Android Exploitation : Exploiting the Webkit Vuln.

December 31st, 2011 | 2 Comments »

Hello All !

I was going through some of the Android exploits, and came through the Webkit Use-after-free vulnerablitity. So, i decided to go ahead with it, and actually try getting a remote shell.

The exploit was originally discovered by MJ Keith and later  tweaked by Itzhak Avraham. I used Zuk’s code in my demonstration.

Here is the modified exploit by Zuk : Link

I will go into the technical details of the vulnerability and the exploit in later blog posts.

Don’t forget to replace the IP address in the code with your IP address and with your port, where you want the incoming connection.

Also, you need to set up a netcat listener, in order to get the incoming connection.

You could do that using

nc -l -p 12345 -n -vvv

where 12345 is the port, on which  i will get my incoming connection.

 

Netcat listener

 

As soon as you open the webpage on your emulator, or real phone, you would get a reverse connection onto your netcat listener.

You can now execute all sorts of adb commands, like you used to do in adb shell. I have posted some of the screenshots.

Like..

“Getting the id”

The processes list

 

The webview.db file 

 

 

(Stop! Don’t look at my web browsing habits :D )

Hope you liked it.

Thanks.

Filed under: Android | Tags: , ,

2 Comments on “Android Exploitation : Exploiting the Webkit Vuln.”

  1. 1 Sunny said at 12:36 pm on January 1st, 2012:

    hmm… nicew article :D

  2. 2 Lula Hollman said at 11:06 pm on February 1st, 2012:

    Regards for helping out, excellent info .

Leave a Reply