id: expsoed-adb

info:
  name: Exposed Android Debug Bridge
  author: pdteam,pikpikcu
  severity: critical
  tags: network,adb,rce,android
  reference: https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge

network:
  - inputs:
      - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1"  # Generated using https://github.com/projectdiscovery/network-fingerprint
        type: hex

      - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73"
        type: hex

    host:
      - "{{Hostname}}"
      - "{{Host}}:5555"

    matchers:
      - type: word
        words:
          - "device"
          - "product"
        condition: and