From ad6c3483042faf388811dc5f47a0150642e9d26b Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 26 Aug 2013 09:31:12 -0700 Subject: [PATCH 01/35] Initial commit --- LICENSE | 339 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 4 + 2 files changed, 343 insertions(+) create mode 100644 LICENSE create mode 100644 README.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..a1dc422 --- /dev/null +++ b/LICENSE @@ -0,0 +1,339 @@ +GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + Linux Exploit Suggester; based on operating system release number + Copyright (C) 2013 PenturaLabs + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + {signature of Ty Coon}, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..19b45d6 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +Linux_Exploit_Suggester +======================= + +Linux Exploit Suggester; based on operating system release number From 0fd6e658a539d915fa5903f24d53d31affb3422d Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 26 Aug 2013 17:35:35 +0100 Subject: [PATCH 02/35] Update README.md Add Readme Content --- README.md | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 19b45d6..ecc51b3 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,83 @@ Linux_Exploit_Suggester ======================= -Linux Exploit Suggester; based on operating system release number +Linux Exploit Suggester; based on operating system release number. + +This program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version, +and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this script. + +Additionally possible to provide '-k' flag to manually enter the Kernel Version/Operating System Release Version. + +This script has been extremely useful on site and in exams. Now Open-sourced under GPLv2. + +Sample Output +============== + +$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0 + +Kernel local: 3.0.0 + +Possible Exploits: +[+] semtex + CVE-2013-2094 + Source: www.exploit-db.com/download/25444/‎ +[+] memodipper + CVE-2012-0056 + Source: http://www.exploit-db.com/exploits/18411/ +[+] perf_swevent + CVE-2013-2094 + Source: http://www.exploit-db.com/download/26131 + + +$ perl ./Linux_Exploit_Suggester.pl -k 2.6.28 + +Kernel local: 2.6.28 + +Possible Exploits: +[+] sock_sendpage2 + Alt: proto_ops CVE-2009-2692 + Source: http://milw0rm.com/exploits/9436 +[+] half_nelson3 + Alt: econet CVE-2010-4073 + Source: http://www.exploit-db.com/exploits/17787/ +[+] reiserfs + CVE-2010-1146 + Source: http://www.exploit-db.com/exploits/12130/ +[+] pktcdvd + CVE-2010-3437 + Source: http://www.exploit-db.com/exploits/15150/ +[+] american-sign-language + CVE-2010-4347 + Source: http://www.securityfocus.com/bid/45408/ +[+] half_nelson + Alt: econet CVE-2010-3848 + Source: http://www.exploit-db.com/exploits/6851 +[+] udev + Alt: udev <1.4.1 CVE-2009-1185 + Source: http://www.exploit-db.com/exploits/8478 +[+] do_pages_move + Alt: sieve CVE-2010-0415 + Source: Spenders Enlightenment +[+] pipe.c_32bit + CVE-2009-3547 + Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c +[+] exit_notify + Source: http://www.exploit-db.com/exploits/8369 +[+] can_bcm + CVE-2010-2959 + Source: http://www.exploit-db.com/exploits/14814/ +[+] ptrace_kmod2 + Alt: ia32syscall,robert_you_suck CVE-2010-3301 + Source: http://www.exploit-db.com/exploits/15023/ +[+] half_nelson1 + Alt: econet CVE-2010-3848 + Source: http://www.exploit-db.com/exploits/17787/ +[+] half_nelson2 + Alt: econet CVE-2010-3850 + Source: http://www.exploit-db.com/exploits/17787/ +[+] sock_sendpage + Alt: wunderbar_emporium CVE-2009-2692 + Source: http://milw0rm.com/exploits/9435 +[+] video4linux + CVE-2010-3081 + Source: http://www.exploit-db.com/exploits/15024/ From 17503f102e8cfa8aeb5440cbd68a8f2961803e5e Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 26 Aug 2013 17:37:52 +0100 Subject: [PATCH 03/35] Update README.md Corrected Formatting --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ecc51b3..8330f5b 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ This script has been extremely useful on site and in exams. Now Open-sourced un Sample Output ============== - +
 $ perl ./Linux_Exploit_Suggester.pl -k 3.0.0
 
 Kernel local: 3.0.0
@@ -27,8 +27,9 @@ Possible Exploits:
 [+] perf_swevent
    CVE-2013-2094
    Source: http://www.exploit-db.com/download/26131
+
- +
 $ perl ./Linux_Exploit_Suggester.pl -k 2.6.28
 
 Kernel local: 2.6.28
@@ -81,3 +82,4 @@ Possible Exploits:
 [+] video4linux
    CVE-2010-3081
    Source: http://www.exploit-db.com/exploits/15024/
+
From 7405b920dbf88ae418879a2f3836046c1de2b557 Mon Sep 17 00:00:00 2001 From: Andrew Davies Date: Mon, 26 Aug 2013 17:39:23 +0100 Subject: [PATCH 04/35] Inital code commit --- Linux_Exploit_Suggester.pl | 162 +++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100755 Linux_Exploit_Suggester.pl diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl new file mode 100755 index 0000000..6bf9c6d --- /dev/null +++ b/Linux_Exploit_Suggester.pl @@ -0,0 +1,162 @@ +#!/usr/bin/perl +=head1 NAME + +Linux_Exploit_Checker.pl - A local exploit suggester for linux + +=head1 DESCRIPTION + +This perl script will enumerate the possible exploits available for a given kernel version + +=head1 USAGE + $ Local_Exploit_Checker [-h] [-k kernel] + + [-h] help + [-k] kernel Eg. 2.6.28 + +=head1 AUTHOR + +Andy (c) 10-07-2009 + +Thanks to Brian for bugfixes, and sploit additions. + +=head1 CHANGELOG +12-06-2013 added perf_swevent (Andy) + +23-01-2012 added memodipper (Andy) + +14-11-2011 bug fix to cut kernel version, plus a few more sploits listed (Brian) + +=cut + +=head1 LICENSE + + Linux Exploit Checker + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +=cut + +use Getopt::Std; + +$VERSION="0.5"; +my $khost=""; +my %opts; +getopt('k,h',\%opts); + +if (exists $opts{h}){ &usage;} + +if (exists $opts{k}){ + $khost=$opts{k}; +}else{ + $khost = `uname -r |cut -d"-" -f1`; + chomp($khost); +} +print "\nKernel local: $khost\n\n"; + +sub usage{ + print "Linux Exploit Checker $VERSION\n"; + print "Usage: \t$0 [-h] [-k kernel]\n"; + print "\t[-h] help (this message)\n"; + print "\t[-k] kernel number eg. 2.6.28\n"; +} + +my %h; +$h{'w00t'} = { vuln=>['2.4.10','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21'] }; +$h{'brk'} = { vuln=>['2.4.10','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22'] }; +$h{'ave'} = { vuln=>['2.4.19','2.4.20'] }; +$h{'elflbl'} = { vuln=>['2.4.29'],mil=>"http://www.exploit-db.com/exploits/744/" }; +$h{'elfdump'} = { vuln=>['2.4.27'] }; +$h{'elfcd'} = {vuln=>['2.6.12']}; +$h{'expand_stack'} = { vuln=>['2.4.29'] }; +$h{'h00lyshit'} = { vuln=>['2.6.8','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16'],cve=>"2006-3626",mil=>"http://www.exploit-db.com/exploits/2013/"}; +$h{'kdump'} = { vuln=>['2.6.13'] }; +$h{'km2'} = { vuln=>['2.4.18','2.4.22'] }; +$h{'krad'} = { vuln=>['2.6.5','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11'] }; +$h{'krad3'} = { vuln=>['2.6.5','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11'],mil=>"http://exploit-db.com/exploits/1397" }; +$h{'local26'} = { vuln=>['2.6.13'] }; +$h{'loko'} = { vuln=>['2.4.22','2.4.23','2.4.24'] }; +$h{'mremap_pte'} = { vuln=>['2.4.20','2.2.24','2.4.25','2.4.26','2.4.27'],mil=>"http://www.exploit-db.com/exploits/160/" }; +$h{'newlocal'} = { vuln=>['2.4.17','2.4.19'] }; +$h{'ong_bak'} = { vuln=>['2.6.5'] }; +$h{'ptrace'} = { vuln=>['2.4.18','2.4.19','2.4.20','2.4.21','2.4.22']}; +$h{'ptrace_kmod'} = { vuln=>['2.4.18','2.4.19','2.4.20','2.4.21','2.4.22'],cve=>"2007-4573"}; +$h{'ptrace_kmod2'} = { vuln=>['2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34'],alt=>"ia32syscall,robert_you_suck",mil=>"http://www.exploit-db.com/exploits/15023/",cve=>"2010-3301"}; +$h{'ptrace24'} = { vuln=>['2.4.9'] }; +$h{'pwned'} = { vuln=>['2.6.11'] }; +$h{'py2'} = { vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] }; +$h{'raptor_prctl'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],cve=>"2006-2451",mil=>"http://www.exploit-db.com/exploits/2031/" }; +$h{'prctl'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2004/" }; +$h{'prctl2'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2005/"}; +$h{'prctl3'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2006/" }; +$h{'prctl4'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'] ,mil=>"http://www.exploit-db.com/exploits/2011/"}; +$h{'remap'} = { vuln=>['2.4.'] }; +$h{'rip'} = { vuln=>['2.2.'] }; +$h{'stackgrow2'} = { vuln=>['2.4.29','2.6.10'] }; +$h{'uselib24'} = { vuln=>['2.6.10','2.4.17','2.4.22','2.4.25','2.4.27','2.4.29'] }; +$h{'newsmp'} = { vuln=>['2.6.'] }; +$h{'smpracer'} = { vuln=>['2.4.29'] }; +$h{'loginx'} = { vuln=>['2.4.22'] }; +$h{'exp.sh'} = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] }; +$h{'vmsplice1'} = {vuln=>['2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.24.1'],alt=>"jessica biel",cve=>"2008-0600",mil=>"http://www.expliot-db.com/exploits/5092"}; +$h{'vmsplice2'} = {vuln=>['2.6.23','2.6.24'],alt=>"diane_lane",cve=>"2008-0600", mil=>"http://www.exploit-db.com/exploits/5093"}; +$h{'vconsole'} = {vuln=>['2.6.'],cve=>"2009-1046"}; +$h{'sctp'} = {vuln=>['2.6.26'],cve=>"2008-4113"}; +$h{'ftrex'} = {vuln=>['2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22'],cve=>"2008-4210",mil=>"http://www.exploit-db.com/exploits/6851"}; +$h{'exit_notify'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],mil=>"http://www.exploit-db.com/exploits/8369"}; +$h{'udev'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],alt=>"udev <1.4.1",cve=>"2009-1185",mil=>"http://www.exploit-db.com/exploits/8478"}; +$h{'sock_sendpage2'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"proto_ops",cve=>"2009-2692",mil=>"http://milw0rm.com/exploits/9436"}; +$h{'sock_sendpage'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"wunderbar_emporium",cve=>"2009-2692",mil=>"http://milw0rm.com/exploits/9435"}; +$h{'udp_sendmsg_32bit'}={vuln=>['2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19'],cve=>"2009-2698", mil=>"http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c"}; +$h{'pipe.c_32bit'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],cve=>"2009-3547",mil=>"http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c"}; +$h{'do_pages_move'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],alt=>"sieve",cve=>"2010-0415",mil=>"Spenders Enlightenment"}; +$h{'reiserfs'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34'],cve=>"2010-1146",mil=>"http://www.exploit-db.com/exploits/12130/"}; +$h{'can_bcm'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-2959",mil=>"http://www.exploit-db.com/exploits/14814/"}; +$h{'rds'}={vuln=>['2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],mil=>"http://www.exploit-db.com/exploits/15285/",cve=>"2010-3904"}; +$h{'half_nelson'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3848",mil=>"http://www.exploit-db.com/exploits/6851"}; +$h{'half_nelson1'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3848",mil=>"http://www.exploit-db.com/exploits/17787/"}; +$h{'half_nelson2'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3850",mil=>"http://www.exploit-db.com/exploits/17787/"}; +$h{'half_nelson3'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-4073",mil=>"http://www.exploit-db.com/exploits/17787/"}; +$h{'caps_to_root'} = {vuln=>['2.6.34','2.6.35','2.6.36'],cve=>"n/a",mil=>"http://www.exploit-db.com/exploits/15916/"}; +$h{'american-sign-language'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-4347",mil=>"http://www.securityfocus.com/bid/45408/"}; +$h{'pktcdvd'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-3437",mil=>"http://www.exploit-db.com/exploits/15150/"}; +$h{'video4linux'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33'],cve=>"2010-3081",mil=>"http://www.exploit-db.com/exploits/15024/"}; +$h{'memodipper'} = {vuln=>['2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2012-0056",mil=>"http://www.exploit-db.com/exploits/18411/"}; +$h{'semtex'}={vuln=>['2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2013-2094",mil=>"www.exploit-db.com/download/25444/‎"}; +$h{'perf_swevent'}={vuln=>['3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4.0','3.4.1','3.4.2','3.4.3','3.4.4','3.4.5','3.4.6','3.4.8','3.4.9','3.5','3.6','3.7','3.8.0','3.8.1','3.8.2','3.8.3','3.8.4','3.8.5','3.8.6','3.8.7','3.8.8','3.8.9'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/26131"}; + +&run_main; + +sub run_main { +print "Possible Exploits:\n"; +foreach my $key(keys %h){ + foreach my $kernel ( @{ $h{$key}->{vuln} }){ +# printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; + if($khost=~/^$kernel$/){ + chop($kernel) if ($kernel=~/.$/); + print "[+] ".$key; + $alt=$h{$key}->{alt}; + $cve=$h{$key}->{cve}; + $mlw=$h{$key}->{mil}; + if ((length ($alt) >0)||(length ($cve) >0)){print "\n";} + if (length ($alt) >0){ print " Alt: $alt ";} + if (length ($cve) >0){ print " CVE-$cve";} + if (length ($mlw) >0){ print "\n Source: $mlw";} + print "\n"; + } + } +} +} + From 795e4200128d6316cd63f72da7197bbc0bb3d28a Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 26 Aug 2013 18:00:39 +0100 Subject: [PATCH 05/35] Update Linux_Exploit_Suggester.pl Updated milworm address to exploit-db addresses --- Linux_Exploit_Suggester.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 6bf9c6d..001c8dd 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -117,8 +117,8 @@ $h{'sctp'} = {vuln=>['2.6.26'],cve=>"2008-4113"}; $h{'ftrex'} = {vuln=>['2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22'],cve=>"2008-4210",mil=>"http://www.exploit-db.com/exploits/6851"}; $h{'exit_notify'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],mil=>"http://www.exploit-db.com/exploits/8369"}; $h{'udev'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],alt=>"udev <1.4.1",cve=>"2009-1185",mil=>"http://www.exploit-db.com/exploits/8478"}; -$h{'sock_sendpage2'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"proto_ops",cve=>"2009-2692",mil=>"http://milw0rm.com/exploits/9436"}; -$h{'sock_sendpage'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"wunderbar_emporium",cve=>"2009-2692",mil=>"http://milw0rm.com/exploits/9435"}; +$h{'sock_sendpage2'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"proto_ops",cve=>"2009-2692",mil=>"http://www.exploit-db.com/exploits/9436"}; +$h{'sock_sendpage'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"wunderbar_emporium",cve=>"2009-2692",mil=>"http://www.exploit-db.com/exploits/9435"}; $h{'udp_sendmsg_32bit'}={vuln=>['2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19'],cve=>"2009-2698", mil=>"http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c"}; $h{'pipe.c_32bit'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],cve=>"2009-3547",mil=>"http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c"}; $h{'do_pages_move'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],alt=>"sieve",cve=>"2010-0415",mil=>"Spenders Enlightenment"}; @@ -134,7 +134,7 @@ $h{'american-sign-language'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4',' $h{'pktcdvd'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-3437",mil=>"http://www.exploit-db.com/exploits/15150/"}; $h{'video4linux'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33'],cve=>"2010-3081",mil=>"http://www.exploit-db.com/exploits/15024/"}; $h{'memodipper'} = {vuln=>['2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2012-0056",mil=>"http://www.exploit-db.com/exploits/18411/"}; -$h{'semtex'}={vuln=>['2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2013-2094",mil=>"www.exploit-db.com/download/25444/‎"}; +$h{'semtex'}={vuln=>['2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/25444/‎"}; $h{'perf_swevent'}={vuln=>['3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4.0','3.4.1','3.4.2','3.4.3','3.4.4','3.4.5','3.4.6','3.4.8','3.4.9','3.5','3.6','3.7','3.8.0','3.8.1','3.8.2','3.8.3','3.8.4','3.8.5','3.8.6','3.8.7','3.8.8','3.8.9'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/26131"}; &run_main; From 572322f4701d51892568572d6359adf8dec3e5c5 Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 26 Aug 2013 19:42:41 +0100 Subject: [PATCH 06/35] Update Linux_Exploit_Suggester.pl Minor Corrections --- Linux_Exploit_Suggester.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 001c8dd..918a99e 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl =head1 NAME -Linux_Exploit_Checker.pl - A local exploit suggester for linux +Linux_Exploit_Suggester.pl - A local exploit suggester for linux =head1 DESCRIPTION @@ -30,7 +30,7 @@ Thanks to Brian for bugfixes, and sploit additions. =head1 LICENSE - Linux Exploit Checker + Linux Exploit Suggester This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -51,7 +51,7 @@ Thanks to Brian for bugfixes, and sploit additions. use Getopt::Std; -$VERSION="0.5"; +$VERSION="0.6"; my $khost=""; my %opts; getopt('k,h',\%opts); @@ -67,7 +67,7 @@ if (exists $opts{k}){ print "\nKernel local: $khost\n\n"; sub usage{ - print "Linux Exploit Checker $VERSION\n"; + print "Linux Exploit Suggester $VERSION\n"; print "Usage: \t$0 [-h] [-k kernel]\n"; print "\t[-h] help (this message)\n"; print "\t[-k] kernel number eg. 2.6.28\n"; From 5eb50ab80f2b2ebff8a7729396c25fb9a0909890 Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Tue, 27 Aug 2013 13:21:26 +0100 Subject: [PATCH 07/35] Update README.md Corrected formatting bug, that effected GitHub-View only --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8330f5b..c4e2f90 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Kernel local: 2.6.28 Possible Exploits: [+] sock_sendpage2 Alt: proto_ops CVE-2009-2692 - Source: http://milw0rm.com/exploits/9436 + Source: http://www.exploit-db.com/exploits/9436 [+] half_nelson3 Alt: econet CVE-2010-4073 Source: http://www.exploit-db.com/exploits/17787/ @@ -54,7 +54,7 @@ Possible Exploits: Alt: econet CVE-2010-3848 Source: http://www.exploit-db.com/exploits/6851 [+] udev - Alt: udev <1.4.1 CVE-2009-1185 + Alt: udev <1.4.1 CVE-2009-1185 Source: http://www.exploit-db.com/exploits/8478 [+] do_pages_move Alt: sieve CVE-2010-0415 @@ -78,7 +78,7 @@ Possible Exploits: Source: http://www.exploit-db.com/exploits/17787/ [+] sock_sendpage Alt: wunderbar_emporium CVE-2009-2692 - Source: http://milw0rm.com/exploits/9435 + Source: http://www.exploit-db.com/exploits/9435 [+] video4linux CVE-2010-3081 Source: http://www.exploit-db.com/exploits/15024/ From ae09cf4777e679892bcfe4969afc22dfdb153c68 Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Wed, 28 Aug 2013 21:37:03 +0100 Subject: [PATCH 08/35] added msr driver exploit --- Linux_Exploit_Suggester.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 918a99e..681670e 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -20,6 +20,8 @@ Andy (c) 10-07-2009 Thanks to Brian for bugfixes, and sploit additions. =head1 CHANGELOG +28-08-2013 added msr driver (Andy) + 12-06-2013 added perf_swevent (Andy) 23-01-2012 added memodipper (Andy) @@ -51,7 +53,7 @@ Thanks to Brian for bugfixes, and sploit additions. use Getopt::Std; -$VERSION="0.6"; +$VERSION="0.7"; my $khost=""; my %opts; getopt('k,h',\%opts); @@ -136,7 +138,7 @@ $h{'video4linux'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6 $h{'memodipper'} = {vuln=>['2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2012-0056",mil=>"http://www.exploit-db.com/exploits/18411/"}; $h{'semtex'}={vuln=>['2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/25444/‎"}; $h{'perf_swevent'}={vuln=>['3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4.0','3.4.1','3.4.2','3.4.3','3.4.4','3.4.5','3.4.6','3.4.8','3.4.9','3.5','3.6','3.7','3.8.0','3.8.1','3.8.2','3.8.3','3.8.4','3.8.5','3.8.6','3.8.7','3.8.8','3.8.9'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/26131"}; - +$h{'msr'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36','2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4','3.5','3.6','3.7.0','3.7.6'],cve=>"2013-0268",mil=>"http://www.exploit-db.com/exploits/27297/"}; &run_main; sub run_main { From 0b7bae25dbe6b5075a43fd172add74cbe3d92f8c Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Wed, 28 Aug 2013 21:39:00 +0100 Subject: [PATCH 09/35] corrected URL , thanks paraboloid --- Linux_Exploit_Suggester.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 681670e..6bf5d69 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -112,7 +112,7 @@ $h{'newsmp'} = { vuln=>['2.6.'] }; $h{'smpracer'} = { vuln=>['2.4.29'] }; $h{'loginx'} = { vuln=>['2.4.22'] }; $h{'exp.sh'} = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] }; -$h{'vmsplice1'} = {vuln=>['2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.24.1'],alt=>"jessica biel",cve=>"2008-0600",mil=>"http://www.expliot-db.com/exploits/5092"}; +$h{'vmsplice1'} = {vuln=>['2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.24.1'],alt=>"jessica biel",cve=>"2008-0600",mil=>"http://www.exploit-db.com/exploits/5092"}; $h{'vmsplice2'} = {vuln=>['2.6.23','2.6.24'],alt=>"diane_lane",cve=>"2008-0600", mil=>"http://www.exploit-db.com/exploits/5093"}; $h{'vconsole'} = {vuln=>['2.6.'],cve=>"2009-1046"}; $h{'sctp'} = {vuln=>['2.6.26'],cve=>"2008-4113"}; From 458833d62f742644c2708fc14524362c3e6c6ed2 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 14:20:57 -0300 Subject: [PATCH 10/35] moving documentation to the __END__ The perl parser stops parsing after it finds an __END__ tag. Moving the "pod" to the end should make things slightly faster on slower machines. It also provides for better organization, since you now get "code first, docs later" in your file. --- Linux_Exploit_Suggester.pl | 105 +++++++++++++++++++------------------ 1 file changed, 53 insertions(+), 52 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 6bf5d69..943917c 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -1,56 +1,4 @@ #!/usr/bin/perl -=head1 NAME - -Linux_Exploit_Suggester.pl - A local exploit suggester for linux - -=head1 DESCRIPTION - -This perl script will enumerate the possible exploits available for a given kernel version - -=head1 USAGE - $ Local_Exploit_Checker [-h] [-k kernel] - - [-h] help - [-k] kernel Eg. 2.6.28 - -=head1 AUTHOR - -Andy (c) 10-07-2009 - -Thanks to Brian for bugfixes, and sploit additions. - -=head1 CHANGELOG -28-08-2013 added msr driver (Andy) - -12-06-2013 added perf_swevent (Andy) - -23-01-2012 added memodipper (Andy) - -14-11-2011 bug fix to cut kernel version, plus a few more sploits listed (Brian) - -=cut - -=head1 LICENSE - - Linux Exploit Suggester - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -=cut - use Getopt::Std; $VERSION="0.7"; @@ -161,4 +109,57 @@ foreach my $key(keys %h){ } } } +__END__ +=head1 NAME + +Linux_Exploit_Suggester.pl - A local exploit suggester for linux + +=head1 DESCRIPTION + +This perl script will enumerate the possible exploits available for a given kernel version + +=head1 USAGE + $ Local_Exploit_Checker [-h] [-k kernel] + + [-h] help + [-k] kernel Eg. 2.6.28 + +=head1 AUTHOR + +Andy (c) 10-07-2009 + +Thanks to Brian for bugfixes, and sploit additions. + +=head1 CHANGELOG +28-08-2013 added msr driver (Andy) + +12-06-2013 added perf_swevent (Andy) + +23-01-2012 added memodipper (Andy) + +14-11-2011 bug fix to cut kernel version, plus a few more sploits listed (Brian) + +=cut + +=head1 LICENSE + + Linux Exploit Suggester + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +=cut + From de0d1862467b6c4e160d63cd3ac616b15a005cd3 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 14:37:08 -0300 Subject: [PATCH 11/35] using strict and warnings 'strict' forces the developer to declare variables before use, thus spotting some pretty hard to debug issues. 'warnings' trigger warning (non-fatal) messages whenever perl things the code is doing something that the developer did not intend, making the code more maintainable. --- Linux_Exploit_Suggester.pl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 943917c..e71fe2e 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -1,7 +1,9 @@ #!/usr/bin/perl +use strict; +use warnings; use Getopt::Std; -$VERSION="0.7"; +our $VERSION = "0.7"; my $khost=""; my %opts; getopt('k,h',\%opts); @@ -97,9 +99,9 @@ foreach my $key(keys %h){ if($khost=~/^$kernel$/){ chop($kernel) if ($kernel=~/.$/); print "[+] ".$key; - $alt=$h{$key}->{alt}; - $cve=$h{$key}->{cve}; - $mlw=$h{$key}->{mil}; + my $alt = $h{$key}->{alt}; + my $cve = $h{$key}->{cve}; + my $mlw = $h{$key}->{mil}; if ((length ($alt) >0)||(length ($cve) >0)){print "\n";} if (length ($alt) >0){ print " Alt: $alt ";} if (length ($cve) >0){ print " CVE-$cve";} From ccbc19f92c2ba212df4df11076cd02ea71ae53eb Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 15:48:25 -0300 Subject: [PATCH 12/35] removing warnings for uninitialized values when 'alt', 'cve' or 'mil' data is not available, the variables contain the undefined value. As such, calling length() on them trigger a warning. This patch changes the validation to simply check if the variables are defined. --- Linux_Exploit_Suggester.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index e71fe2e..64456b4 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -102,10 +102,10 @@ foreach my $key(keys %h){ my $alt = $h{$key}->{alt}; my $cve = $h{$key}->{cve}; my $mlw = $h{$key}->{mil}; - if ((length ($alt) >0)||(length ($cve) >0)){print "\n";} - if (length ($alt) >0){ print " Alt: $alt ";} - if (length ($cve) >0){ print " CVE-$cve";} - if (length ($mlw) >0){ print "\n Source: $mlw";} + if ($alt or $cve){print "\n";} + if ($alt){ print " Alt: $alt ";} + if ($cve){ print " CVE-$cve";} + if ($mlw){ print "\n Source: $mlw";} print "\n"; } } From 4cfff4a49f4d01c4a368185c3219f2b84cf3aea7 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 15:54:44 -0300 Subject: [PATCH 13/35] tidying the code This patch makes the code much easier to read by applying perltidy on the source. In particular, it makes the big exploit hash not only easier to figure out but also to extend and even debug. No code changes were made on this patch, just identation. --- Linux_Exploit_Suggester.pl | 523 ++++++++++++++++++++++++++++++------- 1 file changed, 423 insertions(+), 100 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 64456b4..eb5652c 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -4,113 +4,436 @@ use warnings; use Getopt::Std; our $VERSION = "0.7"; -my $khost=""; +my $khost = ""; my %opts; -getopt('k,h',\%opts); +getopt( 'k,h', \%opts ); -if (exists $opts{h}){ &usage;} +if ( exists $opts{h} ) { &usage; } -if (exists $opts{k}){ - $khost=$opts{k}; -}else{ - $khost = `uname -r |cut -d"-" -f1`; - chomp($khost); -} -print "\nKernel local: $khost\n\n"; +if ( exists $opts{k} ) { + $khost = $opts{k}; +} +else { + $khost = `uname -r |cut -d"-" -f1`; + chomp($khost); +} +print "\nKernel local: $khost\n\n"; -sub usage{ - print "Linux Exploit Suggester $VERSION\n"; - print "Usage: \t$0 [-h] [-k kernel]\n"; - print "\t[-h] help (this message)\n"; - print "\t[-k] kernel number eg. 2.6.28\n"; +sub usage { + print "Linux Exploit Suggester $VERSION\n"; + print "Usage: \t$0 [-h] [-k kernel]\n"; + print "\t[-h] help (this message)\n"; + print "\t[-k] kernel number eg. 2.6.28\n"; } -my %h; -$h{'w00t'} = { vuln=>['2.4.10','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21'] }; -$h{'brk'} = { vuln=>['2.4.10','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22'] }; -$h{'ave'} = { vuln=>['2.4.19','2.4.20'] }; -$h{'elflbl'} = { vuln=>['2.4.29'],mil=>"http://www.exploit-db.com/exploits/744/" }; -$h{'elfdump'} = { vuln=>['2.4.27'] }; -$h{'elfcd'} = {vuln=>['2.6.12']}; -$h{'expand_stack'} = { vuln=>['2.4.29'] }; -$h{'h00lyshit'} = { vuln=>['2.6.8','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16'],cve=>"2006-3626",mil=>"http://www.exploit-db.com/exploits/2013/"}; -$h{'kdump'} = { vuln=>['2.6.13'] }; -$h{'km2'} = { vuln=>['2.4.18','2.4.22'] }; -$h{'krad'} = { vuln=>['2.6.5','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11'] }; -$h{'krad3'} = { vuln=>['2.6.5','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11'],mil=>"http://exploit-db.com/exploits/1397" }; -$h{'local26'} = { vuln=>['2.6.13'] }; -$h{'loko'} = { vuln=>['2.4.22','2.4.23','2.4.24'] }; -$h{'mremap_pte'} = { vuln=>['2.4.20','2.2.24','2.4.25','2.4.26','2.4.27'],mil=>"http://www.exploit-db.com/exploits/160/" }; -$h{'newlocal'} = { vuln=>['2.4.17','2.4.19'] }; -$h{'ong_bak'} = { vuln=>['2.6.5'] }; -$h{'ptrace'} = { vuln=>['2.4.18','2.4.19','2.4.20','2.4.21','2.4.22']}; -$h{'ptrace_kmod'} = { vuln=>['2.4.18','2.4.19','2.4.20','2.4.21','2.4.22'],cve=>"2007-4573"}; -$h{'ptrace_kmod2'} = { vuln=>['2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34'],alt=>"ia32syscall,robert_you_suck",mil=>"http://www.exploit-db.com/exploits/15023/",cve=>"2010-3301"}; -$h{'ptrace24'} = { vuln=>['2.4.9'] }; -$h{'pwned'} = { vuln=>['2.6.11'] }; -$h{'py2'} = { vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] }; -$h{'raptor_prctl'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],cve=>"2006-2451",mil=>"http://www.exploit-db.com/exploits/2031/" }; -$h{'prctl'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2004/" }; -$h{'prctl2'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2005/"}; -$h{'prctl3'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2006/" }; -$h{'prctl4'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'] ,mil=>"http://www.exploit-db.com/exploits/2011/"}; -$h{'remap'} = { vuln=>['2.4.'] }; -$h{'rip'} = { vuln=>['2.2.'] }; -$h{'stackgrow2'} = { vuln=>['2.4.29','2.6.10'] }; -$h{'uselib24'} = { vuln=>['2.6.10','2.4.17','2.4.22','2.4.25','2.4.27','2.4.29'] }; -$h{'newsmp'} = { vuln=>['2.6.'] }; -$h{'smpracer'} = { vuln=>['2.4.29'] }; -$h{'loginx'} = { vuln=>['2.4.22'] }; -$h{'exp.sh'} = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] }; -$h{'vmsplice1'} = {vuln=>['2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.24.1'],alt=>"jessica biel",cve=>"2008-0600",mil=>"http://www.exploit-db.com/exploits/5092"}; -$h{'vmsplice2'} = {vuln=>['2.6.23','2.6.24'],alt=>"diane_lane",cve=>"2008-0600", mil=>"http://www.exploit-db.com/exploits/5093"}; -$h{'vconsole'} = {vuln=>['2.6.'],cve=>"2009-1046"}; -$h{'sctp'} = {vuln=>['2.6.26'],cve=>"2008-4113"}; -$h{'ftrex'} = {vuln=>['2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22'],cve=>"2008-4210",mil=>"http://www.exploit-db.com/exploits/6851"}; -$h{'exit_notify'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],mil=>"http://www.exploit-db.com/exploits/8369"}; -$h{'udev'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],alt=>"udev <1.4.1",cve=>"2009-1185",mil=>"http://www.exploit-db.com/exploits/8478"}; -$h{'sock_sendpage2'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"proto_ops",cve=>"2009-2692",mil=>"http://www.exploit-db.com/exploits/9436"}; -$h{'sock_sendpage'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"wunderbar_emporium",cve=>"2009-2692",mil=>"http://www.exploit-db.com/exploits/9435"}; -$h{'udp_sendmsg_32bit'}={vuln=>['2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19'],cve=>"2009-2698", mil=>"http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c"}; -$h{'pipe.c_32bit'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],cve=>"2009-3547",mil=>"http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c"}; -$h{'do_pages_move'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],alt=>"sieve",cve=>"2010-0415",mil=>"Spenders Enlightenment"}; -$h{'reiserfs'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34'],cve=>"2010-1146",mil=>"http://www.exploit-db.com/exploits/12130/"}; -$h{'can_bcm'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-2959",mil=>"http://www.exploit-db.com/exploits/14814/"}; -$h{'rds'}={vuln=>['2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],mil=>"http://www.exploit-db.com/exploits/15285/",cve=>"2010-3904"}; -$h{'half_nelson'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3848",mil=>"http://www.exploit-db.com/exploits/6851"}; -$h{'half_nelson1'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3848",mil=>"http://www.exploit-db.com/exploits/17787/"}; -$h{'half_nelson2'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3850",mil=>"http://www.exploit-db.com/exploits/17787/"}; -$h{'half_nelson3'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-4073",mil=>"http://www.exploit-db.com/exploits/17787/"}; -$h{'caps_to_root'} = {vuln=>['2.6.34','2.6.35','2.6.36'],cve=>"n/a",mil=>"http://www.exploit-db.com/exploits/15916/"}; -$h{'american-sign-language'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-4347",mil=>"http://www.securityfocus.com/bid/45408/"}; -$h{'pktcdvd'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-3437",mil=>"http://www.exploit-db.com/exploits/15150/"}; -$h{'video4linux'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33'],cve=>"2010-3081",mil=>"http://www.exploit-db.com/exploits/15024/"}; -$h{'memodipper'} = {vuln=>['2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2012-0056",mil=>"http://www.exploit-db.com/exploits/18411/"}; -$h{'semtex'}={vuln=>['2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/25444/‎"}; -$h{'perf_swevent'}={vuln=>['3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4.0','3.4.1','3.4.2','3.4.3','3.4.4','3.4.5','3.4.6','3.4.8','3.4.9','3.5','3.6','3.7','3.8.0','3.8.1','3.8.2','3.8.3','3.8.4','3.8.5','3.8.6','3.8.7','3.8.8','3.8.9'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/26131"}; -$h{'msr'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36','2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4','3.5','3.6','3.7.0','3.7.6'],cve=>"2013-0268",mil=>"http://www.exploit-db.com/exploits/27297/"}; -&run_main; +my %h = ( + 'w00t' => { + vuln => [ + '2.4.10', '2.4.16', '2.4.17', '2.4.18', + '2.4.19', '2.4.20', '2.4.21', + ] + }, + 'brk' => { + vuln => [ '2.4.10', '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ], + }, + 'ave' => { vuln => [ '2.4.19', '2.4.20' ] }, -sub run_main { -print "Possible Exploits:\n"; -foreach my $key(keys %h){ - foreach my $kernel ( @{ $h{$key}->{vuln} }){ -# printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; - if($khost=~/^$kernel$/){ - chop($kernel) if ($kernel=~/.$/); - print "[+] ".$key; - my $alt = $h{$key}->{alt}; - my $cve = $h{$key}->{cve}; - my $mlw = $h{$key}->{mil}; - if ($alt or $cve){print "\n";} - if ($alt){ print " Alt: $alt ";} - if ($cve){ print " CVE-$cve";} - if ($mlw){ print "\n Source: $mlw";} - print "\n"; - } - } -} -} + 'elflbl' => { + vuln => ['2.4.29'], + mil => 'http://www.exploit-db.com/exploits/744/', + }, + + 'elfdump' => { vuln => ['2.4.27'] }, + 'elfcd' => { vuln => ['2.6.12'] }, + 'expand_stack' => { vuln => ['2.4.29'] }, + + 'h00lyshit' => { + vuln => [ + '2.6.8', '2.6.10', '2.6.11', '2.6.12', + '2.6.13', '2.6.14', '2.6.15', '2.6.16', + ], + cve => '2006-3626', + mil => 'http://www.exploit-db.com/exploits/2013/', + }, + + 'kdump' => { vuln => ['2.6.13'] }, + 'km2' => { vuln => [ '2.4.18', '2.4.22' ] }, + 'krad' => + { vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ] }, + + 'krad3' => { + vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ], + mil => 'http://exploit-db.com/exploits/1397', + }, + + 'local26' => { vuln => ['2.6.13'] }, + 'loko' => { vuln => [ '2.4.22', '2.4.23', '2.4.24' ] }, + + 'mremap_pte' => { + vuln => [ '2.4.20', '2.2.24', '2.4.25', '2.4.26', '2.4.27' ], + mil => 'http://www.exploit-db.com/exploits/160/', + }, + + 'newlocal' => { vuln => [ '2.4.17', '2.4.19' ] }, + 'ong_bak' => { vuln => ['2.6.5'] }, + 'ptrace' => + { vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ] }, + 'ptrace_kmod' => { + vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ], + cve => '2007-4573', + }, + 'ptrace_kmod2' => { + vuln => [ + '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31', + '2.6.32', '2.6.33', '2.6.34', + ], + alt => 'ia32syscall,robert_you_suck', + mil => 'http://www.exploit-db.com/exploits/15023/', + cve => '2010-3301', + }, + 'ptrace24' => { vuln => ['2.4.9'] }, + 'pwned' => { vuln => ['2.6.11'] }, + 'py2' => { vuln => [ '2.6.9', '2.6.17', '2.6.15', '2.6.13' ] }, + 'raptor_prctl' => { + vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], + cve => '2006-2451', + mil => 'http://www.exploit-db.com/exploits/2031/', + }, + 'prctl' => { + vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], + mil => 'http://www.exploit-db.com/exploits/2004/', + }, + 'prctl2' => { + vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], + mil => 'http://www.exploit-db.com/exploits/2005/', + }, + 'prctl3' => { + vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], + mil => 'http://www.exploit-db.com/exploits/2006/', + }, + 'prctl4' => { + vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], + mil => 'http://www.exploit-db.com/exploits/2011/', + }, + 'remap' => { vuln => ['2.4.'] }, + 'rip' => { vuln => ['2.2.'] }, + 'stackgrow2' => { vuln => [ '2.4.29', '2.6.10' ] }, + 'uselib24' => { + vuln => [ '2.6.10', '2.4.17', '2.4.22', '2.4.25', '2.4.27', '2.4.29' ] + }, + 'newsmp' => { vuln => ['2.6.'] }, + 'smpracer' => { vuln => ['2.4.29'] }, + 'loginx' => { vuln => ['2.4.22'] }, + 'exp.sh' => { vuln => [ '2.6.9', '2.6.10', '2.6.16', '2.6.13' ] }, + 'vmsplice1' => { + vuln => [ + '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', + '2.6.23', '2.6.24', '2.6.24.1', + ], + alt => 'jessica biel', + cve => '2008-0600', + mil => 'http://www.exploit-db.com/exploits/5092', + }, + 'vmsplice2' => { + vuln => [ '2.6.23', '2.6.24' ], + alt => 'diane_lane', + cve => '2008-0600', + mil => 'http://www.exploit-db.com/exploits/5093', + }, + 'vconsole' => { + vuln => ['2.6.'], + cve => '2009-1046', + }, + 'sctp' => { + vuln => ['2.6.26'], + cve => '2008-4113', + }, + 'ftrex' => { + vuln => [ + '2.6.11', '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', + '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', + ], + cve => '2008-4210', + mil => 'http://www.exploit-db.com/exploits/6851', + }, + 'exit_notify' => { + vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ], + mil => 'http://www.exploit-db.com/exploits/8369', + }, + 'udev' => { + vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ], + alt => 'udev <1.4.1', + cve => '2009-1185', + mil => 'http://www.exploit-db.com/exploits/8478', + }, + + 'sock_sendpage2' => { + vuln => [ + '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', + '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', + '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', + '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', + '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', + '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1', + '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7', + '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13', + '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19', + '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25', + '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', + ], + alt => 'proto_ops', + cve => '2009-2692', + mil => 'http://www.exploit-db.com/exploits/9436', + }, + + 'sock_sendpage' => { + vuln => [ + '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', + '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', + '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', + '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', + '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', + '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1', + '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7', + '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13', + '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19', + '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25', + '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', + ], + alt => 'wunderbar_emporium', + cve => '2009-2692', + mil => 'http://www.exploit-db.com/exploits/9435', + }, + 'udp_sendmsg_32bit' => { + vuln => [ + '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', + '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', + '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', + '2.6.19', + ], + cve => '2009-2698', + mil => + 'http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c', + }, + 'pipe.c_32bit' => { + vuln => [ + '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', + '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', + '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', + '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', + '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', + '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.15', '2.6.16', + '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', + '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', + '2.6.29', '2.6.30', '2.6.31', + ], + cve => '2009-3547', + mil => + 'http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c', + }, + 'do_pages_move' => { + vuln => [ + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', + ], + alt => 'sieve', + cve => '2010-0415', + mil => 'Spenders Enlightenment', + }, + 'reiserfs' => { + vuln => [ + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', + ], + cve => '2010-1146', + mil => 'http://www.exploit-db.com/exploits/12130/', + }, + 'can_bcm' => { + vuln => [ + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + cve => '2010-2959', + mil => 'http://www.exploit-db.com/exploits/14814/', + }, + 'rds' => { + vuln => [ + '2.6.30', '2.6.31', '2.6.32', '2.6.33', + '2.6.34', '2.6.35', '2.6.36', + ], + mil => 'http://www.exploit-db.com/exploits/15285/', + cve => '2010-3904', + }, + 'half_nelson' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + alt => 'econet', + cve => '2010-3848', + mil => 'http://www.exploit-db.com/exploits/6851', + }, + 'half_nelson1' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + alt => 'econet', + cve => '2010-3848', + mil => 'http://www.exploit-db.com/exploits/17787/', + }, + 'half_nelson2' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + alt => 'econet', + cve => '2010-3850', + mil => 'http://www.exploit-db.com/exploits/17787/', + }, + 'half_nelson3' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + alt => 'econet', + cve => '2010-4073', + mil => 'http://www.exploit-db.com/exploits/17787/', + }, + 'caps_to_root' => { + vuln => [ '2.6.34', '2.6.35', '2.6.36' ], + cve => 'n/a', + mil => 'http://www.exploit-db.com/exploits/15916/', + }, + 'american-sign-language' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + cve => '2010-4347', + mil => 'http://www.securityfocus.com/bid/45408/', + }, + 'pktcdvd' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', + '2.6.36', + ], + cve => '2010-3437', + mil => 'http://www.exploit-db.com/exploits/15150/', + }, + 'video4linux' => { + vuln => [ + '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', + '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', + '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', + '2.6.30', '2.6.31', '2.6.32', '2.6.33', + ], + cve => '2010-3081', + mil => 'http://www.exploit-db.com/exploits/15024/', + }, + 'memodipper' => { + vuln => [ + '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', + '3.0.5', '3.0.6', '3.1.0', + ], + cve => '2012-0056', + mil => 'http://www.exploit-db.com/exploits/18411/', + }, + 'semtex' => { + vuln => [ + '2.6.37', '2.6.38', '2.6.39', '3.0.0', '3.0.1', '3.0.2', + '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.1.0', + ], + cve => '2013-2094', + mil => 'http://www.exploit-db.com/download/25444/‎', + }, + 'perf_swevent' => { + vuln => [ + '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', + '3.0.6', '3.1.0', '3.2', '3.3', '3.4.0', '3.4.1', + '3.4.2', '3.4.3', '3.4.4', '3.4.5', '3.4.6', '3.4.8', + '3.4.9', '3.5', '3.6', '3.7', '3.8.0', '3.8.1', + '3.8.2', '3.8.3', '3.8.4', '3.8.5', '3.8.6', '3.8.7', + '3.8.8', '3.8.9', + ], + cve => '2013-2094', + mil => 'http://www.exploit-db.com/download/26131', + }, + 'msr' => { + vuln => [ + '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', + '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.27', '2.6.28', + '2.6.29', '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', + '2.6.35', '2.6.36', '2.6.37', '2.6.38', '2.6.39', '3.0.0', + '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', + '3.1.0', '3.2', '3.3', '3.4', '3.5', '3.6', + '3.7.0', '3.7.6', + ], + cve => '2013-0268', + mil => 'http://www.exploit-db.com/exploits/27297/', + }, +); +&run_main; + +sub run_main { + print "Possible Exploits:\n"; + foreach my $key ( keys %h ) { + foreach my $kernel ( @{ $h{$key}->{vuln} } ) { + + # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; + if ( $khost =~ /^$kernel$/ ) { + chop($kernel) if ( $kernel =~ /.$/ ); + print "[+] " . $key; + my $alt = $h{$key}->{alt}; + my $cve = $h{$key}->{cve}; + my $mlw = $h{$key}->{mil}; + if ( $alt or $cve ) { + print "\n"; + } + if ( $alt ) { print " Alt: $alt "; } + if ( $cve ) { print " CVE-$cve"; } + if ( $mlw ) { print "\n Source: $mlw"; } + print "\n"; + } + } + } +} __END__ =head1 NAME From e303fa852fc142b25bca8c068990a19ccee6315e Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:12:16 -0300 Subject: [PATCH 14/35] minor tidying double quotes require the parser to look if there are variables to interpolate. Using single quotes when there are none is a good practice both for the visual hint to the developer and as a parsing hint to the perl interpreter. Also, sequential 'print' statements might require extra IO and clutter the code. It is recommended to either concatenate the strings (as this patch does) or, if the text is too big, using heredocs. --- Linux_Exploit_Suggester.pl | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index eb5652c..9db0eac 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -3,11 +3,12 @@ use strict; use warnings; use Getopt::Std; -our $VERSION = "0.7"; -my $khost = ""; +our $VERSION = '0.7'; +my $khost = ''; my %opts; getopt( 'k,h', \%opts ); + if ( exists $opts{h} ) { &usage; } if ( exists $opts{k} ) { @@ -20,10 +21,11 @@ else { print "\nKernel local: $khost\n\n"; sub usage { - print "Linux Exploit Suggester $VERSION\n"; - print "Usage: \t$0 [-h] [-k kernel]\n"; - print "\t[-h] help (this message)\n"; - print "\t[-k] kernel number eg. 2.6.28\n"; + print "Linux Exploit Suggester $VERSION\n" + . "Usage: \t$0 [-h] [-k kernel]\n" + . "\t[-h] help (this message)\n" + . "\t[-k] kernel number eg. 2.6.28\n" + ; } my %h = ( From 89c6380ff71c3c2efd4e53e6429d674807da8549 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:18:14 -0300 Subject: [PATCH 15/35] modernizing the code a bit As a good practice, post conditionals are used when there is just a simple condition and a single result. Also, Perl 5 recommends you call functions as 'name()' and not as '&name', which is legacy from the very very *very* old Perl 4 syntax (pre-1995), preserved simply for backwards compatibility purposes. --- Linux_Exploit_Suggester.pl | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 9db0eac..b1bf91c 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -4,13 +4,12 @@ use warnings; use Getopt::Std; our $VERSION = '0.7'; -my $khost = ''; + my %opts; getopt( 'k,h', \%opts ); +usage() if exists $opts{h}; - -if ( exists $opts{h} ) { &usage; } - +my $khost = ''; if ( exists $opts{k} ) { $khost = $opts{k}; } @@ -411,7 +410,7 @@ my %h = ( mil => 'http://www.exploit-db.com/exploits/27297/', }, ); -&run_main; +run_main(); sub run_main { print "Possible Exploits:\n"; From 03f6d7636df4525aeb6da280db4fd64687c3ca9e Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:37:01 -0300 Subject: [PATCH 16/35] get_kernel() and get_exploits() in, main() out This is a minor maintainability update for the code. It provides the get_kernel() and get_exploits() functions, and moves main() to the top of the script. As such, developers are able to see the complete logic of the code just by opening the file and looking at the very first lines. The 'exit' at the end of the code also guarantees that no extra data is processed, and the rest are just auxiliary functions, created to provide extra readability and maintainability. --- Linux_Exploit_Suggester.pl | 81 ++++++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 34 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index b1bf91c..635dace 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -9,16 +9,51 @@ my %opts; getopt( 'k,h', \%opts ); usage() if exists $opts{h}; -my $khost = ''; -if ( exists $opts{k} ) { - $khost = $opts{k}; -} -else { - $khost = `uname -r |cut -d"-" -f1`; - chomp($khost); -} +my $khost = get_kernel(); print "\nKernel local: $khost\n\n"; +my %exploits = get_exploits(); + +print "Possible Exploits:\n"; +foreach my $key ( keys %exploits ) { + foreach my $kernel ( @{ $exploits{$key}->{vuln} } ) { + + # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; + if ( $khost =~ /^$kernel$/ ) { + chop($kernel) if ( $kernel =~ /.$/ ); + print "[+] " . $key; + my $alt = $exploits{$key}->{alt}; + my $cve = $exploits{$key}->{cve}; + my $mlw = $exploits{$key}->{mil}; + if ( $alt or $cve ) { + print "\n"; + } + if ( $alt ) { print " Alt: $alt "; } + if ( $cve ) { print " CVE-$cve"; } + if ( $mlw ) { print "\n Source: $mlw"; } + print "\n"; + } + } +} +exit; + + +###################### +## extra functions ## +###################### + +sub get_kernel { + my $khost = ''; + if ( exists $opts{k} ) { + $khost = $opts{k}; + } + else { + $khost = `uname -r |cut -d"-" -f1`; + chomp($khost); + } + return $khost; +} + sub usage { print "Linux Exploit Suggester $VERSION\n" . "Usage: \t$0 [-h] [-k kernel]\n" @@ -27,7 +62,8 @@ sub usage { ; } -my %h = ( +sub get_exploits { + return ( 'w00t' => { vuln => [ '2.4.10', '2.4.16', '2.4.17', '2.4.18', @@ -409,32 +445,9 @@ my %h = ( cve => '2013-0268', mil => 'http://www.exploit-db.com/exploits/27297/', }, -); -run_main(); - -sub run_main { - print "Possible Exploits:\n"; - foreach my $key ( keys %h ) { - foreach my $kernel ( @{ $h{$key}->{vuln} } ) { - - # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; - if ( $khost =~ /^$kernel$/ ) { - chop($kernel) if ( $kernel =~ /.$/ ); - print "[+] " . $key; - my $alt = $h{$key}->{alt}; - my $cve = $h{$key}->{cve}; - my $mlw = $h{$key}->{mil}; - if ( $alt or $cve ) { - print "\n"; - } - if ( $alt ) { print " Alt: $alt "; } - if ( $cve ) { print " CVE-$cve"; } - if ( $mlw ) { print "\n Source: $mlw"; } - print "\n"; - } - } - } + ); } + __END__ =head1 NAME From e47c99f9e082f148fb92a788473e215027f2f832 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:41:08 -0300 Subject: [PATCH 17/35] removing extra (unnecessary) arrows --- Linux_Exploit_Suggester.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 635dace..109fc17 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -16,15 +16,15 @@ my %exploits = get_exploits(); print "Possible Exploits:\n"; foreach my $key ( keys %exploits ) { - foreach my $kernel ( @{ $exploits{$key}->{vuln} } ) { + foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; if ( $khost =~ /^$kernel$/ ) { chop($kernel) if ( $kernel =~ /.$/ ); print "[+] " . $key; - my $alt = $exploits{$key}->{alt}; - my $cve = $exploits{$key}->{cve}; - my $mlw = $exploits{$key}->{mil}; + my $alt = $exploits{$key}{alt}; + my $cve = $exploits{$key}{cve}; + my $mlw = $exploits{$key}{mil}; if ( $alt or $cve ) { print "\n"; } From cccf805438fe22a8913beaef1c10e70ce129752c Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:45:47 -0300 Subject: [PATCH 18/35] use 'eq' instead of /^str$/ performance increase, plus it makes it more clear what it is doing :) --- Linux_Exploit_Suggester.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 109fc17..4932cf1 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -19,7 +19,7 @@ foreach my $key ( keys %exploits ) { foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; - if ( $khost =~ /^$kernel$/ ) { + if ( $khost eq $kernel ) { chop($kernel) if ( $kernel =~ /.$/ ); print "[+] " . $key; my $alt = $exploits{$key}{alt}; From ef1bfe921caebfa68fd5aa8c68ef425e8b4f0546 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:47:00 -0300 Subject: [PATCH 19/35] removing code that's not used the 'chop if' was not useful, as $kernel was not really used afterwards. --- Linux_Exploit_Suggester.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 4932cf1..0442ab4 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -20,7 +20,6 @@ foreach my $key ( keys %exploits ) { # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; if ( $khost eq $kernel ) { - chop($kernel) if ( $kernel =~ /.$/ ); print "[+] " . $key; my $alt = $exploits{$key}{alt}; my $cve = $exploits{$key}{cve}; From 2f2dc4dc56ce464acdae3d81c46b7d9c18435b6b Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:48:22 -0300 Subject: [PATCH 20/35] putting $key inside the string no need to concat here --- Linux_Exploit_Suggester.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 0442ab4..3474c94 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -20,7 +20,7 @@ foreach my $key ( keys %exploits ) { # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; if ( $khost eq $kernel ) { - print "[+] " . $key; + print "[+] $key"; my $alt = $exploits{$key}{alt}; my $cve = $exploits{$key}{cve}; my $mlw = $exploits{$key}{mil}; From 5fed34266565cdd96eac98f5e1962d8d19bfa997 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 16:51:26 -0300 Subject: [PATCH 21/35] minor marketing, showcasing the amount of exploits :) --- Linux_Exploit_Suggester.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 3474c94..437d299 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -13,6 +13,7 @@ my $khost = get_kernel(); print "\nKernel local: $khost\n\n"; my %exploits = get_exploits(); +print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n"; print "Possible Exploits:\n"; foreach my $key ( keys %exploits ) { From 1cfcd779a46d6ed00676f8a524af7bd34f36f49d Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:05:08 -0300 Subject: [PATCH 22/35] optimization: stop looking at vuln after match some exploits work with several different kernel versions. This patch optimizes the code to move on to the next vuln after it finds out that the current exploit works with the provided kernel. This should provide a nice performance increase :) --- Linux_Exploit_Suggester.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 437d299..484f483 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -16,6 +16,7 @@ my %exploits = get_exploits(); print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n"; print "Possible Exploits:\n"; +EXPLOIT: foreach my $key ( keys %exploits ) { foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { @@ -32,6 +33,7 @@ foreach my $key ( keys %exploits ) { if ( $cve ) { print " CVE-$cve"; } if ( $mlw ) { print "\n Source: $mlw"; } print "\n"; + next EXPLOIT; } } } From bcccf168dd6abd178c53f2b1939ee89f2c004f75 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:24:17 -0300 Subject: [PATCH 23/35] new feature: partial kernel matches! now if the user provides a partial kernel such as "2.6" or "2.", the script will understand it's a partial kernel and show all matches, including the full vulnerable kernel version next to the kernel name! --- Linux_Exploit_Suggester.pl | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 484f483..31644f5 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -9,7 +9,7 @@ my %opts; getopt( 'k,h', \%opts ); usage() if exists $opts{h}; -my $khost = get_kernel(); +my ($khost, $is_partial) = get_kernel(); print "\nKernel local: $khost\n\n"; my %exploits = get_exploits(); @@ -21,8 +21,12 @@ foreach my $key ( keys %exploits ) { foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; - if ( $khost eq $kernel ) { + if ( $khost eq $kernel + or ($is_partial and index($kernel,$khost) == 0) + ) { print "[+] $key"; + print " ($kernel)" if $is_partial; + my $alt = $exploits{$key}{alt}; my $cve = $exploits{$key}{cve}; my $mlw = $exploits{$key}{mil}; @@ -46,6 +50,7 @@ exit; sub get_kernel { my $khost = ''; + if ( exists $opts{k} ) { $khost = $opts{k}; } @@ -53,7 +58,14 @@ sub get_kernel { $khost = `uname -r |cut -d"-" -f1`; chomp($khost); } - return $khost; + + # partial kernels might be provided by the user, + # such as '2.4' or '2.6.' + my $is_partial = $khost =~ /^\d+\.\d+\.\d/ ? 0 : 1; + if ($is_partial and substr($khost,-1) ne '.') { + $khost .= '.'; + } + return ($khost, $is_partial); } sub usage { From 3dd432d5e5f7153bea9589d4ac6a84bc34031584 Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:26:15 -0300 Subject: [PATCH 24/35] making sure the output is properly sorted hash key ordering should not be relied upon, as this may pose a security issue. Depending on the hash size and machine, the perl interpreter might optimize the hash variable by changing the key order. In more recent perls (5.18+), the hash keys order is randomized at every run to make programs more secure. This means the order of exploits shown was not guaranteed to be the same for every user, or even for the same user on different runs of the script. This patch sorts the keys, forcing them to always be displayed on the same order. --- Linux_Exploit_Suggester.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 31644f5..f24deac 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -17,7 +17,7 @@ print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n"; print "Possible Exploits:\n"; EXPLOIT: -foreach my $key ( keys %exploits ) { +foreach my $key ( sort keys %exploits ) { foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; From ce59d7658521c35c3fda0e4b6e6babc7d013b29d Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:31:06 -0300 Subject: [PATCH 25/35] removing debug comment --- Linux_Exploit_Suggester.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index f24deac..22035fd 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -20,7 +20,6 @@ EXPLOIT: foreach my $key ( sort keys %exploits ) { foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { - # printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost; if ( $khost eq $kernel or ($is_partial and index($kernel,$khost) == 0) ) { From 13aea294360ae592b2deb22f51419048076e52eb Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:38:50 -0300 Subject: [PATCH 26/35] code tidying --- Linux_Exploit_Suggester.pl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 22035fd..37781ef 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -9,19 +9,19 @@ my %opts; getopt( 'k,h', \%opts ); usage() if exists $opts{h}; -my ($khost, $is_partial) = get_kernel(); +my ( $khost, $is_partial ) = get_kernel(); print "\nKernel local: $khost\n\n"; my %exploits = get_exploits(); print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n"; - print "Possible Exploits:\n"; + EXPLOIT: foreach my $key ( sort keys %exploits ) { foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { if ( $khost eq $kernel - or ($is_partial and index($kernel,$khost) == 0) + or ( $is_partial and index($kernel,$khost) == 0 ) ) { print "[+] $key"; print " ($kernel)" if $is_partial; @@ -55,16 +55,16 @@ sub get_kernel { } else { $khost = `uname -r |cut -d"-" -f1`; - chomp($khost); + chomp $khost; } # partial kernels might be provided by the user, # such as '2.4' or '2.6.' my $is_partial = $khost =~ /^\d+\.\d+\.\d/ ? 0 : 1; - if ($is_partial and substr($khost,-1) ne '.') { + if ( $is_partial and substr($khost,-1) ne '.' ) { $khost .= '.'; } - return ($khost, $is_partial); + return ( $khost, $is_partial ); } sub usage { From c25a397dee717b656b47c1c36efee0e5c2e0403d Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:51:49 -0300 Subject: [PATCH 27/35] documenting the partial kernel feature --- Linux_Exploit_Suggester.pl | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 37781ef..36b4ff1 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -68,11 +68,17 @@ sub get_kernel { } sub usage { - print "Linux Exploit Suggester $VERSION\n" - . "Usage: \t$0 [-h] [-k kernel]\n" - . "\t[-h] help (this message)\n" - . "\t[-k] kernel number eg. 2.6.28\n" - ; + print <<"EOUSAGE"; +Linux Exploit Suggester $VERSION +Usage: \t$0 [-h] [-k kernel] + +[-h] help (this message) +[-k] kernel number eg. 2.6.28 + +You can also provide a partial kernel version (eg. 2.4) +to see all exploits available. + +EOUSAGE } sub get_exploits { @@ -476,6 +482,9 @@ This perl script will enumerate the possible exploits available for a given kern [-h] help [-k] kernel Eg. 2.6.28 +You can also provide a partial kernel version (eg. 2.4) +to see all exploits available. + =head1 AUTHOR Andy (c) 10-07-2009 From 659eb631786fd2803c6a3ec5e7467abfa8b52d1b Mon Sep 17 00:00:00 2001 From: "Breno G. de Oliveira" Date: Thu, 5 Sep 2013 17:53:52 -0300 Subject: [PATCH 28/35] bumping up new version and changelog --- Linux_Exploit_Suggester.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 36b4ff1..92493c8 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -3,7 +3,7 @@ use strict; use warnings; use Getopt::Std; -our $VERSION = '0.7'; +our $VERSION = '0.8'; my %opts; getopt( 'k,h', \%opts ); @@ -492,6 +492,8 @@ Andy (c) 10-07-2009 Thanks to Brian for bugfixes, and sploit additions. =head1 CHANGELOG +05-09-2013 code cleanup/optimizations and partial kernel feature (garu) + 28-08-2013 added msr driver (Andy) 12-06-2013 added perf_swevent (Andy) From 715cce405b2b71bb7e72886aae7d1b3b13c14caa Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 3 Feb 2014 09:49:14 +0000 Subject: [PATCH 29/35] added cve-2014-0038 --- Linux_Exploit_Suggester.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index 92493c8..e041729 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -464,6 +464,13 @@ sub get_exploits { cve => '2013-0268', mil => 'http://www.exploit-db.com/exploits/27297/', }, + 'timeoutpwn' => { + vuln => [ + '3.4.0', + ], + cve => '2014-0038', + mil => 'http://www.exploit-db.com/exploits/31346/', + }, ); } From 90a2a3d15ecd5930c2a0aed149b8ea61a7e18afd Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Sat, 22 Feb 2014 18:28:25 +0000 Subject: [PATCH 30/35] Update Linux_Exploit_Suggester.pl CVE-2014-0038 added more vulnerable kernels --- Linux_Exploit_Suggester.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index e041729..f852608 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -3,7 +3,7 @@ use strict; use warnings; use Getopt::Std; -our $VERSION = '0.8'; +our $VERSION = '0.9'; my %opts; getopt( 'k,h', \%opts ); @@ -466,7 +466,7 @@ sub get_exploits { }, 'timeoutpwn' => { vuln => [ - '3.4.0', + '3.4','3.5','3.6','3.7','3.8','3.9','3.10', ], cve => '2014-0038', mil => 'http://www.exploit-db.com/exploits/31346/', From 9db2f5a2af9cbaf4170ccb3b2674b92487fbca03 Mon Sep 17 00:00:00 2001 From: Andrew Davies Date: Mon, 19 May 2014 00:18:10 +0100 Subject: [PATCH 31/35] bug fixes and added cve-2014-0196 --- Linux_Exploit_Suggester.pl | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Linux_Exploit_Suggester.pl b/Linux_Exploit_Suggester.pl index f852608..3124d2a 100755 --- a/Linux_Exploit_Suggester.pl +++ b/Linux_Exploit_Suggester.pl @@ -60,7 +60,7 @@ sub get_kernel { # partial kernels might be provided by the user, # such as '2.4' or '2.6.' - my $is_partial = $khost =~ /^\d+\.\d+\.\d/ ? 0 : 1; + my $is_partial = $khost =~ /^\d+\.\d+\.?\d?/ ? 0 : 1; if ( $is_partial and substr($khost,-1) ne '.' ) { $khost .= '.'; } @@ -466,11 +466,22 @@ sub get_exploits { }, 'timeoutpwn' => { vuln => [ - '3.4','3.5','3.6','3.7','3.8','3.9','3.10', + '3.4', '3.5', '3.6', '3.7', '3.8', '3.8.9', '3.9', '3.10', + '3.11', '3.12', '3.13', '3.4.0', '3.5.0', '3.6.0', '3.7.0', + '3.8.0','3.8.5', '3.8.6', '3.8.9', '3.9.0', '3.9.6', + '3.10.0','3.10.6', '3.11.0','3.12.0','3.13.0','3.13.1' ], cve => '2014-0038', mil => 'http://www.exploit-db.com/exploits/31346/', }, + 'rawmodePTY' => { + vuln => [ + '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', '2.6.36', '2.6.37', + '2.6.38', '2.6.39', '3.14', '3.15' + ], + cve => '2014-0196', + mil => 'http://packetstormsecurity.com/files/download/126603/cve-2014-0196-md.c', + }, ); } @@ -499,6 +510,8 @@ Andy (c) 10-07-2009 Thanks to Brian for bugfixes, and sploit additions. =head1 CHANGELOG +19-04-2014 added cve-2014-0196 and bug fixes (Andy) + 05-09-2013 code cleanup/optimizations and partial kernel feature (garu) 28-08-2013 added msr driver (Andy) From 24536492381229c8ba267cdb21e6386f7f16d0aa Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 19 May 2014 06:56:07 +0100 Subject: [PATCH 32/35] Create gh-pages branch via GitHub --- images/bkg.png | Bin 0 -> 4261 bytes images/blacktocat.png | Bin 0 -> 1266 bytes index.html | 67 ++++++++++ javascripts/main.js | 1 + params.json | 1 + stylesheets/pygment_trac.css | 68 ++++++++++ stylesheets/stylesheet.css | 247 +++++++++++++++++++++++++++++++++++ 7 files changed, 384 insertions(+) create mode 100644 images/bkg.png create mode 100644 images/blacktocat.png create mode 100644 index.html create mode 100644 javascripts/main.js create mode 100644 params.json create mode 100644 stylesheets/pygment_trac.css create mode 100644 stylesheets/stylesheet.css diff --git a/images/bkg.png b/images/bkg.png new file mode 100644 index 0000000000000000000000000000000000000000..fcebb5b22999adb792afee1f74bcf4af91db8441 GIT binary patch literal 4261 zcmai24OG(S8mBsUyM3)~ZEIE-v#qwa1Vm(_WaZcF4$Tzl!!$x9YVt?^Am9ho*2lIQ zTie~ak)qq&rWX>8T6nEuDuzAQq;*m$U_enEjIf_wTdeFYT{JoQD5|@shXlvVcOKfW~DY zHWUE68K|@(8k4bwK`Rgy8yWEk#GD9L_Ez3j^7}+OP!vh??}-!^abRx*B0fRLq0#p- zc&ObBCW}pqaOzqkP^+4>M6iip9W9{ohX*|-IT#4SlFk8;5lDPj+g$04H80)Ze>fQtmU zOf)t&Hr5{_DrzmfV=X9R^Jv1gY;a{DLJ|X{b6Ff73t*%C5ox;tK93XuBb_-y5$ADO zHu$JaaKX?*8V8My#Q2XC*hnUa-da@jcsIz~!gzxBse!?45r=`^!TNt2HYP=5@QE9vlA}}JO%C`b0d#&5gUt*07CiBd4(jWt zLJWhZKp#6>gL!$$qVD|Wzk7)}V zkBQGx@@9q_1yr6q017Ty@?&EzVH&nI8Gv!-^x=W~}{IQz$!k{zA98=Ti? z9cVfF`8lawJL&Vf$95Qs%Nvf1vh7mQMX#$ul8xKfXp?90UsgyjF)tIRCdvlh?KrbH zv$~{=QZbg@;?kDY?!_;sOnP!E$WC_y*L!11kJ$Bv5P=FueEclp=B)kG%NZ+7YOGoP zR-EH7=(Ixzm4*4r!U~*|*f}&ewbAzZg$rV7yy&TpH)pNSQqOg{CC4>}G40e2em2s* zKCkIZr2DpNqSZ@AS6r{w4k}39fVJzZXAy0G=<@V(rsuz5bVoeL zq+fMF{HYOh*>$N+ro3`@%}CQfL>5o_WPYe}`@$iaZYz~6GhYY36SpGGi3vX>Q!if_ zW9q{cdi5&xHzBM2OL>Yxeo@({8F}vGo)?H9zB*<}?_KK~<>Ca;lrUut0s0QfGvOOQ zX|CGP-t&oefY|ZSCUqIdWgV^RD9OM76AmFBk^+y@7AoJF~M91Md>YK-Oz2RcP>?)IpVnVhM_99yGk?`*T+XD zwBp#*t06#hT90_d;P)Bbq_WluNSRZ6dv$X^6I1e|_Ex>3C+}~eO6?xaH@&~Jr03}Q z0ll4KqB|?}$cD=Fj)(0>75P8jfk6WSLIxx#!0NJlW3XW4xh2*vK>a`=aGXCgp^dBC zWbsw8pkoUCTuEOjesHP=HT~O?9Z4p1!un#t@AR82drx@}=8y;C3Sro$7oR@K z@IaRLzRu~|mYn_qwVlpXQ4GdGlX91Qv1*s4X`3a?xBTl+6gjVY8?3u26I5R*7URK1 zE=Ac&mvpCFg3I5*AIz?JhVVgKZ%aQcCA1(@d7`&1KFgm|=7IU)9eu`jukwd}^DxEQ zG;~TIDm9)ab}d=d-5BROfvdYfco-jDRg|~dWgdF4?0Ij6Qg{#XJ0ZZVfM`CND7eoe z%RgC$+LKp`BM6{vjBl?JHK}!kDD{<2amH)l>0X#6e?t7&y3fzGT8is#^2aMbRTCk; zJ(sUXP5}^>+6yzxOEHYVr)^ywMD4BNP?p-pCJgbFKiOU??lf*qwM^j7+rsdqkb`_< zu8XfLVd}?QOz?^->D^mk<}$@nMGhUVuWEj*zsW&W*LTpG#BI`{j3U;d25*I>wQU<%>f=gRb zoB3nzuQZE1VsAI0q9Fu1XeEnWrw61}#&RdiUgeSC)MCg}l56y>n~zJy4~!oRrSk?+ z^|z_7X!7ri<33}WCtfkPM{XaK)*O=Vv)t7yh&CgA{MMuALtvt3t{B)Nx2!U`E3tjf z`teF@drzmAWoULxts_H3G-*w!78UQbn(XfG6=khyzw@p2!)9aEeaHEud<#kD>9RSO zv4-4-Lmar@`!;{Jr^WQv-8GcOR=etVt>w3~j-~BA%P8I!s&Ds3L;i|4t7Purz>$NZ zLdX8z;(M{+ihDk&gD&7dmuocXNUmXK-XYTv4@Mt2?u>v1tjpHoom4}Y)wInK=54oY zKa}v{yU`|fgO;#gLyBgiBOG!z#3@XkTfXu8c}+PK=2_c1mzO*scsQco@tHBs5OfZs z$8NNh_v)za2hh3d!{9GC=2^!u6$x6F3k_b)0HLi@ubw9%xBZ3Ommvims*{jB*0zSC zJ49_LfLb#7dYNlHqdQGMY}V}ji|0&vzYZYi^bR?WnGau-m&DBM#vB>^$Z&(5&gG#x zJ`xV$h>ipCjn@`3+01KQ+utac5>+Ws#n+nJvi`lWegz$?!qujlbLb{{(_)p_l1Z+( zdM>W^kZsfPn#(4ql5bnklzKaaX49VdUT_o$9aG z(}gb@7Cr`Hs63vrG-d~*-Ew3l)s6YthL%Ht*{ ze%1=aHvnw3uQBA!TwFcao}XkUs49=`tQ%O)vYY}elzL*VuTX(=8u_V>j)}r>S4Uh~ zh>GVehE`=Smd4(neDmas=pLEo)|t(XUs77pn;QoN(54u9Jv>@Lm8^V);kZT#8jv3` z&GiE#r51T-G5W5_uCs-YQIy9$Bn^A%)S!H7$u7ib&EeDgKaH>T|KlJnIXy|Wao30c E2cLQQbpQYW literal 0 HcmV?d00001 diff --git a/images/blacktocat.png b/images/blacktocat.png new file mode 100644 index 0000000000000000000000000000000000000000..273d5710a2e0968d77584ad073e4a089fbfd7e68 GIT binary patch literal 1266 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`k|nMYCBgY=CFO}lsSJ)O`AMk? zp1FzXsX?iUDV2pMQ*9U+nA0*tB1$5BeXNr6bM+EIYV;~{3xK*A7;Nk-3KEmEQ%e+* zQqwc@Y?a>c-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxKsVXI%s|1+P|wiV z#N6CmN5ROz&_Lh7NZ-&%*U;R`*vQJjKmiJrfVLH-q*(>IxIyg#@@$ndN=gc>^!3Zj z%k|2Q_413-^$jg8EkR}&8R-I5=oVMzl_XZ^<`pZ$OmImpPA){ffi_eM3D1{oGuTzrd=COM+4n&cLd=IHa;5RX-@T zIKQ+g85kdF$}r8qu)}W=NFmTQR{lkqz(`5Vami0E%}vcK@pQ3O0?O#6WTsdd7+V+^ z8k(CJm>U_GSr{5xm>asenYlPSS~yx7IT;(l%)qAC#mvab6&Utr2Bs#4hOUN|=4MVV zCI+U?PDZXKZWgXEy`Fi+C5d^-sW5vpf%Zc6n&H)JD;QCfH z^og8&1M`mKzE)l;d=qjrb~vvJSy|Mouyo1dg^ni6?thVCs0yAf`Q@5aq}s+K9`V=C z{rP`=v-NB<-^nFOYBRV_`Rx;uVYQy^)9a}ALqMd-xJi4fVcRLrrgF#H^(z_`gmYNg z8`ZC~^QU(&GySnBKw|Qotw~8oCN7?p;&T4i?d&@L$Gl%$8&-dv`S`$=`T36X{>ZDw zT=kLd?0S^caPZI_ua^-qKl~;=EWB<}?CV->TJO$Qp2Pd-+ + + + + + + + + + + Linux Exploit Suggester by PenturaLabs + + + + +
+
+

Linux Exploit Suggester

+

Suggest possible kernel-level Linux exploits based on the Operating System release number.

+ +
+ Download as .zip + Download as .tar.gz + View on GitHub +
+
+
+ +
+
+

+Welcome to GitHub Pages.

+ +

This automatic page generator is the easiest way to create beautiful pages for all of your projects. Author your page content here using GitHub Flavored Markdown, select a template crafted by a designer, and publish. After your page is generated, you can check out the new branch:

+ +
$ cd your_repo_root/repo_name
+$ git fetch origin
+$ git checkout gh-pages
+
+ +

If you're using the GitHub for Mac, simply sync your repository and you'll see the new branch.

+ +

+Designer Templates

+ +

We've crafted some handsome templates for you to use. Go ahead and continue to layouts to browse through them. You can easily go back to edit your page before publishing. After publishing your page, you can revisit the page generator and switch to another theme. Your Page content will be preserved if it remained markdown format.

+ +

+Rather Drive Stick?

+ +

If you prefer to not use the automatic generator, push a branch named gh-pages to your repository to create a page manually. In addition to supporting regular HTML content, GitHub Pages support Jekyll, a simple, blog aware static site generator written by our own Tom Preston-Werner. Jekyll makes it easy to create site-wide headers and footers without having to copy them across every page. It also offers intelligent blog support and other advanced templating features.

+ +

+Authors and Contributors

+ +

You can @mention a GitHub username to generate a link to their profile. The resulting <a> element will link to the contributor's GitHub Profile. For example: In 2007, Chris Wanstrath (@defunkt), PJ Hyett (@pjhyett), and Tom Preston-Werner (@mojombo) founded GitHub.

+ +

+Support or Contact

+ +

Having trouble with Pages? Check out the documentation at http://help.github.com/pages or contact support@github.com and we’ll help you sort it out.

+
+
+ + + + \ No newline at end of file diff --git a/javascripts/main.js b/javascripts/main.js new file mode 100644 index 0000000..d8135d3 --- /dev/null +++ b/javascripts/main.js @@ -0,0 +1 @@ +console.log('This would be the main JS file.'); diff --git a/params.json b/params.json new file mode 100644 index 0000000..2c433f7 --- /dev/null +++ b/params.json @@ -0,0 +1 @@ +{"name":"Linux Exploit Suggester","tagline":"Suggest possible kernel-level Linux exploits based on the Operating System release number. ","body":"### Welcome to GitHub Pages.\r\nThis automatic page generator is the easiest way to create beautiful pages for all of your projects. Author your page content here using GitHub Flavored Markdown, select a template crafted by a designer, and publish. After your page is generated, you can check out the new branch:\r\n\r\n```\r\n$ cd your_repo_root/repo_name\r\n$ git fetch origin\r\n$ git checkout gh-pages\r\n```\r\n\r\nIf you're using the GitHub for Mac, simply sync your repository and you'll see the new branch.\r\n\r\n### Designer Templates\r\nWe've crafted some handsome templates for you to use. Go ahead and continue to layouts to browse through them. You can easily go back to edit your page before publishing. After publishing your page, you can revisit the page generator and switch to another theme. Your Page content will be preserved if it remained markdown format.\r\n\r\n### Rather Drive Stick?\r\nIf you prefer to not use the automatic generator, push a branch named `gh-pages` to your repository to create a page manually. In addition to supporting regular HTML content, GitHub Pages support Jekyll, a simple, blog aware static site generator written by our own Tom Preston-Werner. Jekyll makes it easy to create site-wide headers and footers without having to copy them across every page. It also offers intelligent blog support and other advanced templating features.\r\n\r\n### Authors and Contributors\r\nYou can @mention a GitHub username to generate a link to their profile. The resulting `` element will link to the contributor's GitHub Profile. For example: In 2007, Chris Wanstrath (@defunkt), PJ Hyett (@pjhyett), and Tom Preston-Werner (@mojombo) founded GitHub.\r\n\r\n### Support or Contact\r\nHaving trouble with Pages? Check out the documentation at http://help.github.com/pages or contact support@github.com and we’ll help you sort it out.\r\n","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."} \ No newline at end of file diff --git a/stylesheets/pygment_trac.css b/stylesheets/pygment_trac.css new file mode 100644 index 0000000..d1df6a2 --- /dev/null +++ b/stylesheets/pygment_trac.css @@ -0,0 +1,68 @@ +.highlight .c { color: #999988; font-style: italic } /* Comment */ +.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ +.highlight .k { font-weight: bold } /* Keyword */ +.highlight .o { font-weight: bold } /* Operator */ +.highlight .cm { color: #999988; font-style: italic } /* Comment.Multiline */ +.highlight .cp { color: #999999; font-weight: bold } /* Comment.Preproc */ +.highlight .c1 { color: #999988; font-style: italic } /* Comment.Single */ +.highlight .cs { color: #999999; font-weight: bold; font-style: italic } /* Comment.Special */ +.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ +.highlight .gd .x { color: #000000; background-color: #ffaaaa } /* Generic.Deleted.Specific */ +.highlight .ge { font-style: italic } /* Generic.Emph */ +.highlight .gr { color: #aa0000 } /* Generic.Error */ +.highlight .gh { color: #999999 } /* Generic.Heading */ +.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ +.highlight .gi .x { color: #000000; background-color: #aaffaa } /* Generic.Inserted.Specific */ +.highlight .go { color: #888888 } /* Generic.Output */ +.highlight .gp { color: #555555 } /* Generic.Prompt */ +.highlight .gs { font-weight: bold } /* Generic.Strong */ +.highlight .gu { color: #800080; font-weight: bold; } /* Generic.Subheading */ +.highlight .gt { color: #aa0000 } /* Generic.Traceback */ +.highlight .kc { font-weight: bold } /* Keyword.Constant */ +.highlight .kd { font-weight: bold } /* Keyword.Declaration */ +.highlight .kn { font-weight: bold } /* Keyword.Namespace */ +.highlight .kp { font-weight: bold } /* Keyword.Pseudo */ +.highlight .kr { font-weight: bold } /* Keyword.Reserved */ +.highlight .kt { color: #445588; font-weight: bold } /* Keyword.Type */ +.highlight .m { color: #009999 } /* Literal.Number */ +.highlight .s { color: #d14 } /* Literal.String */ +.highlight .na { color: #008080 } /* Name.Attribute */ +.highlight .nb { color: #0086B3 } /* Name.Builtin */ +.highlight .nc { color: #445588; font-weight: bold } /* Name.Class */ +.highlight .no { color: #008080 } /* Name.Constant */ +.highlight .ni { color: #800080 } /* Name.Entity */ +.highlight .ne { color: #990000; font-weight: bold } /* Name.Exception */ +.highlight .nf { color: #990000; font-weight: bold } /* Name.Function */ +.highlight .nn { color: #555555 } /* Name.Namespace */ +.highlight .nt { color: #CBDFFF } /* Name.Tag */ +.highlight .nv { color: #008080 } /* Name.Variable */ +.highlight .ow { font-weight: bold } /* Operator.Word */ +.highlight .w { color: #bbbbbb } /* Text.Whitespace */ +.highlight .mf { color: #009999 } /* Literal.Number.Float */ +.highlight .mh { color: #009999 } /* Literal.Number.Hex */ +.highlight .mi { color: #009999 } /* Literal.Number.Integer */ +.highlight .mo { color: #009999 } /* Literal.Number.Oct */ +.highlight .sb { color: #d14 } /* Literal.String.Backtick */ +.highlight .sc { color: #d14 } /* Literal.String.Char */ +.highlight .sd { color: #d14 } /* Literal.String.Doc */ +.highlight .s2 { color: #d14 } /* Literal.String.Double */ +.highlight .se { color: #d14 } /* Literal.String.Escape */ +.highlight .sh { color: #d14 } /* Literal.String.Heredoc */ +.highlight .si { color: #d14 } /* Literal.String.Interpol */ +.highlight .sx { color: #d14 } /* Literal.String.Other */ +.highlight .sr { color: #009926 } /* Literal.String.Regex */ +.highlight .s1 { color: #d14 } /* Literal.String.Single */ +.highlight .ss { color: #990073 } /* Literal.String.Symbol */ +.highlight .bp { color: #999999 } /* Name.Builtin.Pseudo */ +.highlight .vc { color: #008080 } /* Name.Variable.Class */ +.highlight .vg { color: #008080 } /* Name.Variable.Global */ +.highlight .vi { color: #008080 } /* Name.Variable.Instance */ +.highlight .il { color: #009999 } /* Literal.Number.Integer.Long */ + +.type-csharp .highlight .k { color: #0000FF } +.type-csharp .highlight .kt { color: #0000FF } +.type-csharp .highlight .nf { color: #000000; font-weight: normal } +.type-csharp .highlight .nc { color: #2B91AF } +.type-csharp .highlight .nn { color: #000000 } +.type-csharp .highlight .s { color: #A31515 } +.type-csharp .highlight .sc { color: #A31515 } diff --git a/stylesheets/stylesheet.css b/stylesheets/stylesheet.css new file mode 100644 index 0000000..a54a639 --- /dev/null +++ b/stylesheets/stylesheet.css @@ -0,0 +1,247 @@ +body { + margin: 0; + padding: 0; + background: #151515 url("../images/bkg.png") 0 0; + color: #eaeaea; + font: 16px; + line-height: 1.5; + font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; +} + +/* General & 'Reset' Stuff */ + +.container { + width: 90%; + max-width: 600px; + margin: 0 auto; +} + +section { + display: block; + margin: 0 0 20px 0; +} + +h1, h2, h3, h4, h5, h6 { + margin: 0 0 20px; +} + +li { + line-height: 1.4 ; +} + +/* Header,
+ header - container + h1 - project name + h2 - project description +*/ + +header { + background: rgba(0, 0, 0, 0.1); + width: 100%; + border-bottom: 1px dashed #b5e853; + padding: 20px 0; + margin: 0 0 40px 0; +} + +header h1 { + font-size: 30px; + line-height: 1.5; + margin: 0 0 0 -40px; + font-weight: bold; + font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; + color: #b5e853; + text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1), + 0 0 5px rgba(181, 232, 83, 0.1), + 0 0 10px rgba(181, 232, 83, 0.1); + letter-spacing: -1px; + -webkit-font-smoothing: antialiased; +} + +header h1:before { + content: "./ "; + font-size: 24px; +} + +header h2 { + font-size: 18px; + font-weight: 300; + color: #666; +} + +#downloads .btn { + display: inline-block; + text-align: center; + margin: 0; +} + +/* Main Content +*/ + +#main_content { + width: 100%; + -webkit-font-smoothing: antialiased; +} +section img { + max-width: 100% +} + +h1, h2, h3, h4, h5, h6 { + font-weight: normal; + font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; + color: #b5e853; + letter-spacing: -0.03em; + text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1), + 0 0 5px rgba(181, 232, 83, 0.1), + 0 0 10px rgba(181, 232, 83, 0.1); +} + +#main_content h1 { + font-size: 30px; +} + +#main_content h2 { + font-size: 24px; +} + +#main_content h3 { + font-size: 18px; +} + +#main_content h4 { + font-size: 14px; +} + +#main_content h5 { + font-size: 12px; + text-transform: uppercase; + margin: 0 0 5px 0; +} + +#main_content h6 { + font-size: 12px; + text-transform: uppercase; + color: #999; + margin: 0 0 5px 0; +} + +dt { + font-style: italic; + font-weight: bold; +} + +ul li { + list-style: none; +} + +ul li:before { + content: ">>"; + font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; + font-size: 13px; + color: #b5e853; + margin-left: -37px; + margin-right: 21px; + line-height: 16px; +} + +blockquote { + color: #aaa; + padding-left: 10px; + border-left: 1px dotted #666; +} + +pre { + background: rgba(0, 0, 0, 0.9); + border: 1px solid rgba(255, 255, 255, 0.15); + padding: 10px; + font-size: 14px; + color: #b5e853; + border-radius: 2px; + -moz-border-radius: 2px; + -webkit-border-radius: 2px; + text-wrap: normal; + overflow: auto; + overflow-y: hidden; +} + +table { + width: 100%; + margin: 0 0 20px 0; +} + +th { + text-align: left; + border-bottom: 1px dashed #b5e853; + padding: 5px 10px; +} + +td { + padding: 5px 10px; +} + +hr { + height: 0; + border: 0; + border-bottom: 1px dashed #b5e853; + color: #b5e853; +} + +/* Buttons +*/ + +.btn { + display: inline-block; + background: -webkit-linear-gradient(top, rgba(40, 40, 40, 0.3), rgba(35, 35, 35, 0.3) 50%, rgba(10, 10, 10, 0.3) 50%, rgba(0, 0, 0, 0.3)); + padding: 8px 18px; + border-radius: 50px; + border: 2px solid rgba(0, 0, 0, 0.7); + border-bottom: 2px solid rgba(0, 0, 0, 0.7); + border-top: 2px solid rgba(0, 0, 0, 1); + color: rgba(255, 255, 255, 0.8); + font-family: Helvetica, Arial, sans-serif; + font-weight: bold; + font-size: 13px; + text-decoration: none; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.75); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.05); +} + +.btn:hover { + background: -webkit-linear-gradient(top, rgba(40, 40, 40, 0.6), rgba(35, 35, 35, 0.6) 50%, rgba(10, 10, 10, 0.8) 50%, rgba(0, 0, 0, 0.8)); +} + +.btn .icon { + display: inline-block; + width: 16px; + height: 16px; + margin: 1px 8px 0 0; + float: left; +} + +.btn-github .icon { + opacity: 0.6; + background: url("../images/blacktocat.png") 0 0 no-repeat; +} + +/* Links + a, a:hover, a:visited +*/ + +a { + color: #63c0f5; + text-shadow: 0 0 5px rgba(104, 182, 255, 0.5); +} + +/* Clearfix */ + +.cf:before, .cf:after { + content:""; + display:table; +} + +.cf:after { + clear:both; +} + +.cf { + zoom:1; +} \ No newline at end of file From f06972e33351f965dbe32f995768702d63f085ba Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 19 May 2014 07:04:36 +0100 Subject: [PATCH 33/35] Update index.html --- index.html | 95 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 77 insertions(+), 18 deletions(-) diff --git a/index.html b/index.html index e90927f..223d3e9 100644 --- a/index.html +++ b/index.html @@ -31,37 +31,96 @@

Welcome to GitHub Pages.

-

This automatic page generator is the easiest way to create beautiful pages for all of your projects. Author your page content here using GitHub Flavored Markdown, select a template crafted by a designer, and publish. After your page is generated, you can check out the new branch:

+

How it works?

-
$ cd your_repo_root/repo_name
-$ git fetch origin
-$ git checkout gh-pages
-
+This program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version, +and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this script. -

If you're using the GitHub for Mac, simply sync your repository and you'll see the new branch.

+Additionally possible to provide '-k' flag to manually enter the Kernel Version/Operating System Release Version. -

-Designer Templates

+This script has been extremely useful on site and in exams. Now Open-sourced under GPLv2. -

We've crafted some handsome templates for you to use. Go ahead and continue to layouts to browse through them. You can easily go back to edit your page before publishing. After publishing your page, you can revisit the page generator and switch to another theme. Your Page content will be preserved if it remained markdown format.

+

Sample Output

+
+$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0
 
-

-Rather Drive Stick?

+Kernel local: 3.0.0
 
-
If you prefer to not use the automatic generator, push a branch named gh-pages to your repository to create a page manually. In addition to supporting regular HTML content, GitHub Pages support Jekyll, a simple, blog aware static site generator written by our own Tom Preston-Werner. Jekyll makes it easy to create site-wide headers and footers without having to copy them across every page. It also offers intelligent blog support and other advanced templating features.

+Possible Exploits:
+[+] semtex
+   CVE-2013-2094
+   Source: www.exploit-db.com/download/25444/‎
+[+] memodipper
+   CVE-2012-0056
+   Source: http://www.exploit-db.com/exploits/18411/
+[+] perf_swevent
+   CVE-2013-2094
+   Source: http://www.exploit-db.com/download/26131
+
+ +
+$ perl ./Linux_Exploit_Suggester.pl -k 2.6.28
+
+Kernel local: 2.6.28
+
+Possible Exploits:
+[+] sock_sendpage2
+   Alt: proto_ops    CVE-2009-2692
+   Source: http://www.exploit-db.com/exploits/9436
+[+] half_nelson3
+   Alt: econet    CVE-2010-4073
+   Source: http://www.exploit-db.com/exploits/17787/
+[+] reiserfs
+   CVE-2010-1146
+   Source: http://www.exploit-db.com/exploits/12130/
+[+] pktcdvd
+   CVE-2010-3437
+   Source: http://www.exploit-db.com/exploits/15150/
+[+] american-sign-language
+   CVE-2010-4347
+   Source: http://www.securityfocus.com/bid/45408/
+[+] half_nelson
+   Alt: econet    CVE-2010-3848
+   Source: http://www.exploit-db.com/exploits/6851
+[+] udev
+   Alt: udev <1.4.1    CVE-2009-1185
+   Source: http://www.exploit-db.com/exploits/8478
+[+] do_pages_move
+   Alt: sieve    CVE-2010-0415
+   Source: Spenders Enlightenment
+[+] pipe.c_32bit
+   CVE-2009-3547
+   Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
+[+] exit_notify
+   Source: http://www.exploit-db.com/exploits/8369
+[+] can_bcm
+   CVE-2010-2959
+   Source: http://www.exploit-db.com/exploits/14814/
+[+] ptrace_kmod2
+   Alt: ia32syscall,robert_you_suck    CVE-2010-3301
+   Source: http://www.exploit-db.com/exploits/15023/
+[+] half_nelson1
+   Alt: econet    CVE-2010-3848
+   Source: http://www.exploit-db.com/exploits/17787/
+[+] half_nelson2
+   Alt: econet    CVE-2010-3850
+   Source: http://www.exploit-db.com/exploits/17787/
+[+] sock_sendpage
+   Alt: wunderbar_emporium    CVE-2009-2692
+   Source: http://www.exploit-db.com/exploits/9435
+[+] video4linux
+   CVE-2010-3081
+   Source: http://www.exploit-db.com/exploits/15024/
+

Authors and Contributors

-

You can @mention a GitHub username to generate a link to their profile. The resulting <a> element will link to the contributor's GitHub Profile. For example: In 2007, Chris Wanstrath (@defunkt), PJ Hyett (@pjhyett), and Tom Preston-Werner (@mojombo) founded GitHub.

+

In 2013, Andy Davies (@Penturalabs) released the Source Code for Linux Exploit Suggester -

-Support or Contact

- -

Having trouble with Pages? Check out the documentation at http://help.github.com/pages or contact support@github.com and we’ll help you sort it out.

- \ No newline at end of file + From e6b86f9e57d593e6acf66138f64caabf1db874bd Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 19 May 2014 07:11:20 +0100 Subject: [PATCH 34/35] Update index.html --- index.html | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/index.html b/index.html index 223d3e9..7db0972 100644 --- a/index.html +++ b/index.html @@ -28,19 +28,16 @@
-

-Welcome to GitHub Pages.

- +

How it works?

- This program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version, and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this script. - +

Additionally possible to provide '-k' flag to manually enter the Kernel Version/Operating System Release Version. +

+

This script has been extremely useful onsite and in exams. Now Open-sourced under GPLv2.

-This script has been extremely useful on site and in exams. Now Open-sourced under GPLv2. - -

Sample Output

+

Sample Output

 $ perl ./Linux_Exploit_Suggester.pl -k 3.0.0
 
@@ -116,7 +113,7 @@ Possible Exploits:
 

 Authors and Contributors

 
-
In 2013, Andy Davies (@Penturalabs) released the Source Code for Linux Exploit Suggester
+
In 2013, Andy Davies of Pentura Ltd(@Penturalabs) released the Source Code for Linux Exploit Suggester
From 627332d451dd7a9d2d641e6ff571acf3efe9568c Mon Sep 17 00:00:00 2001 From: PenturaLabs Date: Mon, 19 May 2014 07:23:20 +0100 Subject: [PATCH 35/35] Update index.html --- index.html | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 7db0972..bf667a1 100644 --- a/index.html +++ b/index.html @@ -110,10 +110,16 @@ Possible Exploits: Source: http://www.exploit-db.com/exploits/15024/ -

-Authors and Contributors

+

+Authors

-

In 2013, Andy Davies of Pentura Ltd(@Penturalabs) released the Source Code for Linux Exploit Suggester +

In 2013, Andy Davies of Pentura Ltd(@Penturalabs) released the Source Code for Linux Exploit Suggester. +

+Contributors

+Thanks to the following contributors (no particular order): +

Brian Carrick of IRM plc

+

Brenu G. de Oliveira

+

Garu