For informational purposes only. The author does not call for further actions. Created to warn users who use this product
ADB (Android Debug Brigde) - is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps. adb provides access to a Unix shell that you can use to run a variety of commands on a device.
For default, in Bluestacks, ADB port is open, but we can't to use shell command (output "error: closed")
Searching for information in the emulator files found the following file ".adbcmd" in Root.vnhd image. Path to file "dataFS\downloads". In this file we can see adb commands that we can run without connection to shell
For example, "getprop" command, that gives us information about android propetries
As we can see, interaction with android shell is working. So, I think "if I can interact with unix shell, maybe tryed to use pipe operators" and pwn i can interact with file system, but with shell-user privilage.
As a result i continue my search to find su command to get root access. SU file is in "/boot/android/android/system/xbin/bstk/su". I tryed pipe operator to get root access, but get error and shell didn't open(
After that i tryed list terminator ";" and it works. I get root shell
Bluestacks have this vulnerability and people involved in its development know about it and are engaged in its elimination.