Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device such as smart Tv or Android box.
Let’s download and install the script o our machine with this simple command:
pip3 install git+https://github.com/EntySec/Ghost
Now run the script by writing “ghost”:
Now we need to visit shodan.io and search for “Android Debug Bridge” and select one of the Ips and test it:
I will use the fist IP address 22.214.171.124 and connect to it using the command “connect <ip>”:
Then interact with the device with “interact 0” and then “help” to list the commands, the first command I use is “battery” it gives some useful information about the device:
Then I decided to take a screenshot of the device with “screenshot /root/” and saved it to my root folder:
Now let’s get a little deep with some shell commands, “shell <command>”:
Going through the files we can see all the files in the root directory, we can download or upload any file we want with the help of these commands “download <remote_file> <local_path> “upload <local_file><remote_path>”.
Also, we can just use the command “list” to list all the folders and files on the remote device without the need to use “shell” with it and it will look something like this:
Going through the files I now knew it’s a AllWinner Box … going even deeper I found a text file with useful information:
We can open any URL by using the command “openurl <url_link>”, and what I did is I sent the command “openurl www.whatsapp.com” then I took a screenshot with “screenshot /root/”:
As we can see the URL link worked, they also were checking their emails on Gmail while this happened.
Last thing to try is to see the logging activities running on the device if you want to have a deeper look of the process of the machine, using “activity” command you will get something similar to this: