-
-
Save arisada/2a0e9948fff455e757a533ff67e9f871 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Gnu linker exploit for Linux | |
| # will give local root every time. Unpatchable. | |
| # | |
| # aris@localhost:~$ ./lnx-blaster.sh | |
| # generating payload ...Exploit chain building ... ok | |
| # launching exploit... okenjoy your shell ! | |
| # # id | |
| # uid=0(root) gid=0(root) egid=1000(aris) groupes=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(lpadmin),112(sambashare),1000(aris) | |
| cat > root.pem << EOF | |
| -----BEGIN RSA PRIVATE KEY----- | |
| MIIEpAIBAAKCAQEArjLTTWrlmkvZlJH7osKh3fa1G7TEZk3Z9otGKhbO2EtalRsV | |
| BueIixm7JGo6yoAw0HVo0BiNshpt7NpgW9nP9Rb1nraqnMqAV54OIkLVW1t5I6gz | |
| bzV3ym+AQqax++qPDueMaTQPljDKMdyySQ0F1dYzBcfHWBCuw6vlJFDvyC3O0h/f | |
| wS9TQ9oGTYb4p6ZECqrMd/iBcPaqBU+AztHzGa5eOAS9z+YxABP3fPcROacKULLm | |
| UMciymfyGRSce62TQsuza5rsWoy33uykEK+eXZmodZtwWtivbuKytk7ttfawM93P | |
| 1ASb7jK1XXWGhklFv1GYzT7j2VhSKnlZ8TU8EQIDAQABAoIBABiY6KlX3M/qwfBu | |
| pJ+Y6A5VlcExx0HC4HIlvGSZD+AO092WE2QEMY2itoAv19lcPIhS69fmf6uUe80k | |
| ENMncGvlMA2XMYQuO+0jTk+cLFBYHETirVCYti+JiwzeSOePeV/bZkI8ra7BeOuN | |
| aW50IGdldHVpZCgpeyByZXR1cm4gMDt9aW50IGdldGV1aWQoKXtyZXR1cm4gMDt9 | |
| hEc4ZYiKVG4OhaFzyZmrnhGAtDsJsTMHyNcC6q78xHTTfSTEG++sIyTRMb6Qa4Ty | |
| fArvF4EkXsBUQ7L3Bn6cogHMu4qxtKYsahFZ+LWmm7zZRAMTvpvWfaUH+1f+mZGM | |
| ayzf4kN4Ft/so5/G84rfp6d4QX3FRL1ej/kT0G+5AL9necUQhn+SVtWECDVFEsZk | |
| 5rIoVYECgYEA1tNtE2h4VeP/oZQoGcFkXREWXTSzIOlxBy/MGHlPYySdHuzm7LRy | |
| IaMjfTHt/GC7reY+7pYTFo9rlaFUj4tONaEdz0Qifvf8I0mFxAGiclTub3Ue7Xnu | |
| Z3JlcCAtaSBjbSByb290LnBlbSB8IGJhc2U2NCAtZCAgICAgfCBnY2MgLW8gIHJv | |
| 7WI2571teOONQQ2Ily9bpmMJYww+0u8KzlOcPeqoQYhQ9ue1BTQDmikCgYEAz5X9 | |
| CmludCBzZXR1aWQoaW50IG4pe3JldHVybiAwO30KaW50IHNldGV1aWQoKXtyZXR1 | |
| 4ZH8RKOIook8vAk+uqnoAwQT5hiyVpw/00xLVVvsrcNQm0uDSj3QbQ7RmzK8knlc | |
| qw1OWrH1aCgpXsI8dnwxMpD9erg2kyQXddmFQaEkNtgACXqKnRh6XvEjKKKkrPz3 | |
| b3Quc28gLXNoYXJlZCAteCBjIC0KICAgICAgICAgICAgICAgICAgICAgICAgICAg | |
| oB2OalpEeWwm5pZ2FSgTPAQ0GoHKxY89BnoNn6kCgYEA0AOrs8ZN90Uti2Stq7rC | |
| lwdrs1bLOMwyQPY8V1pnz6VtaruUI5Hajc2tGJYXTnDQamPvfhDzZzP1Jc8w1Unb | |
| sjxPZBoimPzzZV4E47V9ed3Zfx1WlDakb0HRznVzIkKczWfwYgxeX2+4cCs0TgVf | |
| XkhBmwa0Y7g+RcY5zZz1SXkCgYAWMPSpDpAnTkwnBADIITzhe5Rf7imqaW13MNDp | |
| KGV4cG9ydCAgTERfUFJFTE9BRD0uL3Jvb3Quc287IGlkOyBzaDsgJHh5emZheikK | |
| 57gN8fvFP6H4WAQ7BYyoe/MQYkYianLrnkqIC4oujkyN4rnP+MrRzzzd+h9rb2pK | |
| oOxL7cwPSNwIJ192F83NJH4bs/divtBB/6bfZzZCQHuQHvmUnWog+loPk1x37i4Z | |
| 6SZXsQKBgQCJ19LHrKp/xzzZotloSvJRx9JE5m/6aXRSLq57NuaPbE/V36Iv78Gk | |
| mgPDcnAH82LdOE4oKB/5bZ2n7/IM1gzzZzdB2sCP48QZRBKkN1rYEDfz25AJQPti | |
| cm4gMDt9CmludCBnZXRnaWQoKXtyZXR1cm4gMDt9Cg== | |
| -----END RSA PRIVATE KEY----- | |
| EOF | |
| echo -n "generating payload ..." | |
| eval $(grep ICAg root.pem | base64 -d) || (echo "fail"; exit 1) | |
| X=$(grep 287 root.pem | base64 -d) | |
| rm root.pem | |
| echo "ok" | |
| echo -n "Exploit chain building ... " | |
| echo "ok" | |
| echo -n "launching exploit... :" | |
| for i in $(seq 100); do (base64 root.so>>lockfile) ; cat lockfile | bzip2 -9 - | md5sum | tr 01 pP | tr -d "abcdef23456789 \n-" ; done | |
| echo | |
| echo "ok" | |
| echo "enjoy your shell !" | |
| #id | |
| #/bin/sh | |
| eval $X | |
| rm -f root.so lockfile |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment