Hacking Android Devices with ADB

In this article, I will show how you can attack Android devices with Android Debug Bridge (ADB). I will also showcase how you can get Remote Desktop access to the device.

I know this is not really my field of interest, but this is one of the first most hacks I did. And it was super interesting and fun. So I thought of sharing how I did it with you.

To follow along you have to install the ADB command-line utility on your system. You can get the installation steps from this article.

What is ADB?

Android Debug Bridge is a command-line tool that allows communication with the android devices easily. “adbd” or the ADB daemon that runs in the Android device and lets us connect to the device and perform different tasks.

If you are interested,you can find more information about how ADB really works from their documentation. Also, I will explain the important things you need to know as we go.

How to use it?

For us to connect to the Android device, the USB debugging has to be enabled from the Developer options. You can find this option under the Settings -> System -> Developer Options -> Debugging section.

Connecting via USB cable

Once you have enabled that, you can connect your devices to your computer with a USB cable. If you did the above steps correctly, you should get a popup like this.

You have to confirm this by pressing “OK”. Then you can head over to your terminal and issue this command to see if your device is visible.

adb devices

As you can see, my device is available to connect, if not you will see “offline” instead of “device”. Now I can interact with it.

adb shell

I have shell access to my android device now. Since my device is not rooted I can’t access the root user. But if your device is rooted, you can use su to get to the root user.

Connecting over WiFi

Once you have connected to the device if you want you can connect to the devices over WiFi. For that use :

adb tcpip 9090

After you issue this command the device will start a listener on the port you specify, in this case port 9090. Then you have to find the IP address of the device. Then you can connect to the device on that port.

adb connect 192.168.1.3:9090

Now you don’t have to use your USB cable to connect to the device.

Basic commands in ADB

As you have seen, with this you can get full shell access to the android device. But we can do more.

Well, you might be thinking “Dude, we have shell access to the devices, what more is there to do?”. Actually, there is. There are lot things you can do such as getting screenshots, recording the screen, sending keyboard strokes and invoking applications as well.

Not only those, but also you can install applications, uninstall applications, upload files, download files, and many more. Here are some of the useful commands I usually use.

Getting screenshots

adb shell screencap <path to save>

Recording the screen

adb shell screenrecord <path to save>

Downloading files

adb pull <source file path> <destination file path>

Uploading files

adb push <source file path> <destination file path>

Visiting websites

adb shell am start -a android.intent.action.VIEW -d <URL of the website>

Getting system information

getprop

Install custom APK files

adb install <paht to APK file>

Unfortunately, I am not going to talk about all the other commands. If you are interested, here is good article that include almost all the commands you need to know in ADB.

You can also find a nice ADB cheat sheet from here as well.

Time to go Hunting !!!

In the present day, some IoT devices have ADB enabled by default. I really have no idea why that is. But what I do know is that they are super vulnerable. You can use Shodan which is a search engine for IoT devices to find such devices.

You can just search for android debug bridge in the search field to get a list of devices that shodan finds.

As you can see, shodan found almost 4000 devices, that ADB is enabled. From here, it is all up to you, whether you want to attack these devices or not.

If you wish to connect, you can just get the IP address and connect with

adb connect 123.123.123.123:5555

One command is all you need

As I said before, you can literally see everything that’s happening on the device with ADB. You can get a screenshot, save it, download it and view it. But it is kind of a big process isn’t it? Lucky for us, we don’t have to do any of that.

Yep, that’s right. You can just mirror the device and get remote desktop access to the device. With that you can control the device just like you would control a normal Android device.

For this you have to install a tool called scrcpy. You can just install it with the Aptitude Package Manager (in Debian).

apt install scrcpy

Once you have that installed, you have to connect to the device you want to mirror and then just issue,

scrcpy

And BOOOM!!! Device is mirrored now. Now you can just click around and do almost anything you want.

A life hack, beyond the topic

In the previous article where I posted about DHCP starvation attack, I shared a simple hack I did to keep my family members away from using my router.

Actually, I got great responses on social media about that, asking me to share more of those.So I thought of sharing how I used ADB to freak out my cousin.

What I did was I made a bash script that will visit facebook.com every 10 seconds. This will background what ever process happening, open up a web browser and visit Facebook every 10 seconds. Clever right ?

#!/bin/sh

while [ true ]; do
am start -a android.intent.action.VIEW -d https://facebook.com
sleep 10

done;

Here is the content of the bash script. As you can see there is a while loop that visits facebook.com and sleeps for 10 seconds.

Finally, I connected my cousins phone via a USB cable and then switched to over WiFi connection so that I can control it remotely. Then I waited until she picks up the phone and ran the script. Looked at her face and laughed to death. 😆

There are lot of things that you can do with this. You can use this to do phishing attacks. Since you can mirror the screen you don't have to worry about setting up a fake web page and doing all that.

“If you have any questions, make sure to leave them down in the comments, or contact me through social media.”

Email — iamkavigihan@gmail.com
Instagram —
https://www.instagram.com/_kavi.gihan/

Happy Hacking !!! 😄

--

--

Cyber Security Student | Machine author in @hackthebox | find me on instagram @_kavi.gihan

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kavishka Gihan

Cyber Security Student | Machine author in @hackthebox | find me on instagram @_kavi.gihan