Hi Guys,
Ok, so... I am attempting to gain access to a device remotely. I am aware of the many versions of attempting this but I am far from technically skilled. That being said, I have managed to gain access to one email account (unfortunately not the google account) and victims phone bill account. I can therefore see numbers called and texted. I also have physical access to an additional 2 devices owned by the victim (although I do not have the password to get in). My thoughts therefore are that what I am lacking in technical skills may be made up for by some social engineering. Although the end goal would be to be read messages on the device in the victims hand I would initially be rather happy with gaining access to the google account as to be able to unlock other devices and also download apps remotely to the device from the google account (note that 2-hand authentication is turned on).
I do not want to be changing passwords or making it obvious of a breach.
I understand that people may not be wanting to give me a step-by-step guide but I would appreciate any tips or tricks since I am unsure exactly where to start.
Cheers :)
2 Responses
Physical access > BadUSB (Rubber Ducky) Arduino Leonardo Pro Micro. Look for Duckyscript payloads.
If you have physical access to a Windows machine, you could install Linux onto a flash drive, then boot from the USB, and you can get the SAM hashes.
Once you have the hashes, you can use something like hashcat to crack them.
Share Your Thoughts