Hy Friends, we all know Termux, the famous hacking app used by Youtube script kiddies. Lol , I am just joking.
What is Termux?
Termux is an Android terminal emulator and Linux environment app that works directly with no rooting or setup required. A minimal base system is installed automatically - additional packages are available using the APT package manager.
Termux is really handy when you just need a simple linux experience without installing a VM or dual boot in PC. I am currently in Windows. As you know, i play lots of CTFs and linux is essential for me, but my PC isn’t that good for VMs also i don’t like dual boot. So i am thinking of using Termux instead.
In this post i will share some cool tricks to use termux more effectively.
Table Of Contents:-
Termux isn’t available in Google Playstore anymore (existing one is outdated), so we have to install it from Fdroid. Click here to download Termux. Like all linux distro , first step after opening termux is to update the source list.
Run pkg update
to update source list , once the process is complete run it again to save the new changes.
Now its time to install some essential packages.
~ $ pkg install openssh vim nano python git curl wget nmap neofetch
~ $ touch .hushlogin
NOTE : you can also use
apt
to install packages.
Run termux-setup-storage
to access internal storage of your phone from termux environment. Great, now we can run python scripts , clone git repos etc.
Previously we have installed the essential packages in termux. Now its time to setup ssh server so we can access Termux environment from our PC and other devices.
Run passwd
to setup ssh password. Next step is to run sshd
. sshd starts ssh server on port 8022. To make sure we can run nmap localhost
to scan all open ports on our device.
Runwhoami
to get username, this is needed to login with ssh. Ok, now lets connect to termux via ssh from our PC.
ssh username@ipaddress -p port
In my case, ssh u0_a198@192.168.43.1 -p 8022
.
I run neofetch
afterwards to show this detailed info.
Excellent we got ssh shell. But what if i tell you that we can use the phone storage like a Local Disk in our PC. Yes, it’s possible. You may already know NFS and SMB but they are boring to setup.
Meet SSHFS, a client for mounting a file system located on a remote machine onto your local system through an SSH connection. Linux users can follow this guide to get SSHFS working.
For windows , we need to install few programs.
Install these three programs and open SSHFS-Win Manager from desktop. Click on Add Connection button and enter correct details. Termux home path is /data/data/com.termux/files/home
.
Once connected , it will automatically mount the phone storage in our system. Right now its mounted on G Letter mountpoint.
Awesome, now we can easily open and edit files using VS Code in realtime or simply copy files in between.
Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux.
There are multiple editions of Kali Nethunter and we are installing rootless edition. Follow the below steps to install kali Nethunter.
~ $ wget -O install-nethunter-termux https://offs.ec/2MceZWr
~ $ chmod +x install-nethunter-termux
~ $ ./install-nethunter-termux
On successful installation , you will get this info banner.
command | description |
---|---|
nh |
starts nethunter commandline interface |
nh kex & |
start kali Kex (VNC) |
nh kex stop |
stop kali Kex |
nh -r |
starts nethunter as root user |
Reference : nethunter-rootless
This is so cool right, well remember kex
, with kex we can have a nice Kali Linux Desktop Experience.
If you are outside nethuner cli, run nh kex &
, if you are inside then run kex &
. On first run it will setup password for VNC and starts VNC on port 5901. You can then connect to it with RealVNC viewer or similar program. Try connecting to ipaddress:port
, in my case 192.168.43.1:5901
. For some reason, my phone drop connections to this port.
So i had to use ssh portforwarding to get this working.
I run ssh -L 5901:127.0.0.1:5901 u0_a198@192.168.43.1 -p 8022
then nh kex &
, this will forward all connections made to localhost:5901 to 192.168.43.1:5901. For better understanding please read this article.
NOTE: If you need to portforward multiple ports , use -L multiple times.
ssh -L porta:hosta:porta -L portb:hostb:portb username@host:port
I am using RealVNC viewer , Enter 127.0.0.1:5901
on the address bar to connect VNC, press F8 after connecting to get options menu. There you can change picture quality etc, set picture quality high for best experience.
NOTE: VNC heavily depends on network bandwidth, currently i am using Mobile Hotspot and its not the best experience you can have but it works :)
That’s it , we installed Termux , successfully setup ssh and installed kali nethunter. It was an awesome experience isn’t it. I won’t be using VNC much since its slow on my network, but the nethunter CLI will be very useful. I will try solving forensics challenges in coming CTFs with the help of nethunter. I am pretty sure this will be useful for websec dudes. Not much for pwners and revs as this is arm and they mostly work on x86 binaries.
Anyway If you like this content share it with your friends, Thank you.