LELevator

public
 

REQUIREMENTS

Debian packages:

  • gcc-arm-linux-gnueabi (Busybox)
  • dialog
  • build-essential

Android SDK:

  • adb (on $PATH)
  • NDK bundle (CVE-2016-5195 needs it)

PROCEDURE FOR IMAGING

  1. Airplane mode
  2. Exploit root
  3. adb forward tcp:8000 tcp:8000
  4. (on recipient) nc -w 3 localhost 8000 | gunzip | tee file.dd | sha256sum | tee file.dd.sha256
  5. dd if=/dev/block/mmcblk0 conv=noerror,sync | gzip | nc -l -p 8000
  6. Crack a cold brewski with THE FUCKING LADS
  7. Profit!

PROCEDURE FOR BUSYBOX

(on tools/busybox-android folder)

  1. ./build.sh
  2. ./deploy.sh

NOTES

  • Dumped image seems to use MSDOS partition table
  • WARNING Exploit CVE-2016-5195 CAN overwrite RO files SOMEHOW, so besides de disk image, a copy of the run-as is also downloaded in case modification was permanent. In most terminals, the file is not overwritten, but it HAS happened and may very well happen, leaving the terminal vulnerable.

EXPLOITS

  • [PATCHED] Dirty Cow (CVE-2016-5195): Exploit persists until reboot. Patched on 1st December 2016 Security Patch Level.

DEVEL TODO's