id: exposed-adb info: name: Exposed Android Debug Bridge author: pdteam,pikpikcu severity: critical description: An exposed Android debug bridge was discovered. reference: - https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20 - https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge - https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/ tags: network,adb,rce,android metadata: max-request: 2 tcp: - inputs: - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint type: hex - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" type: hex host: - "{{Hostname}}" - "{{Host}}:5555" matchers: - type: word words: - "device" - "product" condition: and # Enhanced by mp on 2022/03/21