Sign upLogin

hackedteam/vector-exploit

View on GitHub
Star
src/ht-webkit-Android4-src/BUILDING

Summary

Maintainability
Test Coverage
--------------------------------------------------------------------------------
----------- [ Android Browser 4.0.x-4.3.x remote2local exploit ] ---------------
------------------------ [ Building instructions ] -----------------------------
--------------------------------------------------------------------------------

This document explains how to build and run the Android Browser
remote2local XSLT exploit.

-- [ BUILDING ]

The exploit build is actually a 2-stage process. First, you need to
compile the C and assembly parts of the exploit and integrate them
into the relevant javascript files, performing minification and
obfuscation with Google Closure Compiler. This is the first part of
the building process. Please note that PERFORMING THIS OPERATION IS
RARELY NECESSARY! You will need to compile everything from scratch
only if you need to modify low-level exploit functions. Server
configuration (EDN configuration files, IP addresses, encryption
keys...) is set in the EDN build process, which is faster and does not
have special requirements. A precompiled and tested version of this
step is provided.

After the compilation is done, you will need to integrate the
remote2root exploit, apk file, and set server-specific variables,
in order to deploy it on the customer VPS, which is the second part of
the build. This is explained in EDN_BUILD.

If, however, you actually need to rebuild the whole exploit, follow the
instruction in the "Building from sources" section, otherwise you can
safely skip that.

--- [ Building from sources ]

---- [ Dependencies ]

You will need the following configured and in your PATH:

* Android NDK
* Android SDK headers
* pyelftools (https://github.com/eliben/pyelftools)

--- [ How to build ]

* Edit the file src/module/jni/Android.mk and replace the SDK header
  file path.

* Chdir to the exploit root directory and run

  python build.py release

* The compiled exploit will be written to ./build/release

--- [ How to generate the EDN package ]

* After the compilation, compress all the files in ./build/release as
  a zip. The resulting zip file must contain no subdirectories and all
  files must reside at top level, e.g.,

  android43_browser_remote.zip
   +- build
   +- exploit
   .
   .
   +- stylesheet.xsl

* Follow the instruction in EDN_BUILD