Hello All !
I was going through some of the Android exploits, and came through the Webkit Use-after-free vulnerablitity. So, i decided to go ahead with it, and actually try getting a remote shell.
Here is the modified exploit by Zuk : Link
I will go into the technical details of the vulnerability and the exploit in later blog posts.
Don’t forget to replace the IP address in the code with your IP address and with your port, where you want the incoming connection.
Also, you need to set up a netcat listener, in order to get the incoming connection.
You could do that using
nc -l -p 12345 -n -vvv
where 12345 is the port, on which i will get my incoming connection.
As soon as you open the webpage on your emulator, or real phone, you would get a reverse connection onto your netcat listener.
You can now execute all sorts of adb commands, like you used to do in adb shell. I have posted some of the screenshots.
“Getting the id”
The processes list
The webview.db file
(Stop! Don’t look at my web browsing habits )
Hope you liked it.
Filed under: Android | Tags: Android, Android Exploitation, Use-after-free vulnerability Android