This is an old revision of the document!
First, we need to have Termux installed and the “Run ADB as Root” developer option enabled on your Android “Developer Options”. Make sure you have that option, otherwise you won't be able to use this method of root shell executing.
Install Termux dependencies
pkg update
pkg install openssl
Generate a random key for your openssl reverse shell setup
openssl rand -hex 48 # we will use "9c951d7c50b2480d19f0e538ca8da1efd8639d87846cf054478fa8bf472c9b9f3c62d6ee69e2aa6b5afdefb771ba041e" as an example but it is recommended to use your own key
Save this scripts in your Termux home and give them execution permissions (chmod +x)
export LHOST="*" export LPORT="4242" export PSK="9c951d7c50b2480d19f0e538ca8da1efd8639d87846cf054478fa8bf472c9b9f3c62d6ee69e2aa6b5afdefb771ba041e" openssl s_server -quiet -tls1_2 -cipher PSK-CHACHA20-POLY1305:PSK-AES256-GCM-SHA384:PSK-AES256-CBC-SHA384:PSK-AES128-GCM-SHA256:PSK-AES128-CBC-SHA256 -psk $PSK -nocert -accept $LHOST:$LPORT
#!/data/data/com.termux/files/usr/bin/bash mkdir -p /data/cache/tmp rm /data/cache/tmp/* >/dev/null 2>&1 export RHOST="127.0.0.1" export RPORT="4242" export PSK="9c951d7c50b2480d19f0e538ca8da1efd8639d87846cf054478fa8bf472c9b9f3c62d6ee69e2aa6b5afdefb771ba041e" export PIPE="/data/cache/tmp/`/data/data/com.termux/files/usr/bin/openssl rand -hex 4`" mkfifo $PIPE; /bin/sh -i < $PIPE 2>&1 | \ /data/data/com.termux/files/usr/bin/openssl s_client -quiet -tls1_2 -psk $PSK -connect $RHOST:$RPORT > $PIPE; rm $PIPE
Once you run
adb shell
on your Android, from any other device connected by usb to it, make sure you are root, otherwise you might need to run `adb root` first, but sometimes you only need to enable the “ADB as Root” option in developer options.