argv cmds = listCmds = cmds if cmd not in cmds : print ( " WRONG COMMAND!" ) print ( "Available commands : " ) print ( " listFiles : List all Files." ) print ( " listPics : List all Pictures." ) print ( " listVideos : List all videos." ) print ( " listAudios : List all audios." ) print ( " listApps : List Applications installed." ) print ( " listAppsSystem : List System apps." ) print ( " listAppsPhone : List Communication related apps." ) print ( " listAppsSdcard : List apps on the SDCard." ) print ( " listAppsAll : List all Application." ) print ( " getFile : Download a file." ) print ( " getDeviceInfo : Get device info." ) sys. Import requests import json import ast import sys if len ( sys. # Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read Root kali : ~/ htb / explore # more 50070.py When I try to connect I get prompted to install ADB first: Still it’s worth a poke to start with, and I find a good post here that gives the basics ADB and how to access it. This is usually accessible over the network, but the nmap scan shows it as filtered. The list of ports confirm this with a few interesting ones to look at further: 2222/tcp open ssh SSH-2.0-SSH Server - Banana Studioįirst I tried port 5555 which for Android devices is usually the Android Debug Bridge Daemon (ADB). Nmap done: 1 IP address (1 host up) scanned in 59.84 secondsįrom the box description we know this is an emulated Android device. SF:\x2071\r\nContent-Type:\x20text/plain \x20charset=US-ASCII\r\nConnectio =NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)= Skills learned are working with Android devices and ADB. Skills required are enumeration and researching exploits. From there we get and ADB shell which let’s us escalate to root to complete the box. We use port forwarding via SSH to allow us to access the ADB daemon running internally on port 5555. We use a public exploit for arbitrary file access and retrieve credentials which allow us gain access via SSH. This box is a little different because we’re working on an Android device, however the goal is the same we still want that root flag! After an initial enumeration we find a number of open ports. Explore is rated as an easy machine on HackTheBox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |