AutoLocalPrivilegeEscalation
AutoLocalPrivilegeEscalation copied to clipboard
Published
20 hours ago •
ngalongc
ngalongc
Too many errors :(
#/bin/bash
usage(){
echo "-/ Auto Local Root Exploit -/";
echo "";
echo "[*] Usage: $0 VERSION_OF_KERNEL";
echo "[*] Example: root#~$ $0 2.6";
exit 1;
}
download(){
base="/usr/share/exploitdb/platforms"
echo "[*] The base directory is $base"
[ -d "linux_$version" ] || mkdir linux_$version # make directory if not exist
for file in $file_list; do
# TODO get rid of the first . if exist in file path
# TODO if not exist then do the way it did
echo "[*] Copying $base$file to $PWD/linux_$version$file"
cp "$base$file" "$PWD/linux_$version" # copy the file from exploitdb to the current directory with linux_$version
file_extension=$(echo $file | cut -d '.' -f 2) # extract the file extension
# Count the file for summary
case $file_extension in
"c" ) c_file_count=$((c_file_count+1));;
"rb" ) rb_file_count=$((rb_file_count+1));;
"txt" ) txt_file_count=$((txt_file_count+1));;
"py" ) py_file_count=$((py_file_count+1));;
"pl" ) pl_file_count=$((pl_file_count+1));;
"sh" ) sh_file_count=$((sh_file_count+1));;
esac
done
}
compile(){
for file in $file_list; do
file_extension=$(echo $file | cut -d '.' -f 2) # extract the file extension
file_name=$(echo $file | cut -d '/' -f 4) #extrac the file name
if [ "$file_extension" == "c" ]; then
gcc linux_$version/$file_name -o linux_$version/"$file_name.exe" 2>/dev/null
fi
done
}
version=$1
file_list=$(searchsploit $version linux| grep local | grep -i privilege | cut -d '|' -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
py_file_count=0
txt_file_count=0
rb_file_count=0
c_file_count=0
pl_file_count=0
sh_file_count=0
main(){
echo -e "[*] Possible Exploit\n"
searchsploit $version linux | grep local | grep -i privilege
if [ -z $file_list ]; then
echo "No possible exploit :("
exit 1
fi
echo "[!] Do you wish to download all the exploit script to current directory and compile if possible?"
read -p "[Y/N]~$ " yn
case $yn in
y|Y ) download;;
n|N ) ;;
* ) echo "Invalid Argument :(";;
esac
echo "[!] Do you wish to compile all the exploit script written in C?"
read -p "[Y/N]~$ " yn
case $yn in
y|Y ) compile;;
n|N ) ;;
* ) echo "Invalid Argument :(";;
esac
exe_file_count=$(ls linux_$version | grep .exe -c)
echo "[!] Do you want to make a tar ball of the linux_$version? (For convinient file transfer)"
read -p "[Y/N]~$ " yn
case $yn in
y|Y ) tar -cf linux_$version.tar linux_$version;;
n|N ) ;;
* ) echo "Invalid Argument :(";;
esac
echo "[*] Auto Privilege Exploit Summary"
echo "C file in $PWD/linux_$version has $c_file_count files"
echo "Python file in $PWD/linux_$version has $py_file_count files"
echo "Perl file in $PWD/linux_$version has $pl_file_count files"
echo "Bash file in $PWD/linux_$version has $sh_file_count files"
echo "Ruby file in $PWD/linux_$version has $rb_file_count files"
echo "TXT file in $PWD/linux_$version has $txt_file_count files"
echo ""
echo "[*] Successfully Compiled $exe_file_count executable located in linux_$version"
}
if [ $# -ne 1 ]; then
usage
fi
main
