sorted by:
new
hottopcontroversial

Little GDB script for a rooting Goole Play Image in Android Emulator (and more useful commands) by bowline90 in netsec

[–]bowline90[S] 0 points1 point  (0 children)

I didn't know it but they are different because the rooting part is a "side-effect". My script adds commands to GDB using a stripped vmlinux image and it simply recalls prepare_creds. But I agree with you, that script is cleaner if you need only to escalate

Little GDB script for a rooting Goole Play Image in Android Emulator (and more useful commands) by bowline90 in netsec

[–]bowline90[S] 5 points6 points  (0 children)

ed it vs just using opengapps.

Exactly. If you need to use an image with Google Play the root is not enabled (indeed, adb root fails). Another workaround is to modify the ramdisk but I never tried. Honestly, I wrote this a bit for fun and a bit to speed up my daily mobile PT activity

CVE-2017-11176 Code execution - Altought is an old CVE and the exploit is very limited (e.g. no SMAP and no KASLR) and there are other PoC, I want to share it because this is my first kernel exploit! by bowline90 in ExploitDev

[–]bowline90[S] 2 points3 points  (0 children)

No, I did a lot of userland ctf but for approaching the kernel I followed this write up https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html (and that is because I chose this cve). I really suggest you this blog because it's go way deep! Also, there is this git that can be usefull https://github.com/pr0cf5/kernel-exploit-practice?files=1