jduck/cve-2015-1538-1 jduck/cve-2015-1538-1

  • Stars
    star
    204
  • Rank 191,095 (Top 4 %)
  • Language
    Python
  • Created about 9 years ago
  • Updated about 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
jduck/cve-2015-1538-1
github

jduck

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An exploit for CVE-2015-1538-1 - Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution 
Included is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538 (#1). This is one of the most critical vulnerabilities I reported in the Stagefright library. The expected result of the exploit is a reverse shell as the media user. As detailed in my Black Hat and DEF CON presentations, this user also has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.

This exploit has several caveats. First, it is not a generic exploit. It's only been tested to work on a single device model. My target was the Galaxy Nexus device running Android 4.0.4 containing only a partial implementation of ASLR. Also, due to variances in heap layout, this is not a 100% reliable exploit by itself. However, I was able achieve 100% reliability when delivered through an attack vector that allowed multiple attempts. Finally, this vulnerability was one of several that was neutered by GCC 5.0’s ‘new[]’ integer overflow mitigation present on Android 5.0 and later.

Enjoy! Please consider contributing to Android security through research!

More Repositories

1

asus-cmd

ASUS Router infosvr UDP Broadcast root Command Execution
C
253
star
2

android-cluster-toolkit

The Android Cluster Toolkit helps organize and manipulate a collection of Android devices.
Ruby
101
star
3

lk-reducer

Linux Kernel Source Tree Reducer
C
76
star
4

challack

Proof-of-concept exploit code for CVE-2016-5696
C
71
star
5

canhazaxs

A tool for enumerating the access to entries in the file system of an Android device.
C
65
star
6

privmap

A tool for enumerating the effective privileges of processes on an Android device.
C
51
star
7

VulnWebView

Java
42
star
8

addjsif

Metasploit Exploit Module for the Android addJavascriptInterface Issue (MITM)
Ruby
34
star
9

file-dissect

File Dissect is a cross-platform framework and UI for analyzing various file formats. It is based on wxWidgets since it provides a native feel regardless of base OS.
C++
21
star
10

harry_potter

Write-up and such for the 2014 Plaid CTF harry_potter exploitation challenge
10
star
11

socks_scan

Unoriginally named SOCKS proxy scanner from the days of old (2002)
C
5
star
12

nsc

A netcat clone using libnsock
Shell
4
star
13

jfap

A simple 802.11 fake access point that supports open auth
C
4
star
14

csw-slides-2024

Slides for Developing Secure Software in 2024 at CanSecWest
JavaScript
3
star
15

nsock

Ninja Socket Library
C
3
star
16

insomnihack-2015-teaser

My challenge solutions for Insomni'Hack Teaser 2015
Ruby
2
star
17

libircii

A C library for parsing IrcII protocol
Shell
2
star
18

jduck.github.com

Personal site
HTML
2
star
19

chrome-bookmark-del-fix

A tool to patch Chrome's resources.pak to fix an annoying bug in the bookmark manager
Python
2
star
20

yez

A tiny raw-irc program using libnsock/libircii
C
1
star