Name Last Update
exploits Loading commit data...
tools Loading commit data...
.gitignore Loading commit data...
.gitmodules Loading commit data...
LELevator.sh Loading commit data...
README.md Loading commit data...

README.md

REQUIREMENTS

Debian packages:

  • gcc-arm-linux-gnueabi (Busybox)
  • dialog
  • build-essential

Android SDK:

  • adb (on $PATH)
  • NDK bundle (CVE-2016-5195 needs it)

PROCEDURE FOR IMAGING

  1. Airplane mode
  2. Exploit root
  3. adb forward tcp:8000 tcp:8000
  4. (on recipient) nc -w 3 localhost 8000 | gunzip | tee file.dd | sha256sum | tee file.dd.sha256
  5. dd if=/dev/block/mmcblk0 conv=noerror,sync | gzip | nc -l -p 8000
  6. Crack a cold brewski with THE FUCKING LADS
  7. Profit!

PROCEDURE FOR BUSYBOX

(on tools/busybox-android folder)

  1. ./build.sh
  2. ./deploy.sh

NOTES

  • Dumped image seems to use MSDOS partition table
  • WARNING Exploit CVE-2016-5195 CAN overwrite RO files SOMEHOW, so besides de disk image, a copy of the run-as is also downloaded in case modification was permanent. In most terminals, the file is not overwritten, but it HAS happened and may very well happen, leaving the terminal vulnerable.

EXPLOITS

  • [PATCHED] Dirty Cow (CVE-2016-5195): Exploit persists until reboot. Patched on 1st December 2016 Security Patch Level.

DEVEL TODO's

  • [CVE-2014-3153] Adapt and try
  • [CVE-2016-5195] dcow doesn't completely overwrite original file bytes sometimes. Requires multiple tries or reboot
  • Logging system