Exploiting Android Through ADB With PhoneSploit
What is ADB?
Android debug bridge - It is a command line tool that allows you to communicate with a device, it is used mainly for debugging.
The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.
The 3 main elements of ADB
It is a client-server interface that includes three components:
- Client - Used to send commands. Runs on your computer.
- The adbd or the adb daemon - Runs on the target device in the background as a service. It is responsible for executing commands on the target device.
- The server - The server runs in the background of the client machine or computer.
How adb works
- When you start the client, it checks whether there is an existing adb process running, if there isn’t one, it starts the server process.
- When the server process starts, it binds to the local TCP port 5037 and listens for commands sent from the adb client .
- The adb client always uses port 5037 to communicate with the adb server.
- The server will now attempt to connect to all running devices it does this by scanning ports from the range of 5555 to 5585. When it finds a adb daemon running(target) it will setup a connection to that port.
Steps to Enable Developer option in Android Device
Step 1: Go to about phone and then tap 7 times on Build Number as
Step 2: Now back to the setting and now you can see, there will be an Option of development setting. click on that and then Enable
USB Debugging as
Steps to Install ADB in Kali Linux
Step 1: open a terminal and then Install the
ADB using the following command
sudo apt-get install adb
or
sudo apt install android-tools-adb android-tools-fastboot
Step 2: Once ADB is installed in your Kali Machine, connect the Android device and allow the USB Debbuging when prompt. To verify the connection is successful or not, execute the following command
adb devices
you can see that the device is now connected
Step 3: after that, we need to issues some command, so that we can exploit the Android devices using wifi. for that, type the following command
adb usb
Step 4: Again type the following command to enable
tcpip in that Android Device
adb tcpip 5555
Step 5: Now connect your Android device to the same wifi Network and type the following command
adb connect xxx.xxx.xxx.xxxx
Note: Where xxx.xxx.xxx.xxx is the IP address of the device. a successful connection will look like
Steps to Install PhoneSploit Script into Kali Linux
PhoneSploit is able to Exploit into Android Open Adb ports. So the next step is to install
Phonesploit script into Kali Linux. This script is available for both Linux and Windows. You can check the official repository of PhoneSploit
here
Step 1: Execute the following command to clone the Phonesploit repository into your Kali Linux Or
Download PhoneSploit
git clone https://github.com/xd20111/PhoneSploit.git
Step 2: Now install some required dependencies using the following command pip install colorama
pip install colorama
Step 3: Now run the script by the following command
python main_linux.py
Step 4: PhoneSploit Start successfully
Step 5: So the first step is to connect the device, for that type
3 in the terminal and enter the IP Address of the device
Step 6: Now to verify that your Device is connected or not, just type
1 in the terminal and you can see the device IP address followed by the Port Number
Step 7: Now i want take screenshot now just type
7 Next, you will be asked to the Device name, enter the socket address (IP + Port Number). in my case, it is 192.168.43.212:5555 as
Next Enter where you would like the screenshot to be saved. in my case, I am going to save in
/root folder
Note: There are lots of exploits here you can do with that Android device.
If you want to use PhoneSploit Over WAN just use Port Forwarding
__________________________
Happy Hacking! (Please do not spam it, It's Just For Knowledge ...)
