985 replies to this topic

[jp1044]

Didn't actually have to use the exploit until now, but it worked great!

 

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  199.18KB   52 downloads

[texassax]

come Saturday, when I actually have a good amount of time to invest, I'll be giving this a go.  can't wait!

[radjazz]

At first this did not work for me. But I knew when going through the instructions I had a part that didn't feel right, I copied

                                                                              :

cd /tmp/share
wget http://vulnfactory.org/public/motoshare2.tgz
tar xvf motoshare2.tgz
sudo chmod 755 run.sh

 

and it ran without me hitting enter. I went back, hand typed the whole thing, no enter/line brakes and it downloaded LOTS more stuff. Once complete, I had Root!!!

 

Huge thanks to Dan and Sam for all your help in getting these things up and going.

Now I just need to find those little permissions so I can run wifi and USB tether without checking with Daddy Warbucks (aka Big Red/Verizon) 

[SamuriHL]

No go, this is what I am getting, Ubuntu 13 on USB drive, 32 bit
 
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/

ubuntu@ubuntu:/tmp/share$ sudo ./run.sh

[+] Waiting for device...

* daemon not running. starting it now on port 5037 *

* daemon started successfully *

[+] Device found.

[+] Pushing exploit...

1108 KB/s (366952 bytes in 0.323s)

5794 KB/s (1867568 bytes in 0.314s)

5271 KB/s (64391 bytes in 0.011s)

5470 KB/s (1578585 bytes in 0.281s)

    pkg: /data/local/tmp/Superuser.apk

Failure [INSTALL_FAILED_ALREADY_EXISTS]

[+] Rooting phone...

[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.

/system/bin/sh: /storage/rfs0/pwn: not found

[+] Please press any hardware button on your phone.

[+] Don't worry if the phone is unresponsive at this time.

[+] Press enter to continue once you have pressed a hardware button.


[*] Cleaning up...

[*] Exploit complete. Press enter to reboot and exit.

 
Installed SU BUT cannot get root.  It appears it is MISSING or not using a file.  Help?

It's not connecting to your samba share. Check in files app to make sure the share is connected and that you can see it.

Sent from my Xoom using Tapatalk HD

[Stockton350]

Is anyone else having trouble getting their phone to mount to the Linux share? I get up to setting the remote storage but when I try to connect, I get a network error message saying there's a problem in my network connection with the remote host.

 

I'm using the 32-bit CD (12.04) and my laptop and phone are both on the same wifi network

For the Host IP Address, I used the address after "inet addr" that came up when I used ifconfig

 

Below is what I had in the terminal up until that point. Any suggestions would be appreciated.

 

 

ubuntu@ubuntu:~$ mkdir /tmp/share
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree        
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
 
The following packages have unmet dependencies:
 samba : Depends: samba-common (= 2:3.6.3-2ubuntu2) but 2:3.6.3-2ubuntu2.3 is to be installed
         Depends: libwbclient0 (= 2:3.6.3-2ubuntu2) but 2:3.6.3-2ubuntu2.3 is to be installed
         Recommends: tdb-tools but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
ubuntu@ubuntu:~$ sudo apt-get update
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise InRelease
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/main TranslationIndex
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/restricted TranslationIndex
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/main Translation-en_US
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/main Translation-en
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/restricted Translation-en_US
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/restricted Translation-en
Ign

Please Login or Register to see this Hidden Content

precise-security InRelease
Get:1

Please Login or Register to see this Hidden Content

precise-security Release.gpg [198 B]
Get:2

Please Login or Register to see this Hidden Content

precise-security Release [49.6 kB]
Get:3

Please Login or Register to see this Hidden Content

precise-security/main i386 Packages [259 kB]
Get:4

Please Login or Register to see this Hidden Content

precise-security/restricted i386 Packages [4,620 B]
Get:5

Please Login or Register to see this Hidden Content

precise-security/main TranslationIndex [74 B]
Get:6

Please Login or Register to see this Hidden Content

precise-security/restricted TranslationIndex [72 B]
Get:7

Please Login or Register to see this Hidden Content

precise-security/main Translation-en [120 kB]
Get:8

Please Login or Register to see this Hidden Content

precise-security/restricted Translation-en [1,253 B]
Ign

Please Login or Register to see this Hidden Content

precise InRelease       
Ign

Please Login or Register to see this Hidden Content

precise-updates InRelease
Hit

Please Login or Register to see this Hidden Content

precise Release.gpg
Get:9

Please Login or Register to see this Hidden Content

precise-updates Release.gpg [198 B]
Hit

Please Login or Register to see this Hidden Content

precise Release
Get:10

Please Login or Register to see this Hidden Content

precise-updates Release [49.6 kB]
Hit

Please Login or Register to see this Hidden Content

precise/main i386 Packages
Hit

Please Login or Register to see this Hidden Content

precise/restricted i386 Packages
Hit

Please Login or Register to see this Hidden Content

precise/main TranslationIndex
Hit

Please Login or Register to see this Hidden Content

precise/restricted TranslationIndex
Get:11

Please Login or Register to see this Hidden Content

precise-updates/main i386 Packages [613 kB]
Get:12

Please Login or Register to see this Hidden Content

precise-updates/restricted i386 Packages [10.0 kB]
Get:13

Please Login or Register to see this Hidden Content

precise-updates/main TranslationIndex [3,564 B]
Get:14

Please Login or Register to see this Hidden Content

precise-updates/restricted TranslationIndex [2,461 B]
Hit

Please Login or Register to see this Hidden Content

precise/main Translation-en
Hit

Please Login or Register to see this Hidden Content

precise/restricted Translation-en
Get:15

Please Login or Register to see this Hidden Content

precise-updates/main Translation-en [269 kB]
Get:16

Please Login or Register to see this Hidden Content

precise-updates/restricted Translation-en [2,432 B]
Fetched 1,385 kB in 9s (147 kB/s)                     
Reading package lists... Done
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree        
Reading state information... Done
The following extra packages will be installed:
  libwbclient0 samba-common smbclient tdb-tools
Suggested packages:
  openbsd-inetd inet-superserver smbldap-tools
  ldb-tools ctdb
The following NEW packages will be installed:
  samba tdb-tools
The following packages will be upgraded:
  libwbclient0 samba-common smbclient
3 upgraded, 2 newly installed, 0 to remove and 178 not upgraded.
Need to get 22.4 MB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1

Please Login or Register to see this Hidden Content

precise/main tdb-tools i386 1.2.9-4 [22.8 kB]
Get:2

Please Login or Register to see this Hidden Content

precise-security/main libwbclient0 i386 2:3.6.3-2ubuntu2.6 [31.0 kB]
Get:3

Please Login or Register to see this Hidden Content

precise-security/main smbclient i386 2:3.6.3-2ubuntu2.6 [14.0 MB]
Get:4

Please Login or Register to see this Hidden Content

precise-security/main samba-common all 2:3.6.3-2ubuntu2.6 [326 kB]
Get:5

Please Login or Register to see this Hidden Content

precise-security/main samba i386 2:3.6.3-2ubuntu2.6 [8,013 kB]
Fetched 22.4 MB in 47s (467 kB/s)                     
Preconfiguring packages ...
(Reading database ... 147580 files and directories currently installed.)
Preparing to replace libwbclient0 2:3.6.3-2ubuntu2.3 (using .../libwbclient0_2%3a3.6.3-2ubuntu2.6_i386.deb) ...
Unpacking replacement libwbclient0 ...
Preparing to replace smbclient 2:3.6.3-2ubuntu2.3 (using .../smbclient_2%3a3.6.3-2ubuntu2.6_i386.deb) ...
Unpacking replacement smbclient ...
Preparing to replace samba-common 2:3.6.3-2ubuntu2.3 (using .../samba-common_2%3a3.6.3-2ubuntu2.6_all.deb) ...
Unpacking replacement samba-common ...
Selecting previously unselected package samba.
Unpacking samba (from .../samba_2%3a3.6.3-2ubuntu2.6_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.9-4_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
Setting up libwbclient0 (2:3.6.3-2ubuntu2.6) ...
Setting up samba-common (2:3.6.3-2ubuntu2.6) ...
Setting up smbclient (2:3.6.3-2ubuntu2.6) ...
Setting up samba (2:3.6.3-2ubuntu2.6) ...
Generating /etc/default/samba...
Importing account for nobody...ok
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode.
smbd start/running, process 6605
nmbd start/running, process 6641
Setting up tdb-tools (1.2.9-4) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode.
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
 
(gedit:6659): GLib-GIO-WARNING **: Missing callback called fullpath = /root/.local/share/recently-used.xbel
 
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:  
Retype new UNIX password:  
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 6727
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget

Please Login or Register to see this Hidden Content

 
--2013-04-23 04:14:59-- 

Please Login or Register to see this Hidden Content

Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
 
100%[============>] 3,304,852   1.24M/s   in 2.5s     
 
2013-04-23 04:15:04 (1.24 MB/s) - `motoshare2.tgz' saved [3304852/3304852]
 
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ 

[transmissiontech]

Im going to have to wait till middle of next month, i burned 1.65GB trying to get my usb working...download unbuntu twice kept giving me corrupt file on LiLi till i figured out fat32 doesnt like  64Bit, and im on broad band with a data cap thxs to big red.

 

I feel so stupid.

[transmissiontech]

No go, this is what I am getting, Ubuntu 13 on USB drive, 32 bit

 

ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
1108 KB/s (366952 bytes in 0.323s)
5794 KB/s (1867568 bytes in 0.314s)
5271 KB/s (64391 bytes in 0.011s)
5470 KB/s (1578585 bytes in 0.281s)
    pkg: /data/local/tmp/Superuser.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
/system/bin/sh: /storage/rfs0/pwn: not found
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.

[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
 

Installed SU BUT cannot get root.  It appears it is MISSING or not using a file.  Help?

ubuntu 13?? highest i have seen is 12.10...or am i reading it wrong

[adanrgz]

tested this exploit in the xt910.. TEST OK!!!!!!!!! ROOT JELLY BEAN OTA BRASIL

Please Login or Register to see this Hidden Content

[rlewis312010]

It's not connecting to your samba share. Check in files app to make sure the share is connected and that you can see it.

Sent from my Xoom using Tapatalk HD

I logged into it using files, it opens up files.  Suddenly it RAN, and then it rebooted and I am waiting to see what happens...nope.  This sucks.

[rlewis312010]

Sam, what is this error for RSD lite?

Failed flashing process.  5/24 oem fb_mode_set-->phone returns FAIL

 

--TRYING to FXZ to totally stock JB

RSD lite 6.1.4?  it is 6 something.  Never saw an RSD FXZ fail like this.  I did push the preinstall and system from 246 to get phone UP after the BS fail.  Then installed JB update file off SD card.  Was trying to go absolutely stock. 

[bretthoward]

I also had issues getting the FXZ to work. I had a previous superuser.apk on there from when I rooted on ICS. Sadly when I was in a tired as hell state I forgot to OTA rootkeep. I'd done it earlier that day but forgot to redo it since I'd FXZed to stock ICS before OTAing. Anyway once I disabled the prior superuser.apk and ran the steps again all went well. Thanks for the root access and thanks for sending a portion of your proceeds to Boston. Stand up guy! ~Brett

[rockonfender]

Sam, what is this error for RSD lite?

Failed flashing process.  5/24 oem fb_mode_set-->phone returns FAIL

 

--TRYING to FXZ to totally stock JB

RSD lite 6.1.4?  it is 6 something.  Never saw an RSD FXZ fail like this.  I did push the preinstall and system from 246 to get phone UP after the BS fail.  Then installed JB update file off SD card.  Was trying to go absolutely stock. 

 

I'm not Sam, but you can fix this by opening the .xml from the FXZ and search for anywhere it says "OEM" and delete the text beween the angle brackets <like this>

 

Hard to explain without showing you, but let us know if you need more help.

[zvsdeaz]

Dan FTW! Donation gladly sent.

[ianlee168]

Awesome stuff!

[bretthoward]

Any chance in getting source?

[eric3938]

For me the exploit goes all the way through, nothing seems to give any sort of error. When it reboots though, Titanium Backup can't get root.

 

I guess I had the same question as above with the :

 

 

I was having this same problem so I factory reset my phone and root went through without a hitch!

[kivo360]

Ok, never mind my previous issue, I now have the error of not finding the sh file in my temp. I'm looking at it through the remote file system on my phone. 

[Para94]

at first thank you.

but i have a problem when I'm starting the exploit with ./run.sh everything is ok. I press a hardwarebutton and afterwards enter.

then the terminal says:

./run.sh: line 58: ./adb.linux: No such file or directory
./run.sh: line 59: ./adb.linux: No such file or directory
./run.sh: line 60: ./adb.linux: No such file or directory
 

i looked into the directory and i found the adb.linux.... any advice

[vzzoom]

first off, when i remote connect my bionic via remote storage the folder is empty (connects fine just empty).

here is what my command terminal says:

./run.sh: line 30: ./adb.linux: No such file or directory
[+] Waiting for device...
./run.sh: line 33: ./adb.linux: No such file or directory
[+] Device found.
[+] Pushing exploit...
./run.sh: line 38: ./adb.linux: No such file or directory
./run.sh: line 39: ./adb.linux: No such file or directory
./run.sh: line 40: ./adb.linux: No such file or directory
./run.sh: line 42: ./adb.linux: No such file or directory
./run.sh: line 43: ./adb.linux: No such file or directory
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
./run.sh: line 49: ./adb.linux: No such file or directory
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.

[*] Cleaning up...
./run.sh: line 58: ./adb.linux: No such file or directory
./run.sh: line 59: ./adb.linux: No such file or directory
./run.sh: line 60: ./adb.linux: No such file or directory
[*] Exploit complete. Press enter to reboot and exit.

./run.sh: line 65: ./adb.linux: No such file or directory
./run.sh: line 66: ./adb.linux: No such file or directory

 

I'm using the 32-bit version 12.10. I tryed repeating the process but it wouldn't work. if its any help my phone never rebooted after pressing enter on the last comand

[ronni]

Thank You So much...... : .......

long live ................. :