In this hack, I will show you ways that you can find out what that suspicious neighbor is actually up to. This will require skills from multiple tutorials on here, so if you're a newbie, be patient and go through the guides I reference for you.
Step 1: Crack His Wi-Fi
The first step is to crack his Wi-Fi. If we can get a connection to his Wi-Fi router/AP, we can connect to it and be inside his LAN.Let's open BackTrack and use aircarck-ng to crack his wireless. If you need more information on cracking Wi-Fi, check out my guide on aircrack-ng basics and on cracking WPA2 passwords.
First, we need to put our wireless card in monitor mode. We can do that with:
- bt > airmon-ng start wlan0
- bt > airodump-ng mon0
My next step is to figure which of these is my creepy neighbor's AP. Since he is just few houses away, his signal would be relatively strong. The second column, PWR, gives me the power of the signal. Lower numbers are more powerful.
I'm guessing he is SSID "myquest3231," the fifth AP on my list. I know this because when I drove by his house a couple of days ago with my laptop and wireless in monitor mode, it was the strongest signal when I was in his vicinity. There is no way to know definitively, but that is my best guess. If it doesn't work, I'll try another.
Now we need to break the WPA2 encryption to get into his network.
The first step in WPA2 cracking is to lock onto his AP and capture his password hash. We can do this with the airodump-ng command and then forcing him to reauthenticate by bumping him off his AP with a deauthenticate (deauth) sent with the airoreplay-ng command. Check out my guide on cracking WPA2 passwords with aircrack-ng for help on this.
It may take a few hours, but now I have his WPA2 password and I'm inside his network!
Step 2: Enumerate with Netdiscover
Now that we're connected to his wireless network, let's see what systems are on his network. In an earlier tutorial, I showed you how to use the ARP protocol to enumerate all the systems on a network. Let's find out what systems he has INSIDE his home that we might be able to exploit.- bt > netdiscover -r 192.168.1.0/24
Step 3: Scan His Network
As you can see from the screenshot above, there are several devices on his LAN. Before we decide to attack, let's do a quick nmap connect scan (-sT) of the devices and systems on his local network. For some background on nmap, check out my guide on conducting active recon with nmap.Let's scan his entire network so see what ports are open.
- bt > nmap -sT 192.168.1.0/24
Interestingly, the 192.168.1.103 identifies the MAC address as "BarnesandNoble.com". My first inclination is that is a Barnes and Noble "Nook", the Android powered reader/tablet.
The second IP, 192.168.1.107, is probably a smartphone connected to his wireless as it has no ports open but 80.
Lastly, 192.168.1.108, appears to be a Windows PC with an awful lot of services running on it. That is probably the machine we want to attack.
Step 4: Discover the Operating Systems
Now that we know a little about the devices on his home network, we need to find one that is susceptible to exploitation. Let's do a xprobe2 OS detection against these systems to discover what operating system they are running. We are looking for one system we can exploit. For some background on this, check out my guide on conducting OS fingerprinting with xprobe2.First, let's scan 192.168.1.103 on his network. That's the one that we suspect is a "Nook".
- bt > xprobe2 192.168.1.103
- bt > xprobe2 192.168.1.107
On the other hand, I know that xprobe2—as good as it is at OS fingerprinting—often misjudges the OS, especially if they are the same Microsoft OS build (or very close). Xprobe2 runs numerous tests by probing the system and seeing how it responds to those probes. Similar operating systems often will respond similarly. I happen to know from experience that xprobe2 often mistakes Windows Vista and Windows XP SP2. At least we have narrowed it down to those two.
Now, we know we need to find a hack that will work on either of those systems. Since Vista is a bit more secure than XP, let's assume it is Vista, as most hacks that work with Vista will also work with XP. If that doesn't work, we know for sure we can hack XP, as it is so flawed and vulnerable.
Step 5: Hack One of the Systems
As I've shown you before, Windows Vista is vulnerable to multiple hacks. If you go back and read that tutorial, I showed how to hack Vista through SMB (port 445). If you look back at our nmap scan in Step #3 on this machine, you can see that port 445 is open, so this system might be vulnerable to this hack. Generally, this exploit works against Windows Vista and early versions of Windows Server 2008.Let's fire up Metasploit and try to exploit this system with the follow command against my creepy neighbor's computer.
- windows/smb/ms09_050_smb2_negotiate_func_index
The only thing left to do now is EXPLOIT! This exploit does not always work, so I'm persistent and try several times before I finally get it to work and get a meterpreter prompt.
Step 6: Turn on the Webcam
In an earlier tutorial, I showed you a script built into meterpreter that enables us to turn on the victim's webcam. Let's run that script and take a look inside our creepy neighbor's home. Before we do that, let's disable his antivirus program, just in case.- meterpreter > run killav.rb
- meterpreter > webcam_snap
Step 7: Look Around
OMG! Just as I thought! He is up to no good. He's holding a hostage in his home!Of course, there is the small matter of explaining to law enforcement how I got this picture from his webcam, but I'm sure they will understand.
This is just another example of how hacking can be used for the forces of good and justice, so keep coming back my neophyte hackers for more adventures in Hackerland!
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com