Trà Đá Hacking #1- FRP Remote Root

I recently spoke at Trà Đá Hacking #1 (http://trada.vnsecurity.net), organized by VNSec in HCMC on the topic of ‘How to Get Started in Finding 0-Days – A Use Case’. The short introductory talk was intended to introduce the topic of finding 0-days using a real-world scenario as an example.

The slides can be found here:

I have created a remote code/command execution exploit client for the talk, based on 2 vulnerabilities discovered last year. The exploit can be downloaded here:

A sample video of the exploit in action:

Update: After a long time, the guys at FRP finally released the fixed version: https://frpsupport.fogbugz.com/default.asp?W291

frp2016-730-released

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s