We can use the below command in the terminal to fetch and enumerate more stuff than we can via the PoC. TCP guarantees delivery of data packets on. Only when a connection is set up user's data can be sent bi-directionally over the connection. TCP is a connection-oriented protocol, it requires handshaking to set up end-to-end communications. TCP is one of the main protocols in TCP/IP networks. Here, actually /sdcard is a symlink 1 to /storage/emulated/0 2Īfter inspecting how the PoC works, we can see that the poc.py is POSTing data/payload on port 59777. TCP port 5555 uses the Transmission Control Protocol. We can see the /sdcard is the starting directory, i.e. We run the poc.py from the Github repo on our target. The proof-of-concept is also listed on this post:ĮS File Explorer Open Port Vulnerability - CVE-2019-6447 The application starts an HTTP server every time the app is launched. This post explains how a vulnerability in ES File Explorer application exposes user data. We search for android port 59777 and we get Android file manager app exposing user data through open port as 1st result. Hence open ports are: 59777, 42135, 2222, 5555įoothold # Open Port Vuln in popular app # # Nmap done at Sun Jul 4 11:16:39 2021 - 1 IP address (1 host up) scanned in 28.09 seconds If you know the service/version, please submit the following fingerprint at :
0 kommentar(er)
