A blog about Tips and Tricking any thing that possible in social networking and websites or, software, internet, computer, hack, crack, serial...

Sunday, September 4, 2022

How to make Metasploit persistent payload or backdoor in termux

If you are using Metasploit and everything is going fine and suddenly the victim Restarts the phone or even kill the app the session will be disconnected. So you no longer can access the victim's phone and to access the phone again victim has to click on the app again(which the victim will won't).  If the victim sees a strange-looking app on the phone.what do you think (let's just assume the victim is he) he will do? that's right he will uninstall it. In this post, I will show you how you can Hide your app icon so no one will be able to see the suspicious app and I will tell you how to make this connection persistent even if victim restarts the phone you will be able to access it whenever the phone will connect to the internet. 

Create persistent payload : In order to do this step, you should already be in the meterpreter session. If you don't have meterpreter session please read this blog on [ How to hack android phone using Termux with Metasploit and Ngrok ]

Step 1: First of all Download the shell.sh file and paste it in your internal storage: 
persistent payload metasploit    

Step 2: In the Meterpreter session type this command to access the internal storage of the victim. 

cd /sdcard

after this command, you can type ls command to see all the folders in internal storage    

Step 3: Now use this command to upload the shell.sh file in victim's phone. 

upload /data/data/com.termux/files/home/storage/shared/shell.sh

this command will upload shell.sh file from your internal storage to victim's internal storage.   

Step 4: Type shell command to open shell in android.


Step 5: type below command to run the script in the shell.

  sh shell.sh 

Now After 1-2 min(or when the line starts to repeat then) press CTRL+C and then type y to terminate the channel.    

Step 6: Now everything is done, just hide the app icon using below command and the app will be hidden and you will still be able to access the phone.


Now using this persistent payload you can access the victim's phone it doesn't matter how many times he restarts the phone in a day. whenever Victim will be connected to the internet you will get meterpreter session. you can use this method just after installing the payload on the victim's phone so there will be no chance of deletion of the payload. If you wanna know more about termux, just check another post on this site. everything on this website is about termux. and at last, stay inspired and never stop learning.

No comments:

Post a Comment