How Hackers access your computer without being detected

For those who understand technology, we live in an extremely interesting time. We’re reminded on an almost daily basis of the struggles of corporations by headlines alerting us to the latest breach. Major parts of the American infrastructure have been called “indefensible” by those tasked with ensuring its security, and nation-states have started to not only see the value in waging cyber-attacks against each other but have begun to do so by amassing large cyber-armies. At the top of this pyramid of understanding sits the payloads. Payloads are programs used by hackers to gain access into your computers, mobile phones and any other internet connected devices.

Using a payload, the hacker is able to travel invisibly without making a sound, manipulate anything they want, go wherever they want on the target’s systems and after erase all traces of their presence in your system.

How a Hacker gets into a protected system

To create undetectable payloads, the attacker uses  a tool called VEIL that helps in the creation of undetectable payloads into the target’s system in order to bypass the security measures and devices at the target’s side and remain undetected. The module for Veil that creates undetectable payloads is called Evasion. These payloads cab bypass security measures like include antivirus software, intrusion detection systems, firewalls, web application firewalls, and numerous others. As nearly all of these devices employ a signature-based detection scheme where they maintain a database of known exploits and payload signatures the key is to use Veil-Evasion to help us create exploits so quickly and does not require a lot of expertise.

Fig showing veil evasion tool initiated

One of the tools Veil is selected for use, and an attacker selects option 1 which is evasion with 41 payloads that could be used to create malicious content to execute on the target’s machine

Fig: evasion tool to launch attacks

A list command is used to view a number of payloads to select from them the basic payload to use

An APT hacker can select payload written in C language on number 7 in order to create an undetected malicious content that is executed from the target’s browser

Fig: a selection of payload to use

The Hacker then sets an IP that he uses to listen on the target’s ports and sets a port 8080 which is not easily suspected in order to listen from the action of the target on the browser

Fig: setting listener on the attacker side

Then the attacker generates the executable malicious content which can be executed on a Windows Operating System and which is stored in /var/lib/lib/compiled on the attacker machine

Fig: showing generated .exe file created

The created file is copied to /var/www/html folder in order for it to be launched on the browser when the target surfs

Fig: Executable to be run on the browser

Apache2 hosting server is started on the target’s machine and PostgreSQL database started and status checked to see if it’s up

Fig showing the status of Apache2

Then a console from where the attacker listens to the target’s intervention is setup on msfconsole

Fig: console started

Exploit is setup and payload set to set a connection with the listening target’s command prompt, target IP (LHOST) set and listening port (LPORT) set and exploit run

Fig: Attacker’s computer set to listen to the network for the target to execute
Fig: showing malicious content on the explorer browser

Then as soon as the target browses and executes the malicious content on their browser, starts a session on attacker’s side

Fig: showing session starting and getting a meterpreter with the target machine

System exploration and manipulation

After getting the meterpreter session with the target, the hacker can access the entire machine by running the possess command on the meterpreter

Fig: showing processes on the target machine

A hacker uses the pwd command to show the working directory on the target machine and after lists all available directories on the target home/root directory

Fig: directories on the home directory of the target

A hacker can decide to get info about the time when the target is idle using >idletime command for his own reasons and may decide to capture keystrokes from the target’s keyboard using keyscan_start, keyscan_dump and keyscan_stop commands

Fig: showing start of keystroke capture
Fig: showing the start of keystroke stop

Think this sounds like the next big Hollywood Sci-fi movie Unfortunately, the threat is much more real than that, and it’s only getting worse. There are cases in which an the Hacker manipulates the systems and are really happening in the real world, and the only thing scarier is what the future holds.

You need to get sensitized about the risks in cyber-attacks and threats to the systems that you operate, Join us at IFIS in partnership with Summit Consulting, on our annual cyber-security awareness and risk management conference, from the 16th – 18th October 2019

For more details and registration procedure, please click here.

 

Share this

Leave a Comment

Scroll to Top
Chat with us
Chat with us
Questions, doubts, issues? We're here to help you!
Connecting...
None of our operators are available at the moment. Please, try again later.
Our operators are busy. Please try again later
:
:
:

The data collected by this form is used to get in touch with you. For more information, please check out our privacy policy
Have you got question? Write to us!
:
:

The data collected by the chat form is used to get in touch with you. For more information, please check out our privacy policy
This chat session has ended
Was this conversation useful? Vote this chat session.
Good Bad