Debugging and Controlling Android devices with ADB-Toolkit

ADB-Toolkit is a tool for testing Android devices, it’s a Script with 28 options and a METASPLOIT Section with 6 options made for penetration testing. Also, the script is made to test your android device whether its locked or not. The script is made with the help of ADB (Android Debug Bridge) which is used by developers for debugging and taking control of a locked phone and retrieve some information while the phone is locked with password or pattern.

ADB-toolkit is a very powerful script to take control of the locked phone if you ever forgot the password or the pattern you can pull your important data and later if all the methods your tried are failed you can format the device but you have already saved your stuff.

METASPLOIT SECTION: – This section consists of scripts which are related to Metasploit payload and you can create a payload and install it and launch it without even touching the phone and you know the power of Metasploit.

Download the tool from this LINK

First, I’m going to connect my phone to my machine and make sure it’s locked with pattern, I’m using Scrcpy to mirror my phone to my laptop:

Now to start the tool we run in the terminal:

./ADB-Toolkit.sh

Just answer YES to kill and restart the server and continue to the next screen.

The main screen has 28 options to choose from, selecting number 1 to show the connected phone information:

Then selecting number 6 to get a shell:

The interactive shell will give us “Permission Denied” massage, but we will overcome this when we come to the Metasploit section.

The selection numbers 7,8,9 will give us debugging information about the device like the applications installed, CPU and memory information and load.

We select number 17 to take a screen shot of the device and save it on our machine:

Also, we can record a screen video with selection number 18:

And to download the Download folder on the phone we select number 20:

Now for the best part is the Metasploit section number 25:

We’re going to create a payload and send it to the connected phone then install it and run a session, starting by number 2 to create the payload:

Enter your local IP and any listening port like 3333, then enter YES to install the payload on the phone.

After installing the payload also answer YES to start the listening session:

Write help to see the list of commands, we’re going to start a web stream from the camera:

Then starting an interactive shell:

If you want to unlock the phone and delete the pattern or the password, you need to navigate to /data/system and then delete these files:

If you don’t find the first two files, never mind just delete the other 3 files “locksettings.db – locksettings.db-wal – locksettings.db-shm”.

We go back to the main screen and do one more thing which is download any other folder not just the Download folder:

I picked the DCIM folder which contains the camera files which is important in case you wanted to download them.

To warp this up, ADB-Toolkit is very good tool to use on your own phone in case it got locked and you forgot the pattern or password and you need to access it to download your stuff and to try to unlock it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s