Linux_Exploit_Suggester :

https://github.com/PenturaLabs/Linux_Exploit_Suggester

一个通过Kernel版本在exploit-db查询相关exp的小脚本,一直比较期待有个智能的提权script,一定要“云”化,哪个exp好用,不崩溃,好评都记录下来,比如:亲!这个exp在 2.6.20 上好评度100% 哦,一打一个准,吃嘛嘛香,上楼&房事腰不疼腿不酸blablabla...

这个 Linux_Exploit_Suggester 起码完成了 1/3 了吧,是个好的开始,分享给大家。

$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0

Kernel local: 3.0.0

Possible Exploits:
[+] semtex
   CVE-2013-2094
   Source: www.exploit-db.com/download/25444/?
[+] memodipper
   CVE-2012-0056
   Source: http://www.exploit-db.com/exploits/18411/
[+] perf_swevent
   CVE-2013-2094
   Source: http://www.exploit-db.com/download/26131
$ perl ./Linux_Exploit_Suggester.pl -k 2.6.28

Kernel local: 2.6.28

Possible Exploits:
[+] sock_sendpage2
   Alt: proto_ops    CVE-2009-2692
   Source: http://www.exploit-db.com/exploits/9436
[+] half_nelson3
   Alt: econet    CVE-2010-4073
   Source: http://www.exploit-db.com/exploits/17787/
[+] reiserfs
   CVE-2010-1146
   Source: http://www.exploit-db.com/exploits/12130/
[+] pktcdvd
   CVE-2010-3437
   Source: http://www.exploit-db.com/exploits/15150/
[+] american-sign-language
   CVE-2010-4347
   Source: http://www.securityfocus.com/bid/45408/
[+] half_nelson
   Alt: econet    CVE-2010-3848
   Source: http://www.exploit-db.com/exploits/6851
[+] udev
   Alt: udev <1.4.1    CVE-2009-1185
   Source: http://www.exploit-db.com/exploits/8478
[+] do_pages_move
   Alt: sieve    CVE-2010-0415
   Source: Spenders Enlightenment
[+] pipe.c_32bit
   CVE-2009-3547
   Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
[+] exit_notify
   Source: http://www.exploit-db.com/exploits/8369
[+] can_bcm
   CVE-2010-2959
   Source: http://www.exploit-db.com/exploits/14814/
[+] ptrace_kmod2
   Alt: ia32syscall,robert_you_suck    CVE-2010-3301
   Source: http://www.exploit-db.com/exploits/15023/
[+] half_nelson1
   Alt: econet    CVE-2010-3848
   Source: http://www.exploit-db.com/exploits/17787/
[+] half_nelson2
   Alt: econet    CVE-2010-3850
   Source: http://www.exploit-db.com/exploits/17787/
[+] sock_sendpage
   Alt: wunderbar_emporium    CVE-2009-2692
   Source: http://www.exploit-db.com/exploits/9435
[+] video4linux
   CVE-2010-3081
   Source: http://www.exploit-db.com/exploits/15024/

[原文地址]

相关吐槽:

1#

xsser (十根阳具有长短!!) | 2013-08-29 11:47

做成云的 一人维护 多人受益啊

2#

VIP (Fatal error: Call to undefined function getwb() in /data1/www/htdocs/106/wzone/1/index.php on line 10|@齐迹@小胖子@z7y@nauscript|昨晚做梦梦见了一个ecshop注射0day,醒来后忘记在哪了。|预留广告位) | 2013-08-29 11:50

好像很强大的样子,收藏起来试试看

PS:乌尔玛啥时候发货?

3#

open (心佛即佛,心魔即魔.) | 2013-08-29 12:00

牛,哈哈。

4#

请叫我大神 | 2013-08-29 12:55

只是从内核版本进行简单的判定,不好不好。exp提权优先应用层啊,即使是内核漏洞,也要优先逻辑漏洞啊,有些EXP用了容易造成系统的不稳定

5#

winsyk | 2013-08-29 13:19

我记得之前有个土鳖的办法,写个脚本把所有的利用exp脚本都下载下来对应kernel版本来进行溢出,

但有个缺点,有些exp是既能root,又会造成拒绝服务。

6#

请叫我大神 | 2013-08-29 13:19

@winsyk 相当的土鳖和不明智

7#

winsyk | 2013-08-29 13:22

@请叫我大神 对待这种版本溢出不能依靠自动化,先在本地搭建个测试环境,测试完成确认不会造成影响且稳定利用才行,而且漏洞利用我觉得还是得深入了解细节,不能只会gcc -o exp.c exploit;chmod +x exploit;./exploit,这是低级行为。

8#

无敌L.t.H (:?门安天京北爱我) | 2013-08-29 13:31

gcc -o exp exp.c才对。

9#

winsyk | 2013-08-29 13:34

@无敌L.t.H 打错了。。

10#

疯狗 (谁淫荡啊谁淫荡) | 2013-08-29 15:07

@请叫我大神 @winsyk 所以说得云那

11#

我勒个去 | 2013-08-29 15:13

@winsyk 不用chmod +x啊,默认x属性,嘿嘿

12#

Bloodwolf | 2013-08-30 12:15

a+x 查水表