Skip to main content

Install Spy Software with a Payload Website

redpill Hacker 3.5 is now available. The most significant enhancement is a new powerful tool in the redpill Hacker arsenal (existing hacking tools where also updated and improved).

redpill recently added the 'Password Phishing Website' tool. The very high success rate of this tool convinced redpill to develop a new tool that combine the website creating ability of redpill Hacker with its payloads.

Social Engineering Payload Website

The difference between the Password Phishing Website Tool and the Payload Website Tool is that the password site can only capture a username and password while the payload website will install spy software to monitor the computer.

With the Payload Website you bypass any email problems as no attachments are emailed. You also don't email a link to a payload (install module). Emailing a link is one of the best delivery methods but it still has two problems:

  1. Most computer users know not to click on a link in an email. They where told to go to the website directly and download from there.
  2. Emailing a direct link to your payload can still cause unwanted exposure (Anti-Virus Scans) to your payload. The more your payload is scanned, the more you increase the risk of it becoming known as malware. 

The new tool takes care of these problems and will have a much higher success rate. Lets look at an example of how the Payload Website Tool works:

Step 1 – Choose or Create a Template

We will choose one of the templates that comes with redpill Hacker 3.5 – ZIP4WIN. You can make a few changes to the template or create your own if you want.

Click on the images to enlarge them.

Step 2 – Create the Payload 


We select the template we have chosen. This will populate most of the fields for us. For a Payload Website option you must select 'Program File' as attachment type (remember it will not be emailed).

Step 3 – Create the Website


Select the new 'Social Engineering Website With Paylaod' option in the Social Engineering Toolkit.



You simply enter a description and features that fits in with your con (the social engineering template that you chose) and you click on Create. I don't have a video yet of how this works, but to see how quickly and easily redpill Hacker creates a website see the 'phishing website video'.

Setp 4 – Attack


Go to the new Payload Website Attack option and select your list of targets. They will not get a link to a payload but will simply be told about the new great app with a link to the website.



This new tool allows you to create any 'super application' and website that goes with it in a couple of minutes.

The website will look legit to the target and he will expect the UAC Warning message from Windows as he is installing this great application!

The payload will install the spy program that will return the public IP address of the target, all keys that are typed (key logger) and will take screenshots at the interval you specified.

For more information about redpill Hacker visit http://www.redpill.co.za


Comments

Popular posts from this blog

How to remotely install spy software

---------------------------------------------------------------------------------------------- Update (2015/07/07):  redpill now has a new and better product for installing spy software remotely: redpill Hacker
You can also have a look at newer articles with better tools at:
http://spysoftware.redpill.co.za -----------------------------------------------------------------------------------------------
In a previous article we discussed how to get usernames and passwords from other users on a computer you have access to. We will now look at how to install spy software on a computer you do not have access to … even if the computer is on the other side of the world.

Step 1: Get quality Spy Software

You will need quality spy software that can be remotely installed and is not easily detected and removed by anti-virus. There are a couple of key loggers that can be installed remotely, but very few that can secretly be remotely installed.

redpill Detective has been designed to be covertly installed…

Sending a spy program with gmail

To install a spy program remotely you need to email the target an install module. Spy software like redpill Agent and redpill Detective allows you to hide the install module within a 'cover application' . When emailing the target the install module, you will need either zip the file, embed it into wordpad or send it as a link as most email service providers doesn't allow you to add executables (exe's) as attachments.

To see how to send the spy program as a link see 'Installing spy software with a link'.
To see how to embed the spy program in wordpad, see  'How to remotely install spy software'.

Using a zipped file for the attachment can be a problem when either you or your target is using gmail as gmail will block attachments that contain executables even when they are zipped.

There is however a simple solution to the problem:

Add a password to your zip file

In winrar and winzip you can choose to add a password to your zip/rar file. When you add a passwo…

How to get a username and password

---------------------------------------------------------------------------------------------- Update (2015/07/07):  redpill now has a new and better product available: redpill Hacker

You can also see more up to date articles at:
http://spysoftware.redpill.co.za
-----------------------------------------------------------------------------------------------
This article will explain how to get a username and password for an email account like gmail or yahoo or a social network account like facebook.

In this article we will focus on getting a username and password of another user (the target) on a computer that you have access to. In a following article we will explain how to get a username and password from someone that works on a computer that you do not have access to that might be in another part of the world.

Step 1: Install a key logger

You will need to download and install a key logger that is not easily detected by anti-virus software and that is completely hidden and discreet
redpil…