NoBIGTech Wiki Técnico

User Tools

Site Tools

Trace:
docu:tutos:android:adb_root_reverse_shell_openssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docu:tutos:android:adb_root_reverse_shell_openssl [2024/01/06 21:03] admindocu:tutos:android:adb_root_reverse_shell_openssl [2024/01/06 21:17] (current) admin
Line 1: Line 1:
 ==== Spawn a usable root shell on your Android, without su, using "ADB as Root" developer option and Termux with openssl ==== ==== Spawn a usable root shell on your Android, without su, using "ADB as Root" developer option and Termux with openssl ====
  
-First, we need to have Termux installed and the "Run ADB as Root" developer option enabled on your Android "Developer Options". Make sure you have that option, otherwise you won't be able to use this method of root shell executing.+First, we need to have **Termux** installed and the "**Run ADB as Root"** developer option enabled on your Android "Developer Options". Make sure you have that option, otherwise you won't be able to use this method of root shell running. 
 + 
 +This method creates a secure connection (using TLS/SSL) to your root shell and does not have compatibility problems on the tool used (**openssl**) as it happens, for example, when using netcat for reverse shell spawning.
 \\ \\
  
Line 18: Line 20:
 </code> </code>
  
-Save this scripts in your Termux home and give them execution permissions (chmod +x)+Save this scripts in your Termux home (**~**) and give them execution permissions (chmod +x)
 <file bash "shserver"> <file bash "shserver">
 export LHOST="*" export LHOST="*"
Line 42: Line 44:
 Once you run **adb shell** on your Android, from any other device connected by usb to it, make sure you are root (run **whoami**, **id** or similar), otherwise you might need to run **adb root** first, but sometimes you only need to enable the "ADB as Root" option in developer options. Once you run **adb shell** on your Android, from any other device connected by usb to it, make sure you are root (run **whoami**, **id** or similar), otherwise you might need to run **adb root** first, but sometimes you only need to enable the "ADB as Root" option in developer options.
  
-As it is a reverse shell, we need first to bind the "server" on our Termux Android terminal. Open Termux and run the "shserver" script:+As it is a reverse shell, we need to bind the "server" first, on our Termux Android terminal. Open Termux and run the "shserver" script:
 <code> <code>
 ~ $ ./shserver ~ $ ./shserver
Line 54: Line 56:
 devname:/ # cd /data/data/com.termux/files/home devname:/ # cd /data/data/com.termux/files/home
 devname:/data/data/com.termux/files/home # setsid -d ./shclient devname:/data/data/com.termux/files/home # setsid -d ./shclient
-# (now you can exit the adb shell)+# (now you can exit the adb shell. If "exit" hangs, just run ctrl+c a few times or just disconect the USB cable)
 </code> </code>
  
Line 72: Line 74:
 root root
 </code> </code>
 +
 +To run the Termux apps as root on your new fancy root shell, you will need to add **usr/bin** of the Termux installation on your **PATH** variable on the shell.
 +<code bash>
 +$ export PATH=$PATH:/data/data/com.termux/files/usr/bin
 +</code>
 +
 +Enjoy!
 +
 +Sources:
 +  * (Usable fancy shell on reverse shell) https://infosecwriteups.com/pimp-my-shell-5-ways-to-upgrade-a-netcat-shell-ecd551a180d2?gi=ec043af6e60c
 +  * (Openssl PKI-based reverse shell and other useful stuff) https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#openssl
docu/tutos/android/adb_root_reverse_shell_openssl.1704574994.txt.gz · Last modified: 2024/01/06 21:03 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki