1 month ago

How to Hack Your Neighbor having a Post-the idea Note, Part 2 (Setting Up the Attack) « Null Byte :: WonderHowTo

inside previous article in This particular short series, we learned how to find our neighbor’s name using publicly accessible information along with also how to monitor device activity on their home network. With This particular information at our disposal, the idea’s time to get into installing along with also configuring the necessary tools to begin our attack on John Smith’s computer.

First, we’ll have to purchase a Virtual Private Server (VPS) inside cloud, which we’ll need to host our payload to ensure the idea can be downloaded through any computer inside entire world. Then, we’ll create our payload. In This particular case, we’re going to take advantage of HTML Applications (HTA), a lesser-known file type, along with also we’ll use of which to trick our target into opening a malicious HTA file on their computer. Last, we’ll install Metasploit, which will be used to interface with along with also control the compromised machine after our malicious HTA file is usually opened on John’s computer.

Step 1: Set Up the VPS

To secure a place for our payload on the web along with also to run the Metasploit session, we’ll need a VPS. There are many VPS providers of which will work adequately with This particular hack. Some noteworthy ones you can check out include OVH, VPSdime, VPS.net, along with also Vultr. As an example, I’ll be using DigitalOcean, although if you’re more comfortable with another VPS provider, feel free to set up a Debian or Ubuntu VPS using your preferred provider along with also skip to Step 2.

As for DigitalOcean, I recommend the $10/month plan as the cheaper option doesn’t meet the hardware requirements to run Metasploit. I encountered “cannot allocate memory” errors when using DigitalOcean’s cheapest $5/month option.

To create a DigitalOcean account, visit their signup page. Enter your email address along with also create a password. You’ll then be asked to enter billing information along with also create a “Droplet” which is usually what DigitalOcean calls cloud servers.

Disable Nginx

There will likely be a Nginx service running on your completely new Droplet. These Nginx servers are preconfigured by DigitalOcean. This particular may conflict with later steps in This particular tutorial, so be sure to stop the running Nginx service. If you used a different VPS, you won’t have to worry about This particular (hopefully).

To stop Nginx, type the below command.

sudo systemctl stop nginx

Step 2: Create the HTA Payload

Based on the MAC addresses connecting to My-Neighbor’s wireless network, the idea’s reasonable to assume there are several internet-connected Windows devices on the target network.

To create our payload, we’ll use the Unicorn GitHub repository, which contains features of which will allow us to generate HTML Application payloads. HTA is usually a lesser-known file type along with also HTML executable file format. There’s a Great chance non-tech savvy users have never heard of the HTA file format. This particular means the idea could be easy to convince a victim into believing the idea’s a video or photo format.

with This particular tutorial, we’ll trick our victim, John Smith, into clicking on our video.hta file by telling him the idea’s a video file. When opened, the HTA file will create a reverse shell on John’s computer along with also allow us to remotely access the compromised device.

Step 3: Install Metasploit

The Metasploit developers created a simple installer script which will automate the entire installation process. To begin, download the installer script along with also save the idea to a local file. We can do This particular with the below command.

curl raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Stay Tuned for Part 3 …

Congratulations on setting everything up! In This particular part of the series, we created the VPS, generated our payload, along with also installed the Metasploit Framework. We’re almost ready to execute the attack. inside next along with also final part of This particular series, we’ll discuss how to set up a simple website to social engineer your intended victim into opening our malicious HTA payload, as well as what we can do to protect ourselves through such attacks.

Cover photo by Justin Meyers/Null Byte; Screenshots by tokyoneon/Null Byte

Previously: How to Hack Your Neighbor having a Post-the idea Note, Part 1 (Performing Recon)

Don’t Miss: How to Create Stronger Passwords

Don’t Miss: Exploit DDE in Microsoft Office & Defend Against DDE-Based Attacks

Don’t Miss: Metasploit Basics for Aspiring Hackers

Leave a Comment

Your email address will not be published. Required fields are marked *

one + three =