Hello, and welcome back my fellow hackers, How are you? So, pretty interesting title, huh! Hacking phone’s camera? Yes, Today we are going to hack into an android phone’s camera using a tool called Camphish.
What is Camphish?
Camphish is a tool that is used to take cam shots from a phone front camera or PC webcam.
Camphish hosts a fake website on the inbuilt PHP server and uses ngrok and serveo to generate a link that will then be forwarded to the target, which can be used over the internet.
It works in a way that the website asks for a camera permission and if the target allows it, this tool grabs the cam shots of the target’s device.
Now Let’s get started:
Go to this link and copy the URL.
Open up a terminal and type: apt-get -y install PHP OpenSSH git wget.
This is to install all the required packages.
Now Open up your terminal and type: git clone https://github.com/techchipnet/CamPhish
Now change get into the CamPhish Folder by typing: cd CamPhish
Here we see the bash script with an extension camphish.sh, but it is not in dark green in color, that means the script does not have executable permissions. Now let’s give it the permissions by typing: chmod +x camphish.sh
After that see the difference in color. Now you can use it by Typing: bash camphish.sh or ./camphish.sh.
Now the script has two port forwarding options, Port Fortwarding in laymen terms is used when we have to hack outside the network. In this case, we have two options- Ngrok and Serveo.net. Both create a tunnel and forward the ports for us. By default it has been set to Ngrok and we will be using the same.
Type: 1 (to use ngrok; you can also hit Enter)
Now we have to choose the template. There are two options, the festival wishing template or the Live Youtube TV.
In festival Template, it will ask for your name and then display a animation-sort of thing to wish you. You can also share it with your friends and family.
The Youtube TV template uses a Youtube Video watch Id and display the video inside it, once the user gives the permission, we are in control.
In this case, we will use, the festival wishing template by typing: 1. And The Festival I am using is Independence Day as it is the only festival, I remember, according to the recent time.
Now a Php server will start with ngrok. And you see a link. Now send the link to the victim.
I have sent the link to the victim, now as soon it opens it, it will ask you for your name. Let’s give it a name.
Now it will ask for camera permission, click allow.
There you are: We got the Ip address of the victim device and here we get some pictures.
To see the captured pictures. Go to Camphish folder where you have cloned in my case, it is in Desktop. Here you can see, you have pictures.
Bingo! We have just got the victim pictures, it can be great for spying on someone but I don’t promote such practices.
This type of attack works well if the person doesn’t have proper knowledge of permissions and how things work. This will be a great attack as there are sharing options in the template by which you can share it with your friends and family.
During the festival times, people usually share these types of greetings on WhatsApp and Facebook. Making the probability to hack many camera phones. If you think, the link looks suspicious, you can use link shorteners like bit.ly and more.
So, Today we know how to get access to the phone’s camera. To prevent this type of attack, don’t click on suspicious links and never give unnecessary permissions. That’s all for today, till then “Happy Hacking”.