MattTheTekie/Linux_Exploit_Suggester
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Linux_Exploit_Suggester/index.html
PenturaLabs 627332d451 Update index.html
2014-05-19 07:23:20 +01:00

129 lines
4.3 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen" />
<link rel="stylesheet" type="text/css" href="stylesheets/pygment_trac.css" media="screen" />
<link rel="stylesheet" type="text/css" href="stylesheets/print.css" media="print" />
<title>Linux Exploit Suggester by PenturaLabs</title>
</head>
<body>
<header>
<div class="container">
<h1>Linux Exploit Suggester</h1>
<h2>Suggest possible kernel-level Linux exploits based on the Operating System release number. </h2>
<section id="downloads">
<a href="https://github.com/PenturaLabs/Linux_Exploit_Suggester/zipball/master" class="btn">Download as .zip</a>
<a href="https://github.com/PenturaLabs/Linux_Exploit_Suggester/tarball/master" class="btn">Download as .tar.gz</a>
<a href="https://github.com/PenturaLabs/Linux_Exploit_Suggester" class="btn btn-github"><span class="icon"></span>View on GitHub</a>
</section>
</div>
</header>
<div class="container">
<section id="main_content">
<h2>How it works?</h2>
This program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version,
and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this script.
<p>
Additionally possible to provide '-k' flag to manually enter the Kernel Version/Operating System Release Version.
</p>
<p>This script has been extremely useful onsite and in exams. Now Open-sourced under GPLv2.</p>
<h3>Sample Output</h3>
<pre>
$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0
Kernel local: 3.0.0
Possible Exploits:
[+] semtex
CVE-2013-2094
Source: www.exploit-db.com/download/25444/
[+] memodipper
CVE-2012-0056
Source: http://www.exploit-db.com/exploits/18411/
[+] perf_swevent
CVE-2013-2094
Source: http://www.exploit-db.com/download/26131
</pre>
<pre>
$ perl ./Linux_Exploit_Suggester.pl -k 2.6.28
Kernel local: 2.6.28
Possible Exploits:
[+] sock_sendpage2
Alt: proto_ops CVE-2009-2692
Source: http://www.exploit-db.com/exploits/9436
[+] half_nelson3
Alt: econet CVE-2010-4073
Source: http://www.exploit-db.com/exploits/17787/
[+] reiserfs
CVE-2010-1146
Source: http://www.exploit-db.com/exploits/12130/
[+] pktcdvd
CVE-2010-3437
Source: http://www.exploit-db.com/exploits/15150/
[+] american-sign-language
CVE-2010-4347
Source: http://www.securityfocus.com/bid/45408/
[+] half_nelson
Alt: econet CVE-2010-3848
Source: http://www.exploit-db.com/exploits/6851
[+] udev
Alt: udev &lt;1.4.1 CVE-2009-1185
Source: http://www.exploit-db.com/exploits/8478
[+] do_pages_move
Alt: sieve CVE-2010-0415
Source: Spenders Enlightenment
[+] pipe.c_32bit
CVE-2009-3547
Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
[+] exit_notify
Source: http://www.exploit-db.com/exploits/8369
[+] can_bcm
CVE-2010-2959
Source: http://www.exploit-db.com/exploits/14814/
[+] ptrace_kmod2
Alt: ia32syscall,robert_you_suck CVE-2010-3301
Source: http://www.exploit-db.com/exploits/15023/
[+] half_nelson1
Alt: econet CVE-2010-3848
Source: http://www.exploit-db.com/exploits/17787/
[+] half_nelson2
Alt: econet CVE-2010-3850
Source: http://www.exploit-db.com/exploits/17787/
[+] sock_sendpage
Alt: wunderbar_emporium CVE-2009-2692
Source: http://www.exploit-db.com/exploits/9435
[+] video4linux
CVE-2010-3081
Source: http://www.exploit-db.com/exploits/15024/
</pre>
<h2>
<a name="authors-and-contributors" class="anchor" href="#authors-and-contributors"><span class="octicon octicon-link"></span></a>Authors</h2>
<p>In 2013, Andy Davies of Pentura Ltd(<a href="https://github.com/defunkt" class="user-mention">@Penturalabs</a>) released the Source Code for Linux Exploit Suggester.
<h3>
<a name="authors-and-contributors" class="anchor" href="#authors-and-contributors"><span class="octicon octicon-link"></span></a>Contributors</h3>
Thanks to the following contributors (no particular order):
<p>Brian Carrick of IRM plc</p>
<p>Brenu G. de Oliveira</p>
<p>Garu</p>
</section>
</div>
</body>
</html>
Reference in a new issue View git blame Copy permalink