Haunt a Computer Using SSH [Tutorial]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you've ever needed to prove you have remote access to a computer we'll show you some flashy ssh hacks which will definitely let a user know you have remote access on this episode of cyber weapons lab [Music] [Applause] [Music] when we're usually talking about SSH access to a computer we're talking about backdoor access that the user has virtually no way of knowing what's going on and that's an advantage for a hacker looking to do a bunch of bad things clandestinely now there might be some circumstances where we actually want the user to know that we have backdoor access and that could be like a penetration tester who needs to let the client know and that client might not be very tech savvy that they actually have gotten access to this box and they need to fix something now a client might not understand the implications of just encrypting a single file or doing something that's not that malicious so instead we can stay away from doing anything super malicious and instead use our access to play a couple pranks that might make someone who doesn't know a lot about computers think that their computer is actually haunted now in order to do this we'll simply have to have another computer on the network that we know the credentials to add that has an SSH server running and we can do that with a ducky script payload or maybe with some malware that has that as the end stage now we also need to be on the same network and this is important because if we're going to be doing this over the Internet we would need to do some port forwarding on our router or something like that so for now we're just going to cover doing this on the same network as the device you want to access remotely now also make sure you have permission to do this because if you do it against someone who doesn't know what's going on they're probably going to think this is much more serious than it really is and you could get in a lot of trouble doing this against someone who doesn't want you on their box running a bunch of remote commands now if you can confuse while you're doing this you can also check out the null byte article linked in the description because it'll probably help you if you get snacked once you have a computer on the same network with the ssh server ready to go and this is a UNIX computer so it can be Mac OS or Linux then we're ready to begin now today our goal is a little bit different than usual where we would be trying to be stealthy and go undetected instead we want to prove beyond a reasonable doubt that we have remote access to this computer to someone who might not be very tech savvy or otherwise just do a bunch of spooky remote stuff to a computer that we have SSH access to now first step obviously is going to be to log into this computer so in this case I have remote access to a computer at 192 168 0 16 so I'll login with the really secure password and we should be logged in to a bun too and now we can start to have some fun but first there's a couple things we need to do in order to make our interaction less subtle with the computer so normally the beauty of SSH is we're logged into kind of like a backdoor and the user has no idea what we're doing because there's no real opportunity for them to see any of this sort of stuff that we're doing even if we were going to launch a terminal by default it would be forwarding a graphical x window meaning a firefox window would pop up on our end rather than on theirs now in order to change this we need to modify a couple things in order to make sure that we're exporting all of the graphical stuff we're calling to the display rather than back to our SSH window so first we're going to export display and then equals : 0.0 all right now we should also be recording on our other device so let's go ahead and just launch something really simple and see if we can make it just pop up really fast so if we type say X term let's see if we can watch there we go all right so even that is probably enough to spook someone but let's go ahead and start taking it a little bit further with some audio effects and also some video effects so on our attacker computer let's go ahead and type sudo modprobe PCs PKR and that is going to allow us to actually modify the speaker and start putting out some interesting sounds so we can type in the password again and now we have the ability to spark start making some beeping sounds and some other noises now all right one of the first things we can do is use the built-in speak to just say something that might alarm user let's say types a and then in quotes you have been hired all right so that's that's already something that might cause someone to run into the room thinking someone else is there but that voice isn't the only voice that the computer can do we want to change something we can also try espeak and try another string to see if it sounds more realistic you have been hocked big-time personally I like espeak a little bit better than say it sounds a little bit less demonic but in general either these are enough to make someone immediately think there's someone else in the room or not understand where that voice is coming from in their computer box so you can make it say all sorts of hilarious things obviously after you do the pseudo mop probe PC speaker command but keep in mind that there is even more stuff you can do and making the computer talk isn't there's necessarily the most fun way to interact with your target now people deal with technology making noises all the time and if it's talking to them it might occur to them that it's somebody's messing with them but if you start to introduce some nebulous beeping then people usually have a harder time figuring it out so we're gonna introduce a program called beep and if it's not installed by default you can type apt install beep and it should sudo apt install beep and I like people lot because it's capable of making all sorts of random annoying noises now if you type man beep which is a great command then you can see that there's a general syntax for you can define the length of the beep the frequency of the beat there's so many different types of beeps you can generate but in general I like to combine these beeps with different things so here we let's just do a really simple example let's see beep taxi tack F so I'm going to hew out of this all right now we're gonna go ahead and paste the beep command and I'm just going to set the frequency to 400 megahertz the duration to 50 milliseconds I think and then the length to 10 milliseconds and let's see what that sounds like very subtle let's increase the length a little bit and maybe make it a little higher see what that sounds like and maybe increase the duration okay so now we have a beep now this beep can drive people crazy we can really make them think that something is very wrong with their computer depending on the way that we use it so if we want to do something like have a series of beeps there's even different ways that we can let's see if we can do a tack are two now we can start repeating the beep so let's say let's drop this down to a little bit lower of a noise and maybe make the repetition 10 imagine if you're on your computer and it's just charted making this noise it would be a little bit concerning especially if you hadn't done anything to really warrant getting warned by your computer that way well imagine if it did it every 60 seconds well one way that you can make a computer really start to exhibit signs of being seriously compromised is by installing a cron tab so let's go to CRO n ta B and we'll type tak L and that will list all the cron tabs that are currently there if there are any and you might see none here but here you can see that I've created a malicious beep one that is just commented out here so to change that we can type quant AB Tech e and then go down here and get rid of this commented out section so we'll go ahead and press control X & Y to save and now we've installed a cron tab which every 60 seconds will start beeping out of control for 10 10 different times Eddie frequency of 300 point seven which is quite annoying and very concerning especially if you're just rying to go about your business and your computer is persistently beeping at you now we'll prepare this in a second but what else can we do that's really going to be alarming to someone who doesn't know a lot about come oh oh something up something's gone horribly wrong alright I am so not something that we want to hear let's go back and comment this out so we can continue with what we're doing without being disturbed but you can see that every 60 seconds this is going off is gonna be really annoying and basically what we're saying here is that this is checking for minutes hours days and effectively were saying wild card every 60 seconds when you check this go ahead and run this command which is very very annoying we can also expand on this with any of the techniques we're going to talk about which will basically give us a platform to schedule things that can be really annoying and very flashy like our next example which will be to open a xterm window as maximized as it possibly can be and then also do something that's gonna look very suspicious let's do sudo X term which will open up a sketchy looking terminal window we'll type max um tack maximize will do tack e4 execute and will do sudo TCP dump and what this is gonna do is basically monitor the web traffic but to somebody who doesn't understand technology it's gonna look like their system has been hacked big-time let's try it fun oh oh so imagine if your computer was doing this suddenly and beeping furiously you probably wouldn't like it but we can make this even worse so let's go ahead and do this let's go ahead and cancel that and then imagine that you're sitting at your computer and we want to make this happen ten times so basically we want to make it so the person is working on a normal program and all of a sudden these X terminal windows that are spewing a bunch of information about the internet just start popping up all over and messing with them all right well let's go ahead and do that so we'll do a bash command that's just for I in and then within these brackets we'll type I oh sorry one dot dot and then the number we want to go to in this case let's do ten we'll say we'll close this and type do and we'll go ahead and do what we did before we'll do a sudo X term maximize all that fun stuff and then at the end of this we'll close it off with a semicolon and then type done and if you don't type done that it never knows when it's what's done and it's very annoying so all right pretend your user you're on your computer and then let's see if this works oops so I'll need to go back and put one less semicolon range here let's see if this works all right so these are tries to exit out there they don't like this it's spooky and they want it to go away so they'll click out of the window and there it is again and again and again and again there's really not much they can do it's gonna go ten times you can make it a hundred times you can make this the bash jaw crontab so that it just keeps happening every 60 seconds it's very very frustrating and this can definitely start to get on someone's nerves especially if when they're trying to do something and you start killing their processes so if you want to kill processes let's say that we have somebody working on Firefox and they've opened up a window and they're trying to get something done we can type top in order to get the process ID and here we can see the process ID for Firefox is right there I'll press ctrl C to stop it and on the user side they're kind of doing their thing and we can just type kill and then the process ID and now they're not doing anything they were doing before annoying very annoying in fact you can even do a cron tab that basically searches for our a process that's running and kills it persistently so they really can't do anything at all which is very annoying all right so I've created one script that I think is pretty funny and we can do the Rick's worm or the beeps let's do the Rick swarm because everybody loves the Rick's worm so just so you can see the beeps is effectively well okay they're too good we have to do them okay so another thing we can do is put up alarming warnings that basically really scare the person into thinking that does something wrong in this case we're going to use whiptail which is a way that we can display warnings in terminal and they really look quite serious when we do them in the right way so first we're going to open an ex terminal window we're going to maximize and fullscreen it we're going to use a large font size and then by executing whiptail we're gonna say in the title that there's a critical warning an action the user has done cannot be undone and then the message box we're gonna say something very scary we also need to define exactly where this is within the terminal and after a little bit of tweaking we found that 2379 is usually the way when a terminal window opens up it's the right way to orient it so let's see if we can make somebody feel a little bit uncomfortable about what they've done on the computer recently by sending them this helpful message there we go now of course we can also can combine this with beeps and all sorts of other things in order to make it really unpleasant and pretty obvious that that person has been hacked all right so let's go ahead and let them go and you can imagine if you've got a hundred of these opening on your desktop window along with a whole bunch of bleeping and other nonsense you would be pretty afraid and freaked out that somebody had definitely broken in but let's top this off with the Rick's form so the Rick swarm will simply open up a bunch of Firefox windows but we're gonna do it if you just do this by default it will actually open up everything any tab which is not as fun so for the coup de Gras we're going to take the Rick's form which is for I in 1 to 10 do Firefox we're going to specify we're going to open in a new window and then we're gonna go to of course the Rick roll video so these don't auto start but as soon as you click on the tab they basically begin loading and playing so let's send this video off by doing a good Rick swarm and we're not just gonna we're not just gonna do 10 we're gonna put our production assistant Nick up against a hundred Rick swarm so let's see if you can punch these out at the end of the video so here we go 100 actually no 200 Rick's are gonna spawn on this computer and this might be the end of the video in terms of being able to record but let's go ahead and send 200 bricks to this poor computer on the other end and if there's any evidence your computer's been haunted it's there's nothing like having a bunch of of Rick's pop up now once we get up to a certain number Firefox might resist us and try to start limiting the number of individual windows we can pop up as you can see we've now broken we broke in the amount of Rick's that we can pop up so 200 might be a little too ambitious let's go back down to 10 and see how those pan out without stressing this attack out too much [Music] these are just a couple of different ways that you can use SSH to prove that you have remote access to a computer now this is of course useful for penetration testers who need to establish that as a matter of their job and for people who have access to a computer in order to play a prank on someone but keep in mind that doing this without permission is probably going to make people think that something really malicious is going on and could cause them to overreact now while this is fun make sure that you don't get caught doing this on a system that you don't have permission to access because it could result in legal fees fines and other sorts of nastiness depending on where you do it and how seriously the person who owns a computer takes a sort of intrusion that's all we have for this episode of cyber weapons lab if you have any problems while you're doing this or setting it up you can check out the null byte article link in the description and if you have any ideas for future episodes send me a message on Twitter at Cody Kinsey because I'd love to hear from you we'll see you next time

Info

Channel: Null Byte

Views: 378,392

Rating: undefined out of 5

Keywords: wht, wonderhowto, nullbyte, null byte, hack, hacking, hacker, hacks, hackers, how to hack, howto, how to, tutorial, guide, cyber weapon, cyber weapons, cyber, Haunting, SSH, Rick roll, Possessing a computer, haunting a computer, SSH hacks, SSH pranks

Id: M0eEwqUpKDc

Channel Id: undefined

Length: 19min 9sec (1149 seconds)

Published: Wed Oct 30 2019