Privilege escalation

ssh success!

Now that I am in, I want to list everything to see if there is anything interesting command "ls -la". Nothing stood out immediately, so I looked at open ports as well

port 5555 is open. In the initially nmap this port was filtered. So I googled "andriod port 5555" and the results showed me andriod debug bridge (adb for short). Andriod Debug bridge is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions such as installing and debugging apps, and it provides access to a Unix shell that you can use to run the commands on a device.

Now that is installed Since the port 5555 is filtered and I can't reach it remotely via adb , let's try to forward it via SSH and try again. Issue the following command in order to forward the port locally "ssh -L 5555:127.0.0.1:5555 kristi@10.10.10.247 -p 2222" instead.

Next i typed in adb connect 127.0.0.1:5555

Then I listed the devices connected with the command adb devices

with the command adb shell, I am able to get a remote shell to the machine

In order for an Android device to allow someone to connect via ADB, the USB debugging option must be enabled in the device. In addition, ADB provides the instructions adb root and adb unroot , which allow users to connect to the device as the user root or shell accordingly. Executing the following command, adb root, will starty the adb as user root

then I can type the following command to reconnect and check who i am

With that I am now root to the machine.