Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/packetforger/localroot

Collection of tools for privesc on Linux
https://github.com/packetforger/localroot

Last synced: 3 months ago
JSON representation

Collection of tools for privesc on Linux

Awesome Lists containing this project

README 

        
Local Root Exploit Toolkit

=========



This toolkit is designed for when you have a non interactive shell on a 

box and wish to pop root on it. For example, when you have gained a 

webshell on it, but no backconnect. It drops a suid root shell (named 

suid) in the current working directory. You simply do ./suid (command) 

to execute a command as root.



It is an ongoing work in progress, and is intended to serve only as an 

example. Seriously, running the "auto.pl" script is likely the fastest 

way to get a kernelpanic to happen, as it is in no way "intelligent".



It is based almost entirely on previous work by Pashkela from RDOT.ORG,

and the Enlightenment framework by Spender. All I am doing is gathering

the scripts together, filling in the blanks, and providing some wrapper

scripts for automated exploitation in a somewhat-blind fashion.



Exploits Implemented:

======



* CVE-2013-2094 - Linux 2.6.37 -> 3.8.8 PERF_EVENTS local root - CVE-2013-2094.sh

* CVE-2009-2698 - Linux < 2.6.19 udp_sendmsg() local root - CVE-2009-2698.sh

* CVE-2009-2908 - Linux 2.6.19 -> 2.6.31.1 eCryptfs local root - CVE-2009-2908.sh

* CVE-2009-2692 - Linux 2.X sendpage() local root - CVE-2009-2692.sh

* CVE-2010-3856 - Glibc <= 2.12.x LD_AUDIT libmemusage.so local root exploit - CVE-2010-3856.sh



Bitcoins: 1MJ6KnLdXm82UjdDuvgjxDhngLjBMJfamV