snorez / exploits Goto Github PK
View Code? Open in Web Editor NEWpractice
practice
hi !
hoping you could help out a noob here...
own a couple of androids running 4.4.2 (kernel 3.4.67) and i compiled and ran cve-2015-1805/exp.c
from this repo on one of 'em.
(noobish question) : output looks promising, but i'm unsure if it runs fully (to end) ?
shell@Pixi3-4:/data/local/tmp/cve-2015-1805 $ ./cve-2015-1805
spray_pipes: 0x780
spray done...
stop_send: 706d742f
race done, we are lucky
shell@Pixi3-4:/data/local/tmp/cve-2015-1805 $ su -
Permission denied
13|shell@Pixi3-4:/data/local/tmp/cve-2015-1805 $ /tmp/getroot
/system/bin/sh: /tmp/getroot: not found
127|shell@Pixi3-4:/data/local/tmp/cve-2015-1805 $ ls -al /tmp
/tmp: No such file or directory
.... which either means get_root
executable should already exist under /tmp - or (unlikely, from my limited understanding of the code) this file should appear after running this ... ? The file should probably exist beforehand, so i'm asking myself (1) where to get that, and (2) would some 'su' binary do ?
@ (1):is xfrm_poc_RE_challenge/get_root.c
expected to compile and run under android also ? see some strong references to a specific linux distro...
i've noticed in the other open issue that you've mentioned about following stuff, so i put these here as well:
1|shell@Pixi3-4:/ $ grep modprobe_path /proc/kallsyms
1|shell@Pixi3-4:/ $ cat /proc/sys/kernel/modprobe
/sbin/modprobe
could you please provide some directions here what to do to have the exploit run to 'it's full' - which i presume would mean i would be able to copy some 'su' binary under /sbin or so...
Totally as a side note: i want to root this phone to be able to use it as a hotspot (Te.hering) but restrict outgoing connections to specific ip addresses only , which afaik requires access to ipTables
Thanks for you time !
为什么这个编译各种错误 求教
What value should be used for INIT_TASK_ADDR?
cve-2017-2636.c:122:25: error: stray ‘`’ in program
#define INIT_TASK_ADDR `<todo>`
How long the exploit should take?
It never completes even i leave it 48 hours
~/exploit $ ./exploit
WARNING: linker: /data/data/com.termux/files/home/exploit/poc3: unsupported flags DT_FLAGS_1=0x8000001
spray_pipes: 0x780
spray done...
its stuck here for very long time(also i ignore the linker warning its will disappear after stripping the binary)
htop
report the exploit does doing processing (sometime its in interruptible sleep)
compile command: ~/Android/Sdk/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang exploit.c -o exploit
then i transfer the executable to my android phone
uname -a
: Linux localhost 3.18.31-perf-g810e576 #1 SMP PREEMPT Mon Aug 10 11:41:32 CST 2020 aarch64 Android
Android 7.1.1 CHP1801
Also its exploit for CVE-2015-1805
你的poc里面没有命名空间的部分
hi, snorez, what is the usage of cve-2017-7184? Is it sudo setcap cap_net_raw,cap_net_admin=eip ./xxx? but it didn't work.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.