A utility for system shell command execution via netcat, exploiting Android zygote injection for operation. Primarily designed to run in Termux on Android devices.
sysnc is a bash wrapper around netcat that simplifies remote command execution and interactive shell access. It exploits Android zygote injection (CVE-2024-31317) for system shell.
- Interactive Mode: Establish persistent netcat connections for interactive shell access
- Command Execution: Send single commands to remote servers and close connections
- Pipe Support: Execute piped shell script on the server
-
Clone or download the script:
git clone <repository-url> cd sysnc
-
Run the installation script:
chmod +x install.sh ./install.sh
-
Restart your shell:
source ~/.bashrc # or simply restart Termux
-
Clone or download the script:
git clone <repository-url> cd sysnc
-
Make the script executable:
chmod +x sysnc
-
Install dependencies:
# Update package list pkg update # Install netcat pkg install netcat-openbsd
-
Add to PATH:
# Copy to system bin directory cp sysnc $PREFIX/bin/ # Or add current directory to PATH echo 'export PATH=$PATH:$(pwd)' >> ~/.bashrc source ~/.bashrc
After installation, verify everything works:
# Check if sysnc is available
which sysnc
# Test help command
sysnc --help# Interactive mode (default)
sysnc
# Send a single command
sysnc -c "ls -la"
# Execute piped input
cat script.sh | sysnc
# Setup system shell netcat server
sysnc -s
# Show help
sysnc -h| Option | Description |
|---|---|
-c, --command |
Send command to server and close connection |
-s, --setup |
Setup system shell netcat server |
-h, --help |
Show help message |
| (no args) | Interactive connection to server |
The script uses the following default configuration:
NC_HOST="localhost"
NC_PORT="1234"To modify these settings, edit the script directly or set environment variables.
This tool exploits Android zygote injection (CVE-2024-31317) to function. The -s option sets up the required netcat server using this exploitation technique.
- Shizuku and rish: Install Shizuku and setup rish with Shizuku for adb shell access, or run commands manually with adb
The -s option performs:
- Stops the Android Settings app
- Executes zygote injection with system UID 1000
- Restarts the Settings app
- Cleans up hidden API exemptions
Contributions welcome. Submit issues, feature requests, or pull requests.
Educational purposes only. Use responsibly and in accordance with applicable laws.
This tool is for educational purposes only. I am not responsible for any misuse of this software. Users must have proper authorization before running these commands.