Home »
Termux
» How to make Metasploit persistent payload/backdoor in termux
How to make Metasploit persistent payload/backdoor in termux
What is persistent payload?
If you are using Metasploit and everything is going fine and suddenly the victim Restarts the phone or even kill the app the session will be disconnected. So you no longer can access the victim's phone and to access the phone again victim has to click on the app again(which the victim will won't).
If the victim sees a strange-looking app on the phone.what do you think (let's just assume the victim is he) he will do? that's right he will uninstall it. In this post, I will show you how you can Hide your app icon so no one will be able to see the suspicious app and I will tell you how to make this connection persistent even if victim restarts the phone you will be able to access it whenever the phone will connect to the internet.
Create persistent payload :
First of all Download the shell.sh file and paste it in your internal storage:
Step 2:
In the Meterpreter session type this command to access the internal storage of the victim.
cd /sdcard
after this command, you can type ls command to see all the folders in internal storage
Step 3:
Now use this command to upload the shell.sh file in victim's phone.
upload /data/data/com.termux/files/home/storage/shared/shell.sh
this command will upload shell.sh file from your internal storage to victim's internal storage.
Step 4:
Type shell command to open shell in android.
shell
Step 5:type below command to run the script in the shell. sh shell.sh
Now After 1-2 min(or when the line starts to repeat then) press CTRL+C and then type y to terminate the channel.Step 6:Now everything is done, just hide the app icon using below command and the app will be hidden and you will still be able to access the phone.
hide_app_icon
Conclusion:
Now using this persistent payload you can access the victim's phone it doesn't matter how many times he restarts the phone in a day. whenever Victim will be connected to the internet you will get meterpreter session. you can use this method just after installing the payload on the victim's phone so there will be no chance of deletion of the payload. If you wanna know more about termux, just check another post on this site. everything on this website is about termux. and at last, stay inspired and never stop learning.
Related Posts:
What is malware? All you need to know!
What is malware? All you need to know!
atOptions = {
'key' : '33ea9ed70b11fbe3ee1a6089175c1b75',
'format' : 'iframe',
'height' : 250,
'width' : 300,
'params' : {}
};
document.write('');
I believe you… Read More
sshprank tool: step by step guide
sshprank tool: step by step guide
atOptions = {
'key' : '33ea9ed70b11fbe3ee1a6089175c1b75',
'format' : 'iframe',
'height' : 250,
'width' : 300,
'params' : {}
};
document.write('');
This article is ab… Read More
Lulzbuster - a tool for quickly searching for hidden files and folders on Websites.
Lulzbuster - a tool for quickly searching for hidden files and folders on Websites.
atOptions = {
'key' : '33ea9ed70b11fbe3ee1a6089175c1b75',
'format' : 'iframe',
'height' : 250,
'width' : 300,
'params' :… Read More
What Is Session Hijacking: Everything you need to know about
What Is Session Hijacking: Everything you need to know about
atOptions = {
'key' : '33ea9ed70b11fbe3ee1a6089175c1b75',
'format' : 'iframe',
'height' : 250,
'width' : 300,
'params' : {}
};
document.write… Read More
Buffer Overflow Attack: Everything You Need To Know
Buffer Overflow Attack: Everything You Need To Know
atOptions = {
'key' : '33ea9ed70b11fbe3ee1a6089175c1b75',
'format' : 'iframe',
'height' : 250,
'width' : 300,
'params' : {}
};
document.write('');
… Read More
';
(function() {
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
})();
';
(function() {
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
})();
0 comments:
Post a Comment