Differences between revisions 1 and 30 (spanning 29 versions)
Revision 1 as of 2016-05-11 09:51:50
Size: 518
Editor: PaulWise
Comment: start an exploits page
Revision 30 as of 2020-04-01 03:36:04
Size: 4126
Editor: PaulWise
Comment: add replicant rooting guide
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * [[https://github.com/beaups/SamsungCID|SamsungCID]]: Samsung eMMC exploit allowing bootloader unlock
 * [[https://github.com/reverse-shell/routersploit|routersploit]]: Router Exploitation Framework
 * [[https://pierrekim.github.io/blog/2016-04-04-quanta-lte-routers-vulnerabilities.html|Vulnerabilities in Quanta LTE routers]]
 * [[https://github.com/laginimaineb/WarOfTheWorlds|WarOfTheWorlds]]: shellcode to [[http://bits-please.blogspot.com/2016/05/war-of-worlds-hijacking-linux-kernel.html|hack Linux]] from a [[http://bits-please.blogspot.com/2016/05/qsee-privilege-escalation-vulnerability.html|vulnerable TrustZone QSEE]]
 * [[https://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html|Breaking Android full-disk encryption]]
Line 6: Line 11:
 * [[https://redmine.replicant.us/projects/replicant/wiki/RootingDevices|Replicant guide to rooting Android devices]]
 * [[http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/|Microsoft Secure Boot debug-mode]]: allows breaking Secure Boot on Windows RT devices
 * [[http://blog.checkpoint.com/2016/08/07/quadrooter/|Quadrooter]]: four local-root vulnerabilities in Qualcomm-based Android devices
 * [[https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c|dirtyc0w]]: root exploit for Linux bug that was open for 10 years ([[https://gist.github.com/Arinerron/0e99d69d70a778ca13a0087fa6fdfd80|Android rooting tool]])
 * [[https://www.vusec.net/projects/drammer/|Drammer]]: tool for exploiting Android phones via Rowhammer issues in RAM modules
 * [[https://github.com/mattimustang/optus-sagemcom-fast-3864-hacks|optus-sagemcom-fast-3864-hacks]]: enable telnet and run arbitrary code on the Optus Sagemcom F@ST 3864 broadband modem
 * [[https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html|BitUnmap]]: vulnerability in Android ashmem
 * [[https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html|Bypassing Samsung’s Real-Time Kernel Protection]]
 * [[http://seclists.org/oss-sec/2017/q1/471|DCCP vuln]]: ancient Linux DCCP local root exploit
 * [[https://pegaswitch.com/|PegaSwitch]]: exploit toolkit for the Nintendo Switch
 * [[https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/|Adieu]]: PS4 kernel exploit
 * [[http://www.sighax.com/|sighax]]: BootROM exploit for the Nintendo 3DS/2DS/New3DS
 * [[https://www.theiphonewiki.com/wiki/Category:Exploits|iPhone exploits]]
 * [[https://wiki.mobileread.com/wiki/Kindle_Hacks_Information|Kindle jailbreaks]]
 * [[http://seclists.org/fulldisclosure/2017/Mar/63|Dishwasher dir traversal]]
 * [[https://www.samba.org/samba/security/CVE-2017-7494.html|Samba remote code execution]]: useful for NAS/router systems running samba, use [[https://github.com/hdm/metasploit-framework/blob/0520d7cf76f8e5e654cb60f157772200c1b9e230/modules/exploits/linux/samba/is_known_pipename.rb|metasploit]] to get in
 * [[https://alephsecurity.com/2017/05/23/nexus6-initroot/|initroot]]: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
 * [[https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_QBVR2017-0001.txt|NXP i.MX53 HABv4 bypass]]
 * [[https://blog.acolyer.org/2017/09/21/clkscrew-exposing-the-perils-of-security-oblivious-energy-management/|CLKSCREW]]: ARM TrustZone exploit via power management
 * [[https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html|Behind the Masq]]: dnsmasq code execution vulnerabilities

Many more can be found on [[https://firmwaresecurity.com/|firmwaresecurity.com]].

This is a list of exploits or tools that can help you jail break your device so you can install Debian:

Many more can be found on firmwaresecurity.com.