I'm working on a project and I came across an Android phone in debug mode.  In order to play around with the exploitation frameworks, I downloaded Android4: 1 from Vulnhub to understand what I was dealing with in an outside environment.  There are a number of frameworks but the two that I came across were Ghost and Phonesploit.  Both work similarly but I prefer the latter.

Kicking off with an Nmap scan:

We find port 5555 open which is the Android Debug Bridge.

We fire up Phonesploit:

We enter the IP address of the phone, 4 to access the shell, su to root, and we cat the flag. 

That obviously covers this CTF but when looking at the options for Phonesploit, we can perform a few other interesting tasks.  For example...

The result from our screenshot:

I'm not a mobile tester and I think that's an area all to its own.  But it was fun to get an opportunity to play around with something easy.