Welcome back, my amateur hackers!
With Halloween right around the corner, I thought you could have a little fun with your newfound hacking skills using a hack that is guaranteed to freak out your boss, teacher, coworker, friend, etc.
Any time someone's computer seems to act on its own volition, it tends to freak people out. When it acts on its own volition and opens up the user's own obituary (death notice), we are sure to get a decent reaction.
In this hack, we will create an obituary for our victim, then open their web browser right to it so that it appears as if the computer is haunted. It is certain to make them feel like something unearthly is happening.
The first step, of course, is to fire up Kali. I'm using Kali 1.1, but you can use any version of Kali for this hack.
Before we do anything, we need to own the victim's computer.
There are many ways to exploit their computer. Since we are likely on the same network as the victim (how else will we be able to enjoy their reaction if we are not nearby?), it makes it even easier. If we have physical access to system, even for a few seconds, we could install a Metasploit payload or Netcat in a few seconds.
Below is a list of just a few ways (with instructions) to exploit your victim's system for this ghoulishly good Halloween prank.
- Using a malicious PDF
- Using a malicious Word .doc
- Using Flash-based exploits
- Hooking the browser with BeEF
- Using a man-in-the-middle attack
- Using a malicious link file
- Using a malicious Windows Media Center link (.mcl)
And there are many more. Take a look through my many tutorials here on Null Byte and you will find almost innumerable ways to compromise somebody's computer.
Now that we have compromised the victim's computer, let's build their obituary. There are numerous free website/blog builders out there such as Blogger, Weebly, Wix, WordPress, etc. In this case, I built an obituary using the free website builder, WordPress.
I hope it goes without saying, build your own obituary for your own victim. Mine is simple and only meant as a example. You might want to put in some personal details about your victim that would make it seem more realistic, maybe even humorous.
Now that we have the victim's obituary built, the next step is to open their web browser to their own obituary page.
Since we have a command prompt on the remote system, we can simply start Internet Explorer to open the URL of the obituary (you can use Firefox just as easily). For more info on using the CMD prompt on a remote system, see my article here.
To open their Internet Explorer, I need to navigate to the directory of IE.
c:\cd c:\Program Files(x86)\Internet Explorer
Now, to open their IE browser to his/her obituary, I can simply type:
c:\Program Files (x86)\Intenet Explorer\iexplore https:/bossobit.wordpress.com
If the browser opening on its own as if haunted doesn't freak them out, seeing their own obituary online certainly will.
Keep coming back, my amateur hackers, to continue to learn the techniques and tools of the future's most valuable skill set—hacking!