Jump to content

ADB on Bunny


n33dsh3llz

Recommended Posts

How would I go about getting an ARM version of ADB working on the bash bunny? I tried using Google's Python implementation of ADB, but it required libusb1 and other dependencies.

The goal is to make a payload that:

  • Enabled USB debugging (HID)
  • Accepts connection to device (HID)
  • ADB Install's package (bash)
  • ADB launches package (bash)

I had the HID payload working for enabling USB debugging, but then realized ADB was for x64 processors. I found a couple ARM versions, but couldn't get any of them working properly. Can anyone help me out with this. 

Ideally, I would like to utilize my apkwash script (https://github.com/jbreed/apkwash) to generate a lightweight payload to use for pushing onto a device. With ADB you can also attempt gaining root as well through ADB methods that otherwise wouldn't be accessible.

 

  • Upvote 1
Link to comment
Share on other sites

Nice idea - I just had a play and seem to have ADB (android-tools-adb_4.2.2+git20130529-5.1_armhf.deb) installed on my bunny. I only tested basic operation while connected to client via my tetra - see below.

I used manual instructions here and here, the dependencies were already installed on the bunny - or alternatively you can just run "apt-get install android-tools-adb".

root@bunny:~# adb version
Android Debug Bridge version 1.0.31
root@bunny:~# adb connect  172.16.42.147 
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
connected to 172.16.42.147:5555
root@bunny:~# adb devices
List of devices attached 
172.16.42.147:5555	offline
root@bunny:~# adb devices
List of devices attached 
172.16.42.147:5555	device
root@bunny:~# adb shell
shell@android:/ $ 

But maybe you got this far already and had problems with operation?

Edited by Just_a_User
  • Upvote 2
Link to comment
Share on other sites

Thanks! I was trying to manually transfer the package over and run it. I haven't connected mine to the internet so that may be the way I go this weekend.

Also, the FireTV payload seems right where I was going with this, but for Android phones. Thanks for the heads up as this will save some time! The biggest thing with launching the default payload generated by MSFVenom is it will be flagged by AV. Calling the activity will require some work using my AV bypass script as it randomizes the naming structure, but it wouldn't be hard to explain how to get that information. 

I wasn't thinking of using the connect method with emulating a network adapter, but looks like DemmSec may have saved me some more headaches!

Justin

Link to comment
Share on other sites

Well, I was originally unable to get basic ADB working over the OTG like you would connected to the phone directly with USB debugging enabled. I tried the method demmsec did in that payload, but it would never get an IP address.

Come to find out, it was able to pull an address once I disabled my mobile data. I assume this is because of checks android does to make sure it is using the best network connection and the bash bunny has no actual connection to the internet.

With that, I may just need to add some extra HID commands to get the job done.

J

 

Edit:

Now I am unable to replicate the Network popup I was getting upon initially turning off mobile data. 

Edited by n33dsh3llz
Update
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...