module
Android 'su' Privilege Escalation
| Disclosed |
|---|
| Aug 31, 2017 |
Disclosed
Aug 31, 2017
Description
This module uses the su binary present on rooted devices to run
a payload as root.
A rooted Android device will contain a su binary (often linked with
an application) that allows the user to run commands as root.
This module will use the su binary to execute a command stager
as root. The command stager will write a payload binary to a
temporary directory, make it executable, execute it in the background,
and finally delete the executable.
On most devices the su binary will pop-up a prompt on the device
asking the user for permission.
a payload as root.
A rooted Android device will contain a su binary (often linked with
an application) that allows the user to run commands as root.
This module will use the su binary to execute a command stager
as root. The command stager will write a payload binary to a
temporary directory, make it executable, execute it in the background,
and finally delete the executable.
On most devices the su binary will pop-up a prompt on the device
asking the user for permission.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.