Vulnhub Android4: 1 Walkthrough

    I'm working on a project and I came across an Android phone in debug mode.  In order to play around with the exploitation frameworks, I downloaded Android4: 1 from Vulnhub to understand what I was dealing with in an outside environment.  There are a number of frameworks but the two that I came across were Ghost and Phonesploit.  Both work similarly but I prefer the latter.

    Kicking off with an Nmap scan:


    We find port 5555 open which is the Android Debug Bridge.

    We fire up Phonesploit:


    We enter the IP address of the phone, 4 to access the shell, su to root, and we cat the flag. 


    That obviously covers this CTF but when looking at the options for Phonesploit, we can perform a few other interesting tasks.  For example...


    The result from our screenshot:


    I'm not a mobile tester and I think that's an area all to its own.  But it was fun to get an opportunity to play around with something easy.


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.