Hack. Sleep. Repeat

View on GitHub


Boom am so excited to try my first android VM was dreaming all about it through the night wow i love hacking the excitement is 1337 yes it l33t let hit it.

We always start with an nmap scan…..

Nmap -sC -sV -oA nmap <Target-IP>

└─$ cat nmap.nmap                                                                    
# Nmap 7.91 scan initiated Fri May 28 02:10:25 2021 as: nmap -sC -p- -sV -oA nmap
Nmap scan report for
Host is up (0.00098s latency).
Not shown: 65532 closed ports
5555/tcp  open  freeciv?
8080/tcp  open  http     PHP cli server 5.5 or later
|_http-title: Deface by Good Hackers
22000/tcp open  ssh      Dropbear sshd 2014.66 (protocol 2.0)
| ssh-hostkey: 
|   1024 b3:98:65:98:fd:c0:64:fe:16:d6:30:36:aa:2b:ef:6b (DSA)
|   2048 19:e2:9e:6c:c6:8d:af:4e:86:7c:3b:60:91:33:e1:85 (RSA)
|_  521 46:13:43:49:24:88:06:85:6c:75:93:73:b5:1d:8f:28 (ECDSA)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at .
# Nmap done at Fri May 28 02:12:13 2021 -- 1 IP address (1 host up) scanned in 108.72 seconds

We having some few port and some strange one since it my first time dealing with a Android VM but with the power of research i think anything is possible so let get back to it checking port 8080 .


Something interesting words here;

If you r Smart Dan find Backdoor access...and safe your machine

we like POST things only.

So i try using Curl to send a POST request with the url.


But got nothing special now time to inspect the ports we have doing research on the first port 5555 so i stumble on (ADB) Android Debug Bridge.

What Is ADB?

Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device

Usually, developers connect to ADB service installed on Android devices using a USB cable, but it is also possible to use ADB wireless by enabling a daemon server at TCP port 5555 on the device.

Since we know that know i install ADB on my machine now let try to connect to it.

adb connect //NOTE:- probably the IP we be different at you end.


Now let drop into shell with adb shell .


Having shell nice very interesting so first thing i do is to type su and see what happened and guess what i was root direct.


Sweet right?? now let check the data/root folder and we have our flag.


But not done yet since we have root but the android phone screen is still locked nah am not happy with that.


Probably we should have a way to remove the lock screen so let dig more into the phone.


Going into the data/system folder we found a key file probably holding the password.


What about if we remove the password.key can we get access to the phone?? let try that .


Now let check the Phone do we have access yet .


Boom we are in ahhhhhhhhhh.


Guess we are done now.

Greeting From Muzec

Back To Home