Summary
This video demonstrates how to use the Stormbreaker tool to access a device's camera, microphone, and exact location. It covers installation on Kali Linux, including necessary dependencies and the use of ngrok to make the local server accessible globally. The tutorial shows how to generate phishing links that, when clicked, provide target device information, approximate location via IP, and with user permission, exact GPS coordinates, camera feed, or microphone access. The presenter highlights using a cloud server and domain name for a more convincing phishing approach.
Key Insights
Stormbreaker enables remote access to device sensors and location data.
The primary function of Stormbreaker is to exploit social engineering tactics by providing users with seemingly legitimate links. Once clicked, these links can grant the attacker access to sensitive device information, including real-time location, camera feed, and microphone input, provided the user grants the necessary permissions within their browser.
Ngrok is essential for exposing local services to the internet.
To make a tool like Stormbreaker, which runs on a local machine, accessible to targets on the internet, a tunneling service like ngrok is required. Ngrok creates a secure tunnel from a public endpoint to the local machine, allowing external access to the service running on a specific port (in this case, 2525 for Stormbreaker).
Social engineering is key to successful exploitation.
The effectiveness of Stormbreaker relies heavily on the user's ability to craft convincing social engineering lures. By using templates that mimic legitimate services (like finding people nearby or weather apps) and potentially hosting them on a custom domain for increased credibility, attackers can trick users into clicking malicious links and granting permissions.
Sections
Introduction and Sponsor Message
Video introduces accessing device camera, microphone, and location.
The presenter, Zade from Z Security, introduces the video's topic: demonstrating how to access the camera, microphone, and exact location of any internet-connected device using a specific tool.
Call to action for engagement and subscription.
A request is made for viewers to like, share, subscribe, and hit the notification bell to help grow the channel and stay updated on new uploads.
Sponsor: Le Node offers cloud services with free credits.
The video is sponsored by Le Node, a cloud company by Akamai, offering viewers 100 free credits to try their cloud infrastructure. This includes hosting machines, services, or even a Kali Linux instance, which can be used to run tools like the one demonstrated in the video.
Examples of Le Node usage: VPN hosting and GPU for password cracking.
The presenter mentions previously covering how to host a VPN service on Le Node and use their powerful GPUs for fast password cracking, with links available in the description.
Introducing Stormbreaker and Installation
Stormbreaker tool is introduced for easier device tracking.
The tool to be used is Stormbreaker, presented as a faster and easier alternative to manual methods, requiring no programming knowledge. It allows access to the target device's camera and microphone.
Cloning the Stormbreaker repository from GitHub.
The process begins by navigating to the tool's GitHub repository, copying the clone link, and then using `git clone` in the terminal to download the tool into the `/opt` directory.
Installing required Python packages: Python 3, requests, colorama, PSutil.
Before running the installation script, essential packages must be installed using the package manager. The command `apt update` updates package sources, followed by `apt install python3-requests python3-colorama python3-psutil` to install the necessary Python libraries.
Running the installation script for Stormbreaker.
After the dependencies are installed, the user navigates into the Stormbreaker directory and executes the installation script using `bash install.sh`. This script installs the remaining needed packages and configures the tool.
Launching Stormbreaker and obtaining the admin panel link.
The program is launched using `python3 st.py`. Upon successful execution, it provides a link to the admin panel and instructs the user to use ngrok on port 2525 to make this link accessible externally.
Setting up Ngrok for External Access
Downloading Ngrok for Linux.
To enable access to the Stormbreaker link from outside the local network, ngrok needs to be downloaded. The presenter provides a link and instructs viewers to download the Linux version.
Installing Ngrok using a tar command.
After downloading, the Ngrok archive is extracted and installed using a `tar` command, which places the ngrok executable in a system path (`/usr/local/bin`) where it can be run directly from the terminal.
Creating an ngrok account and authenticating.
Users must create an account on the ngrok website. After signing up or logging in, they need to copy and execute an authentication token command provided on the ngrok dashboard. This links their local machine to their ngrok account.
Running ngrok to expose Stormbreaker's local server.
The command `ngrok http 2525` is executed. This command tells ngrok to create a public URL that forwards traffic to the local Stormbreaker service running on port 2525.
Ngrok provides a public URL for the Stormbreaker admin panel.
Ngrok outputs a forwarding information section, including a public URL (e.g., `https://<random-subdomain>.ngrok.io`). This public URL replaces the local URL and is the one that should be shared or used to access the admin panel from anywhere.
Using Stormbreaker Admin Panel and Phishing Links
Accessing the admin panel with default credentials.
The ngrok public URL is used to access the Stormbreaker admin panel in a web browser. The default login credentials for the admin panel are username 'admin' and password 'admin'.
Understanding different types of phishing links.
The admin panel presents various links. Each link loads a different website template designed to trick the target. These templates include options for accessing cameras, microphones, general device information, a 'near you' service, and a weather widget.
The 'near you' template for location tracking.
One template mimics a service that finds people nearby. When a target accesses this link, it attempts to get their location. Even if denied, the IP address can provide an approximate location.
The weather widget for precise location tracking.
The weather widget template is highlighted as a favorite. It prompts the user to allow location changes for accurate weather readings, which, upon permission, reveals the target's exact GPS coordinates.
Camera template for accessing the device's camera.
A camera template link, when accessed by the target and granted camera permissions, continuously takes pictures and saves them to the attacker's system, allowing visual surveillance.
Microphone template for accessing the device's microphone.
Similarly, a microphone template link allows the attacker to access the target's microphone if the user grants the necessary browser permissions.
Improving credibility with custom domains.
The presenter suggests that suspicious links can be made more convincing by hosting the tool on a cloud server and linking it to a legitimate-sounding domain name (e.g., 'people near me.com') instead of using the ngrok URL.
Demonstration of Exploits
Demonstrating the 'near you' service on a computer.
The 'near you' link is accessed on a computer. The fake service displays an appealing interface. If the user clicks 'Continue', the browser requests location permission. Regardless of permission, the attacker gets the IP, OS, and browser details.
Obtaining exact location after user permission.
If the target allows location access for the 'near you' service, a Google Maps link appears on the attacker's control panel, showing the precise real-time location of the target.
Demonstrating the weather widget on a mobile phone.
The weather template link is loaded on a mobile phone. Similar to the computer demo, the IP address provides an approximate location. If the user allows location access for accurate weather,
Exact location revealed via weather widget on mobile.
allowing location access provides a Google Maps link on the attacker's panel, revealing the exact GPS coordinates of the mobile device.
Demonstrating camera access.
The camera template link is opened. After user permission, the device's camera starts taking periodic snapshots, which are saved and accessible to the attacker. The presenter notes positioning might require adjustment.
Summary of capabilities: location, camera, microphone.
The video concludes by reiterating that the Stormbreaker tool can be used to gain access to a target's exact location, camera feed, and microphone input.
Ask a Question
*Uses 1 Wisdom coin from your coin balance