[Loki]

BlueStacks is an Android emulator which runs the guest Android system within a virtual machine. 

Because BlueStacks stores virtual machine configuration files in a world-writeable directory and shares them across different OS users, it is possible for an unprivileged user to backdoor an image that would then gain code execution capabilities of a privileged user.

Reproduction

1. Set up attacker and victim accounts, preferably making attacker unprivileged and victim the administrator
   
2. Victim: install the vulnerbale version of BlueStacks
   
3. Attacker: modify Nougat32.bstk to give Android access to C drive
   
4. Attacker: run the Android system and install a malicious application on it
   
5. Victim: run BlueStacks, causing the malicious application to drop payload in your startup directory
   
6. Victim: reboot the machine and log into your account again
   
7. Startup payload should be executed with your privileges
   

Hidden Content

You must register or login to view this content.

[0asdasdasd]

Thank you bro for this PoC.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.