Skip to content

Linux Exploit Suggester

by on August 26, 2013

Binary code

Background

Many moons ago I stumbled across a broken script on an incident response job.  The Hackers uploaded numerous exploits and scripts in an attempt to compromise a Linux RedHat server.  Among these files was a broken script (that did not work) that would suggest possible exploits given the release version ‘uname -r’ of the Linux Operating System.

This gave me an idea; create my own that actually works….

As the name suggests, this is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to gain ‘root‘ on a legitimate penetration test, or governing examining body :)

Demo Time

Actions speak louder than words, so attached is sample output for querying a 2.6.28 Kernel:

$ perl ./Linux_Exploit_Suggester.pl -k 2.6.28

Kernel local: 2.6.28

Possible Exploits:
[+] sock_sendpage2
Alt: proto_ops CVE-2009-2692
Source: http://www.exploit-db.com/exploits/9436
[+] half_nelson3
Alt: econet CVE-2010-4073
Source: http://www.exploit-db.com/exploits/17787/
[+] reiserfs
CVE-2010-1146
Source: http://www.exploit-db.com/exploits/12130/
[+] pktcdvd
CVE-2010-3437
Source: http://www.exploit-db.com/exploits/15150/
[+] american-sign-language
CVE-2010-4347
Source: http://www.securityfocus.com/bid/45408/
[+] half_nelson
Alt: econet CVE-2010-3848
Source: http://www.exploit-db.com/exploits/6851
[+] udev
Alt: udev <1.4.1 CVE-2009-1185
Source: http://www.exploit-db.com/exploits/8478
[+] do_pages_move
Alt: sieve CVE-2010-0415
Source: Spenders Enlightenment
[+] pipe.c_32bit
CVE-2009-3547
Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
[+] exit_notify
Source: http://www.exploit-db.com/exploits/8369
[+] can_bcm
CVE-2010-2959
Source: http://www.exploit-db.com/exploits/14814/
[+] ptrace_kmod2
Alt: ia32syscall,robert_you_suck CVE-2010-3301
Source: http://www.exploit-db.com/exploits/15023/
[+] half_nelson1
Alt: econet CVE-2010-3848
Source: http://www.exploit-db.com/exploits/17787/
[+] half_nelson2
Alt: econet CVE-2010-3850
Source: http://www.exploit-db.com/exploits/17787/
[+] sock_sendpage
Alt: wunderbar_emporium CVE-2009-2692
Source: http://www.exploit-db.com/exploits/9435
[+] video4linux
CVE-2010-3081
Source: http://www.exploit-db.com/exploits/15024/

Again, here is similar output for a more modern 3.0.0 Kernel:

$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0

Kernel local: 3.0.0

Possible Exploits:
[+] semtex
   CVE-2013-2094
   Source: http://www.exploit-db.com/download/25444/‎
[+] memodipper
   CVE-2012-0056
   Source: http://www.exploit-db.com/exploits/18411/
[+] perf_swevent
   CVE-2013-2094
   Source: http://www.exploit-db.com/download/26131

Code

Can be found within our GitHub Repository:

Call for Additions/Corrections

It is likely that there are gaps, or errors within this script. Feel free to contribute, as this is released under Opensource GPLv2.

Downside

Unfortunately; in all honesty it can not take into account patches or back ported patches.  So may yield false positives.

6 Comments
  1. Mill gracias excelente

  2. hey there… I thought this would help me, but no dice, without gcc or CC and unable to run many commands pretty much SOL… anyway I made a quick zenity script to add this to my debian start menu… maybe it will help others…

    make the directory (/opt/LES) put this script in that directory and add it to your start menu!

    #!/bin/sh
    if zenity –question –title=”Linux Exploit Suggester” –text=”Update LES?”; then
    wget -O /opt/LES/Linux_Exploit_Suggester.pl https://github.com/PenturaLabs/Linux_Exploit_Suggester/raw/master/Linux_Exploit_Suggester.pl
    zenity –title “Linux Exploit Suggester” –info –text=”Linux Exploit suggester successfully updated”
    else
    KERNAL=$(zenity –entry –title=”Linux Exploit Suggester” –text=”Enter the kernal version (uname -r) :” –entry-text “2.6.32″)
    gnome-terminal -x bash -c “perl /opt/Linux_Exploit_Suggester.pl -k $KERNAL; cat”
    fi

Trackbacks & Pingbacks

  1. Linux News Watch | Linux Exploit Suggester | Pentura Labs's Blog
  2. Linux exploit suggester | Mick's Mix
  3. Weekendowa Lektura | Zaufana Trzecia Strona
  4. Compilado de enlaces | programacion@droope

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 120 other followers

%d bloggers like this: