00:00 - Intro
00:45 - Start of nmap
01:50 - Weird SSH Banner saying its Banana Studio, google tells us this is Android
03:00 - Doing a script scan against all open ports, and googling what each open port is
03:45 - Port 59777, brings us to ES File Explorer which has an exploit out
05:16 - Running the ES File Explorer exploit with getDeviceInfo to confirm it works
06:20 - Listing files, pictures, and eventually downloading a picture
08:00 - Opening the picture reveals some credentials, can ssh into the box with them
10:10 - Installing ADB, so we can do adb connect to port 5555
10:30 - Setting up an SSH Port forward so we can access port 5555
14:30 - Extra Content: Playing with the exploit script to understand what it does
Support the originator by clicking the read the rest link below.
