#!/bin/bash # Well this section is going to be where I integrate the database with local exploits # that are known. So far it just finds binaries that yielded root at one time. # If you notice that one of the binaries never yielded root send me an email at # localfun@milw0rm.com with the info. # # The start is just listings of local binaries that are exploitable in mil's db under linux. # http://www.milw0rm.com/localparse.php?platform=linux # When new exploits are found the script will be updated automatically. # This is going to take alot of time but will see how far I get with it. # /str0ke # kernel info here -> # end of kernel info -> echo "# [-] milw0rm.com local finder" echo "# [-] searching for mil's possible vuln bins" DIR="" for dir in /glftpd/bin/ /usr/local/apache/bin /opt/gnome/bin /home/db2inst1/sqllib/adm /usr/games /usr/X11R6/bin /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin; do [ -d ${dir} ] && DIR="$DIR ${dir}" done FILES=" atari800 cdrdao cdrecord chpasswd chpax cxterm Debian Linux dump Exim expect F-Secure fkey ftpdctl glFTPd GLIBC gnome_segv htget htpasswd hztty IBM jaZip Linux Kernel Linux Mandrake luxman mail mount MySQL ncpmount Operator Shell Qpopper rcp readcd RESOLV restore rsync sendmail seyon slocate sox sperl sperl5.8.4 splitvt splumber Sudo sudo.bin SudoEdit suidperl SuSE Linux terminatorX traceroute UUCP Veritas vixie-cron xgalaga XMail xsok xsoldier xtokkaetama zgv " # credits - chkrootkit / nice job fellas. /str0ke for j in ${DIR}; do for i in ${FILES}; do [ -f ${j}/${i} ] && echo ${j}/${i} - http://www.milw0rm.com/localfunsearch.php?t=${i} done done echo "# [-] local search complete." -----------