Jump to content


Photo

[ROOT] Motoshare 2: Old Bug, New Exploit


  • Please log in to reply
985 replies to this topic

#161 jp1044

jp1044

    DEVELOPER

  • News Writer
  • PipPipPipPip
  • 1,104 posts
  • Twitter:@jp1044
  • Google+:jp1044@gmail.com
  • LocationColorado
  • Current Device(s):MOTO X Developer Edition, Droid RAZR HD (backup)

Posted 22 April 2013 - 07:50 PM

Didn't actually have to use the exploit until now, but it worked great!

 

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  199.18KB   52 downloads



If you feel the urge to donate to me, you can do so here -> Donate

#162 texassax

texassax

    n00b

  • Members
  • Pip
  • 6 posts

Posted 22 April 2013 - 07:56 PM

come Saturday, when I actually have a good amount of time to invest, I'll be giving this a go.  can't wait!



#163 radjazz

radjazz

    n00b

  • Members
  • Pip
  • 1 posts

Posted 22 April 2013 - 07:57 PM

At first this did not work for me. But I knew when going through the instructions I had a part that didn't feel right, I copied

                                                                              :

cd /tmp/share
wget http
://vulnfactory.org/public/motoshare2.tgz
tar xvf motoshare2.tgz
sudo chmod
755 run.sh

 

and it ran without me hitting enter. I went back, hand typed the whole thing, no enter/line brakes and it downloaded LOTS more stuff. Once complete, I had Root!!!

 

Huge thanks to Dan and Sam for all your help in getting these things up and going.

Now I just need to find those little permissions so I can run wifi and USB tether without checking with Daddy Warbucks (aka Big Red/Verizon) 



#164 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 44,198 posts
  • Current Device(s):S21 Ultra, Pixel 6

Posted 22 April 2013 - 08:00 PM

No go, this is what I am getting, Ubuntu 13 on USB drive, 32 bit
 
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/

ubuntu@ubuntu:/tmp/share$ sudo ./run.sh

[+] Waiting for device...

* daemon not running. starting it now on port 5037 *

* daemon started successfully *

[+] Device found.

[+] Pushing exploit...

1108 KB/s (366952 bytes in 0.323s)

5794 KB/s (1867568 bytes in 0.314s)

5271 KB/s (64391 bytes in 0.011s)

5470 KB/s (1578585 bytes in 0.281s)

    pkg: /data/local/tmp/Superuser.apk

Failure [INSTALL_FAILED_ALREADY_EXISTS]

[+] Rooting phone...

[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.

/system/bin/sh: /storage/rfs0/pwn: not found

[+] Please press any hardware button on your phone.

[+] Don't worry if the phone is unresponsive at this time.

[+] Press enter to continue once you have pressed a hardware button.


[*] Cleaning up...

[*] Exploit complete. Press enter to reboot and exit.

 
Installed SU BUT cannot get root.  It appears it is MISSING or not using a file.  Help?

It's not connecting to your samba share. Check in files app to make sure the share is connected and that you can see it.

Sent from my Xoom using Tapatalk HD

Non potest esse nisi unus


#165 Stockton350

Stockton350

    n00b

  • Members
  • Pip
  • 2 posts
  • Current Device(s):Bionic, N7, nook color with cm10

Posted 22 April 2013 - 08:01 PM

Is anyone else having trouble getting their phone to mount to the Linux share? I get up to setting the remote storage but when I try to connect, I get a network error message saying there's a problem in my network connection with the remote host.

 

I'm using the 32-bit CD (12.04) and my laptop and phone are both on the same wifi network

For the Host IP Address, I used the address after "inet addr" that came up when I used ifconfig

 

Below is what I had in the terminal up until that point. Any suggestions would be appreciated.

 

 

ubuntu@ubuntu:~$ mkdir /tmp/share
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree        
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
 
The following packages have unmet dependencies:
 samba : Depends: samba-common (= 2:3.6.3-2ubuntu2) but 2:3.6.3-2ubuntu2.3 is to be installed
         Depends: libwbclient0 (= 2:3.6.3-2ubuntu2) but 2:3.6.3-2ubuntu2.3 is to be installed
         Recommends: tdb-tools but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
ubuntu@ubuntu:~$ sudo apt-get update
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise InRelease
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/main TranslationIndex
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/restricted TranslationIndex
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/main Translation-en_US
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/main Translation-en
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/restricted Translation-en_US
Ign cdrom://Ubuntu 12.04.2 LTS _Precise Pangolin_ - Release i386 (20130213) precise/restricted Translation-en
Ign

Please Login or Register to see this Hidden Content

precise-security InRelease
Get:1

Please Login or Register to see this Hidden Content

precise-security Release.gpg [198 B]
Get:2

Please Login or Register to see this Hidden Content

precise-security Release [49.6 kB]
Get:3

Please Login or Register to see this Hidden Content

precise-security/main i386 Packages [259 kB]
Get:4

Please Login or Register to see this Hidden Content

precise-security/restricted i386 Packages [4,620 B]
Get:5

Please Login or Register to see this Hidden Content

precise-security/main TranslationIndex [74 B]
Get:6

Please Login or Register to see this Hidden Content

precise-security/restricted TranslationIndex [72 B]
Get:7

Please Login or Register to see this Hidden Content

precise-security/main Translation-en [120 kB]
Get:8

Please Login or Register to see this Hidden Content

precise-security/restricted Translation-en [1,253 B]
Ign

Please Login or Register to see this Hidden Content

precise InRelease       
Ign

Please Login or Register to see this Hidden Content

precise-updates InRelease
Hit

Please Login or Register to see this Hidden Content

precise Release.gpg
Get:9

Please Login or Register to see this Hidden Content

precise-updates Release.gpg [198 B]
Hit

Please Login or Register to see this Hidden Content

precise Release
Get:10

Please Login or Register to see this Hidden Content

precise-updates Release [49.6 kB]
Hit

Please Login or Register to see this Hidden Content

precise/main i386 Packages
Hit

Please Login or Register to see this Hidden Content

precise/restricted i386 Packages
Hit

Please Login or Register to see this Hidden Content

precise/main TranslationIndex
Hit

Please Login or Register to see this Hidden Content

precise/restricted TranslationIndex
Get:11

Please Login or Register to see this Hidden Content

precise-updates/main i386 Packages [613 kB]
Get:12

Please Login or Register to see this Hidden Content

precise-updates/restricted i386 Packages [10.0 kB]
Get:13

Please Login or Register to see this Hidden Content

precise-updates/main TranslationIndex [3,564 B]
Get:14

Please Login or Register to see this Hidden Content

precise-updates/restricted TranslationIndex [2,461 B]
Hit

Please Login or Register to see this Hidden Content

precise/main Translation-en
Hit

Please Login or Register to see this Hidden Content

precise/restricted Translation-en
Get:15

Please Login or Register to see this Hidden Content

precise-updates/main Translation-en [269 kB]
Get:16

Please Login or Register to see this Hidden Content

precise-updates/restricted Translation-en [2,432 B]
Fetched 1,385 kB in 9s (147 kB/s)                     
Reading package lists... Done
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree        
Reading state information... Done
The following extra packages will be installed:
  libwbclient0 samba-common smbclient tdb-tools
Suggested packages:
  openbsd-inetd inet-superserver smbldap-tools
  ldb-tools ctdb
The following NEW packages will be installed:
  samba tdb-tools
The following packages will be upgraded:
  libwbclient0 samba-common smbclient
3 upgraded, 2 newly installed, 0 to remove and 178 not upgraded.
Need to get 22.4 MB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1

Please Login or Register to see this Hidden Content

precise/main tdb-tools i386 1.2.9-4 [22.8 kB]
Get:2

Please Login or Register to see this Hidden Content

precise-security/main libwbclient0 i386 2:3.6.3-2ubuntu2.6 [31.0 kB]
Get:3

Please Login or Register to see this Hidden Content

precise-security/main smbclient i386 2:3.6.3-2ubuntu2.6 [14.0 MB]
Get:4

Please Login or Register to see this Hidden Content

precise-security/main samba-common all 2:3.6.3-2ubuntu2.6 [326 kB]
Get:5

Please Login or Register to see this Hidden Content

precise-security/main samba i386 2:3.6.3-2ubuntu2.6 [8,013 kB]
Fetched 22.4 MB in 47s (467 kB/s)                     
Preconfiguring packages ...
(Reading database ... 147580 files and directories currently installed.)
Preparing to replace libwbclient0 2:3.6.3-2ubuntu2.3 (using .../libwbclient0_2%3a3.6.3-2ubuntu2.6_i386.deb) ...
Unpacking replacement libwbclient0 ...
Preparing to replace smbclient 2:3.6.3-2ubuntu2.3 (using .../smbclient_2%3a3.6.3-2ubuntu2.6_i386.deb) ...
Unpacking replacement smbclient ...
Preparing to replace samba-common 2:3.6.3-2ubuntu2.3 (using .../samba-common_2%3a3.6.3-2ubuntu2.6_all.deb) ...
Unpacking replacement samba-common ...
Selecting previously unselected package samba.
Unpacking samba (from .../samba_2%3a3.6.3-2ubuntu2.6_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.9-4_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
Setting up libwbclient0 (2:3.6.3-2ubuntu2.6) ...
Setting up samba-common (2:3.6.3-2ubuntu2.6) ...
Setting up smbclient (2:3.6.3-2ubuntu2.6) ...
Setting up samba (2:3.6.3-2ubuntu2.6) ...
Generating /etc/default/samba...
Importing account for nobody...ok
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode.
smbd start/running, process 6605
nmbd start/running, process 6641
Setting up tdb-tools (1.2.9-4) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode.
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
 
(gedit:6659): GLib-GIO-WARNING **: Missing callback called fullpath = /root/.local/share/recently-used.xbel
 
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:  
Retype new UNIX password:  
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 6727
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget

Please Login or Register to see this Hidden Content


 
--2013-04-23 04:14:59-- 

Please Login or Register to see this Hidden Content


Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
 
100%[============>] 3,304,852   1.24M/s   in 2.5s     
 
2013-04-23 04:15:04 (1.24 MB/s) - `motoshare2.tgz' saved [3304852/3304852]
 
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ 



#166 transmissiontech

transmissiontech

    Your Tranny Specialist

  • Dedicated Supporter
  • PipPipPipPipPip
  • 7,484 posts
  • LocationMissouri...Show Me State
  • Current Device(s):Google Pixel 32 gig

Posted 22 April 2013 - 08:04 PM

Im going to have to wait till middle of next month, i burned 1.65GB trying to get my usb working...download unbuntu twice kept giving me corrupt file on LiLi till i figured out fat32 doesnt like  64Bit, and im on broad band with a data cap thxs to big red.

 

I feel so stupid.


Thanks Droidrzr for the continued support of my family and a special thank you to Kaos and Kelly....

Google pixel 32 gig....


#167 transmissiontech

transmissiontech

    Your Tranny Specialist

  • Dedicated Supporter
  • PipPipPipPipPip
  • 7,484 posts
  • LocationMissouri...Show Me State
  • Current Device(s):Google Pixel 32 gig

Posted 22 April 2013 - 08:07 PM

No go, this is what I am getting, Ubuntu 13 on USB drive, 32 bit

 

ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
1108 KB/s (366952 bytes in 0.323s)
5794 KB/s (1867568 bytes in 0.314s)
5271 KB/s (64391 bytes in 0.011s)
5470 KB/s (1578585 bytes in 0.281s)
    pkg: /data/local/tmp/Superuser.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
/system/bin/sh: /storage/rfs0/pwn: not found
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.

[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
 

Installed SU BUT cannot get root.  It appears it is MISSING or not using a file.  Help?

ubuntu 13?? highest i have seen is 12.10...or am i reading it wrong


Thanks Droidrzr for the continued support of my family and a special thank you to Kaos and Kelly....

Google pixel 32 gig....


#168 adanrgz

adanrgz

    n00b

  • Members
  • Pip
  • 1 posts
  • LocationLos mochis
  • Current Device(s):moto razr maxx

Posted 22 April 2013 - 08:15 PM

tested this exploit in the xt910.. TEST OK!!!!!!!!! ROOT JELLY BEAN OTA BRASIL

Please Login or Register to see this Hidden Content


  • livinginkaos and pepcisko like this

#169 rlewis312010

rlewis312010

    Member

  • Members
  • PipPip
  • 111 posts

Posted 22 April 2013 - 08:20 PM

It's not connecting to your samba share. Check in files app to make sure the share is connected and that you can see it.

Sent from my Xoom using Tapatalk HD

I logged into it using files, it opens up files.  Suddenly it RAN, and then it rebooted and I am waiting to see what happens...nope.  This sucks.



#170 rlewis312010

rlewis312010

    Member

  • Members
  • PipPip
  • 111 posts

Posted 22 April 2013 - 08:44 PM

Sam, what is this error for RSD lite?

Failed flashing process.  5/24 oem fb_mode_set-->phone returns FAIL

 

--TRYING to FXZ to totally stock JB

RSD lite 6.1.4?  it is 6 something.  Never saw an RSD FXZ fail like this.  I did push the preinstall and system from 246 to get phone UP after the BS fail.  Then installed JB update file off SD card.  Was trying to go absolutely stock. 



#171 bretthoward

bretthoward

    n00b

  • Members
  • Pip
  • 3 posts

Posted 22 April 2013 - 09:21 PM

I also had issues getting the FXZ to work. I had a previous superuser.apk on there from when I rooted on ICS. Sadly when I was in a tired as hell state I forgot to OTA rootkeep. I'd done it earlier that day but forgot to redo it since I'd FXZed to stock ICS before OTAing. Anyway once I disabled the prior superuser.apk and ran the steps again all went well. Thanks for the root access and thanks for sending a portion of your proceeds to Boston. Stand up guy! ~Brett

#172 rockonfender

rockonfender

    n00b

  • Members
  • Pip
  • 1 posts

Posted 22 April 2013 - 10:13 PM

Sam, what is this error for RSD lite?

Failed flashing process.  5/24 oem fb_mode_set-->phone returns FAIL

 

--TRYING to FXZ to totally stock JB

RSD lite 6.1.4?  it is 6 something.  Never saw an RSD FXZ fail like this.  I did push the preinstall and system from 246 to get phone UP after the BS fail.  Then installed JB update file off SD card.  Was trying to go absolutely stock. 

 

I'm not Sam, but you can fix this by opening the .xml from the FXZ and search for anywhere it says "OEM" and delete the text beween the angle brackets <like this>

 

Hard to explain without showing you, but let us know if you need more help.


  • SamuriHL likes this

#173 zvsdeaz

zvsdeaz

    n00b

  • Members
  • Pip
  • 1 posts

Posted 22 April 2013 - 10:33 PM

Dan FTW! Donation gladly sent.



#174 ianlee168

ianlee168

    n00b

  • Members
  • Pip
  • 1 posts
  • Google+:ianlee168@gmail.com

Posted 22 April 2013 - 10:48 PM

Awesome stuff!



#175 bretthoward

bretthoward

    n00b

  • Members
  • Pip
  • 3 posts

Posted 22 April 2013 - 11:13 PM

Any chance in getting source?

#176 eric3938

eric3938

    n00b

  • Members
  • Pip
  • 1 posts

Posted 23 April 2013 - 12:03 AM

For me the exploit goes all the way through, nothing seems to give any sort of error. When it reboots though, Titanium Backup can't get root.

 

I guess I had the same question as above with the :

 

 

I was having this same problem so I factory reset my phone and root went through without a hitch!



#177 kivo360

kivo360

    Member

  • Members
  • PipPip
  • 26 posts

Posted 23 April 2013 - 12:24 AM

Ok, never mind my previous issue, I now have the error of not finding the sh file in my temp. I'm looking at it through the remote file system on my phone. 



#178 Para94

Para94

    n00b

  • Members
  • Pip
  • 5 posts

Posted 23 April 2013 - 12:29 AM

at first thank you.

but i have a problem when I'm starting the exploit with ./run.sh everything is ok. I press a hardwarebutton and afterwards enter.

then the terminal says:

./run.sh: line 58: ./adb.linux: No such file or directory
./run.sh: line 59: ./adb.linux: No such file or directory
./run.sh: line 60: ./adb.linux: No such file or directory
 

i looked into the directory and i found the adb.linux.... any advice



#179 vzzoom

vzzoom

    n00b

  • Members
  • Pip
  • 2 posts
  • Current Device(s):bionic

Posted 23 April 2013 - 12:52 AM

first off, when i remote connect my bionic via remote storage the folder is empty (connects fine just empty).

here is what my command terminal says:

./run.sh: line 30: ./adb.linux: No such file or directory
[+] Waiting for device...
./run.sh: line 33: ./adb.linux: No such file or directory
[+] Device found.
[+] Pushing exploit...
./run.sh: line 38: ./adb.linux: No such file or directory
./run.sh: line 39: ./adb.linux: No such file or directory
./run.sh: line 40: ./adb.linux: No such file or directory
./run.sh: line 42: ./adb.linux: No such file or directory
./run.sh: line 43: ./adb.linux: No such file or directory
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
./run.sh: line 49: ./adb.linux: No such file or directory
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.

[*] Cleaning up...
./run.sh: line 58: ./adb.linux: No such file or directory
./run.sh: line 59: ./adb.linux: No such file or directory
./run.sh: line 60: ./adb.linux: No such file or directory
[*] Exploit complete. Press enter to reboot and exit.

./run.sh: line 65: ./adb.linux: No such file or directory
./run.sh: line 66: ./adb.linux: No such file or directory

 

I'm using the 32-bit version 12.10. I tryed repeating the process but it wouldn't work. if its any help my phone never rebooted after pressing enter on the last comand



#180 ronni

ronni

    n00b

  • Members
  • Pip
  • 1 posts

Posted 23 April 2013 - 01:57 AM

Thank You So much...... :lol: .......

long live ................. :rolleyes:






5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users