Disclaimer: This post is for research and educational purposes only. I do not take any responsibility, in regards to the actions taken by readers of this article. Never attempt to hack a device for which you do not have the required permissions to do so.

Exploiting an Android device isn’t the most difficult task, provided you know what vulnerability to exploit. There are several ways to hack an Android device, but in this post we will be exploiting the ADB aka Android Debug Bridge. Just like every hack, we first need to understand the target system and its vulnerability. There is no point in copy pasting commands, you will not learn security that way. 

What is ADB?

ADB is a virtual bridge consisting of a client and server, which communicating with the other. For example, your PC and an Android device. It is accessed through the terminal, from where you can send multiple commands.

The purpose of ADB is to set up communication between a PC and an Android. The ADB command allows a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.

How does ADB work?

ADB usually communicates with the device over USB, but you can also use ADB over Wi-Fi. You will need to know the IP of this device, which can be found in settings(more on this later) or you can use nmap to discover hosts on your network. 

A daemon is program that runs in the background

There are three units in ADB:

  1. A client, which sends commands. The client runs on your computer. You can start a client from a command-line terminal by issuing an ADB command.
  2. A daemon (ADBD), which runs commands on a device. The daemon runs as a background process on every android device.
  3. A server, which manages communication between the client and the daemon. The server runs as a background process on your computer.
Advertisements

When you initiate an ADB client, the client first checks whether there is an ADB server process already running. If there isn’t, it starts the server process. When the server starts, it binds to local TCP port 5037 and listens for commands sent from ADB clients.

Yes it is always port 5037

The server then sets up connections to all running devices. It locates devices by scanning ports in the range 5555 to 5585. Whenever the server finds an ADBD, it sets up a connection to that port. Once the server has set up connections to the devices, you can use ADB commands to access these devices.

ADB should be turned off at all times, until and unless you are running tests or developing an android application. The fact that it is not turned off makes it a vulnerability

Enabling Debugging on your phone

  1. Go to settings
  2. Under Settings, scroll down and open About Phone .
  3. Find Build Number and tap 7 times on it.
  4. You will get a message on your screen that you are now a developer. That’s it you have successfully enabled developer option
  5. Go back to Settings, Scroll down and tap on Developer option.
  6. Under developer option, tap on USB debugging, select USB Debugging to enable it.

Make sure to disable it when not in use.

Setting up ADB on your machine

Open up your terminal and install ADB

sudo apt-get install adb

or

wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip

Make sure that you have your Android device’s drivers installed on your machine.

the tool “wget” is used to download files from a website

Time to Exploit

To list you devices use use the command

adb devices 

As you can see the daemon was not running, so it starts up the daemon.

Now you are pretty much in the device and you can do whatever you want. You can create folders, delete files, take a screenshot and so much more.

Lets try taking a screenshot. this screenshot will be saved on your PC, here is how its done:

You could also list the packages installed on the phone and delete them. to list packages:

adb shell #this will open a shell in your phone
pm list packages #this will list all the installed packages 
pm uninstall <package name> # to uninstall a package 

and that is how you hack an Android device.

You can find all the commands here https://adbshell.com/

This whole process is automated using this script called phonesploit.
This is the repo: https://github.com/metachar/PhoneSploit

Honestly, this not much of a vulnerability according to me. It only becomes an issue when you have ADB enabled, and that your phone is port forwarded to the internet. If that’s the case then anyone from the internet can access your device, as long as they know your Android IP. Hackers can quickly use Shodan and find your device. Once they’re in, they can steal your data or actively spy on you. I will be covering Shodan in another post.

I hope you learnt something useful from this post. Dont forget to share this guide with your friends.

HAPPY HACKING