Breaking News

Friday 4 September 2020

How to make Metasploit persistent payload/backdoor in termux

 

How to make Metasploit persistent payload/backdoor in termux



What is persistent payload?



If you are using Metasploit and everything is going fine and suddenly the victim Restarts the phone or even kill the app the session will be disconnected. So you no longer can access the victim's phone and to access the phone again victim has to click on the app again(which the victim will won't).

If the victim sees a strange-looking app on the phone.what do you think (let's just assume the victim is he) he will do? that's right he will uninstall it. In this post, I will show you how you can Hide your app icon so no one will be able to see the suspicious app and I will tell you how to make this connection persistent even if victim restarts the phone you will be able to access it whenever the phone will connect to the internet.

Create persistent payload :

In order to do this step, you should already be in the meterpreter session. If you don't have meterpreter session please read this blog on [How to hack android phone using Termux with Metasploit and Ngrok-2020]


Step 1:
First of all Download the shell.sh file and paste it in your internal storage:



Step 2:
In the Meterpreter session type this command to access the internal storage of the victim.
 cd /sdcard
after this command, you can type ls command to see all the folders in internal storage



Step 3:
Now use this command to upload the shell.sh file in victim's phone.
 upload /data/data/com.termux/files/home/storage/shared/shell.sh
this command will upload shell.sh file from your internal storage to victim's internal storage.


Step 4:
Type shell command to open shell in android.
 shell


Step 5:
type below command to run the script in the shell.
 sh shell.sh
 Now After 1-2 min(or when the line starts to repeat then) press CTRL+C and then type y to terminate the channel.



Step 6:
Now everything is done, just hide the app icon using below command and the app will be hidden and you will still be able to access the phone.
 hide_app_icon




Conclusion: 

Now using this persistent payload you can access the victim's phone it doesn't matter how many times he restarts the phone in a day. whenever Victim will be connected to the internet you will get meterpreter session. you can use this method just after installing the payload on the victim's phone so there will be no chance of deletion of the payload. If you wanna know more about termux, just check another post on this site. everything on this website is about termux. and at last, stay inspired and never stop learning. 

0 comments:

Post a Comment

'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();