Closed HemanthJabalpuri closed 5 years ago
timwr
commented
5 years ago Depending on your Android version this might not be that useful, as you might not be able to execute the original run-as from within termux. Having the original binary isn't useful at all because we overwrite it anyway, it's the suid bit that makes it useful.
HemanthJabalpuri
commented
5 years ago @timwr
I modified build.prop value using cowpy binary available in https://github.com/nowsecure/dirtycow
Is it possible to inject su to some other binaries like sqlite3 instead of run-as...!
timwr
commented
5 years ago Depending on your device there may be a binary you can overwrite that is executed as root, and sometimes with a decent selinux context. Try hostapd, dnsmasq? Which device?
HemanthJabalpuri
commented
5 years ago Depending on your device there may be a binary you can overwrite that is executed as root, and sometimes with a decent selinux context. Try hostapd, dnsmasq? Which device?
@timwr I have a Lava A72 Indian Brand... 6.0 armv7l with dirtycow vulnerability....
But with which binary I have to overwrite? ls_output.txt
https://github.com/mrmazakblu/DirtyCow-R1_HD
https://github.com/Tlgyt/DirtyCowAndroid
@timwr Is it possible if i have run-as binary extracted from stock firmware....