Rapid7 Vulnerability & Exploit Database

Allwinner 3.4 Legacy Kernel Local Privilege Escalation

Back to Search

Allwinner 3.4 Legacy Kernel Local Privilege Escalation

Disclosed
04/30/2016
Created
05/30/2018

Description

This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4 Vulnerable OS: all OS images available for Orange Pis, any for FriendlyARM's NanoPi M1, SinoVoip's M2+ and M3, Cuebietech's Cubietruck + Linksprite's pcDuino8 Uno Exploitation may be possible against Dragon (x10) and Allwinner Android tablets

Author(s)

  • h00die <mike@stcyrsecurity.com>
  • KotCzarny

Platform

Android,Linux

Architectures

armle

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/local/allwinner_backdoor
msf exploit(allwinner_backdoor) > show targets
    ...targets...
msf exploit(allwinner_backdoor) > set TARGET < target-id >
msf exploit(allwinner_backdoor) > show options
    ...show and set options...
msf exploit(allwinner_backdoor) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;