CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/multi/local/allwinner_backdoor.md
Views: 1904
Vulnerable Application
Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4.
Vulnerable OS:
all OS images available for Orange Pis
any for FriendlyARM's NanoPi M1
SinoVoip's M2+ and M3
Cuebietech's Cubietruck +
Linksprite's pcDuino8 Uno
Exploitation may be possible against Dragon (x10) and Allwinner Android tablets.
This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Implements the Allwinner privilege escalation as documented in Metasploit issue #6869. It is a simple debug kernel module that, when "rootmydevice" is echoed to the process, it escalates the shell to root.
Verification Steps
To use this module, you need a vulnerable device.
An Orange Pi (PC model) running Lubuntu 14.04 v0.8.0 works, but other OSes for the device (as well as other devices) are also vulnerable.
Start
msfconsole
Get a session
Do:
use exploit/multi/local/allwinner_backdoor
Do:
set SESSION [SESSION]
Do:
set LHOST [LHOST]
Do:
run
You should get a new root session
Options
Scenarios
Orange PI running Ubuntu 14.04 (Linux 3.4.39)
use auxiliary/scanner/ssh/ssh_login
use exploit/multi/local/allwinner_backdoor
Successful exploitation: