Open in app

Sign in

Write

Sign in

Exploit the Android Platform through ADB using PhoneSploit

Süleyman Çelik
7 min readJan 2, 2022

Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. ADB facilitates a variety of device actions such as installing and debugging apps, and provides access to a Unix shell that you can use to run several different commands on a device.

Usually, developers connect to ADB on Android devices by using a USB cable, but it is also possible to do so wirelessly by enabling a daemon server at TCP port 5555 on the device.

In this task, we will exploit the Android platform through ADB using the PhoneSploit tool.

We will target the Android machine (10.10.10.14) using the Parrot Security machine.

If the Android machine is non-responsive then, click Commands icon from the top-left corner of the screen, navigate to PowerReset/Reboot machine. If Reset/Reboot machine pop-up appears, click Yes to proceed.

Click Parrot Security to switch to the Parrot Security machine.

Click the MATE Terminal icon at the top of the Desktop window to open a Terminal window.

A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.

In the [sudo] password for attacker field, type toor as a password and press Enter.

The password that you type will not be visible.

Now, type cd and press Enter to jump to the root directory.

Now, type cd PhoneSploit and press Enter to navigate to the PhoneSploit folder.

By default, the tool will be cloned in the root directory.

Type python3 -m pip install colorama and press Enter to install the dependency.

Here, the dependency is already present.

Now, type python3 phonesploit.py and press Enter to run the tool.

The PhoneSploit main menu options appear, as shown in the screenshot.

Type 3 and press Enter to select [3] Connect a new phone option.

When prompted to Enter a phones ip address, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

  • If you are getting Connection timed out error, then type 3 again and press Enter. If you do not get any option, then type 3 and press Enter again, until you get Enter a phones ip address option.

You will see that the target Android device (in this case, 10.10.10.14) is connected through port number 5555.

  • If you are unable to establish a connection with the target device, then press Ctrl+C and re-perform steps#8–11.

Now, at the main_menu prompt, type 4 and press Enter to choose Access Shell on a phone.

When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

You can observe that a shell command line appears, as shown in the screenshot.

In the shell command line, type pwd and press Enter to view the present working directory on the target Android device.

In the results, you can observe that the PWD is the root directory.

Now, type ls and press Enter to view all the files present in the root directory.

Type cd sdcard and press Enter to navigate to the sdcard folder.

Type ls and press Enter to list all the available files and folders.

  • In this example, we will download an image file (images.jpeg) that we placed in the Android machine’s Download folder earlier; you can do the same before performing the next steps.

Type cd Download and press Enter to navigate to the Download folder.

Type ls and press Enter to list all the available files in the folder. In this case, we are interested in the images.jpeg file, which we downloaded earlier.

  • Note down the location of images.jpeg (in this example, /sdcard/Download/images.jpeg). We will download this file in later steps.

Type exit and press Enter to exit the shell command line and return to the main menu.

At the main_menu prompt, type 7 and press Enter to choose Screen Shot a picture on a phone.

When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

When prompted to Enter where you would like the screenshot to be saved, type /home/attacker/Desktop as the location and press Enter. The screenshot of the target mobile device will be saved in the given location. Minimize the Terminal window.

Click Places in the top section of the Desktop; then, from the context menu, click Desktop.

You should see the downloaded screenshot of the targeted Android device (screen.png). Double-click it if you wish to view the screenshot.

Close the Desktop window and switch back to the Terminal window.

At the main_menu prompt, type 14 and press Enter to choose List all apps on a phone.

When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

The result appears, displaying the installed apps on the target Android device, as shown in the screenshot.

  • Using this information, you can use other PhoneSploit options to either launch or uninstall any of the installed apps.

Now, at the main_menu prompt, type 15 and press Enter to choose Run an app. In this example, we will launch a calculator app on the target Android device.

  • Based on the information obtained in the previous step about the installed applications, you can launch any app of your choice.

When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

To launch the calculator app, type com.android.calculator2 and press Enter.

After launching the calculator app on the target Android device, click Android to switch to the Android machine.

You will see that the calculator app is running, and that random values have been entered, as shown in the screenshot.

  • The entered values might differ in your lab environment.

Click Parrot Security to switch back to the Parrot Security machine. In the Terminal window, type p and press Enter to navigate to additional PhoneSploit options on the Next Page.

The result appears, displaying additional PhoneSploit options, as shown in the screenshot.

At the main_menu prompt, type 18 and press Enter to choose Show Mac/Inet information for the target Android device.

When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

The result appears, displaying the Mac/Inet information of the target Android device.

Now, at the main_menu prompt, type 21 and press Enter to choose the NetStat option.

When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.

The result appears, displaying netstat information of the target Android device, as shown in the screenshot.

  • For demonstration purposes, in this task, we are exploiting the Android emulator machine. However, in real life, attackers use the Shodan search engine to find ADB-enabled devices and exploit them to gain sensitive information and carry out malicious activities.

In the same way, you can exploit the target Android device further by choosing other PhoneSploit options such as Install an apk on a phone, Screen record a phone, Turn The Device off, and Uninstall an app.

This concludes the demonstration of how to exploit the Android platform through ADB using PhoneSploit.

You can also use other Android hacking tools such as NetCut (http://www.arcai.com), drozer (https://labs.f-secure.com), zANTI (https://www.zimperium.com), Network Spoofer (https://www.digitalsquid.co.uk), and DroidSheep (https://droidsheep.info) to hack Android devices.

Phonesploit
Cybersecurity
Mobile Hacking

--

--

Süleyman Çelik

Written by Süleyman Çelik

29 Followers

Network Security Engineer, SOC-Siem Engineer, Cyber Security Researcher, Vulnerability Management Specialist | CEH | CNSS

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams