id: exposed-adb info: name: Exposed Android Debug Bridge author: pdteam,pikpikcu severity: critical description: An exposed Android debug bridge was discovered. reference: - https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20 - https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge - https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/ metadata: max-request: 1 tags: network,adb,rce,android,exposure,tcp tcp: - inputs: - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint type: hex - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" type: hex host: - "{{Hostname}}" port: 5555 matchers: - type: word words: - "device" - "product" condition: and # digest: 4a0a004730450221009e0134ba75977af4555192170e8126bb7dac921e5b2600ea06be8ec32eadc29c022058c0b0472a959e47c8f5e99f1cd701a0bbde41d41cc7c3505a6d5672e734fef6:922c64590222798bb761d5b6d8e72950