From 08b6739e17d07fd3511beccf275201a2a7be360c Mon Sep 17 00:00:00 2001 From: SirBroccoli Date: Thu, 28 Aug 2025 11:50:29 +0200 Subject: [PATCH] Update README.md --- .../privilege-escalation/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/linux-hardening/privilege-escalation/README.md b/src/linux-hardening/privilege-escalation/README.md index b331356cd..6c419ccb0 100644 --- a/src/linux-hardening/privilege-escalation/README.md +++ b/src/linux-hardening/privilege-escalation/README.md @@ -1630,6 +1630,15 @@ escaping-from-limited-bash.md cisco-vmanage.md {{#endref}} +## Android rooting frameworks: manager-channel abuse + +Android rooting frameworks commonly hook a syscall to expose privileged kernel functionality to a userspace manager. Weak manager authentication (e.g., signature checks based on FD-order or poor password schemes) can enable a local app to impersonate the manager and escalate to root on already-rooted devices. Learn more and exploitation details here: + + +{{#ref}} +android-rooting-frameworks-manager-auth-bypass-syscall-hook.md +{{#endref}} + ## Kernel Security Protections - [https://github.com/a13xp0p0v/kconfig-hardened-check](https://github.com/a13xp0p0v/kconfig-hardened-check) @@ -1673,15 +1682,6 @@ cisco-vmanage.md - [https://linuxconfig.org/how-to-manage-acls-on-linux](https://linuxconfig.org/how-to-manage-acls-on-linux) - [https://vulmon.com/exploitdetails?qidtp=maillist_fulldisclosure\&qid=e026a0c5f83df4fd532442e1324ffa4f](https://vulmon.com/exploitdetails?qidtp=maillist_fulldisclosure&qid=e026a0c5f83df4fd532442e1324ffa4f) - [https://www.linode.com/docs/guides/what-is-systemd/](https://www.linode.com/docs/guides/what-is-systemd/) -- [HTB Zero: .htaccess ErrorDocument LFI → argv spoofing cron abuse](https://0xdf.gitlab.io/2025/08/12/htb-zero.html) -## Android rooting frameworks: manager-channel abuse - -Android rooting frameworks commonly hook a syscall to expose privileged kernel functionality to a userspace manager. Weak manager authentication (e.g., signature checks based on FD-order or poor password schemes) can enable a local app to impersonate the manager and escalate to root on already-rooted devices. Learn more and exploitation details here: - - -{{#ref}} -android-rooting-frameworks-manager-auth-bypass-syscall-hook.md -{{#endref}} {{#include ../../banners/hacktricks-training.md}}