how to hack mobile front camera without touching it using saycheese 2019

Hello today i will show you how to install and use SayCheese on linux debian based distributions with this program we can hack victim’s webcam photo and it will send photos to us back.

This program was originally developed for laptop , but as it uses javascript and javascript is enabled on pretty much all the browsers except TOR , it makes this tool device/platform independent, as you will see that it can be used to take snaps from the front webcam by sending just a link to the victim.


How it works:
This program generates a malicious HTTPS page using Ngrok or Serveo Port Forwarding methods, and a javascript code to fetch requests using MediaDevices.getUserMedia.   


How to install saycheese:  

Git repo : https://github.com/thelinuxchoice/saycheese.git

copy the webpage address and paste it on your browser to download the tool.

Open Terminal and Type the following command

git clone https://github.com/thelinuxchoice/saycheese.git
[It will copy the program directory on your local disk.]

ls
[To see list of directories] 

cd saycheese
[To go in saycheese directory]

ls
[again ls to see the list of directories in the saycheese folder]

chmod +x saycheese.sh
[This command will give all permissions to the file to execute]

Now execute the program by typing the command :

./saycheese.sh
[This will start our program and now it will promt us to enter 1 to use serveo.net and press 2 to use ngrok]

Note : Serveo.net and ngrok are port forwarding methods for more details you can find our previous article on how to port forward without router access.

Here we will press 2 to use ngrok, you can also choose option 1 it all depends on you.

Note : It can take some time to execute because we are using it for the first time.

Now at last this program will give us a link, copy that link and send it to the target, and wait untill he/she opens the link, if link is opened in the target mobile phone only after that you will find images of front camera inside your saycheese directory.

To convince the target to grant permissions to access the cam, the page uses a javascript code made by https://github.com/wybiral that turns the favicon into a cam stream.



Please find practical video below :: how you can hack mobile phone's front camera just by sending a mallicious link.

SMS/Call Bombing using TBomb for linux distribution and Termux

TBomb

This is a SMS Bomber for Debian Based Linux And Termux..
This Script is Only For Educational Purposes or To Prank. Do not Use This To Harm Others. I Am Not Responsible For The Misuse Of The Script.

The Script Requires A working Net Connection To Work.. No Balance will be deducted for using this script to send SMS.

How to install TBomb  on your linux distribution debian based and on Termux.

https://github.com/TheSpeedX/TBomb.git

Download the script from above link. To download follow below given commands.

To install on Linux distribution debian based type on Terminal:

apt-get install git  [incase git is not installed on the system]

git clone https://github.com/TheSpeedX/TBomb.git [To download script from git]


cd TBomb  [to go in directory named TBomb]

ls      [to see files and folders inside the directory here we will  find the .sh script named TBomb.sh, this is our main file]

chmod +x TBomb.sh   [this command will give full permissions to our script, it is very important to do so before executing our script]

./TBomb.sh   [this command will execute our script]

 

 Next step:

Press enter to continue

  
Finally our script started

 Next step:

Now, here are 6 options 
1 To start SMS bomber
2 To start call bomber
3 To update
4 To protect your number 
5 To view features
6 To exit

Here we will make 1 to start sms bombing attack or press 2 for initiate call bombing attack, it depends on you.

here we press 1 to start sms bomber

It saying to enter your county code without + sign, after entering the county code it will ask to enter target mobile number, so enter your target mobile number here. now it will ask you to enter number of messages to send, press 0 for unlimited.

Enter the delay time, i will suggest you to keep it default which is 2 sec. Now it asking for the enter number of threads between 10 to 20 so, set it to default which is 20.

In last and final step before executing the attack it is saying Sorry
To Interrupt !!!But Due To Heavy Requests To TBomb We Need To Verify You ... You Just Need To Go To This Link:   
https://gplinks.in/8mqzEo
And Enter The Code Here
Code: 




[you can grab the code by visiting the link and click on get code, copy it and paste it.  
after getting the code type your code and your script will start to send spam messages to the Target. 

For Termux

To USE the Script Type The Following Commands in Termux

apt install git
git clone https://github.com/TheSpeedX/TBomb.git
cd TBomb
chmod +x TBomb.sh
./TBomb.sh

 Note : See video below for more information on grabing and entering the code.

Basic linux commands for beginners

Today we are going to talk about common linux commands used for penetration testing and as well as for other varient of linux distribution. I will explain all the basic commands which will make you familiar with the linux environment. beginners can follow this article to make your basic clear.





If  you want to update and upgrade your whole system then you can type command given below . It is very important to update and upgrade your whole system for better results. In given command we have join two different commands in one execution and added -y for yes, after this it will not promt us permission to type Y  yes and N for no, definately it will save our time.

Syntax:

sudo apt-get update && sudo apt-get dist-upgrade -y

If you want to know your current path location in the terminal then you can type

Syntax:

pwd

  





If you want to see files and directories then you can type

Syntax:

ls 

If you want to go from one directory to another directory then type

Syntax:

cd directoryname

if you want to go one step back from from your current path location then type

Syntax:

cd ..

 If you want to go to your home directory from the current path location. then type

Syntax:

If you want to make a directory then type 

Syntax:

mkdir directoryname

If you want to create a file then you can type

Syntax:

touch filename

If you want to remove a file then type 

Syntax:

rm filename

If you want to remove a non empty directory then type 

Syntax:

rm -rf directoryname

If you want to insert text or write anything in a file then type

Syntax:

echo "Yourtext" > filename

If you want to read the content of a file then type 

Syntax:

cat filename

If want to move your file from one location to another then type 

Syntax:

sudo mv filename /locationpath

If you want help related to any command then type

Syntax:

man commandname

example : man rm
                 man cp
                man reboot
                shutdown --help
                mv --help

https://www.youtube.com/channel/UCEQyPaq6677Nnc8qCuiNWEw

How to port forward without router access using ngrok

What is ngrok ?
 
We all know that ngrok is a free tools for sharing projects created in localhost online. Access to all functions of the program we have from the command line. ngrok exposes local networked services behinds NATs and firewalls to the public internet over a secure tunnel.

It is an application for securely tunneling our local port/services from a public url or we can say public network.

         

How it works ?

It connects to the ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process running on your machine and then on to the local address you specified.


Benefits of ngrok.

We don’t need to configure port forwarding on your routers or waste time setting up dynamic DNS solutions like No-IP.

we can tunnel almost every TCP connection.

We can protect the access by providing creds like password & share only with the desired person/client.


Ngrok does not log or store any data transmitted through our tunneled connections.


NOTE :  It actually generates a public url randomly and if we want to add custom url then we need to buy basic/pro version for custom domain  [Example https://m06a4y92.ngrok.io]


How NGROK plays a vital role in phishing ?

We all know that phishing is a method or way to steal credentials like usernames,passwords or credit/debit card details. By default ngrok securely tunnels our communication using TLS/SSL but beginners or we can say novice usually trust HTTPS more. Using ngrok see below that how we can abuse it or how hackers usually abuse it with social engineering skills. 

As you can see the above phishing page of Facebook, it’s using HTTPS. For a novice user, it’s a secure site, to them secure means legitimate site. The moment they input username & password it will be delivered to attackers machine in clear text.


How to install NGROK on your GNU/Linux distribution based on debian.

Go to the website : www.ngrok.com

Downlaod the zip folder and extract it on your system


Now go to the location of extracted file with the help of Terminal

Now to run ngrok type the following commands given below
  
./ngrok http 80

This command will start your session in ngrok and your local host is ready to communicate with outside or public network. After coming online in ngrok your system not only can communicate within your network but also outside the network that is public network.

Just copy the link from ngrok commandline interface and make it as your local host address for public networks.

 

 
Note : if you are using your mobile network to access internet and you don't have access to router for opening the ports then this tool is best replacement for the same.

Things to do after installing parrot security operating system.

-

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while surfing the net. It is designed for vulnerability assesment, penetration testing, anonmous web browsing. It is very popular with the ethical hacking community and it was initially released in 2013. It use MATE desktop enviromnet as default user interface.

Features of Parrot Security OS.

Secure :

Always updated, frequently released and fully sandboxed! Everything is under your complete control.

Free (as in freedom):

Feel free to get the system, share with anyone, read the source code and change it as you want!
this system is made to respect your freedom, and it ever will be.

Lightweight :

We care about resources consumption, and the system has proven to be extremely lightweight and run surprisingly fast even on very old hardware or with very limited resources.


In this tutorial, I will show top things to do after installing Parrot Security Operating System.


Update and Upgrade the system

You may have downloaded the older version of the operating system or tools got updated. It is vital to keep the system update for security. You can use the following guide to update the system.

Open the Terminal and enter the following command. It will download the package lists from various repositories and update them to get information on the newest versions of packages and their dependencies.

Syntax:

Sudo apt-get update 

Update installed software packages using the following command. -y argument is given so you don't have to manually enter it.

Syntax:

sudo apt-get dist-upgrade -y


The following command will remove obsolete packages.

Syntax:
 
sudo apt-get autoremove
 
Reboot the machine.

Note: Updating and Upgrading for the first time will take some time to fetch data.


Now its a time to install some tools which not come along with operating system.

Install leafpad

Leafpad is an open source text editor for linux with the focus of being a lightweight text editor with minimal dependencies, designed to be simple and easy to compile.

Syntax : 
sudo apt-get install leafpad


Install google-chrome
  
Parrot OS consists of a Firefox web browser with additional security add-ons. However, in some cases, it is good to have another web browser. You can download the .deb file from the Official Google Chrome Website. Type the following command to install the Chrome browser. Change the name of the file if it differs from the following example.

Syntax:

sudo apt-get dpkg -i  google-chrome-stable_current_amd64.deb


Install Angry ip scanner

You can download angry ip scanner from official site : https://angryip.org/download/#linux

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.  

Syntax: 

sudo apt-get dpkg-i ipscan_3.6.0_amd64.deb