Termux Metasploit
Termux Metasploit refers to the installation and use of the Metasploit Framework on the Termux app for Android devices. It allows security teams to perform penetration testing and security assessments directly from their mobile devices. By combining Termux's Linux-based environment with Metasploit's exploitation tools, security teams can conduct various hacking and testing activities in a lightweight and portable setup.
This blog provides detailed instructions on using Termux and Metasploit to convert an Android device into a penetration testing tool, covering features, commands, practical examples, and challenges.
What is Termux?
Termux provides a full Linux terminal environment on Android, allowing security teams to run Linux
utilities and tools directly without needing root
access. Teams can use its package manager
to install various software packages, making Termux a versatile platform for developers, hackers, and application security engineers. It transforms the Android device into a powerful tool for running scripts
, programming, and conducting security assessments on the go.
Features of Termux
Termux offers several powerful features that enhance its functionality and versatility as a mobile terminal emulator. These features include:
Package Management
Termux provides efficient package management through the pkg
command, allowing installation, updating, and removal of software packages
. This makes it easy to handle a wide variety of tools and utilities directly on Android.
Customizability
Termux supports customization with configuration
files and themes, letting teams personalize their terminal experience. From fonts to color schemes, it adapts to various preferences for an enhanced user experience.
Scripting and Automation
Termux allows writing and executing scripts
to automate repetitive tasks. This functionality is valuable for developers and security professionals to streamline workflows directly on their mobile devices.
Compatibility
Termux maintains compatibility with many Linux
utilities and integrates with other Android
apps via shared storage. This compatibility broadens its capabilities for use in development, security, and general-purpose
computing.
What is Metasploit?
Metasploit is a comprehensive framework
used for penetration testing, vulnerability assessment, and exploitation
. It provides security professionals and ethical hackers with the tools needed to identify, exploit, and validate vulnerabilities in systems and applications. Metasploit includes a vast library
of exploits, payloads, and auxiliary tools, making it a go-to resource
for security testing.
Components of Metasploit
Metasploit consists of several key components that work together to provide a comprehensive penetration testing platform. These include:
Metasploit Framework
The Metasploit Framework is the open-source core of the platform, providing a command-line interface
and tools for exploiting system vulnerabilities. It contains a vast library of payloads, exploits, and modules to conduct penetration testing, making it highly flexible for security engineers.
Metasploit Pro
Metasploit Pro is the commercial edition, offering enhanced features like automated testing
, collaboration tools, and reporting functionalities. It helps streamline the pentesting workflow, including tasks like phishing campaigns and web app testing.
Armitage
Armitage is a graphical user interface (GUI
) designed to work with the Metasploit Framework, simplifying network exploitation and vulnerability management. It visually represents targets, making it easier to perform multi-host attacks and analyze vulnerabilities without extensive command-line work.
Setting Up Termux
Begin the Termux setup by following these straightforward steps to install and configure the app on the Android device.
Open the Google Play Store or F-Droid.
Search for "
Termux
".Tap "Install" and wait for the installation to complete.
Basic Configuration
After installing Termux, you need to perform some initial configuration:
Open Termux and allow it to initialize.
Update the package lists and upgrade installed packages:
Set up storage access if needed:
Install Metasploit on Termux
Installing Metasploit on Termux transforms the Android device into a powerful penetration testing tool, enabling you to conduct security assessments on the go.
Prerequisites
Before installing Metasploi
t, you need to prepare the Termux environment. First, update and upgrade
all Termux packages to ensure they are the latest versions:
This command refreshes the package lists and installs any available updates.
Installation Steps
Follow these step-by-step
instructions to install Metasploit on Termux, transforming the Android device into a powerful penetration testing tool.
Add the Unstable Repository
This command enables access to packages not included in the default repositories.
Install Metasploit
Next, install Metasploit using.
This command downloads and installs Metasploit, providing its tools within the Termux environment.
Launch the Metasploit Console
Once installed, confirm that Metasploit is set up correctly by starting it with
This command launches Metasploit’s console
, indicating successful installation.
How to Use Metasploit in Termux
Metasploit on Termux empowers security teams to conduct penetration testing and security assessments directly from their Android devices.
Starting Metasploit
To begin using Metasploit on Termux, security teams need to start the PostgreSQL
database, which Metasploit uses for storing data. They can do this by running:
This command starts the database, preparing it for Metasploit operations. Then, launch the Metasploit Framework with:
Basic Commands
Mastering these essential Metasploit commands empowers security teams to effectively navigate and utilize the framework's extensive capabilities.
Search For Exploits
In Metasploit, the search <keyword>
command is used to find exploits, payloads, auxiliary modules, or post-exploitation modules that match a given keyword. When teams type search
followed by a keyword (such as ms17_010
or ssh
), Metasploit queries its database for modules that relate to that keyword, providing a list of potential attack vectors or tools that can be used for the target vulnerability.
Use an Exploit
This command allows teams to select a specific exploit module for use. The <path>
indicates the path to the desired exploit within the Metasploit
framework's module structure. By running this command, teams load the module into the session, making it ready for configuration and execution against a target system. This step is crucial for setting up the exploit and tailoring it with specific options, such as target IP address, payload, and any other parameters required to carry out the attack.
Show Options
The command show option
displays all configurable settings for the currently loaded exploit or auxiliary module. It lists required parameters like the target IP address (RHOST
), local host (LHOST
), ports, and payload options that need to be specified before running the exploit. This command is essential for ensuring all necessary options are correctly set to execute the module effectively against the intended target.
Set Target Options
In Metasploit, the set RHOST <target_ip>
command specifies the target IP address
of the system teams are trying to exploit. The <target_ip>
should be replaced with the actual IP address of the victim machine.
The set PAYLOAD <payload>
command sets the payload to be delivered to the target system once the exploit is successful. This payload determines what action will be taken on the victim system, such as opening a reverse shell or executing a command. These settings are crucial for accurately targeting and exploiting a vulnerability.
Run the Exploit
The run
command executes the selected exploit or module against the target. Once security teams set all the required options like the target IP (RHOST
) and the payload, typing run
will initiate the exploitation process.
The framework then attempts to exploit the vulnerability and deliver the payload to gain access or achieve the specified action on the target system. If successful, it can result in gaining control over the target, executing commands, or extracting information based on the exploit and payload used.
Practical Example of Termux Metasploit
In this example, a researcher identifies a system vulnerable to the EternalBlue exploit and aims to use Metasploit to exploit it. The process will proceed as follows.
EternalBlue is a cyberattack exploit developed by the U.S. National Security Agency (NSA) that was leaked by a hacking group called Shadow Brokers in 2017. It targets a vulnerability in the Server Message Block
(SMB) protocol of Microsoft Windows, allowing remote code execution on unpatched systems. EternalBlue was notably used in large-scale cyberattacks like WannaCry
and NotPetya
, which caused significant damage by spreading ransomware and other malware rapidly across networks.
Exploit a Vulnerability
To exploit eternalblue
known vulnerability using Metasploit:
Search for the Exploit
This command will search for the ms17_010
exploit from the Metasploit library.
Select the Exploit
This command will select the exact exploit from the given path.
Set the Target Options
Customize the following options to configure the exploit and payload for the specific target.
In Metasploit, the set
commands are used to configure options for targeting and payload delivery before running an exploit. The set RHOST <target_ip>
command sets the remote host’s IP address, indicating which machine is the target for the attack.
The set PAYLOAD windows/meterpreter/reverse_tcp
command specifies the payload to be delivered, in this case, a reverse TCP Meterpreter shell, which allows the attacker to control the target system. The set LHOST <your_ip>
and set LPORT <your_port>
commands define the attacker’s IP address and port to which the reverse shell will connect, establishing a control channel back to the attacker's machine. Together, these commands help set up the conditions for the exploit to execute successfully and communicate back to the attacker.
Run the Exploit
Execute the exploit with the following command to initiate the attack on the target system:
Post-Exploitation
Post-exploitation involves actions taken by an attacker or penetration tester after successfully gaining access to a system. The focus is on maintaining control, escalating privileges
, gathering sensitive data, or expanding access within the network. This phase helps assess the full impact of a compromise and how far an attacker could go undetected.
Gather Information
After successfully exploiting a target, perform post-exploitation tasks.
The sysinfo
command gathers and displays information about the target system after gaining access through post-exploitation
. It provides details such as the operating system, computer name, architecture, and system language.
Capture Screenshots
Capture screenshots of the compromised system to gather visual evidence and insights into the target's current activities.
The screenshot
command captures an image of the current screen on the compromised target machine. After gaining access to a target system, this command allows security teams to visually see what is currently being displayed on the target's screen, which could include sensitive information
like open documents, applications in use, or credentials
. This is especially useful for gathering intelligence on a target’s active sessions and ongoing activities, and it helps in further post-exploitation analysis.
Extract Password Hashes
Extract password hashes from the compromised system to gain access to user accounts and potentially privileged credentials.
The hashdump
command retrieves password hashes from the compromised system's Security Account Manager
(SAM) database. By extracting these hashes, an attacker can then attempt to crack them offline to obtain plaintext passwords, giving further access to user accounts and potentially privileged credentials. This is a crucial step in post-exploitation that can help expand control over the network or system.
Challenges of Using Metasploit on Termux
Using Metasploit on Termux presents several challenges that security professionals must navigate to effectively conduct penetration testing on mobile devices.
Limited System Resources
Termux runs on mobile devices, which often have limited processing power, memory, and storage compared to traditional systems. This limitation can affect the performance of Metasploit, causing slow scans or even crashes during resource-intensive tasks
like exploiting vulnerabilities or running large payloads.
Compatibility Issues
Metasploit's design for full Linux
distributions can cause compatibility problems when running it on Termux, which emulates a Linux environment on Android
. The differences in the underlying operating system
and architecture may prevent some Metasploit modules or dependencies from functioning properly on Termux.
Network Restrictions
Mobile networks often impose restrictions, such as limited port forwarding and dynamic IP addresses
, which can make it challenging to conduct effective penetration tests. These limitations can hinder Metasploit's ability to communicate with remote targets or establish persistent backdoor connections.
Lack of Native GUI Support
Termux lacks native graphical user interface
(GUI) support, making it difficult to use certain Metasploit features that rely on visual elements, like Armitage
. Users are restricted to the command line, which can be less efficient for managing complex tasks or analyzing results compared to a desktop environment.
Dependency Management
Installing and managing Metasploit's dependencies on Termux can be more complicated than on a traditional Linux
system. Users may need to manually install and configure libraries and packages, leading to potential errors or compatibility issues that could prevent Metasploit
from running smoothly.
Final Thoughts
Combining Termux and Metasploit transforms an Android device into a powerful tool for penetration testing, offering flexibility and portability for mobile ethical hackers. This setup is especially valuable for security professionals requiring a mobile testing environment.
However, it is essential to use these tools responsibly, adhering to ethical guidelines and ensuring all testing is conducted within legal boundaries. Staying informed about the latest cybersecurity trends, continuously developing skills, and always obtaining proper authorization before conducting any tests are crucial for maintaining professionalism and ensuring the security of others.
Explore more from Akto
Blog
Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.
Events
Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings
CVE Database
Find out everything about latest API CVE in popular products
Test Library
Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.
Documentation
Check out Akto's product documentation for all information related to features and how to use them.