nuclei-templates/network/exposures/exposed-adb.yaml

34 lines
1.6 KiB
YAML

id: exposed-adb
info:
name: Exposed Android Debug Bridge
author: pdteam,pikpikcu
severity: critical
description: An exposed Android debug bridge was discovered.
reference:
- https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
- https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
- https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/
metadata:
max-request: 1
tags: network,adb,rce,android,exposure,tcp
tcp:
- inputs:
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint
type: hex
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73"
type: hex
host:
- "{{Hostname}}"
port: 5555
matchers:
- type: word
words:
- "device"
- "product"
condition: and
# digest: 4a0a004730450221009e0134ba75977af4555192170e8126bb7dac921e5b2600ea06be8ec32eadc29c022058c0b0472a959e47c8f5e99f1cd701a0bbde41d41cc7c3505a6d5672e734fef6:922c64590222798bb761d5b6d8e72950