34 lines
1.4 KiB
YAML
34 lines
1.4 KiB
YAML
id: exposed-adb
|
|
|
|
info:
|
|
name: Exposed Android Debug Bridge
|
|
author: pdteam,pikpikcu
|
|
severity: critical
|
|
description: An exposed Android debug bridge was discovered.
|
|
reference:
|
|
- https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
|
|
- https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
|
|
- https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/
|
|
tags: network,adb,rce,android,exposure
|
|
metadata:
|
|
max-request: 2
|
|
|
|
tcp:
|
|
- inputs:
|
|
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # Generated using https://github.com/projectdiscovery/network-fingerprint
|
|
type: hex
|
|
|
|
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73"
|
|
type: hex
|
|
|
|
host:
|
|
- "{{Hostname}}"
|
|
- "{{Host}}:5555"
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "device"
|
|
- "product"
|
|
condition: and
|