Lecture Transcript - Teaser - Hacking An Android Phone & Accessing The Camera

Right, so now we know how to convert our evil files and make them function like files that the target

person trusts.

It won't show anything that will make the target person thinks that suspicious things are happening,

and it'll also have an icon that to look similar to what the target person expects.

The only problem with the files that we've been generating is that it does not have a convincing extension,

so you can see that the file name ends up with a dot XY.

Even though we're claiming that this file is a PDF.

So that's an issue now, usually on Windows systems.

By default, the computer will not actually show the extension, the file extension, but still the

way that the file looks like this now is still not 100 percent convincing because it ends up with the

Dot EMC.

And in this lecture, I'm going to show you how to spoof the file name to make it look as if this is

a PDF, even though it's still an ICSI.

Now, like I said before, there is exploits that allow you to inject the payload inside a proper PDF

or an image.

But these exploits will not always work.

They'll only work with programs that actually that are vulnerable.

And the latest updates of Acrobat and all these programs are not vulnerable.

So even if someone discovers and exploits say today, for example, this exploit will probably be patched

next week, if not before that.

So if you use the ready exploits, there's a high chance that they won't work.

Where the method that I'm showing you right now is it does not use any exploits and it'll always work.

So what we're going to do here, I'm going to open my leaf, but just so that I write the name of the

file in here just so that it's easier for you to see.

Now, to spoof the file name, I'm going to use a UTF character that will instruct the computer to read

the characters from right to left.

Now, by default, the computer reads the file name from left to right and the way we're going to do

this when we use this character, the computer will read the characters from right to left.

Now this is a bit confusing, but once they use it, it'll become clear to, you know, the file name

has to end with the E and we know that, and there is nothing we can do with that.

Then we're going to have our file name and let's call it, for example, Z.

So the fire like this is very suspicious.

What I'm going to do is I'm going to write the extension that I want to use after the file names, so

I'm going to put on minus.

And then I want to use an extension of a PDF.

So it's PDAF because I'm trying to make my fire look like a PDF.

Now, the reverse of PDF, if you read it from right to left, it's f the P right.

So instead of a PDF, I'm going to delete that and I'm going to write an FTP.

All good so far.

Then what I'm going to do is I'm going to use my right to left character and here before the Earth.

So what's that going to do?

It's going to tell the computer to read everything from from left to right as usual.

That idea, followed by the minus.

And then the computer is going to read my right to left character in here once it reads that character.

It will start reading stuff from right to left.

So it's going to go EMC dot PDF.

OK, now let me do it.

It's going to come more, become more clear, so I'm going to go to my applications and I'm going to

look for characters.

I'm going to hit enter, this is just a program that will allow you to use characters that don't exist

on the keyboard.

So I'm going to go on the search and I'm going to you can see that I've already searched for this both

in your case you want to search for left.

To right.

Override.

And you can see the character showing up right here.

We're going to click on it, and you can see that we have a button that'll allow us to copy the character.

So I'm going to click on that button.

Now the character itself won't display anything on screen.

It'll only tell the computer to read stuff from right to left.

So I'm going to come here.

I'm going to click and I'm going to do control V to pasted and watch what's going to happen.

So you can see now the computer is reading everything from left to right until it hits the right to

left character.

And then it read the stuff from right to left.

So I thread e dot PDF.

So that's me, remove that.

See, everything is back to normal.

So it's FDP dirty, sexy control, the pace, the character and it's exceeded PDF.

Now, this name is still not good, because, like it doesn't really make sense, it's not really useful.

So I'm going to assume that my target is interested on the human body and there, for example, their

study in health science or something related to that.

And I'm going to name my file according to that fact.

So the first thing I'm going to do, I'm going to put my ICSI because that's essential.

Like we said, the file name has to end with any ICSI.

And then I'm going to put the file name.

Also, before the EIC, we need to have the file extension that we need to spoof our file, and that's

going to be if deep, like we said, it's the reverse of PDF.

And then we're going to put the file name, so I'm going to call the file, for example research.

On.

Human.

Reflex.

OK.

And what I'm going to do is I'm actually going to delete the last two eggs because these two eggs will

actually be replaced with the ICSI.

Once I pay my right to left character, so I'm going to delete that and I'm going to paste my right

to left character.

And what's going to happen is the computer is going to read the stuff from left to right.

So it's going to read research on human refill and stop, and then it's going to read stuff from right

to left.

So it's going to read exit, finish the sentence.

So it's going to be human research on human reflex.

And then this will be reversed, as well as going to be read from right to left.

So it's going to be dot PDF.

So I'm going to do control the and here.

And as you can see now, my name is research on human reflex and I have an extra Ihere, but that's

fine.

And then it's ending with the PDF.

So I'm going to copy this file name.

And I'm going to rename my download and execute PDF in here.

And I'm going to highlight everything deleted paste, what I have rename, and that's done.

Now, the only issue with this file is if we go to the Windows machine right here and go to 10 2014

to 13 evil files.

You'll see that we have the file here and you'll see that the name looks fine, so it's research on

human reflects that PDF.

But when we actually come and try to download it, you'll see that Firefox and modern browsers will

detect that there was a right to left character and they'll actually replace it with its Unicode equivalent.

So when you download it, it'll still be a dirty file.

To bypass this issue, we're going to right click this file.

And compress it to add it to an archive, and we're just going to use a zip archive because all Windows

computers support ZIP natively, even if you don't have a program to open it.

So we're going to add it to a zip archive and we're just going to name the file.

We're going to remove the PDF because we don't need that and we're just going to call it research on

human reflex.

I'm going to create.

And that's my zip right here.

So if I refresh now.

So we have the zip file right here.

And this is the fault that you should use to deliver the back door if you're going to ask the person

to download it from a link, if you are given the file on a USB stick or any other delivery method,

then it's fine.

You can just use the right here, but if you are sending it through a URL, make sure you zip it so

that when the person downloads it, the left or the right to left override will not get replaced.

So I'm going to download this.

I'm going to save it.

And I already have 1ra installed.

Now, if you don't have one or installed, you can just double click this and it'll open it for you

and Windows Explorer.

For me, I can just right click it and extract here to open, to extract, to uncompressed the file.

And you can see the father it here.

It has a PDF icon.

It's called research on Human Reflex Dot PDF.

Notice in here it's that PDF.

So it looks exactly like a PDF.

And then if we double click this?

It will open my PDF.

There is no suspicious pop up windows.

And if we go back to our culture machine to Empire, you'll see that we got our agent so we can interact

with this agent.

And as you can see, we have full control over this computer.

We completely hacked it and we managed to do that with a file that has a PDF icon.

It has a PDF extension and it functions like a PDF.

When the person double click said it's going to work like a PDF and the download and execute method

that I showed, you can be used to combine your eval files with any type of file you want.

You can combine it with an image, with a song, with a video, and it'll work exactly the same that

it's working right here.

The same goes with changing the icon and changing the extension.

All of this is very generic, and it can be used to mimic any type of file that you want.

So depending on your target, depending on what they're interested in, depending on the information