By Gray Hatter
Most of our common IoT devices are linux based plataforms like mobiles, tablets, TVs, IPCameras and even washing machines. That has lots of advantages but also has disadvantages that i will write about in this entry.
One of the most known platform based on linux is android, commonly present in phones and recently more and more smart TVs are developing as android. In this point i want to stop and trying to explain what is ADB and what is important:
ADB(android DeBuger) is a code debbuger and test console that android devices have on them. Commonly in the phone is not active and you need to follow a few step to start it. You can start interactive shells on it, press bottoms on the device writting some easy code or even start apps or turn the device off.
Now that we all know what adb does, i need to explain that you need to connect your phone device to you pc to start it but «and here is the problem» some of the smart TVs from the spanish mark TDSystem have it constantly open in the LAN without any restriction and that mean every host in the same LAN can take the control of the TV.
The service that is running in the port 5555 is called FreeCiv, executing nmap and then it will tell you completely whats about that port and how you can see that is open.
Now the only thing that we need to do to exploit this install the adb package (via apt install) and use the command:
adb connect [device IP]
and finally activate the shell:
adb shell
And we technically have the control of the device but only with user privileges. But its not all, because this vulnerability in the most of the tests allows us to change the user to root without rooting the device and with no restrictions so running the command:
su root
We are now the root user and we can do literally everything in the machine like:
--> Root Hub <-- 
Deja un comentario