CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/android/local/su_exec.md
Views: 1904
Vulnerable Application
This module uses the su binary present on rooted devices to run a payload as root.
A rooted Android device will contain a su binary (often linked with an application) that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The command stager will write a payload binary to a temporary directory, make it executable, execute it in the background, and finally delete the executable.
On most devices the su binary will pop-up a prompt on the device asking the user for permission.
This module will only work on rooted devices. An off the shelf Android device is unlikely to be rooted, however it's possible to root a device without losing the data. Many devices can be rooted by flashing new firmware, however the existing data will be lost.
Scenarios
You'll first need to obtain a session on the target device. To do this follow the instructions here
Once the module is loaded, one simply needs to set the SESSION
option and configure the handler. An example session follows:
Please not that in most cases you will have to manually confirm the Superuser prompt on the device itself before the module completes. You can do set WfsDelay 10
to give yourself more time.