正在加载视频...
视频加载失败
Testing ADB Exploitation-Framework for Android The framework allows you to search and connect to #Android devices with open #ADB port (can't bypass authorization request) across the world ✅Make sure to have ADB disabled is you are not using it #shodan
10 条评论

Shodan and FOFA were able to discover over 29,000 Android devices with open ADB port, however, some of them request authentication (user action on device is necessary) Most of these devices seems to be TV boxes, unbranded smartphones

How to run this on Mac? Thanks

Do both devices need to be on the same network for this to happen?

No, they don't need to be on the same network. It can connect to any accessible device on the internet.

Do most android phones come with it on?

Almost none - Android smartphones - come with it on. It mostly considers Android TV boxes, testing devices exposed on the internet, gadgets, etc.

Do we need to granting the usb debugging permissions first?

Yes, it needs to be enabled, otherwise it wouldn't work. However, this scenario exploits only devices that have it enabled by default - tv boxes, testing devices, gadgets...

Such like method is Obsolete, who use such things, all mobiles are Bootloader locked or using RMM lock panic !! ADB won't work on the stock recovery and locked Bootloader to inject the shell code !! Best regards!

This method has nothing to do with bootloader or RMM, since it works on none-rooted and bootloader locked devices ADB works on any Android device running stock recovery. There is no shell code injection being done. 28K+ devices are this way accessible on internet Best regards!

