目录
脚本源码用法效果及示例版本:Grey Hack v0.7.3618 - Alpha
脚本源码
metaxploit = include_lib("/lib/metaxploit.so")if not metaxploit thenmetaxploit = include_lib(current_path + "/metaxploit.so")end ifif not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")resultMem = ""resultKey = ""metaLib = metaxploit.load("/lib/net.so")if metaLib then print("Founded " + metaLib.lib_name + " "+ metaLib.version)exploits = metaxploit.scan(metaLib)for exploit in exploitsprint(exploit)result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]result = metaLib.overflow(exploit, target_key[3:-4])if typeof(result) == "shell" thenroot_file = result.host_computer.File("/root")if root_file.has_permission("w") thenresult.start_terminalelse if root_file.has_permission("r") thenresultMem = exploitresultKey = target_key[3:-4]elseif resultMem == "" then resultMem = exploitif resultKey == "" then resultKey = target_key[3:-4]end ifend ifend forend forend ifmetaLib = []metaLib = metaxploit.load("/lib/init.so")if not metaLib then exit("Can't find " + "/lib/init.so")print("Founded " + metaLib.lib_name + " "+ metaLib.version)if metaLib then exploits = metaxploit.scan(metaLib)for exploit in exploitsprint(exploit)result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]result = metaLib.overflow(exploit, target_key[3:-4])if typeof(result) == "shell" thenroot_file = result.host_computer.File("/root")if root_file.has_permission("w") thenresult.start_terminalelse if root_file.has_permission("r") thenresultMem = kernel_router_exploitresultKey = target_key[3:-4]elseif resultMem == "" then resultMem = exploitif resultKey == "" then resultKey = target_key[3:-4]end ifend ifend forend forend ifresult = metaLib.overflow(resultMem, resultKey)if typeof(result) == "shell" thenresult.start_terminalend ifexit("Fail...")
用法
在本地使用,可从游客权限提至至少是普通用户级
效果及示例
譬如,已经获取了一个游客权限的shell
上传本脚本及需要的库,执行
得到了普通用户身份
如果觉得《【 Grey Hack 】万金油脚本:原地提权工具》对你有帮助,请点赞、收藏,并留下你的观点哦!