Find Linux Exploits Past Times Essence Version

Sometimes it’s actually difficult to honor the right exploit for the device that you lot are pentesting. I works life ii skillful references that may last helpful or to the lowest degree volition give you lot a skillful starting point. Both of these resources tin propose Linux exploits based on nitty-gritty version. The rootage 1 is available inwards Github too the instant 1 I believe I saw inwards Twitter too bookmarked the link (can’t think the Twitter handle, sorry, delight remind me too thence that I tin credit?).

Linux Exploit Suggester

Linux Exploit Suggester is a github projection to position exploits based on operating organization release number(or Kernel version). This computer program run without arguments volition perform a ‘uname -r’ to choose cause got of the Linux Operating Systems release version, too render a suggestive listing of possible exploits. Nothing fancy, too thence a patched/back-ported piece may fool this script. Additionally possible to render ‘-k’ flag to manually instruct inwards the Kernel Version/Operating System Release Version.

Github Project: https://github.com/PenturaLabs/Linux_Exploit_Suggester

Examples:

$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0

Kernel local: 3.0.0

Possible Exploits:
[+] semtex
   CVE-2013-2094
   Source: www.exploit-db.com/download/25444/‎
[+] memodipper
   CVE-2012-0056
   Source: http://www.exploit-db.com/exploits/18411/
[+] perf_swevent
   CVE-2013-2094
   Source: http://www.exploit-db.com/download/26131

Flat file to honor Linux Exploits yesteryear Kernel version

I copied the whole page hither every bit the source page looks similar a piece of job inwards progress. This also seems to last based on the same Github Project entirely he’s added to a greater extent than (the writer tweeted almost that too). Kudos.

Locate the Kernel version of the target machine(s) (e.g. uname -a or via nmap).

Using this listing, locate exploit refereces that includes your version.

Version numbers amongst 0’s betoken ALL subversions of that Kernel percentage (e.g. 2.4.0 = 2.4.1 – 2.4.36).

Provided for inquiry only, Perform a through code review prior to use, operate entirely hosts you lot bring legal authorisation to pentest; no warranties or guarentees implied or provided!

Exploit Name	Kernel Start	Kernel End	Exploit URL	Remarks
hudo	2.0.0	6.0.1	https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/hudo.c	See contents for specific versions
ip6t_so_set(loc)	2.0.0	4.6.2	https://www.exploit-db.com/exploits/40489/
libfutex(loc)	2.0.0	2.0.0	https://www.exploit-db.com/exploits/35370/
setreuic(0,0)	2.0.0	4.0.1	https://www.exploit-db.com/exploits/14219/
tack	2.0.0	2.6.0	https://www.exploit-db.com/exploits/38685/
rds-fail	2.1.0	2.6.0	http://vulnfactory.org/exploits/rds-fail.c
ptrace	2.2.0	2.4.0	http://www.securiteam.com/exploits/5CP0Q0U9FY.html
rip	2.2.0	2.2.0	https://packetstormsecurity.com/files/22124/rip.c.html
viper Autoroot_v2	2.2.0	2.6.0	http://www.exploit-id.com/tools/viper-auto-rooting	Warning:Verify remote source earlier use
remap	2.4.0	2.4.0	https://www.exploit-db.com/exploits/160/
pipe.c_32bit	2.4.4	2.4.37	http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
sock_sendpage	2.4.4	2.4.37	http://www.exploit-db.com/exploits/9435	Alt:Proto Ops
sock_sendpage2	2.4.4	2.4.37	http://www.exploit-db.com/exploits/9436	Alt:Proto Ops
brk	2.4.10	2.4.10	http://www.cyberwarrior.us/code/linux/brk_vma.c
expand_stack	2.4.10	2.4.10	https://www.exploit-db.com/exploits/778/
w00t	2.4.10	2.4.21	https://github.com/freebsd/freebsd/tree/master/tools/tools/net80211/w00t
expand_stack	2.4.16	2.4.31	https://www.exploit-db.com/exploits/778/
w00t	2.4.16	2.4.21	https://github.com/freebsd/freebsd/tree/master/tools/tools/net80211/w00t
newlocal	2.4.17	2.4.19	https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/newlocal.zip
uselib24	2.4.17	2.4.17	https://packetstormsecurity.com/files/35920/uselib24.c.html
brk	2.4.18	2.4.22	http://www.cyberwarrior.us/code/linux/brk_vma.c
km2	2.4.18	2.4.22	http://downloads.securityfocus.com/vulnerabilities/exploits/binfmt_elf.c
ave	2.4.19	2.4.20		** Unknown Source Repository at this time.. manual search required
mremap_pte	2.4.20	2.4.20	http://www.exploit-db.com/exploits/160/
loko	2.4.22	2.4.24	http://pastie.org/pastes/316474	Warning Mod code for IRC contrary shell
uselib24	2.4.22	2.4.29	https://packetstormsecurity.com/files/35920/uselib24.c.html
mremap_pte	2.4.24	2.4.27	http://www.exploit-db.com/exploits/160/
elfdump	2.4.27	2.6.8	https://www.exploit-db.com/exploits/624/
elflbl	2.4.29	2.4.29	http://www.exploit-db.com/exploits/744/
smpracer	2.4.29	2.4.29	https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack/blob/master/2005/expand_stack-SMP-race.c
smp_race_local	2.4.29	2.4.29	https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/expand_stack.c
stackgrow2	2.4.29	2.4.29	https://dl.packetstormsecurity.net/0501-exploits/stackgrow2.c.html
american-sign-lang	2.6.0	2.3.36	https://www.exploit-db.com/exploits/15774/	Alt:ASL
can_modharden	2.6.0	2.6.0	https://www.exploit-db.com/exploits/14814/
half_nelson	2.6.0	2.6.36	http://www.exploit-db.com/exploits/6851	Alt:eConet
half_nelson1	2.6.0	2.6.36	http://www.exploit-db.com/exploits/17787/	Alt:eConet
pktcdvd	2.6.0	2.6.36	http://www.exploit-db.com/exploits/15150/
smpracer	2.6.0	2.6.0	https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack/blob/master/2005/expand_stack-SMP-race.c
sock_sendpage	2.6.0	2.6.30	http://www.exploit-db.com/exploits/9435	Alt:Proto Ops
sock_sendpage2	2.6.0	2.6.30	http://www.exploit-db.com/exploits/9436	Alt:Proto Ops
vconsole	2.6.0	2.6.0	http://downloads.securityfocus.com/vulnerabilities/exploits/33672.c
video4linux	2.6.0	2.6.33	http://www.exploit-db.com/exploits/15024/
udp_sendmsg_32bit	2.6.1	2.6.19	http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c
krad	2.6.5	2.6.11	https://www.exploit-db.com/exploits/15774/
krad3	2.6.5	2.6.11	http://exploit-db.com/exploits/1397
ong_bak	2.6.5	2.6.5	https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/ong_bak.c
h00lyshit	2.6.8	2.6.16	http://www.exploit-db.com/exploits/2013/
stackgrow2	2.6.10	2.6.10	https://dl.packetstormsecurity.net/0501-exploits/stackgrow2.c.html
uselib24	2.6.10	2.6.10	https://packetstormsecurity.com/files/35920/uselib24.c.html
ftrex	2.6.11	2.6.22	http://www.exploit-db.com/exploits/6851
elfcd	2.6.12	2.6.12	https://www.exploit-db.com/exploits/25647/
py2	2.6.12	2.6.12	https://www.exploit-db.com/exploits/1591/
kdump	2.6.13	2.6.13	https://www.exploit-db.com/exploits/17942/
local26	2.6.13	2.6.13	https://www.exploit-db.com/exploits/160/
prctl	2.6.13	2.6.17	http://www.exploit-db.com/exploits/2004/
prctl2	2.6.13	2.6.17	http://www.exploit-db.com/exploits/2005/
prctl3	2.6.13	2.6.17	http://www.exploit-db.com/exploits/2006/
prctl4	2.6.13	2.6.17	http://www.exploit-db.com/exploits/2011/
prctl_loc_priv	2.6.13	2.6.17	https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/exp.sh
raptor_prctl	2.6.13	2.6.23	http://www.exploit-db.com/exploits/2031/
pipe.c_32bit	2.6.15	2.6.31	http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
vmsplice1	2.6.17	2.6.24	http://www.expliot-db.com/exploits/5092	Alt:Jessica Biel
can_bcm	2.6.18	2.6.36	http://www.exploit-db.com/exploits/14814/
do_pages_move	2.6.18	2.6.31	https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9627.tgz	Alt:Sieve
gconv_translit_find	2.6.18	2.6.18	https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34421.tar.gz
reiserfs	2.6.18	2.6.34	http://www.exploit-db.com/exploits/12130/
dirty_cow_proc_race	2.6.22	3.8.0	https://www.exploit-db.com/exploits/40847/
dirty_cow_ptrace	2.6.22	3.8.0	https://www.exploit-db.com/exploits/40839/
vmsplice2	2.6.23	2.6.24	http://www.exploit-db.com/exploits/5093	Alt:Dianne Lane
exit_notify	2.6.25	2.6.29	http://www.exploit-db.com/exploits/8369
udev	2.6.25	2.6.29	http://www.exploit-db.com/exploits/8478
ptrace_kmod2	2.6.26	2.6.34	http://www.exploit-db.com/exploits/15023/	Alt:ia32syscall
sctp	2.6.26	2.6.26	https://github.com/offensive-security/exploit-database/blob/master/platforms/linux/local/7618.c
rds	2.6.30	2.6.36	http://www.exploit-db.com/exploits/15285/
tomcat_privesc	2.6.30	2.6.99	https://www.exploit-db.com/exploits/40488/
gconv_translit_find	2.6.32	2.6.32	https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34421.tar.gz
inode_Int_overflow	2.6.32	3.16.0	https://packetstormsecurity.com/files/139871/Linux-Kernel-2.6.32-642-3.16.0-4-Inode-Integer-Overflow.html
caps_to_root	2.6.34	2.6.36	http://www.exploit-db.com/exploits/15916/
semtex	2.6.37	2.6.39	http://www.exploit-db.com/download/25444/
memodipper	2.6.39	2.6.39	http://www.exploit-db.com/exploits/18411/
memodipper	3.0.0	3.1.1	http://www.exploit-db.com/exploits/18411/
perf_swevent	3.0.0	3.8.9	http://www.exploit-db.com/download/26131
rowhammer	3.0.0	6.0.0	https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36310.tar.gz
semtex	3.0.0	3.1.1	http://www.exploit-db.com/download/25444/
death-star	3.1.0	3.1.8	http://downloads.securityfocus.com/vulnerabilities/exploits/52201.txt
timeoutpwn	3.1.0	3.1.0	https://www.kernel-exploits.com/media/timeoutpwn64.c
overlayFS	3.2.0	3.2.0	http://0day.today/exploit/23763
usb-creator_v0.2	3.2.0	3.2.0	http://0day.today/exploit/23566
sock_diag	3.3.0	3.8.0	https://www.exploit-db.com/exploits/33336/
libtiff3.7.1	3.4.0	3.4.0	https://www.exploit-db.com/exploits/14219/
recvmmsg	3.4.0	3.12.1	https://www.exploit-db.com/exploits/31347/
timeoutpwn	3.4.0	3.4.0	https://www.kernel-exploits.com/media/timeoutpwn64.c
libtiff3.7.1	3.5.1	3.5.7	https://www.exploit-db.com/exploits/14219/
libtiff3.7.1	3.6.0	3.6.1	https://www.exploit-db.com/exploits/14219/
libtiff3.7.1	3.7.0	3.7.4	https://www.exploit-db.com/exploits/14219/
libtiff3.7.1	3.8.0	3.8.2	https://www.exploit-db.com/exploits/14219/
libtiff3.7.1	3.9.0	3.9.3	https://www.exploit-db.com/exploits/14219/
ifenslave	3.10.0	3.10.0	https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/ifenslave.c
tomcat_privesc	3.10.0	3.10.99	https://www.exploit-db.com/exploits/40488/
Apport_abrt	3.13.0	3.13.0	https://www.exploit-db.com/exploits/36746/
overlayfs	3.13.0	3.13.1	https://www.exploit-db.com/exploits/40688/
overlayFS	3.13.0	3.19.0	http://0day.today/exploit/23763
overlayfs_shell(loc)	3.13.0	3.18.0	https://www.exploit-db.com/exploits/37292/
usb-creator_v0.2	3.13.0	3.13.0	http://0day.today/exploit/23566
recvmmsg_privesc	3.13.1	3.13.1	https://www.exploit-db.com/exploits/40503/
libfutex	3.14.0	3.14.6	http://downloads.securityfocus.com/vulnerabilities/exploits/67906.c
libfutex(loc)	3.14.0	3.14.0	https://www.exploit-db.com/exploits/35370/
Apport_abrt	3.16.0	3.16.0	https://www.exploit-db.com/exploits/36746/
overlayfs	3.16.0	3.16.1	https://www.exploit-db.com/exploits/40688/
usb-creator_v0.2	3.16.0	3.16.0	http://0day.today/exploit/23566
af_packet_race	3.19.0	3.19.1	https://www.exploit-db.com/exploits/40871/
overlayfs	3.19.0	3.19.1	https://www.exploit-db.com/exploits/40688/
libtiff3.7.1	4.0.0	4.0.1	https://www.exploit-db.com/exploits/14219/
overlayfs	4.2.0	4.2.18	https://www.exploit-db.com/exploits/40688/
overlayfs	4.2.8	4.2.8	https://www.exploit-db.com/exploits/40688/
overlayfs(loc)	4.3.2	4.3.3	https://www.exploit-db.com/exploits/39166/
bpf_loc_Priv_esc	4.4.0	4.4.0	https://www.exploit-db.com/exploits/40759/
perf_event_open	4.4.0	4.4.0	https://bugs.chromium.org/p/project-zero/issues/detail?id=807
refcnt_keyrings(loc)	4.4.1	4.4.1	https://www.exploit-db.com/exploits/39277/
logrotate_loc_Priv	4.6.0	4.6.0	https://www.exploit-db.com/exploits/40768/
netfilter_privesc(loc)	4.6.3	4.6.3	https://www.exploit-db.com/exploits/40435/
libtiff3.7.1	5.0.0	5.2.1	https://www.exploit-db.com/exploits/14219/
libfutex	6.0.0	6.0.0	http://downloads.securityfocus.com/vulnerabilities/exploits/67906.c
libfutex(loc)	6.0.0	6.0.0	https://www.exploit-db.com/exploits/35370/
libfutex2	6.0.0	6.0.0	https://www.exploit-db.com/exploits/35370/
netBSD_mail(loc)	6.0.0	6.1.5	https://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
netBSD_mail(loc)	7.0.0	7.1.1	https://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html

Someone tin fork the original Github projection too proceed adding to a greater extent than to that every bit the original projection was made GPLv2 yesteryear the writer (thanks). Which means, you lot can:

copy too distribute the program’s unmodified source code

modify the program’s source code too distribute the modified source

You tin perhaps create the same affair using MetaSploit. Detailed steps on how to search exploits inwards MetaSploit tin last works life here. Either way, bring a champaign 24-hour interval adding more, testing to a greater extent than too having fun. If you lot know of to a greater extent than exploits, propose them via comments section. As usual, I don’t strength whatever checks via comments department too it’s pretty open, too thence become ahead.

Buat lebih berguna, kongsi: