“Only use if you are fully aware of your actions.”
We prepared thoroughly for the experiment. We installed several programs at once. They differ slightly in functionality, but their essence is the same - to collect everything that passes through the network to which the computer is connected. Even via Wi-Fi. Even from other people's devices.
None of the programs position themselves as “pirated”, “hacker” or illegal - they can be downloaded online without any problems. True, the antivirus immediately tries to remove one as malicious, but it reacts calmly to the other.
Computers - by list, other people's data - by time
We connect to Wi-Fi: there is no password, the name of the network contains the word “free”. I start scanning, one of the programs immediately finds 15 network connections. For each you can see the IP address, MAC address, for some - the name of the device manufacturer: Sony, Samsung, Apple, LG, HTC.
I find my partner’s laptop among the devices. I connect to it and data that passes through the network begins to appear on the screen. All information is structured by time; there is even a built-in viewer of intercepted data.
We look at each other with our partner, he understands that the surveillance was a success and decides to change the site.
Method 3: WhatsApp Web
The most effective method in terms of the final result (you will receive an image file in the original resolution) method of saving a photo of any messenger user, as well as a picture set as a group chat logo, is available through the use of modern browser tools and requires authorization in the web version of WhatsApp.
Option 1: Computer
- Open any browser for Windows (in the example below - Google Chrome), follow the following link to the WhatsApp Web service website.
Open the WhatsApp Web service website - To log in to the messenger through its web application, scan the QR code presented on the page that opens using the main WhatsApp client installed on your phone.
Read more: Scan a QR code to activate the desktop or web version of the WhatsApp messenger - By clicking on the title of the conversation in the menu on the left, go to a chat with the user whose photo you want to download, or open the group whose logo you want to receive as an image file.
- Click on the chat title, that is, the user name or group name at the top above the message area,
then click on the profile photo thumbnail in the “Contact (Group) Details” area that appears on the right side of the page.
- As a result of following the previous step of the instructions, you will open the photo you are interested in in full size. Now right click on it,
In the menu that opens, select “Save image as...”.
- If the browser is configured accordingly, a window will then appear to select the path for loading the image on the PC disk - go to the desired folder and then click “Save”. If the option to require specifying the file download path is not activated in the browser, the photo will be saved in the default directory (most often in the Windows “Downloads” library).
- That's all - open the folder specified for saving the image in Windows Explorer,
after which you can perform any operations with the image received from WhatsApp, for example, editing or converting to another format.
Option 2: Android or iPhone smartphone
In the absence of access to a PC to follow the previous instructions from this material, downloading a photo of your interlocutor in the messenger using the method in question can also be done in a mobile OS environment, but this will require a second smartphone on Android or iPhone.
- Log in to the WhatsApp Web service on the future (possibly temporary) storage of the profile photo of another messenger user.
smartphone or tablet.
Read more: Opening and logging into WhatsApp Web from an Android device and iPhone
- By touching the title on the left of the page with the open web version of the messenger, open a chat with the user whose photo you need to download. To expand your profile image to full screen, double-tap on it - first to the left of the name above the message area, and then in the “Contact Details” area that opens.
- Further, depending on the OS of the device on which the manipulations are carried out:
- On Android, long press in the space occupied by the image, select “Download image”.
Go to the “Downloads” folder of your device or another directory set for downloading files from the browser you are using – here you will find the target image file.
- In the case of an iPhone, long press in the area of the full-size photo of another Whats App participant displayed by the browser to bring up the menu, tap “Save Image”.
Close or minimize your browser. Launch the iOS Photos application - here you will find the user’s avatar copied from the messenger in original quality.
- On Android, long press in the space occupied by the image, select “Download image”.
We are glad that we were able to help you solve the problem. In addition to this article, there are 12,280 more instructions on the site. Add the Lumpics.ru website to your bookmarks (CTRL+D) and we will definitely be useful to you. Thank the author and share the article on social networks.
Describe what didn't work for you. Our specialists will try to answer as quickly as possible.
The “victim” sits a couple of meters away, and we stare at her photo on the Internet
I continue to watch. An online game has clearly started on his partner’s laptop: program commands are constantly being sent to the network, information about the situation on the battlefield is being received. You can see the nicknames of your opponents, their game levels and much more.
A message arrives from VKontakte. In one of the detailed message specifications, we find that the user ID is visible in each of them. If you paste it into the browser, the account of the person who received the message will open.
We open the partner’s VKontakte page: the page contains the first name, last name and a whole bunch of other information.
Beyond: functions for intercepting passwords and messages
Photos and sounds are not all that can be “transferred” to the available Wi-Fi. For example, one of the programs has a separate tab to track correspondence on social networks and instant messengers. Messages are decrypted and sorted by time of sending.
Showing someone else's correspondence is beyond good and evil. But it works. As an illustration, here is part of the dialogue of the author of the text, caught by the tracking computer from the “victim” device.
Another program separately “stores” all cookies and user information, including passwords. Fortunately, in encrypted form, but it immediately offers to install a utility that will decrypt them. We firmly decide not to do this, even though a lot of “good” is gained over several sessions.
Photo + from someone else's computer
Home • Articles archive • Photo + from someone else’s computer 2016-02-09
Flash Drive Spy Or How to Steal Photos from Someone Else's Computer Unnoticed.
I’ve always wondered what kind of secret information my girlfriend stores under a password on her computer, and at the same time closely watches my body movements when I’m sitting at her computer online, checking email or sitting in class. Jealousy is a deadly thing. One day, I finally decided to desperately search for incriminating evidence while my missus was taking a shower, but I didn’t find anything. Apparently I hid the folders or I just didn’t know what I wanted to find.
I once came across a very interesting video on VKontakte, on my friend’s page, where the guys in the video, using some kind of “spy flash drive,” were leaking information from the victim’s computer, and they did it completely unnoticed, and they could decide for themselves what information they needed to “steal” and how much time to spend on this. I'm excited about this idea! It seemed that I had found the answer to the question that kept me up at night.
I went to the site that was indicated in the video, studied all the possibilities of such a unique and outlandish gadget for me, and ordered myself the most inexpensive option with a capacity of 4 GB. The spy flash drive came to me within a week by mail, and by the way, I paid for it at the post office (cash on delivery)
There was a lot of free space on the flash drive, because... the distribution package of the program installed on it took up only a few kilobytes. I threw an interesting film at her - “Cowboys vs. Aliens”, my friend had been begging me to download this film for her for a long time, and I was also eager to watch it, and then a reason appeared. I opened the instructions and set the necessary settings. I decided that I would look for photos and videos from my mobile phone. The instructions stated that photographs usually have a jpg extension and weigh more than 300Kb, and video from a mobile phone is often stored in 3jp format and can be of any size.
He came to his beloved. From the doorway, he delighted her that he had brought a film that she had long wanted to see. To celebrate, I was immediately taken to the computer, as if I hadn’t learned where it was in three years. I inserted the flash drive and began transferring the film to her computer while simultaneously launching the spy program. When the movie was copied, we immediately started watching it, but I didn’t take out the flash drive from the computer so that more interesting things could be found and downloaded.
At home I checked the flash drive, it turns out she very carefully hid from me photos from a corporate party two years ago, and something else interesting from her friend’s birthday. We discussed all this with her and agreed that the password from her computer would be removed and I would have access at any time.
"Interception attempt detected"
It turns out that almost any information can be lost via Wi-Fi. Although everything is not so bad: similar programs do not work everywhere. For example, in another cafe the insidious plan was immediately discovered. The program, instead of the MAC addresses of the neighbors' computers, gave only one address - mine - with a comment that an attempt to intercept traffic was detected.
But this is an isolated case. Many public networks do not provide any protection at all, and sometimes even a password. This means that anyone can intercept the traffic of colleagues, friends or strangers.
The most reliable way out of this situation is one: do not transmit any important information through public networks. For example, do not send phone numbers and passwords in messages and do not pay with a payment card outside the home.
It is also advisable to be more responsible about protecting your device, otherwise you need to be ready to say goodbye to personal information.
If you notice an error in the text of the news, please highlight it and press Ctrl+Enter
How to hack someone else's computer remotely using a picture
Using the FakeImageExploiter tool, you can gain access to a remote computer using a payload embedded in an image file.
This tool takes one existing image.jpg file and one payload.exe file (user input) and creates a new payload (agent.jpg.exe) which, when run, initiates the download of the previous 2 files stored on the apache2 web server ( .jpg + payload.exe). This module also changes the agent icon to match a single file.jpg icon. Then uses 'hide - known file extensions' to hide the .exe extension (final: agent.jpg.exe)
Usage:
FakeImageExploiter - Stores all files in apache2, creating an archive, starts apache2 and Metasploit services (handler) and provides a URL to be sent to the target device. Once the user runs the executable, our image will be downloaded and opened in the default image viewer, subsequently the malicious information will be executed and we will have an active meterpreter session.
But it also saves the agent (not the zip) into the FakeImageExploiter/output folder if we want to deliver agent.jpg.exe using a different attack vector.
This tool also creates a cleaner.rc file to remove payloads remaining on the target host. I advise you to migrate to another process before using it.
Supported distributions: Linux Ubuntu, Kali, Mint, Parrot OS
Dependencies:
· xterm, zenity, apache2, mingw32 [64], ResourceHacker (wine)
· Automatic installation of ResourceHacker.exe in the ../.wine/Program Files /… section
Installation:
> git clone https://github.com/r00t-3xp10it/FakeImageExploiter
> cd FakeImageExploiter
> chmod +x FakeNameExlpoiter.sh
Launch:
> ./FakeImageExploiter.sh
Before starting you must:
· Create a payload (using the methods available to you, Veil-Evasion, Metasploit, Venom, I listed not the most reliable, but it will do for the test)
· Download any image in .jpg format
As a test, I will use (the payload generator will be Veil-Evasion) type - python/meterpreter/rev_https.
Everything is ready to create the final file – archive:
We will combine these files into one archive. Launch FakeImageExploiter:
> ./FakeImageExploiter.sh
Click OK, selecting Windows 7. For the program to work correctly, ResourceHacker is required; if it is not installed, the program will install it itself:
When everything is ready, launch the framework:
After the necessary services have started, we will be asked to select first the payload and then the image. There is also a point: to use a payload in .exe format, you need to change the following in the settings file:
On the:
Following the prompts, we create an archive and a link to it on the web server:
Now all that remains is to share the link with our target host:
Download the archive:
Unpack and start viewing the image:
Everything would be fine, of course, but it’s clear that this application swears on Windows 8, I haven’t tried it on younger versions. In general, it’s not bad, if you approach it with imagination, you can benefit from it.
And of course, an active meterpreter session opens:
In the task manager this abomination looks like this:
I think we can finish here.
Click to rate this post!
[Total: 15 Average: 4.7]
