I built this python script to take remote commands and execute them locally on the droid as if I had terminal access. It establishes a connection on port 21000 on the droid. Then you can connect using netcat or other clients. Then I added the functionality (since the 1st terminal emulator would not allow cat of files) to view the contents of files. With this I discovered the insecure storage of files on the sdcard that other researchers have also recognized.
import android
import os
from socket import *
droid = android.Android()
HOST=''
PORT=21000
BUFSIZE=1024
ADDR = (HOST, PORT)
tcpSrvSocket = socket(AF_INET, SOCK_STREAM)
tcpSrvSocket.bind(ADDR)
tcpSrvSocket.listen(5)
while True:
tcpClientSocket, addr = tcpSrvSocket.accept()
print 'Connected from:', addr
while True:
data = tcpClientSocket.recv(BUFSIZE)
if not data:
break
if "cat" in data:
# Remove the 'cat ' in the data
fileName = data[4:]
# Remove the newline character at the end
fileName2 = fileName[:-1]
fileContent = open(fileName2, 'r')
for line in fileContent:
tcpClientSocket.send('%s' % line)
else:
returnData = os.popen(data, 'r')
for eachLine in returnData:
tcpClientSocket.send('%s' % eachLine)
tcpClientSocket.close()
tcpSrvSocket.close()
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I ran a Nikto scan and found the following vulnerability in the report that it produces: "OSVDB-637: Enumeration of users is possible...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
No comments:
Post a Comment