HackTheBox — Explore

Nmap Scan

Starting Nmap 7.80 ( https://nmap.org ) at 2021-07-02 15:57 EET
Nmap scan report for (
Host is up (0.14s latency).

2222/tcp open ssh (protocol 2.0)
| fingerprint-strings:
|_ SSH-2.0-SSH Server - Banana Studio
| ssh-hostkey:
|_ 2048 71:90:e3:a7:c9:5d:83:66:34:88:3d:eb:b4:c7:88:fb (RSA)
5555/tcp filtered freeciv
35971/tcp closed unknown
42135/tcp open http ES File Explorer Name Response httpd
|_http-title: Site doesn't have a title (text/html).
59777/tcp open http Bukkit JSONAPI httpd for Minecraft game server 3.6.0 or older
|_http-title: Site doesn't have a title (text/plain).
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
Service Info: Device: phone


Initial Foothold

Getting root

  • First, We have to do port forwarding using ssh because the service is running on localhost only. ssh -p 2222 -L 1337:localhost:5555 kristi@
  • That means ==>
  • Connect to ADB service (port 5555) using adb tool. adb connect <IP>:<PORT>
  • Check if the phone is connected to your pc. adb devices
  • Now using adb tool we can do anything on the device, so to get root type adb root
  • to restart adbd daemon with root permissions.
  • Connect again to the ADB service. adb connect <IP>:<PORT>
  • Finally. adb shell



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


I am a Penetration Testing Enthusiast with computer science background, also interested in CTFs and python scripting.