Cybersecurity Awareness Month

Have you ever unintentionally downloaded a malicious file from a phishing email and ran it? Have you ever wondered what happens on a hacker's screen when you fall for their phishing email? 

In this video, I have demonstrated one of the many things that happens to a target system when they run a malicious file from a phishing attempt and how hackers operate it at their end.

Hypervisor used - Oracle VM VirtualBox

Attacker's Machine - Parrot OS

Target Machine - Weakly configured Windows 11

I will be playing both roles for this demonstration.

In this scenario I will be establishing an unauthorized VNC session by exploiting client-side vulnerabilities like -

1) Human Vulnerability (Social Engineering) - The victim tends to be tricked and to fall for the phishing email attachment(s).

2) Lack of File Integrity Checks - When the user downloads and runs the malicious file, the operating system does not block or inspect the file properly

3) Lack of/No Anti-virus or security software - The Windows 11 machine being used doesn't have any anti virus or security software and hence its a weakly configured (vulnerable) system.

What is a VNC session?

VNC (Virtual Network Computing) allows attackers to remotely control a target's computer in real time, mirroring the victim's screen and actions. It works by transmitting the target’s screen to the attacker's computer, allowing them to interact with the remote machine as if they were physically in front of it. VNC is commonly used by network admins for remote IT desktop support, but hackers exploit it to spy on their victim's activities without their knowledge. They can see what they see and what they do, therefore they can steal sensitive information or launch further attacks.

Brief steps done - 

1) Creation of the malicious payload using msfvenom - specifically using the meterpreter/reverse_tcp payload.

2) Propagating that payload via shared directory (Emails would be used in a real scenario).

3) Creation of the listener using Metasploit.

4) Privilege Escalation with PowerUp.ps1 (Optional) - 

PowerUp.ps1 is a script for privilege escalation. It’s uploaded from the attacker’s machine. By bypassing Windows PowerShell's execution policies, it can identify vulnerabilities to gain higher-level access, such as admin privileges on the target system.

Conclusion: 

All this could only be done because of how vulnerable the system was and how easily any of us could fall for such a trap. The goal is to raise cybersecurity awareness for among users and employees across all organizations. I hope this encourages everyone to stay vigilant, regularly update their antivirus and security software, and avoid executing files from unverified or unknown sources. 

Happy Cybersecurity Awareness Month! 🛡️ Stay vigilant, stay secure.

#Cybersecurity #CyberAwareness #EthicalHacking #Phishing

See the demo here:

VNC Session Demo