自动探测linux的溢出版本

2013-08-30 09:16:38 65 7591
#!/usr/bin/perl
=head1 USAGE
        $ Local_Exploit_Checker [-h] [-k kernel]
        [-h] help
        [-k] kernel Eg. 2.6.28
=head1 AUTHOR

use Getopt::Std;

$VERSION="0.6";
my $khost="";
my %opts;
getopt('k,h',\%opts);

if (exists $opts{h}){ &usage;}

if (exists $opts{k}){
        $khost=$opts{k};
}else{
        $khost = `uname -r |cut -d"-" -f1`;
        chomp($khost);
}
print "\nKernel local: $khost\n\n";

sub usage{
        print "Linux Exploit Suggester $VERSION\n";
        print "Usage: \t$0  [-h] [-k kernel]\n";
        print "\t[-h] help (this message)\n";
        print "\t[-k] kernel number eg. 2.6.28\n";
}

my %h;
$h{'w00t'} = { vuln=>['2.4.10','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21'] };
$h{'brk'} = { vuln=>['2.4.10','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22'] };
$h{'ave'} = { vuln=>['2.4.19','2.4.20'] };
$h{'elflbl'} = { vuln=>['2.4.29'],mil=>"http://www.exploit-db.com/exploits/744/" };
$h{'elfdump'} = { vuln=>['2.4.27'] };
$h{'elfcd'} = {vuln=>['2.6.12']};
$h{'expand_stack'} = { vuln=>['2.4.29'] };
$h{'h00lyshit'} = { vuln=>['2.6.8','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16'],cve=>"2006-3626",mil=>"http://www.exploit-db.com/exploits/2013/"};
$h{'kdump'} = { vuln=>['2.6.13'] };
$h{'km2'} = { vuln=>['2.4.18','2.4.22'] };
$h{'krad'} = { vuln=>['2.6.5','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11'] };
$h{'krad3'} = { vuln=>['2.6.5','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11'],mil=>"http://exploit-db.com/exploits/1397" };
$h{'local26'} = { vuln=>['2.6.13'] };
$h{'loko'} = { vuln=>['2.4.22','2.4.23','2.4.24'] };
$h{'mremap_pte'} = { vuln=>['2.4.20','2.2.24','2.4.25','2.4.26','2.4.27'],mil=>"http://www.exploit-db.com/exploits/160/" };
$h{'newlocal'} = { vuln=>['2.4.17','2.4.19'] };
$h{'ong_bak'} = { vuln=>['2.6.5'] };
$h{'ptrace'} = { vuln=>['2.4.18','2.4.19','2.4.20','2.4.21','2.4.22']};
$h{'ptrace_kmod'} = { vuln=>['2.4.18','2.4.19','2.4.20','2.4.21','2.4.22'],cve=>"2007-4573"};
$h{'ptrace_kmod2'} = { vuln=>['2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34'],alt=>"ia32syscall,robert_you_suck",mil=>"http://www.exploit-db.com/exploits/15023/",cve=>"2010-3301"};
$h{'ptrace24'} = { vuln=>['2.4.9'] };
$h{'pwned'} = { vuln=>['2.6.11'] };
$h{'py2'} = { vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] };
$h{'raptor_prctl'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],cve=>"2006-2451",mil=>"http://www.exploit-db.com/exploits/2031/" };
$h{'prctl'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2004/" };
$h{'prctl2'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2005/"};
$h{'prctl3'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'],mil=>"http://www.exploit-db.com/exploits/2006/" };
$h{'prctl4'} = { vuln=>['2.6.13','2.6.14','2.6.15','2.6.16','2.6.17'] ,mil=>"http://www.exploit-db.com/exploits/2011/"};
$h{'remap'} = { vuln=>['2.4.'] };
$h{'rip'} = { vuln=>['2.2.'] };
$h{'stackgrow2'} = { vuln=>['2.4.29','2.6.10'] };
$h{'uselib24'} = { vuln=>['2.6.10','2.4.17','2.4.22','2.4.25','2.4.27','2.4.29'] };
$h{'newsmp'} = { vuln=>['2.6.'] };
$h{'smpracer'} = { vuln=>['2.4.29'] };
$h{'loginx'} = { vuln=>['2.4.22'] };
$h{'exp.sh'} = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] };   
$h{'vmsplice1'} = {vuln=>['2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.24.1'],alt=>"jessica biel",cve=>"2008-0600",mil=>"http://www.expliot-db.com/exploits/5092"};
$h{'vmsplice2'} = {vuln=>['2.6.23','2.6.24'],alt=>"diane_lane",cve=>"2008-0600", mil=>"http://www.exploit-db.com/exploits/5093"};
$h{'vconsole'} = {vuln=>['2.6.'],cve=>"2009-1046"};
$h{'sctp'} = {vuln=>['2.6.26'],cve=>"2008-4113"};
$h{'ftrex'} = {vuln=>['2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22'],cve=>"2008-4210",mil=>"http://www.exploit-db.com/exploits/6851"};
$h{'exit_notify'} =  {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],mil=>"http://www.exploit-db.com/exploits/8369"};
$h{'udev'} = {vuln=>['2.6.25','2.6.26','2.6.27','2.6.28','2.6.29'],alt=>"udev <1.4.1",cve=>"2009-1185",mil=>"http://www.exploit-db.com/exploits/8478"};
$h{'sock_sendpage2'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"proto_ops",cve=>"2009-2692",mil=>"http://www.exploit-db.com/exploits/9436"};
$h{'sock_sendpage'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30'],alt=>"wunderbar_emporium",cve=>"2009-2692",mil=>"http://www.exploit-db.com/exploits/9435"};
$h{'udp_sendmsg_32bit'}={vuln=>['2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19'],cve=>"2009-2698", mil=>"http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c"};
$h{'pipe.c_32bit'}={vuln=>['2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30','2.4.31','2.4.32','2.4.33','2.4.34','2.4.35','2.4.36','2.4.37','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],cve=>"2009-3547",mil=>"http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c"};
$h{'do_pages_move'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31'],alt=>"sieve",cve=>"2010-0415",mil=>"Spenders Enlightenment"};
$h{'reiserfs'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34'],cve=>"2010-1146",mil=>"http://www.exploit-db.com/exploits/12130/"};
$h{'can_bcm'}={vuln=>['2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-2959",mil=>"http://www.exploit-db.com/exploits/14814/"};
$h{'rds'}={vuln=>['2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],mil=>"http://www.exploit-db.com/exploits/15285/",cve=>"2010-3904"};
$h{'half_nelson'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3848",mil=>"http://www.exploit-db.com/exploits/6851"};
$h{'half_nelson1'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3848",mil=>"http://www.exploit-db.com/exploits/17787/"};
$h{'half_nelson2'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-3850",mil=>"http://www.exploit-db.com/exploits/17787/"};
$h{'half_nelson3'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],alt=>"econet",cve=>"2010-4073",mil=>"http://www.exploit-db.com/exploits/17787/"};
$h{'caps_to_root'} = {vuln=>['2.6.34','2.6.35','2.6.36'],cve=>"n/a",mil=>"http://www.exploit-db.com/exploits/15916/"};
$h{'american-sign-language'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-4347",mil=>"http://www.securityfocus.com/bid/45408/"};
$h{'pktcdvd'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33','2.6.34','2.6.35','2.6.36'],cve=>"2010-3437",mil=>"http://www.exploit-db.com/exploits/15150/"};
$h{'video4linux'} = {vuln=>['2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.16','2.6.17','2.6.18','2.6.19','2.6.20','2.6.21','2.6.22','2.6.23','2.6.24','2.6.25','2.6.26','2.6.27','2.6.28','2.6.29','2.6.30','2.6.31','2.6.32','2.6.33'],cve=>"2010-3081",mil=>"http://www.exploit-db.com/exploits/15024/"};
$h{'memodipper'} = {vuln=>['2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2012-0056",mil=>"http://www.exploit-db.com/exploits/18411/"};
$h{'semtex'}={vuln=>['2.6.37','2.6.38','2.6.39','3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/25444/&#8206;"};
$h{'perf_swevent'}={vuln=>['3.0.0','3.0.1','3.0.2','3.0.3','3.0.4','3.0.5','3.0.6','3.1.0','3.2','3.3','3.4.0','3.4.1','3.4.2','3.4.3','3.4.4','3.4.5','3.4.6','3.4.8','3.4.9','3.5','3.6','3.7','3.8.0','3.8.1','3.8.2','3.8.3','3.8.4','3.8.5','3.8.6','3.8.7','3.8.8','3.8.9'],cve=>"2013-2094",mil=>"http://www.exploit-db.com/download/26131"};

&run_main;

sub run_main {
print "Possible Exploits:\n";
foreach my $key(keys %h){
        foreach my $kernel ( @{ $h{$key}->{vuln} }){
#                printf "DEBUG:vuln:%s kernel:%s lk:%s\n", $key,$kernel,$khost;
                if($khost=~/^$kernel$/){
                         chop($kernel) if ($kernel=~/.$/);
                         print "[+] ".$key;
                        $alt=$h{$key}->{alt};
                        $cve=$h{$key}->{cve};
                        $mlw=$h{$key}->{mil};
                        if ((length ($alt) >0)||(length ($cve) >0)){print "\n";}
                        if (length ($alt) >0){ print "   Alt: $alt ";}
                        if (length ($cve) >0){ print "   CVE-$cve";}
                        if (length ($mlw) >0){ print "\n   Source: $mlw";}
                        print "\n";
                 }
              }
}
}

关于作者

kevin2007篇文章28篇回复

评论65次

要评论?请先  登录  或  注册