What is ADB and how is getting missused? - Letsdiskuss
LetsDiskuss Logo
Gallery
Ask Question

Anonymous

Posted 27 Jun, 2020 |

What is ADB and how is getting missused?

Neeraj Nautiyal

Content Writer | Posted 28 Jun, 2020

ANDROID
Almost everyone is using Android devices, these are the most purchased devices in the world. According to the stats, 2018 was the only year with the highest sale of Android hitting it around 1556.27 million units. The other fact about the sales of Android devices is that currently it has reached 1560.85 million units and about half of the year is still left. It is estimated the sales would cross 2000 million units by the end of the year 2020. From the facts, it is clear that the maximum percentage of people around the world are using Androids. 
Androids came up with many advanced features but it also came up with vulnerability. Sometimes the Android was hacked with an image and sometimes it is hacked by playing games. Many vulnerabilities are still there in Android. Using these vulnerabilities to hack Android will be great fun and a good Experience on how is it done and from where it all starts.
Androids are great to explore so let's do that right now! Here its for your security what are the things and how it is done to manipulate the users data.
Before hacking an Android device let me clear that hacking without permission is an illegal process of hacking and there is a great saying that, “if one has the permission to hack then it is not hacking”-[VIASK]. Before I tried this hack, it was tested on me by someone named “K9ZecX”. This is probably the best hack. I don’t know the person who hacked me, and neither the person who hacked me has any idea of who am I and what do I do. Sitting from one corner of the world hacker caught me within the seconds. When I was trying to learn and know about this hack, I came to know that it was also done on a mass scale. A worm that gains access to the millions of devices. When I tried this hack I found it easy but a bit tricky to hack. There are many things to set up before making this hack to work.
What is ADB
This is the only thing that is going to hack the Android. ADB is known as Android Debug Bridge, most of the devices keep it open which exposes the device to the world. ADB is mainly developed for developers but many devices have this feature of enabling and disabling it while others have already enabled it while the manufacturing of the device. ADB is a command-line tool that is included with Google’s SDK (Software Development Kit). ADB can control your device remotely or through USB.
The fact about ADB is, it is designed to find the vulnerability in the Android by the developers, but ADB is now the main vulnerability that is found in the Android device.
ADB- Android Debug Bridge Consists of 3 components that are: Clients, The Daemon and the server
1. Client: The client is the person who uses the commands in the ADB. All the commands that are entered by the Clients run in the background of the Android machine. With the help of Unix Shell, One can take control of the user and use its commands. The current user of the Android device will be overtaken by the command-line tool.
2. Daemon: It executes or runs the commands given by the client in the Android machine. It also performs all the tasks in the background. Executing the commands, receiving them all tasks are processed in the background.
3. Server: The server manages the communication established between the client and the Daemon. The server also runs its processes in the background on the Android machine without knowing the user.
The port range for the IP address is from 5555 to 5585. The ADB server uses the port ranging from 5555 to 5585 to connect the Android device to the system or Unix Shell. Using other than these ports will result in an error.
One can enable ADB- Android Debug Bridge on the device by manually going to setting> about device > System/Android (For specific Devices only)> Tap multiple times on Build number until the message pops up stating- “You are now a developer”
Now, to enable ADB if it is not enabled in the device, Navigate to Developer Options and Enable it> Enable USB Debugging and that is it, all done.
Tools and Other Requirements for Hacking
Kali Linux- Operating System, Commonly Used for hacking purposes. It comes with preinstalled hacking tools, scripts, and other software.
Fast Internet Connection- This is the very first requirement. It will help to connect to the victim device and manipulate it.
ADB Enabled Device- Android Device in which Android Debug Bridge I enabled by the device itself or is done manually.
Linux Basic Commands- Commands Like changing Directory, Listing items of a directory, Copying, moving, renaming, uploading, downloading, and removing files.
Ghost Framework- Ghost Framework allows to connect to the device, It exploits the Android Debug Bridge and grants the permission to control the Android device.
The process required to hack:
One must have a hacking Operating System like Kali Linux, Mint, Red Hat Linux, Parrot OS, or BlackBox.
Open Terminal in Kali Linux and type the following commands to install GHOST in the device.
Visit Chrome copy the link of GitHub repository that contains “Ghost Framework”.
Now open the Terminal and type git clone <Copied Url of Ghost Framework>
Now switch to the ghost directory and make install.sh file executable y giving permissions like chmod +x install.sh
Run the script by typing ./install.sh and Boom Ghost framework is also successfully installed.

Now, the script asks to enter the IP address. This IP address is victims IP address and from this only the ghost framework will try to connect to the Android Device.
Here one can try the hack on a self device or deploy it into someone else device. For deploying the attack in someone’s else device, one needs the IP address of the device to capture all the details of the Android device and control ADB.

To find the IP address for the hacking purpose which has ADB enabled can be done easily with the help of shodan. Type ADB or Android Debug Bridge in the search and there will be around thousands of the devices that have ADB enabled.
Select any one of the IP addresses from the list and paste it in Ghost Terminal Window, Enter port range starting from 5555 to 5855.
Taking the time of about 10- 20 seconds it will connect the Android device to the Personal computer which is being used for doing hacks.
The device is now fully under control and anything can be done to the device.
After successfully getting the access of the device, one can play music, installs the application, and even watch videos on the hacked Android device. But what it is preferred to do after hacking Android device using ADB is getting its persistence (access to something even after the application or file is not installed or removed by the user) access even after the ADB- Android Debug Bridge is disabled.
There are various scripts available for free getting persistence but to create a permanent persistence one should create a new backdoor after successfully hacking the Android device with ADB.
Creating a new backdoor will allow many features that were disabled in ADB. The most common and easiest backdoor is Creating a malicious Payload or application and then install it on the Android device. Once the user opens the application, a session will be created allowing to control the victim's whole device including files stored on Sdcard and internal memory. By using a simple command named as help, one can find all the things that can be done by that application. Capturing Screenshots, Using Webcams, Getting System info, uploading, or download the files from the Android machine to the hacking machine.
One should upload the persistence script also so that in case the user reboots the device, We can get a hacking session back. Once a hacker enters the device, It becomes an easy task for him to upload viruses and maintain the regularity of the hack.
By using the malicious payload, One can also track the contacts and send messages like “Hey! You are on the way to get an iPhone X, Install the application, or follow the procedure to avail the prize”. These types of messages would attract users to install and BOOM, they are also hacked now.
General persistence script:
Open Notepad and type this code of line-
#!/bin/bash
while :
do am start - -user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
and save it as .sh (sh stands for bash file)
Upload this script to the Android device using the upload command and then execute the shell command to run the script. After successfully running the script, Now the Android device is fully hacked.

Conclusion:
Hacking through an IP address is quite an easy task but maintaining the persistence of the hack is most important and for that purpose, one should be one step ahead by uploading other backdoors that can manipulate the system when one of the hacks is not working.
To protect yourself from such silly attacks, Users should disable the Android Debug Bridge and only use it when it is necessary.