What is Rapid Payload?
Rapid Payload is a Metasploit Payload generator. With the help of this tool, you can generate payload and take control of Android, Linux, Windows, Mac OS, and Apple IOS.Rapid Payload is created by AngelSecurityTeam. The tool allows you to quickly generate a payload for Android, Linux, Windows, Mac OS, and Apple IOS.
Related Article:
How to use Xploitspy in Termux
On Which Operating System Rapid Payload is supported?
The RapidPayload is supported on the Following Linux Platforms.
- Kali Linux
- Parrot Security OS
- BlackArch Linux
- BackBox
- Bugtraq
- ArhStrike
- Cyborg Linux
- Matriux
- Demon Linux
- Tsurugi Linux
How to install Rapid Payload?
The installation of the tool is very simple. Below is the procedure on How to install the Rapid Payload. In order to avoid any error, you must type the below commands as it is.First, we need to install dependencies that are required to run Rapid Payload.
Open your Terminal and start typing the below commands.
1. This command will update and upgrade your Kali Linux. It may take up to 20 minutes or more to be finished depend upon your internet speed. You may ignore this command if your Operating system is already in the newest version.
sudo apt update && sudo apt full-upgrade -y
2. This command will install Java OpenJDK 8 in your Kali Linux.
sudo apt-get install openjdk-8-jdk
3. The below command will install Apktool in your Kali Linux.
sudo apt-get install apktool
4. This command will install Python3 in Your Kali Linux. Python3 is necessary to run Rapid Payload.
sudo apt-get install python3
5. This command will install Wine in your Kali Linux.
sudo apt-get install wine
6. Metasploit comes preinstalled in Kali Linux. In case you don't have Metasploit then you can type the below command to install the Metasploit Framework. If you already have Metasploit then you can ignore this command.
sudo apt-get install metasploit-framework
7. The below command will install the "git" command in your Kali Linux. If the git is already installed in your system then you can ignore the following command.
sudo apt-get install git
Installation of dependencies has been finished now let's proceed to install our Rapid Payload.
8. The below command will clone the tool into your System.
git clone https://github.com/AngelSecurityTeam/RapidPayload
9. After cloning the tool type the below command to enter the RapidPayload directory.
cd RapidPayload
10. After entering in RapidPaylod directory type the following command. This command will give read, write, and execute permission to the files that are present in the RapidPayload directory.
chmod +x *
11. Now type the below command. This command will finally install the Rapid Payload Generator.
bash install.sh
12. After installing Rapid Payload type the following command to run the Rapid Payload.
python3 RapidPayload.py
How to use the Rapid Payload?
As I have told that we can take control of Android, Windows, Linux, Mac OS, and Apple IOS with the help of Rapid Payload.Through Rapid Payload you can take Remote control of any Device running on the platform that I have mentioned above.
Here I will show you how you can use Rapid Payload to take control of an Android device.
First, Open your Terminal and go to the RapidPayload Directory by typing cd RapidPayload and then type python3 RapidPayload.py to run the Rapid Payload.
After typing the above command you will see the following screen in your Terminal.
Now here you will see the list from 1 to 10. Here we want to take control of Android So we will select Android. The Android is present on number 3. So simply type 3 In your Terminal.
After typing 3, Terminal provides you with three options mentioned below.
[1] Normal
[2] Infect Legitimate APK
[0] Menu
Now we want to create a Normal Apk and the normal is present on number 1 so simply type 1 in your Terminal.
After typing 1 in Terminal. The Terminal will provide you the following optioned mentioned below.
[1] android/meterpreter/reverse_http
[2] android/meterpreter/reverse_https
[3] android/meterpreter/reverse_tcp
[0] Menu
Now we need to create a payload. For taking a reverse connection from Android we will choose the reverse_tcp method. As you can see the reverse_tcp method is present on number 3. So simply type 3 in your Terminal.
Now after typing 3 Terminal will tell you to type LHOST. The LHOST is nothing but your local IP address.
Type your Local IP address in the LHOST field. Next, you need to type LPORT You can type any port you want from 1 to 65,535.
Note: If you don't know your local IP address then, open a new terminal and type ifconfig and then hit enter there your local IP address will be displayed.
For example, I will type 4444.
Now RapidPayload will ask you to enter the filename. You can type any filename you want. The filename is nothing but the name of your malicious Android app.
What we have done until now is mentioned in the below image.
Your Android Apk has been saved in RapidPayload Folder.
As your Android payload saved. You will see the following screen #|signing APK|#
Enter any passphrase you want and then enter the app details.
APP details: Signature, name, organization, city, etc. When completing the information, And then confirm by typing Yes.
After clicking on yes you will see the following screen in your Terminal.
Now here we need to connect to the Msfconsole. Here Connect_MSF present on number 10, So simply type 10 in your Terminal.
It will again ask you to Enter LHOST and LPORT, Simply enter the same LHOST and LPORT that you have entered while creating your Android Payload above.
And on Payload section type this: android/meterpreter/reverse_tcp
After typing the above command hit enter the and send your android APK that is present on the RapidPayload folder to Victim.
As Victim install and open the app you will get control of the victim android phone.
As you can see in the above image. I got a Meterpreter shell of an Android device. Now we can do anything that we want with the victim's Android device.
If you don't know what to do next then you can simply type help. After typing help in Meterpreter. The Meterpreter will show you the list of all available commands that will help you to control the victim's device.
Related Article:
How to find WordPress website vulnerability using WPScan
Note: This article is for educational purposes only. The author of this website is not responsible for any illegal activity done with this information.
You can try this hack on your own Android to test the security of your device. Please do not try this on any other without the written permission of the device owner.
What we have done until now is mentioned in the below image.
Your Android Apk has been saved in RapidPayload Folder.
As your Android payload saved. You will see the following screen #|signing APK|#
Enter any passphrase you want and then enter the app details.
APP details: Signature, name, organization, city, etc. When completing the information, And then confirm by typing Yes.
After clicking on yes you will see the following screen in your Terminal.
Now here we need to connect to the Msfconsole. Here Connect_MSF present on number 10, So simply type 10 in your Terminal.
It will again ask you to Enter LHOST and LPORT, Simply enter the same LHOST and LPORT that you have entered while creating your Android Payload above.
And on Payload section type this: android/meterpreter/reverse_tcp
After typing the above command hit enter the and send your android APK that is present on the RapidPayload folder to Victim.
As Victim install and open the app you will get control of the victim android phone.
As you can see in the above image. I got a Meterpreter shell of an Android device. Now we can do anything that we want with the victim's Android device.
If you don't know what to do next then you can simply type help. After typing help in Meterpreter. The Meterpreter will show you the list of all available commands that will help you to control the victim's device.
Related Article:
How to find WordPress website vulnerability using WPScan
Note: This article is for educational purposes only. The author of this website is not responsible for any illegal activity done with this information.
You can try this hack on your own Android to test the security of your device. Please do not try this on any other without the written permission of the device owner.