[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-83031":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":34,"readmeContent":35,"aiSummary":36,"trendingCount":15,"starSnapshotCount":15,"syncStatus":14,"lastSyncTime":37,"discoverSource":38},83031,"lpe-toolkit","portbuster1337\u002Flpe-toolkit","portbuster1337","Multi-architecture Linux privilege escalation toolkit with 19 pre-built and runtime-compilable exploits. Auto-detects kernel version, filters patched exploits, tries each until root.","",null,"C",76,14,2,0,4,16,19,13,3.53,false,"master",true,[25,26,27,28,29,30,31,32,33],"ctf","cybersecurity","exploit","gtfobins","kernel-exploit","linux","penetration-testing","privilege-escalation","security","2026-06-12 02:04:30","# Linux LPE Toolkit\n\nMulti-architecture privilege escalation toolkit with 19 pre-built and runtime-compilable exploits. Supports amd64, arm64, 386, mips, mipsle, mips64, and mips64le. Detects kernel version, filters patched exploits, and tries each in order until root is obtained.\n\n## Quick Start\n\n```bash\n# run directly (no gcc needed on target if pre-compiled binaries are embedded)\n.\u002Flpe-toolkit\n\n# dry-run: show exploit plan without executing\n.\u002Flpe-toolkit --dry-run\n\n# skip specific exploits\n.\u002Flpe-toolkit --skip \"dirtyfrag,dirtypipe\"\n\n# execute a command once root is achieved and show its output\n.\u002Flpe-toolkit -c \"id\"\n\n# silent automation: suppress all output except the command result\n.\u002Flpe-toolkit -q -c \"whoami\"\n\n# verbose output (includes exploit stdout\u002Fstderr)\n.\u002Flpe-toolkit -v\n```\n\n## Usage\n\n| Flag | Description |\n|------|-------------|\n| `--dry-run` | Show which exploits are available\u002Fskipped |\n| `--just-build` | Resolve all exploits, print paths, exit (useful for packaging) |\n| `--skip LIST` | Comma-separated exploit names to skip |\n| `-c`, `--command CMD` | Execute CMD as root instead of spawning an interactive shell |\n| `-q`, `--quiet` | Suppress toolkit messages; only show root shell output or `unsuccessful in getting root` |\n| `-v`, `--verbose` | Include exploit stdout\u002Fstderr in output (mutually exclusive with `-q`) |\n\n**Note:** `-v` and `-q` are mutually exclusive — the toolkit exits with an error if both are specified.\n\n## Exploits\n\n| # | Name | Target | Type |\n|---|------|--------|------|\n| 1 | Copy Fail `CVE-2026-31431` | AF_ALG + splice page-cache write | pre-built \u002F compile |\n| 2 | Dirty Frag `CVE-2026-43284` | xfrm-ESP\u002FRxRPC page-cache write | pre-built \u002F compile |\n| 3 | Fragnesia `CVE-2026-46300` | espintcp splice page-cache corruption | pre-built \u002F compile |\n| 4 | DirtyDecrypt `CVE-2026-31635` | rxgk pagecache write | pre-built \u002F compile |\n| 5 | Fragnesia v2 | skb_segment GRO coalesce | pre-built \u002F compile |\n| 6 | PinTheft | RDS zerocopy + io_uring page-cache overwrite | pre-built \u002F compile |\n| 7 | Dirty Pipe `CVE-2022-0847` | \u002Fetc\u002Fpasswd page-cache overwrite | pre-built \u002F compile |\n| 8 | CIFSwitch `CVE-2026-46243` | cifs.spnego + NSS namespace confusion | pre-built \u002F compile |\n| 9 | PwnKit `CVE-2021-4034` | pkexec environment escape | pre-built \u002F compile |\n| 10 | OverlayFS `CVE-2021-3493` | user-ns mount escape | pre-built \u002F compile |\n| 11 | OvFS+FUSE `CVE-2023-0386` | FUSE mount escape | pre-built \u002F compile |\n| 12 | Polkit D-Bus `CVE-2021-3560` | accounts-daemon race | pre-built \u002F compile |\n| 13 | Docker Socket | writable \u002Fvar\u002Frun\u002Fdocker.sock | pre-built \u002F compile |\n| 14 | netfilter OOB `CVE-2021-22555` | ip_tables corruption | pre-built \u002F compile |\n| 15 | nft UAF2 `CVE-2022-2586` | nftables chain UAF | pre-built \u002F compile |\n| 16 | pidfd race `CVE-2026-46333` | ssh-keysign\u002Fshadow FD theft | pre-built \u002F compile |\n| 17 | CPU Timer Race `CVE-2025-38352` | POSIX timer race (PoC) | pre-built \u002F compile |\n| 18 | nft UAF `CVE-2024-1086` | Notselwyn multi-file nftables | pre-built \u002F compile |\n| 19 | GTFOBins | 80+ passwordless sudo techniques | go-handler |\n\n## Build from Source\n\n```bash\n# native build (pre-compile C exploits then embed in Go binary)\nmake\n\n# cross-compile for all architectures (native arch's C exploits only)\nmake build-all\n\n# run directly from source (compile exploits on target at runtime)\nmake run-source\n\n# clean build artifacts\nmake clean\n```\n\nRequirements: Go 1.21+, gcc, and cross-compilers for target architectures:\n- **arm64**: `aarch64-linux-gnu-gcc`\n- **386**: `i686-linux-gnu-gcc`\n- **mips**: `mips-linux-gnu-gcc`\n- **mipsle**: `mipsel-linux-gnu-gcc`\n- **mips64**: `mips64-linux-gnuabi64-gcc`\n- **mips64le**: `mips64el-linux-gnuabi64-gcc`\n\n## Pre-Compiled Binary Packaging\n\nThe `--just-build` flag resolves all usable exploits and prints their paths. Use it to verify what will be available at runtime.\n\nThe pre-compiled binary archive for each release includes a statically linked Go binary with embedded C exploits pre-compiled for all supported architectures (amd64, arm64, 386, mips, mipsle, mips64, mips64le).\n\n## Architecture\n\n- **`toolkit.go`**: Core exploit definitions, kernel version parsing, binary resolution, GTFOBins sudo abuse handler, `execCommandAsRoot()` for non-interactive command execution, `msg()`\u002F`say()` verbosity helpers\n- **`main.go`**: CLI entry point with flags (`-c`, `-q`, `-v`, `--skip`, `--dry-run`, `--just-build`) and signal handling\n- **`build-exploits.sh`**: Cross-compilation script for C exploits\n- **`exploits\u002F`**: C source files and pre-compiled binaries embedded via `\u002F\u002Fgo:embed`\n\n### Notable Changes\n\n- All exploits (including leak-only\u002FPoC-only) now spawn a root shell or execute the requested command\n- **cve_2026_46333.c**: Added `try_passwd_root()` — steals writable `\u002Fetc\u002Fshadow` fd from `passwd`, writes a known password hash, then spawns `su -`; falls back to leak-only methods\n- **cve_2025_38352.c**: Added dirtypipe-style `splice()` overwrite of `\u002Fetc\u002Fpasswd` → `root::0:0:` → spawns `su -`\n- **Command mode**: Page-cache exploits use `--corrupt-only` to skip the interactive PTY bridge; `execCommandAsRoot()` pipes the command to `su` stdin for reliable non-interactive execution\n","portbuster1337\u002Flpe-toolkit 是一个多架构的 Linux 提权工具包，内置了 19 个预编译和运行时可编译的漏洞利用程序。该工具能够自动检测内核版本，过滤已修补的漏洞，并依次尝试每个漏洞直到获取 root 权限。支持 amd64、arm64、386、mips 等多种架构。用户可以通过命令行参数控制工具的行为，如干运行、跳过特定漏洞、执行特定命令等。此工具适用于网络安全测试、CTF 比赛以及渗透测试场景中，帮助安全研究人员和测试人员快速评估和利用系统中的潜在提权漏洞。","2026-06-11 04:09:56","CREATED_QUERY"]