Last updated at Fri, 21 Jul 2017 17:08:59 GMT
The Android Exploit Mixin
This week, Rapid7's Joe Vennix refactored our tried and true methods for exploiting the addJavascriptInterface vulnerability, which happens to be present on a ton of consumer Android devices and Google Play store-approved apps, which means a couple things for Android exploit developers. First, there's now a testable library for adding new and exciting Android exploit techniques, which is nice from a developer standpoint.
Also, this refactoring enabled the creation of the Adobe PDF Reader version of the exploit. Yep, it turns out that Adobe's mobile app was vulnerable to the addJavascriptInterface issue until about mid-April of 2014. I wonder how many other apps with over a million downloads are exposed to this vulnerability?
If you're wondering the same thing, I suggest picking up the quite excellent Android Hacker's Handbook by Josh jduck Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, and Georg Wicherski. With this tome in hand, you can get down to the business of exploring Android as a target. We have a place to stash more exploit techniques now, we provided a functioning Meterpreter payload for Android devices, and many of the authors of the Handbook are already familiar with Metasploit module writing. With all these elements in place, I'm looking forward to a summer of Android exploits.
iPhone Meterpreter?
In other news, Metasploit contributor Anwar Mohamed has indicated that he's starting work on an iPhone version of Meterpreter, starting with a couple posts to the metasploit-hackers mailing list. If you're interested in helping out there, I'm sure he'd take it. After all, I don't want to give the impression that Metasploit is only interested in beating up on Android. We're happy to target pretty much any device that's hanging around on the Internet.
New Modules
In addition to the above-mentioned Android file format exploit, we have a new exploit for the Easy File Management Web Server, as well as a handy new scanner module which tests for the OpenSSL ChangeCipherSpec vulnerability announced a couple weeks ago, and a slew of other auxiliary modules. Check 'em out below:
Exploit modules
- Adobe Reader for Android addJavascriptInterface Exploit by joev and Yorick Koster exploits CVE-2014-0514
- Easy File Management Web Server Stack Buffer Overflow by Julien Ahrens, TecR0c, and superkojiman exploits OSVDB-107241
Auxiliary and post modules
- Chromecast YouTube Remote Control by wvu
- MongoDB NoSQL Collection Enumeration Via Injection by Brandon Perry
- Cisco SSL VPN Bruteforce Login Utility by Jonathan Claudius
- OpenSSL Server-Side ChangeCipherSpec Injection Scanner by juan vazquez, Craig Young, and Masashi Kikuchi exploits CVE-2014-0224
- Firefox Webcam Chat on Privileged Javascript Shell by joev
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows, either the totally free Metasploit Community Edition, or the 14-day free trial of Metasploit Pro. If you're the sort to track bleeding-edge development code, then these modules are but an msfupdate command away. For readers who are already using Metasploit Community or Metasploit Pro, you'll be able to install the new hotness today via the Administration : Software Updates button.
For additional details on what's changed and what's current, please see Chris Doughty's most excellent release notes.
