Trà Đá Hacking #1- FRP Remote Root

I recently spoke at Trà Đá Hacking #1 (, organized by VNSec in HCMC on the topic of ‘How to Get Started in Finding 0-Days – A Use Case’. The short introductory talk was intended to introduce the topic of finding 0-days using a real-world scenario as an example.

The slides can be found here:

I have created a remote code/command execution exploit client for the talk, based on 2 vulnerabilities discovered last year. The exploit can be downloaded here:

A sample video of the exploit in action:

Update: After a long time, the guys at FRP finally released the fixed version:



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s