Hacking a Smart TV! - Android Debug Bridge Exploit

Channel:

Cloud Stitcher

Subscribers:

202

Published on May 7, 2021 4:53:59 PM ● Video Link: https://www.youtube.com/watch?v=lFZ4i8pmK_g

Duration: 7:55

11,988 views

196

Android Debug Bridge Exploit (Port : 5555)
_______________________________

Note: This demo is only for educational purposes and has no malicious intent. It was not compromised or turned into a zombie. We only did file traversal and basic firmware walking.
_______________________________

POC for Remote Intrusion

To perform the following proof, we would require:

- Offensive Security and Penetration Testing Distribution Linux – Kali
- A network security auditing tool - Nmap
- Android Debug Bridge exploiter to remotely access the devices – Ghost Framework
- IP scanner and IoT search engine - Shodan

Procedure to install ghost on Kali

Commands:
git clone https://github.com/entynetproject/ghost
cd ghost
sudo chmod +x install.sh
sudo ./install.sh

Once the installation is complete just type the command “ghost” and this screen will be visible. Type help to get the menu.

Now we will see how to remotely access a vulnerable IP, for that I am using Shodan which is an online database listing vulnerable IPs. On Shodan search the following keywords “android debug bridge” on port 5555 which gives us the backdoor o any device if connected to the internet.

Pick a vulnerable TV from the search results. There is a catch here, not all devices are TV or connectable unless they have shell exposed. For faster results refine the search with the keyword “rockchip006” or “shell V2”. From the refined pool, selected an exposed Smart TV.

Use the following commands on the Ghost Framework to remotely connect to the above IP

set RHOST {IPV4 address}
run

Once the system gets connected the IP will become part of the command line interface and will be highlighted in red colour. Using commands like “wifi”, “sysinfo” and “battery” to know in-depth about the device firmware. Commands like netstat and activity will share the system logs.

In the screen capture below, we see the use of “shell” commands which helps us gain access to a shell in the root directory. Once we get into the shell, we can traverse the files in the root.

The exposed shell gave us access to the data, bin, config and sys directories which contains sensitive data and passwords.

We can get into the etc. folder and retrieve "passwd" file from it and just by performing a simple cat command, we can get the attain the credential s active on the system.

This experiment truly tells us how vulnerable the SMARTV systems are. In real time over the internet that their credentials are remotely accessible to everyone.

Thankyou!