Lecture Transcript - Teaser - Hacking a Windows 10 Computer & Accessing Their Webcam

Now, before we dive into the course content, I'd like to give you a teaser or a taste of what you'll be able to do by the end of the course.

So this is going to be one example that's based on one topic that's covered in one subsection of the course.

Now, because this is a teaser lecture, I'm not going to explain the technical aspect of how am I doing this?

Because I'm going to teach you how to do this as you go through the course.

For now, just sit back and enjoy this lecture.

And after this lecture, we're going to dive into the course content where you learn how to do things like this and much, much more.

So in this example, we're going to be hacking this Windows 11 computer from this hacking machine.

And the first section of the course, I'm going to show you how to set up your hiking club, including this hiking machine and the target windows machine.

But for now, what I want to do is I want to hike this computer from this hiking machine.

Now, the attack that I'm going to show you right now and everything that I show you throughout the course works on Windows 11 and Windows ten and previous versions.

But for now, I'm using Windows 11 because it's the latest.

And the way that I'm going to hack that computer.

Mainly, I'm going to be using a framework called beef.

Beef is a browser exploitation framework that allows us to run a number of attacks against a target browser.

Now, for us to be able to use beef, we have to inject beef code into the target's browser.

So we have to actually inject beef code into the browser of the target computer, which happens to be Chrome in this example.

Now we're going to use another program called Buttercup in order to inject beef hook code automatically into the target browser.

So the target user will not even know that they clicked or did something suspicious.

Now, I've already configured Buttercup to do that, so I'm simply just going to run it by giving it to my network interface and giving it a script that I'm calling here.

Spoof the cup that will place me in the middle of the connections, allowing us allowing Buttercup to inject the hook code of beef into the browser off the target.

Now I'm going to show you how to do this, how to use Buttercup and how to write this script yourself as we go through the course.

So this is just a teaser for you to enjoy.

So I'm going to simply run it.

And now Buttercup is going to intercept all the data that will be sent and received from this computer.

And the last step, I'm going to run a couplet that is called Steph's hijack couplet.

This script will allow us to downgrade connections and inject Beef's code into the browser.

Again, I'm going to show you how to write that script and use it later on in the course.

So just watch it and enjoy.

So I'm simply going to hit enter to run that.

And as you can see, we get no errors, meaning that everything is running successfully.

And I'm also in here, if you look at the top part of my terminal window, I'm actually listening for incoming connections because eventually the end goal is I want to be able to receive a connection from the target computer, from my backdoor so that I can control their computer and do anything I want on it.

So right now, I'm listening for incoming connections.

So when my attack is successful, I will get a connection in here.

So let's go ahead to the target computer and simply run the browser.

So we're assuming that this is the normal target user.

On their browser.

And for example, they go to Google Dot IEEE in order to just browse the Internet or search for something

that is interesting to them.

Now, when this happens, Buttercup is going to automatically inject the hook code for beef.

And if we go to beef, you can see that now we have a new online browser.

So right now, beef is connected to this browser right here.

This browser is hooked to beef, and therefore we can click on it, get the detailed information about it.

And if we click on the commands, we'll be able to run a large number of commands that'll allow us to downgrade connections and inject Beef's code into the browser.

Now, we will go through all of that later on in the course, but the one that I want to show you right now is in the social engineering category.

It basically shows a fake notification bar for Chrome browsers.

So we're going to display a message saying Critical update.

Click here to install and then we're going to give a link to my backdoor.

So when the user clicks on that message, they will install a backdoor.

Now I've already created that backdoor and hosted it on the web server of KDE.

Again, I will show you how to use that web server and I'll show you how to create backdoors later on in the course.

So for now, we're just executing and running information that we already know, just as a teaser.

So I'm going to hit, execute and let's go to the target browser.

And as you can see, we're getting a notification bar in here telling us that there is a critical update.

Click here to install.

Now, you could say that there's an update for Chrome or whatever.

You can make this message more convincing.

So if you click on install, you'll see that the file will get downloaded into my downloads just like any other file.

And if I go to the downloads, let me show you what this file looks like.

You will notice that the file has the right icon for the Chrome installer.

So right here I actually have a clean Chrome installer.

As you can see, I'm naming it clean and this is the one that actually contains a backdoor.

So you can see the files look identical.

But if I run the updates that we just downloaded.

You will notice that you get this warning for running an executable.

So we're going to run it for an unknown publisher and then it's actually going to let you install Chrome, as you can see.

So it's a Google update set up.

If you say yes, you'll actually get the normal installer for Chrome.

But if we go to the High Commission in here and look at where I was listening for income and connections, you will notice that I actually got a connection from the Target Windows Machine.

So now I hacked that computer and I can do anything that the normal user can do on their computer so I can access their file system.

I can register every keystroke they type on their keyboard.

I can listen to their music.

I can turn on their keyboard.

I can turn on their camera.

I can do anything that they can do on their computer.

And just as a quick example to show you how severe this is, I'm going to do a webcam list to list all of the webcams connected to this computer.

And as you can see, we have only one webcam.

So I'm going to do webcam stream.

Number one, the first camera.

And if I hit enter, we can see a live stream of the target person.

Now, this is just one example of what you're going to learn in this course.

And like I said, don't worry about the technical aspects.

I've connected a number of attacks here in order to achieve this.

But we're going to focus and cover every single piece of the puzzle that allowed us to do this.

So don't worry about it at all.

This is just a teaser to show you what you're going to be able to do by the end of the course.