Using just a tiny sticky note, we can trigger a chain of events of which ultimately results in complete access to someone’s entire digital in addition to personal life.
Imagine arriving home one night after work in addition to there’s a Post-the idea note on your apartment door with the website “your-name-here.com” written on the idea. Someone cautious may not immediately visit the website, although eventually, curiosity might get the best of them. Let’s have some fun exploiting human curiosity in addition to get remote access to our neighbor’s computer inside the process.
just for This particular hack, we’ll be using a seemingly harmless Post-the idea note to entice a target user into visiting a website of which we control. When the target user visits the website, they’ll be tricked into opening a malicious file which will allow us to perform a variety of attacks on the compromised computer.
Such an attack may allow hackers to target:
- Coworkers or company executives. Employees visiting an attacker-controlled website through a computer inside a corporate network in addition to opening a malicious file may compromise the security of the entire network.
- tiny businesses. Managers opening malicious files found on attacker-controlled websites may allow the attacker to steal sensitive customer information, install ransomware, or compromise various other applications on the device.
- Average everyday people. Gaining remote access to a someone’s computer, attackers could steal personal information to perform identity theft or blackmail the victim into paying a large ransom for stolen data.
Understanding Our Sticky Note Attack
There are many steps to This particular attack, so I’ll first provide a brief overview of the scenario before showing how to put the idea all together.
The hypothetical victim of This particular hack will be “my neighbor inside the apartment next door,” his name will be “John Smith.” The goal will be to social engineer John Smith into visiting a website of which we control by exploiting the inherent trust we allot to our everyday neighbors. Ultimately, we will gain access to a computer in John’s apartment by tricking him into opening a malicious file.
Since there’s a lot going on in This particular attack, I will be breaking This particular guide up into three parts. This particular first part will cover reconnaissance. We’ll need to gather as much information about John Smith’s social in addition to digital life to create a website named after him of which will actually entice him (“john-smith.com”). As an optional step, we’ll also gather hardware information about devices connecting to John’s Wi-Fi network. This particular will help us understand what kinds of devices are in his home.
inside the second part of This particular guide, we’ll create a payload to run on a Virtual Private Server (VPS) to ensure of which the idea can be downloaded through any computer inside the globe. We’ll also need to install Metasploit on the VPS, which will be used to interface with in addition to control the compromised machine after our malicious file will be opened.
For the finale, we’ll create the website of which John will look at, embed the payload file on the site, register a domain name of which will entice John, then watch the whole thing work once we deliver the sticky note. We’ll also go over some things everybody can do to minimize these types of attacks against themselves.
Step 1: Know Your Target
Reconnaissance will be very important to the success of This particular hack. There are many social engineering angles we can take to trick someone into visiting our evil website. For example, targeting our neighbor inside the apartment next door would certainly be easy. In some apartment buildings in addition to condominiums, we could identify our neighbor’s name by checking the resident listed on the lobby intercom or their mailbox.
We can also learn their name by creating tiny talk with them or various other people who live or work inside the building who might unwittingly divulge personal information about our target. People who live in rural areas may have better luck using whitepages to identify names of residents inside the house next door. In certain parts of the United States, property history may be easily obtainable. A parcel, county auditor, or property assessment Google inquiry with the targets corresponding county may produce a searchable database of current in addition to past residents for the target’s home address.
In extreme cases, we might also learn our target’s name by rummaging through their trash bins in addition to finding a letter, package, or receipts containing personal information we can use in later stages of This particular attack. In a big city, rummaging through trash bins might not even get a second glance through people.
After learning John Smith’s name, we can go a step further in addition to use people search engines, like Pipl, to gain some insight into his life. Pipl will be free in addition to very easy to use. Simply enter your target’s name in addition to city into the Pipl search bar in addition to within seconds we’ll be presented with potential information relating to our victim. This particular information may include educational background, phone numbers, relative names, social media accounts, known living addresses, in addition to much more.
During This particular process, we may find an engaging angle to trick John Smith into visiting our evil website. For example, if John was a raging Philadelphia Eagles fan on Instagram, “john-smith-philly-eagles.com” would certainly probably be more than enough to spike John’s curiosity. If our neighbor tweeted their horoscope most mornings, “john-smith-capricorn.com” would certainly likely be enthralling enough to get him to visit our evil website.
The goal here will be to find something of which would certainly interest our victim into visiting the website we control. the idea’s crucial of which we make the website name as irresistible in addition to enticing as possible. If all else fails, we can always try “john-smith-nudes.com” to get someone’s attention. Even omitting the name in addition to using more of riddle could help the recipient feel like their inside the middle of their own mystery film.
Identifying devices connecting to John Smith’s network will be also very important to the success of This particular attack. If there are few wireless networks in your area in addition to you have some idea which Wi-Fi network belongs to the victim, the idea might be possible to passively monitor devices connecting to the Wi-Fi network. Monitoring network activity will help us determine the type of attack we will execute in later stages of This particular hack.
If there are multiple Android devices regularly connecting to the network, we may consider creating a backdoored Android app in addition to social engineering John Smith into installing the idea. Alternately, if there are Dell in addition to Asus devices on the network, the idea’s probably safe to assume John Smith will be using Windows 10 or Windows 7. In of which case, we would certainly prepare some kind of Windows-specific payload.
the idea would certainly also be helpful to know what time of day these devices regularly connect to the Wi-Fi network. With This particular information, we’ll know when to expect completely new connections on your VPS in addition to Metasploit session.
1. Install Aircrack-Ng
Let’s get into monitoring network activity. To better understand what kind of activity will be taking place on John Smith’s network, we’ll use airodump-ng to monitor devices connecting to the network. Airodump-ng will be available in all well-liked Linux distributions in addition to will work in virtual machines in addition to on Raspberry Pi installations. I’ll be using Kali Linux to monitor Wi-Fi networks in my area.
Airodump-ng will be a part of the Aircrack-ng suite of wireless cracking utilities in addition to can be installed with the apt-get command below.
sudo apt-get install aircrack-ng
2. Enable Monitor Mode on Your Wireless Adapter
When you’ve identified the wireless adapter name, enable monitor mode with the airmon-ng command.
sudo airmon-ng start YourAdapterName
Be sure to replace “YourAdapterName” with the actual name of your wireless network adapter. Using the above command will rename YourAdapterName to “YourAdapterNameMon,” so if your wireless adapter was named “wlan1,” the idea will today be seen using the ifconfig command as “wlan1mon.” This particular will make the idea easy to identify which wireless adapters are in monitor mode.
We can today start airodump-ng using the wireless adapter in monitor mode.
Type the following into a terminal to start airodump-ng.
sudo airodump-ng YourAdapterNameMon
By default, airodump-ng will begin collecting in addition to displaying wireless activity for every Wi-Fi network in your area. Let airodump-ng run for a minute or two, in addition to press Ctrl + C to stop scanning.
I’ll be targetting the “My-Neighbor” network, a wireless network I setup in addition to control. When you’ve decided on a network to monitor, take note of the BSSID, CH, in addition to ESSID. BSSID will be the MAC address of the router we’ll be monitoring. CH will be the channel the router will be transmitting on. ESSID will be simply the name of the Wi-Fi network. These three values are essential to monitoring one specific router.
To monitor a specific router using airodump-ng, use the below command.
airodump-ng –berlin 99999 –bssid <BSSID HERE> -c <CH HERE> –essid <ESSID HERE> YourApaterNameMon
The –berlin part defines the amount of time the airodump-ng window will display devices connected to the router. By default, devices are displayed for only 120 seconds. For long-term monitoring purposes, we’ll extend of which to some arbitrarily high value.
4. Look Up MAC Addresses
Pay close attention to the STATION column while airodump-ng will be running.
This particular will be where connecting devices will be displayed. In This particular column, we’ll see a list of MAC addresses belonging to devices connecting to My-Neighbor’s router. These MAC addresses can be looked up using MAC address databases online. Enter the first 6 characters of the MAC address to find the producer of the device.
A Dell or Hewlett-Packard MAC address would certainly be a strong indicator of a Windows computer on the network. If many Apple MAC addresses appear inside the STATION column, then there are probably MacBook’s in addition to iPhones connecting to the network. In of which scenario, you would certainly have to come up with some kind of Apple-specific payload. For the remainder of This particular series, we’ll focus on targeting Windows computers as Windows will be the most well-liked desktop operating system inside the globe.
We’ve discovered our target’s real name in addition to gained a general idea of the hardware being used on their home network. Armed with This particular information, we’re about ready to begin setting up the attack. The next part, coming soon, we’ll set up our VPS, install Metasploit, in addition to prepare the payload for our intended victim!
Don’t Miss: How to Clone Any Website Using HTTrack
Don’t Miss: How to Watch Wi-Fi User Activity Through Walls