目錄

• 腳本源碼
• 用法
• 效果及示例

版本：Grey Hack v0.7.3618 - Alpha

---

腳本源碼

metaxploit = include_lib("/lib/metaxploit.so") if not metaxploit thenmetaxploit = include_lib(current_path + "/metaxploit.so") end if if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")resultMem = "" resultKey = ""metaLib = metaxploit.load("/lib/net.so") if metaLib then print("Founded " + metaLib.lib_name + " "+ metaLib.version)exploits = metaxploit.scan(metaLib)for exploit in exploitsprint(exploit)result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]result = metaLib.overflow(exploit, target_key[3:-4])if typeof(result) == "shell" thenroot_file = result.host_computer.File("/root")if root_file.has_permission("w") thenresult.start_terminalelse if root_file.has_permission("r") thenresultMem = exploitresultKey = target_key[3:-4]elseif resultMem == "" then resultMem = exploitif resultKey == "" then resultKey = target_key[3:-4]end ifend ifend forend for end ifmetaLib = [] metaLib = metaxploit.load("/lib/init.so") if not metaLib then exit("Can't find " + "/lib/init.so")print("Founded " + metaLib.lib_name + " "+ metaLib.version)if metaLib then exploits = metaxploit.scan(metaLib)for exploit in exploitsprint(exploit)result_lists = metaxploit.scan_address(metaLib, exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]result = metaLib.overflow(exploit, target_key[3:-4])if typeof(result) == "shell" thenroot_file = result.host_computer.File("/root")if root_file.has_permission("w") thenresult.start_terminalelse if root_file.has_permission("r") thenresultMem = kernel_router_exploitresultKey = target_key[3:-4]elseif resultMem == "" then resultMem = exploitif resultKey == "" then resultKey = target_key[3:-4]end ifend ifend forend for end if result = metaLib.overflow(resultMem, resultKey) if typeof(result) == "shell" thenresult.start_terminal end if exit("Fail...")

用法

在本地使用，可從游客權(quán)限提至至少是普通用戶(hù)級(jí)

效果及示例

譬如，已經(jīng)獲取了一個(gè)游客權(quán)限的shell


上傳本腳本及需要的庫(kù)，執(zhí)行

得到了普通用戶(hù)身份

總結(jié)

以上是生活随笔為你收集整理的【 Grey Hack 】万金油脚本：原地提权工具的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。