How long the exploit should take?

Question

How long the exploit should take?

Opened this issue 3 years ago · 5 comments

It never completes even i leave it 48 hours

~/exploit $ ./exploit
WARNING: linker: /data/data/com.termux/files/home/exploit/poc3: unsupported flags DT_FLAGS_1=0x8000001
spray_pipes: 0x780
spray done...

its stuck here for very long time(also i ignore the linker warning its will disappear after stripping the binary)
htop report the exploit does doing processing (sometime its in interruptible sleep)

compile command: ~/Android/Sdk/ndk/23.1.7779620/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android24-clang exploit.c -o exploit then i transfer the executable to my android phone

uname -a: Linux localhost 3.18.31-perf-g810e576 #1 SMP PREEMPT Mon Aug 10 11:41:32 CST 2020 aarch64 Android

Android 7.1.1 CHP1801

Also its exploit for CVE-2015-1805

Answer 1 · 2021-12-06T13:44:07.000Z

Oh,, this poc is very old...
I didn't test this on Android. However, you may rewrite the code and check the modprobe_path(This may not be available on Android): grep modprobe_path /proc/kallsyms cat /proc/sys/kernel/modprobe

Line 48

unsigned long target_addr = 0xffffffff81aa40e0;

Answer 2 · 2021-12-06T14:12:07.000Z

ye not available grep modprobe_path /proc/kallsyms show 0 which is same for every kernel symbols

Answer 3 · 2021-12-06T14:12:58.000Z

but if it where correct target_addr how long it should take for you

Answer 4 · 2021-12-07T10:42:55.000Z

30 seconds, I guess.

Answer 5 · 2022-03-01T06:58:02.000Z

and access denied for cat /proc/sys/kernel/modprobe