【 Grey Hack 】万金油脚本：原地提权工具

最新推荐文章于 2021-09-01 15:53:44 发布

乙酸氧铍

最新推荐文章于 2021-09-01 15:53:44 发布

阅读量1.5k

点赞数 2

分类专栏： # Grey Hack 文章标签：游戏模拟运维 hacks nethack

本文链接：https://blog.csdn.net/weixin_44457994/article/details/119976260

版权

Grey Hack 专栏收录该内容

14 篇文章 15 订阅

订阅专栏

脚本源码

metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
	metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")

resultMem = ""
resultKey = ""

metaLib = metaxploit.load("/lib/net.so")
if metaLib then 
	print("Founded " + metaLib.lib_name + " "+ metaLib.version)
	exploits = metaxploit.scan(metaLib)
	for exploit in exploits
		print(exploit)
		result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]
		for result_list in result_lists
			target_str = result_list.split(".")[0]
			target_key = target_str.split(" ")[-1]
			result = metaLib.overflow(exploit, target_key[3:-4])
			if typeof(result) == "shell" then
				root_file = result.host_computer.File("/root")
				if root_file.has_permission("w") then
					result.start_terminal
				else if root_file.has_permission("r") then
					resultMem = exploit
					resultKey = target_key[3:-4]
				else
					if resultMem == "" then resultMem = exploit
					if resultKey == "" then resultKey = target_key[3:-4]
				end if
			end if
		end for
	end for
end if

metaLib = []
metaLib = metaxploit.load("/lib/init.so")
if not metaLib then exit("Can't find " + "/lib/init.so")

print("Founded " + metaLib.lib_name + " "+ metaLib.version)

if metaLib then 
	exploits = metaxploit.scan(metaLib)
	for exploit in exploits
		print(exploit)
		result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]
		for result_list in result_lists
			target_str = result_list.split(".")[0]
			target_key = target_str.split(" ")[-1]
			result = metaLib.overflow(exploit, target_key[3:-4])
			if typeof(result) == "shell" then
				root_file = result.host_computer.File("/root")
				if root_file.has_permission("w") then
					result.start_terminal
				else if root_file.has_permission("r") then
					resultMem = kernel_router_exploit
					resultKey = target_key[3:-4]
				else
					if resultMem == "" then resultMem = exploit
					if resultKey == "" then resultKey = target_key[3:-4]
				end if
			end if
		end for
	end for
end if
result = metaLib.overflow(resultMem, resultKey)
if typeof(result) == "shell" then
	result.start_terminal
end if
exit("Fail...")

用法

在本地使用，可从游客权限提至至少是普通用户级

效果及示例

譬如，已经获取了一个游客权限的shell
在这里插入图片描述

上传本脚本及需要的库，执行

得到了普通用户身份

乙酸氧铍

关注

2
点赞
踩
3

收藏

觉得还不错? 一键收藏
打赏
1
评论
【 Grey Hack 】万金油脚本：原地提权工具

目录脚本源码用法效果及示例版本：Grey Hack v0.7.3618 - Alpha脚本源码metaxploit = include_lib("/lib/metaxploit.so")if not metaxploit then metaxploit = include_lib(current_path + "/metaxploit.so")end ifif not metaxploit then exit("Error: Can't find metaxploit library in
复制链接

扫一扫