Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 22:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/mobile-pentesting/android-app-pentesting/adb-commands.md

317 lines
10 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{% hint style="success" %}
Aprende y practica Hacking en AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Aprende y practica Hacking en GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Apoya a HackTricks</summary>
* Revisa los [**planes de suscripción**](https://github.com/sponsors/carlospolop)!
* **Únete al** 💬 [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **síguenos** en **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Comparte trucos de hacking enviando PRs a los** [**HackTricks**](https://github.com/carlospolop/hacktricks) y [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repositorios de github.
</details>
{% endhint %}
**Adb generalmente se encuentra en:**
```bash
#Windows
C:\Users\<username>\AppData\Local\Android\sdk\platform-tools\adb.exe
#MacOS
/Users/<username>/Library/Android/sdk/platform-tools/adb
```
**Información obtenida de:** [**http://adbshell.com/**](http://adbshell.com)
# Conexión
```
adb devices
```
Esto enumerará los dispositivos conectados; si aparece "_**no autorizado**_", esto significa que debes **desbloquear** tu **móvil** y **aceptar** la conexión.
Esto indica al dispositivo que debe iniciar un servidor adb en el puerto 5555:
```
adb tcpip 5555
```
Conéctate a esa IP y ese Puerto:
```
adb connect <IP>:<PORT>
```
Si obtienes un error como el siguiente en un software de Android Virtual (como Genymotion):
```
adb server version (41) doesn't match this client (36); killing...
```
Es porque estás intentando conectarte a un servidor ADB con una versión diferente. Solo intenta encontrar el binario adb que el software está utilizando (ve a `C:\Program Files\Genymobile\Genymotion` y busca adb.exe)
## Varios dispositivos
Siempre que encuentres **varios dispositivos conectados a tu máquina** necesitarás **especificar en cuál** deseas ejecutar el comando adb.
```bash
adb devices
List of devices attached
10.10.10.247:42135 offline
127.0.0.1:5555 device
```
```bash
adb -s 127.0.0.1:5555 shell
x86_64:/ # whoami
root
```
## Port Tunneling
En caso de que el **puerto** **adb** solo sea **accesible** desde **localhost** en el dispositivo android pero **tienes acceso a través de SSH**, puedes **redirigir el puerto 5555** y conectarte a través de adb:
```bash
ssh -i ssh_key username@10.10.10.10 -L 5555:127.0.0.1:5555 -p 2222
adb connect 127.0.0.1:5555
```
# Administrador de Paquetes
## Instalar/Desinstalar
### adb install \[opción] \<ruta>
```bash
adb install test.apk
adb install -l test.apk # forward lock application
adb install -r test.apk # replace existing application
adb install -t test.apk # allow test packages
adb install -s test.apk # install application on sdcard
adb install -d test.apk # allow version code downgrade
adb install -p test.apk # partial application install
```
### adb uninstall \[options] \<PACKAGE>
```bash
adb uninstall com.test.app
adb uninstall -k com.test.app Keep the data and cache directories around after package removal.
```
## Paquetes
Imprime todos los paquetes, opcionalmente solo aquellos cuyo nombre de paquete contiene el texto en \<FILTER>.
### adb shell pm list packages \[options] \<FILTER-STR>
```bash
adb shell pm list packages <FILTER-STR>
adb shell pm list packages -f <FILTER-STR> #See their associated file.
adb shell pm list packages -d <FILTER-STR> #Filter to only show disabled packages.
adb shell pm list packages -e <FILTER-STR> #Filter to only show enabled packages.
adb shell pm list packages -s <FILTER-STR> #Filter to only show system packages.
adb shell pm list packages -3 <FILTER-STR> #Filter to only show third party packages.
adb shell pm list packages -i <FILTER-STR> #See the installer for the packages.
adb shell pm list packages -u <FILTER-STR> #Also include uninstalled packages.
adb shell pm list packages --user <USER_ID> <FILTER-STR> #The user space to query.
```
### adb shell pm path \<PACKAGE>
Imprime la ruta al APK del dado.
```bash
adb shell pm path com.android.phone
```
### adb shell pm clear \<PACKAGE>
Elimina todos los datos asociados con un paquete.
```bash
adb shell pm clear com.test.abc
```
# File Manager
### adb pull \<remoto> \[local]
Descarga un archivo especificado de un emulador/dispositivo a tu computadora.
```bash
adb pull /sdcard/demo.mp4 ./
```
### adb push \<local> \<remote>
Sube un archivo especificado desde tu computadora a un emulador/dispositivo.
```bash
adb push test.apk /sdcard
```
# Captura de pantalla/Grabación de pantalla
### adb shell screencap \<filename>
Tomando una captura de pantalla de la pantalla del dispositivo.
```bash
adb shell screencap /sdcard/screen.png
```
### adb shell screenrecord \[options] \<filename>
Grabando la pantalla de dispositivos que ejecutan Android 4.4 (nivel de API 19) y superior.
```bash
adb shell screenrecord /sdcard/demo.mp4
adb shell screenrecord --size <WIDTHxHEIGHT>
adb shell screenrecord --bit-rate <RATE>
adb shell screenrecord --time-limit <TIME> #Sets the maximum recording time, in seconds. The default and maximum value is 180 (3 minutes).
adb shell screenrecord --rotate # Rotates 90 degrees
adb shell screenrecord --verbose
```
(press Ctrl-C to stop recording)
**Puedes descargar los archivos (imágenes y videos) usando **_**adb pull**_
# Shell
### adb shell
Obtén un shell dentro del dispositivo
```bash
adb shell
```
### adb shell \<CMD>
Ejecuta un comando dentro del dispositivo
```bash
adb shell ls
```
## pm
Los siguientes comandos se ejecutan dentro de un shell
```bash
pm list packages #List installed packages
pm path <package name> #Get the path to the apk file of tha package
am start [<options>] #Start an activity. Whiout options you can see the help menu
am startservice [<options>] #Start a service. Whiout options you can see the help menu
am broadcast [<options>] #Send a broadcast. Whiout options you can see the help menu
input [text|keyevent] #Send keystrokes to device
```
# Processes
Si deseas obtener el PID del proceso de tu aplicación, puedes ejecutar:
```bash
adb shell ps
```
Y busca tu aplicación
O puedes hacer
```bash
adb shell pidof com.your.application
```
Y imprimirá el PID de la aplicación
# Sistema
```bash
adb root
```
Reinicia el demonio adbd con permisos de root. Luego, debes conectarte nuevamente al servidor ADB y serás root (si está disponible).
```bash
adb sideload <update.zip>
```
flashear/restaurar paquetes de actualización Android update.zip.
# Registros
## Logcat
Para **filtrar los mensajes de solo una aplicación**, obtén el PID de la aplicación y usa grep (linux/macos) o findstr (windows) para filtrar la salida de logcat:
```bash
adb logcat | grep 4526
adb logcat | findstr 4526
```
### adb logcat \[opción] \[especificaciones-de-filtro]
```bash
adb logcat
```
Notas: presiona Ctrl-C para detener el monitor
```bash
adb logcat *:V # lowest priority, filter to only show Verbose level
adb logcat *:D # filter to only show Debug level
adb logcat *:I # filter to only show Info level
adb logcat *:W # filter to only show Warning level
adb logcat *:E # filter to only show Error level
adb logcat *:F # filter to only show Fatal level
adb logcat *:S # Silent, highest priority, on which nothing is ever printed
```
### adb logcat -b \<Buffer>
```bash
adb logcat -b # radio View the buffer that contains radio/telephony related messages.
adb logcat -b # event View the buffer containing events-related messages.
adb logcat -b # main default
adb logcat -c # Clears the entire log and exits.
adb logcat -d # Dumps the log to the screen and exits.
adb logcat -f test.logs # Writes log message output to test.logs .
adb logcat -g # Prints the size of the specified log buffer and exits.
adb logcat -n <count> # Sets the maximum number of rotated logs to <count>.
```
## dumpsys
dumps datos del sistema
### adb shell dumpsys \[options]
```bash
adb shell dumpsys
adb shell dumpsys meminfo
adb shell dumpsys battery
```
Notas: Un dispositivo móvil con las Opciones de Desarrollador habilitadas que ejecute Android 5.0 o superior.
```bash
adb shell dumpsys batterystats collects battery data from your device
```
Notas: [Battery Historian](https://github.com/google/battery-historian) convierte esos datos en una visualización HTML. **PASO 1** _adb shell dumpsys batterystats > batterystats.txt_ **PASO 2** _python historian.py batterystats.txt > batterystats.html_
```bash
adb shell dumpsys batterystats --reset erases old collection data
```
adb shell dumpsys activity
# Respaldo
Respalda un dispositivo android desde adb.
```bash
adb backup [-apk] [-shared] [-system] [-all] -f file.backup
# -apk -- Include APK from Third partie's applications
# -shared -- Include removable storage
# -system -- Include system Applciations
# -all -- Include all the applications
adb shell pm list packages -f -3 #List packages
adb backup -f myapp_backup.ab -apk com.myapp # backup on one device
adb restore myapp_backup.ab # restore to the same or any other device
```
Si deseas inspeccionar el contenido de la copia de seguridad:
```bash
( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 myapp_backup.ab ) | tar xfvz -
```
{% hint style="success" %}
Aprende y practica Hacking en AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Aprende y practica Hacking en GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Apoya a HackTricks</summary>
* Revisa los [**planes de suscripción**](https://github.com/sponsors/carlospolop)!
* **Únete al** 💬 [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **síguenos** en **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Comparte trucos de hacking enviando PRs a los** [**HackTricks**](https://github.com/carlospolop/hacktricks) y [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repositorios de github.
</details>
{% endhint %}
Reference in a new issue View git blame Copy permalink