Everything not up to date? Suggestions, tickets, and PR's encouraged!

[NullArray]

Hey guys. Thank you for taking the time to read this Notice/PSA.

If you find yourself using RootHelper, the tools it fetches or similar utilities on a regular basis i am sure you'd agree that having everything up to date with the latest releases of these OSS implementations is very important to maintaining it's effectiveness.

As for my part i intend to support RootHelper long term by doing just that. My intention is to make sure all the tools it fetches are up to date and the best, so you and me both have the best toolkit to get the job done, efficiently and without too much hassle.

In light of this i wanted to let you know that if you find one of the scripts RootHelper fetches to be out of date, discontinued by it's developers, or subject to similar considerations, i would like to encourage you to open a ticket to let me know, or a PR if you feel like contributing in such a manner.

Of course i am keeping my eyes open for new versions and such myself, but it's possible i may have missed a release or there is a new tool that definitely belongs in the bundle of tools that comes with my implementation.

Please feel free to post any questions regarding this PSA below. Or a general question about the tools itself in a ticket of their own.

Thanks!

[NullArray]

I've just added a small message in a similar vein to this one to the Tip of the Day feature in RootHelper to help spread the word.

[rosariokt]

Should host the exploit on non tls 1.3 site..on old box, site like githu or exploitdb reject ssl negotiations thus making the script executing nothing

[NullArray]

Should host the exploit on non tls 1.3 site..on old box, site like githu or exploitdb reject ssl negotiations thus making the script executing nothing

Which exploit would you be referring to?

[NullArray]

Should host the exploit on non tls 1.3 site..on old box, site like githu or exploitdb reject ssl negotiations thus making the script executing nothing

If by exploit you mean RootHelper itself. All i will say is that i provide the utility, it's up to you to decide how you'll deploy RootHelper in any specific engagement. I'm not going to host a VPS for you, just so you can deploy it from there.

If you're a pentester it would stand to reason that the company you work for has it's own infrastructure. Heck, even as a black hat i would expect any black hat worth their salt to have their own infrastructure to work from.

[rosariokt]

Should host the exploit on non tls 1.3 site..on old box, site like githu or exploitdb reject ssl negotiations thus making the script executing nothing

If by exploit you mean RootHelper itself. All i will say is that i provide the utility, it's up to you to decide how you'll deploy RootHelper in any specific engagement. I'm not going to host a VPS for you, just so you can deploy it from there.

If you're a pentester it would stand to reason that the company you work for has it's own infrastructure. Heck, even as a black hat i would expect any black hat worth their salt to have their own infrastructure to work from.

calm down
what i mean is..in old system, connection to site such as github or any ssl enabled mostly failed due to tls setting as they only

this script fetch resources to github making it execute nothing as github used ssl 1.3

[NullArray]

Should host the exploit on non tls 1.3 site..on old box, site like githu or exploitdb reject ssl negotiations thus making the script executing nothing

If by exploit you mean RootHelper itself. All i will say is that i provide the utility, it's up to you to decide how you'll deploy RootHelper in any specific engagement. I'm not going to host a VPS for you, just so you can deploy it from there.
If you're a pentester it would stand to reason that the company you work for has it's own infrastructure. Heck, even as a black hat i would expect any black hat worth their salt to have their own infrastructure to work from.

calm down what i mean is..in old system, connection to site such as github or any ssl enabled mostly failed due to tls setting as they only

this script fetch resources to github making it execute nothing as github used ssl 1.3

So what you do is gather up the tooling i have provided links to, host them on infrastructure you control, change the lines where it gets downloaded from github to the server you are then hosting the tooling on and run it like that.

It's trivial to add a command line argument in order to change the host where the tooling is located. Especially if you're all hosting them at the same place. You only need to change the base url within the associative array.

#!/bin/bash

githost(){

    Declare -A
    
    RHelpers['ExploitSuggest.py']="http://www.securitysift.com/download/linuxprivchecker.py"
    # --SNIP---#

    }

rhost(){

    Declare -A
    
    RHelpers['ExploitSuggest.py']="$1/download/linuxprivchecker.py"
    # And do on and so forth

    }

if [[ $1 != '' ]]; then 
    rhost
else
    githost
fi


#--SNIP--#

Or something to that effect.