Booted up an Android kernel as I mentioned here.
The branch name is android11-5.4.
Kernel is compiled
We used the wall-of-perdition’s vulnerable firewall to exploit.
We used the make in the compiled kernel directory in order to compile the firewall module
and then wget and insmod. Result is
I added a rule to the firewall for test purpose.
#include <iostream>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <fcntl.h>
#include <stdint.h>
using namespace std;
#define ADD_RULE 0x1337babe
#define DELETE_RULE 0xdeadbabe
#define EDIT_RULE 0x1337beef
#define SHOW_RULE 0xdeadbeef
#define DUP_RULE 0xbaad5aad
typedef unsigned int u32;
typedef struct
{
char iface[16];
char name[16];
char ip[16];
char netmask[16];
uint8_t idx;
uint8_t type;
uint16_t proto;
uint16_t port;
uint8_t action;
#ifdef EASY_MODE
char desc[DESC_MAX];
#endif
} user_rule_t;
constexpr void errcheck(const char* buff,int fd){if(fd<0){cout<<"Error "<<buff<<endl;}}
struct Exp{
u32 stage{ 0 };
void stage1()
{
int fd = open("/dev/firewall",O_RDONLY);
errcheck("open",fd);
user_rule_t rule1;
ioctl(fd,ADD_RULE,&rule1);
}
};
int main(){
struct Exp exp;
exp.stage1();
}
We can interact to the firewall.
Well let’s start.
Bir yanıt yazın