Hack WhatsApp By Sending a Link

 INTRODUCTION

WhatsApp has become an important part of billions of people’s life. Many of us woke up or go to bed, by checking our WhatsApp messages. Some of us are always curious to know to check WhatsApp of our friends. Girlfriends want to check on boyfriends and boyfriends want to check on girlfriends. Today Ethical Hacking researcher from X University of Cyber Security will demonstrate on How to Hack WhatsApp of your Friend by sending a Single Link.


We will use a tool called Ohmyqr which is a social engineering tool. Using this OhMyQR Tool, we can hijack anyone’s WhatsApp account using the Malicious QR code. We will send Victim a URL using social engineering techniques and when the victim opens that URL he/she will receive a malicious WhatsApp malicious QR code on his/her machine. This QR code is a replica of what you normally see when you use WhatsApp web. On scanning QR code, hackers will be able to session hijack victims WhatsApp account.


ENVIRONMENT

O S: Kali Linux 2019.3 64 bit

Kernel-Version : 5.2.0

INSTALLATION STEPS

Use this command to clone the project.


git clone https://github.com/thelinuxchoice/ohmyqr

root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/ohmyqr


Use the cd command to enter into ohmyqr directory


root@kali:/home/iicybersecurity# cd ohmyqr/

root@kali:/home/iicybersecurity/ohmyqr#


When we tried to launch the tool, we got an error for not installing the required packages for the tool as shown below.

Use this command bash ohmyqr.sh.


OhMyQR – Scrot Missing Package


For this we used this command to install missing scrot package.

sudo apt-get install scrot


root@kali:/home/iicybersecurity/ohmyqr#  sudo apt-get install scrot


In the same way we got another error for missing package while launching the tool.


OhMyQR – xdotool Missing Package

For this we used this command to install xdotool package.
Code:
sudo apt-get install xdotool
root@kali:/home/iicybersecurity/ohmyqr# sudo apt-get install xdotool

Now, use the same command to launch the tool bash ohmyqr.sh


OhMyQR – Tool Launch

We successfully launched the tool.
Now, choose option 1 to launch the Ngrok server.
Select website to mirror or press enter for default WhatApp and it will starts PHP and Ngrok server and then it generates malicious Link (ngrok link).
Then press enters to start the Web WhatsApp on hackers machine.
It will launch web.whatsapp.com on FireFox browser in Full screen mode on Hacker machine.
Now send malicious Link (ngrok link) to the victim using social engineering techniques.
As shown below when the victim opens the malicious link in the browser, it will display the same WebWhatsApp QR code which is coming on hacker machine.
For more understanding, on the right is the Hacker screen and on the left is the Victim screen.

OhMyQR – Right is the Hacker screen and on the left is the Victim screen

When the victim scans the QR code, BOOM!
Hacker screen will get the web.whatsapp account of Victim. Now the victim whatsapp session is hijacked.
On the same Victim will also be able to view his/her WhatsApp, but victim will not be able to do anything on it (as it is only a screen shot of what hacker is viewing).

OhMyQR – Victm’s WhatsApp Account
Right is the Hacker screen and on the left is the Victim screen

In the above picture, we can see one is the Victim machine (on left) and the other one is the hacker’s machine (on right).
We successfully hacked the victim’s account.
Its very easy to hack account of victim using social engineering techniques, in the similar way researcher of International Institute of Cyber Security demonstrated other techniques to hack other things.
CONCLUSION
Now, we saw on how easy to view and access the victim’s WhatsApp using one malicious link. Most of the people imagine that we had logged in our WhatsApp web account but their WhatsApp account is been Hijacked. So it is always recommended to not click on any unknown link.

Enjoy freaks😎


Admin

No comments: