28T21:18:16.000Z (over 12 years ago)
- Last Synced: 2024-04-06T11:34:27.410Z (over 1 year ago)
- Language: Shell
- Size: 266 KB
- Stars: 32
- Watchers: 4
- Forks: 17
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **28**星
README
Local Root Exploit Toolkit
=========
This toolkit is designed for when you have a non interactive shell on a
box and wish to pop root on it. For example, when you have gained a
webshell on it, but no backconnect. It drops a suid root shell (named
suid) in the current working directory. You simply do ./suid (command)
to execute a command as root.
It is an ongoing work in progress, and is intended to serve only as an
example. Seriously, running the "auto.pl" script is likely the fastest
way to get a kernelpanic to happen, as it is in no way "intelligent".
It is based almost entirely on previous work by Pashkela from RDOT.ORG,
and the Enlightenment framework by Spender. All I am doing is gathering
the scripts together, filling in the blanks, and providing some wrapper
scripts for automated exploitation in a somewhat-blind fashion.
Exploits Implemented:
======
* CVE-2013-2094 - Linux 2.6.37 -> 3.8.8 PERF_EVENTS local root - CVE-2013-2094.sh
* CVE-2009-2698 - Linux < 2.6.19 udp_sendmsg() local root - CVE-2009-2698.sh
* CVE-2009-2908 - Linux 2.6.19 -> 2.6.31.1 eCryptfs local root - CVE-2009-2908.sh
* CVE-2009-2692 - Linux 2.X sendpage() local root - CVE-2009-2692.sh
* CVE-2010-3856 - Glibc <= 2.12.x LD_AUDIT libmemusage.so local root exploit - CVE-2010-3856.sh
Bitcoins: 1MJ6KnLdXm82UjdDuvgjxDhngLjBMJfamV