SlideShare a Scribd company logo

WhatsApp Chat Hacking/Stealing POC

E Hacking
E Hacking

Sir I want to hack whatsapp chat ? Please give me a tutorial link. This question made me to write this simple POC tutorial to hack/steal whatsapp chats http://www.ehacking.net/2014/09/poc-tutorial-of-stealing-whatsapp-chat.html

Internet
1 of 12
Download to read offline
Whatsapp ?your LAST SEEN wasn’t my fault.. || Sir I want to hack whatsapp chat ? Please give me a tutorial link :P This question made me to write this simple POC tutorial to hack/steal whatsapp chats from any android mobile (in intial level), so as we know whatsapp is one of the very famous chat messenger used in mobile this days, recently acquired by facebook if you don’t know then here is short information on whatsapp chat database mechanism,the WhatsApp chat database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card, as we know people use many apps, games so its very easy steal whatsapp chats database file from SD card using any android malware app/stealer app. now lets directly make a simple stealer to steal database, you can find whatsapp database in your SD card>Whatsapp>Database folder named as msgstore.db.crypt5 I tried to make this tutorial very noob friendly so things we need to make a stealer Andorid SDK Toolkit (Download here: https://developer.android.com/sdk/ ) A stealer CODE :P A PHP script to grab database and store on server (Basic Sample Source code Download here: https://www.mediafire.com/?0f9xnv27oan7qku) And of course brain I assume you know how to setup your android toolkit , so just open eclipse and now its time to import our android source code into eclipse for compiling it. Now just go to FILE MENU in eclipse and click on IMPORT button, and select Android > Existing Android Code Into Workspace.
Now Click on next and in root directory tab browse your android source code file folder which you have downloaded and click on finish. Now just go to Package Explorer in left side you expand your project tree , and double click on AndroidManifest.xml file, in this file we define permission for app , like network access permission , file or SD card access permission etc .
Now as you can see here we have basically taken 3 permissions READ_EXTERNAL_STORAGE ( to read SD card and steal database file from whatsapp>Database folder) INTERNET (will use internet to send file to server) GET_ACCOUNTS (will get google account name used by android phone) now just go to SRC in package explorer and you can see source code there which will be used to steal database now before compiling our app we need to upload our database grabber php script in server and use that php script path in our app .so just upload script in server save that as anyname.php ,for me my script url is http://whatsapp123q.byethost16.com/wp.php so now you replace your PHP script path with my path in android app like this , go to res>values>string.xml now click on ur1 string and change your script url , you can also change app_name string to spoof app name in installed apps ;)
Now again go to to file> export and export it as android application
Before compiling a app/apk we will need to make a keystore , so just make a new one select any location to store that key and ang give a name , also give any pass like , I given name wp stored key in desktop , and pass 123456789. Now in next tab give any alias name , pass any of your choice,validity should be 25, other details according to you.
Now in next tab select location to save apk file , and save as something.apk and click on finish. Now just use this apk file in any android mobile install it and open it , when GPRS(internet) mode is on it will start sending your whatsapp database file to your server ,it may take time depending on database file size and internet speed
Now lets check our server for whatsapp database file . Hola !! we got the crypt5 file with android account gmail id name
Now lets read some messages of our victim ;) before the 2.11. Version of WhatsApp hackers were able to decrypt the encrypted msgstore.db.crypt file without much effort thanks to a WhatsApp Forensic Toolkit known As WhatsApp Xtract Tool having a powerful python script that helps the security professionals to decrypt the encryption of crypt file and after the decryption presents a perfect forensic report through a beautiful HTML interface page with full conversation in it, but as WhatsApp hits version number 2.11 onwards this kit becomes useless as the encryption key used by WhatsApp was changed, according to officials from WhatsApp they are taking the conversation database security in a very serious manner , oh really ? they now changed database to msgstore.db.crypt5 from “msgstore.db.crypt” So here, go through this article http://www.securitybydefault.com/2014/03/descifrando-msgstoredbcrypt5- la-nueva.html this person made a python script to decrypt crypt5 database file you can get the script here , this is alternative of www.recovermessages.com I don’t suggest you to upload your database file in their database ;) So go through this manual method it will be fun too ;) https://github.com/aramosf/pwncrypt5/blob/master/pwncrypt5.py just download this script now open your linux or you can use this on window also but linux as always best ;) so now copy this script save it as anyname.py and also copy you whatsapp database msgstore.db.crypt5 file which you have stole from android mobile , and just rename that as “msgstore.db.crypt5” means remove google account name part from that file .
Now use following command to decrypt this file root@kali:- python yourfilename.py msgstore.db.crypt5 gmailaccountid of victim@gmail.com> msgstore.sdb like this. Now we will get msgstore.sdb file which is decrypted ;) lolz security lets read messages now To read messages or open this database file we will use Whatsapp_Xtract_V2.1 , this is python based tool , available in xda-developers forum (http://forum.xda-developers. com/showthread.php?t=1583021&page=91) you can download it , https://hotoloti.googlecode.com/files/Whatsapp_Xtract_V2.1_2012-05-10-2.zip now we will do some small changes in command of this too and this OLD not WORKING tool will work again for us ;)
so put your msgstore.sdb file in same Whatsapp_Xtract_V2.1 folder Now give this command root@kali:- python whatsapp_xtract.py msgstore.sdb –o whatsapp.html here –o is used to define output file name , so we will get all our chat logs in html file . Now after executing this our default browser will automatically open that output html file in some time .
now we can read all message chat logs of victim, also images and video sent/recieved by him/her The best thing of this is , it’s whatsapp Forensic ;) you can also get all DELETED message of victim, Facebook didn’t need to buy WhatsApp to read your chats You can bind and modify this app , with another apps , make It stealth and use for personal databackup :P, you want video tutorial , you can mail me also for any other queries.
Disclaimer :- This guide is for education purpose only. Do not hack others accounts, This is illegal and may put you behind jail and high penalty can be exposed. Learn Hacking For Good Purposes.all the tools used in paper is available in their respective owner website and permissible to use it for personal use, for commercial use grant permission from owner . Special Thanks : http://bas.bosschert.nl/steal-whatsapp-update/ & Google This Paper is Provided to you by Mohit Sahu (Monendra Sahu) Dedicated To My Mom,Dad / My Best Friend/My love About The Author Mohit Sahu is an IT-Security researcher presently working in the field of penetration testing and vulnerability assessments, he is currently holding the posi tion of Security Analyst in ERIS labs, India. As well as he work as corporate trainer/Penetration Tester ( freelance), He is Co-admin at Code104.net A Famous online Forum for Security Researchers, he is Admin at Facebook Group “Tip s & Tricks” (Over then 11,000 members) Established For Support People in technical Queries . Founder of NGO (Chhattisgarh InfoSec Society). A first NGO in chhattisgarh fighting for cyber crime , making people aware . He has Given Seminar/workshops on various Colleges , schools Cyber Cell(CG) He has trained more then 3000 Students. his field of intrest is Vulnerability Assessment, Penetration Testing , Security Audi ting/Training, web devlopment, server management,android exploitation He has been awarded with Hall of Fame & Rewards by Google , Microsoft , Ebay , Apple , Nokia , Paypal , AT&T, Yahoo and many more.. He has been awarded with Gold Medal from Honorable Governor of Chhattisgarh on behalf of NIT Raipur Contact me : monendra.nitrr@gmail.com Facebook: https://www.facebook.com/mohitsahu.in Twitter: https://twitter.com/mohitnitrr Website: www.erislabs.in

Recommended

Ifms government of maharashtra
Ifms government of maharashtraIfms government of maharashtra
Ifms government of maharashtrakaisermalek
 
Grievance redressal of Hubli railway station : A multistorey approach
Grievance redressal of Hubli railway station : A multistorey approach Grievance redressal of Hubli railway station : A multistorey approach
Grievance redressal of Hubli railway station : A multistorey approach Nishanth Patil
 
Jaipur metro rail project
Jaipur metro rail projectJaipur metro rail project
Jaipur metro rail projectDocumentStory
 
Proof of Transit: Securely Verifying a Path or Service Chain
Proof of Transit: Securely Verifying a Path or Service ChainProof of Transit: Securely Verifying a Path or Service Chain
Proof of Transit: Securely Verifying a Path or Service ChainFrank Brockners
 
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and AnswersNetworKingStudy
 
Hawa mahal
Hawa mahalHawa mahal
Hawa mahalAbhinav Yadav
 
MPLS & BASIC LDP
MPLS & BASIC LDPMPLS & BASIC LDP
MPLS & BASIC LDPReza Farahani
 
CCNP certificate 1
CCNP certificate 1CCNP certificate 1
CCNP certificate 1khaled Abdelhady
 

Recommended

Ifms government of maharashtra
Ifms government of maharashtraIfms government of maharashtra
Ifms government of maharashtrakaisermalek
 
Grievance redressal of Hubli railway station : A multistorey approach
Grievance redressal of Hubli railway station : A multistorey approach Grievance redressal of Hubli railway station : A multistorey approach
Grievance redressal of Hubli railway station : A multistorey approach Nishanth Patil
 
Jaipur metro rail project
Jaipur metro rail projectJaipur metro rail project
Jaipur metro rail projectDocumentStory
 
Proof of Transit: Securely Verifying a Path or Service Chain
Proof of Transit: Securely Verifying a Path or Service ChainProof of Transit: Securely Verifying a Path or Service Chain
Proof of Transit: Securely Verifying a Path or Service ChainFrank Brockners
 
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and AnswersNetworKingStudy
 
Hawa mahal
Hawa mahalHawa mahal
Hawa mahalAbhinav Yadav
 
MPLS & BASIC LDP
MPLS & BASIC LDPMPLS & BASIC LDP
MPLS & BASIC LDPReza Farahani
 
CCNP certificate 1
CCNP certificate 1CCNP certificate 1
CCNP certificate 1khaled Abdelhady
 
How Can I Hack Into My Boyfriends Whatsapp Conversation Messages
How Can I Hack Into My Boyfriends Whatsapp Conversation MessagesHow Can I Hack Into My Boyfriends Whatsapp Conversation Messages
How Can I Hack Into My Boyfriends Whatsapp Conversation MessagesBarbaraShetty
 
How to-catch-cheating-wife
How to-catch-cheating-wifeHow to-catch-cheating-wife
How to-catch-cheating-wifekihlstromlouise
 
Whats app Sniffer - How To Hack Whatsapp Messages
Whats app Sniffer - How To Hack Whatsapp Messages Whats app Sniffer - How To Hack Whatsapp Messages
Whats app Sniffer - How To Hack Whatsapp Messages besthacktoolz
 
whatsapp ppt
whatsapp pptwhatsapp ppt
whatsapp pptSwati Luthra
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
Hack your phone! / User freedom in a mobile-centric world
Hack your phone! / User freedom in a mobile-centric worldHack your phone! / User freedom in a mobile-centric world
Hack your phone! / User freedom in a mobile-centric worldTristan Nitot
 
Can i spy on my husbands phone
Can i spy on my husbands phoneCan i spy on my husbands phone
Can i spy on my husbands phoneChristianaTrivedi
 
pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issueshekar M
 
Introduction to Docker and Containers- Learning Simple
Introduction to Docker and Containers- Learning SimpleIntroduction to Docker and Containers- Learning Simple
Introduction to Docker and Containers- Learning SimpleSandeep Hijam
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Stay Anonymous app report
Stay Anonymous app reportStay Anonymous app report
Stay Anonymous app reportZx MYS
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Facebook Messenger Platform Framework
Facebook Messenger Platform FrameworkFacebook Messenger Platform Framework
Facebook Messenger Platform FrameworkRam Murat Sharma
 
Lann
LannLann
Lannnarf packo
 
Zip password cracker
Zip password crackerZip password cracker
Zip password crackerMoTechInc
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiSTO STRATEGY
 
Create Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierCreate Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierHimel Nag Rana
 
How to create a chat application on Android platform?
How to create a chat application on Android platform? How to create a chat application on Android platform?
How to create a chat application on Android platform? baabtra.com - No. 1 supplier of quality freshers
 
LVPHP.org
LVPHP.orgLVPHP.org
LVPHP.orgJoshua Copeland
 
Chatbot application
Chatbot applicationChatbot application
Chatbot applicationVenkat Projects
 

More Related Content

Viewers also liked

How Can I Hack Into My Boyfriends Whatsapp Conversation Messages
How Can I Hack Into My Boyfriends Whatsapp Conversation MessagesHow Can I Hack Into My Boyfriends Whatsapp Conversation Messages
How Can I Hack Into My Boyfriends Whatsapp Conversation MessagesBarbaraShetty
 
How to-catch-cheating-wife
How to-catch-cheating-wifeHow to-catch-cheating-wife
How to-catch-cheating-wifekihlstromlouise
 
Whats app Sniffer - How To Hack Whatsapp Messages
Whats app Sniffer - How To Hack Whatsapp Messages Whats app Sniffer - How To Hack Whatsapp Messages
Whats app Sniffer - How To Hack Whatsapp Messages besthacktoolz
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
Hack your phone! / User freedom in a mobile-centric world
Hack your phone! / User freedom in a mobile-centric worldHack your phone! / User freedom in a mobile-centric world
Hack your phone! / User freedom in a mobile-centric worldTristan Nitot
 
Can i spy on my husbands phone
Can i spy on my husbands phoneCan i spy on my husbands phone
Can i spy on my husbands phoneChristianaTrivedi
 

Viewers also liked (7)

How Can I Hack Into My Boyfriends Whatsapp Conversation Messages
How Can I Hack Into My Boyfriends Whatsapp Conversation MessagesHow Can I Hack Into My Boyfriends Whatsapp Conversation Messages
How Can I Hack Into My Boyfriends Whatsapp Conversation Messages
 
How to-catch-cheating-wife
How to-catch-cheating-wifeHow to-catch-cheating-wife
How to-catch-cheating-wife
 
Whats app Sniffer - How To Hack Whatsapp Messages
Whats app Sniffer - How To Hack Whatsapp Messages Whats app Sniffer - How To Hack Whatsapp Messages
Whats app Sniffer - How To Hack Whatsapp Messages
 
whatsapp ppt
whatsapp pptwhatsapp ppt
whatsapp ppt
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling
 
Hack your phone! / User freedom in a mobile-centric world
Hack your phone! / User freedom in a mobile-centric worldHack your phone! / User freedom in a mobile-centric world
Hack your phone! / User freedom in a mobile-centric world
 
Can i spy on my husbands phone
Can i spy on my husbands phoneCan i spy on my husbands phone
Can i spy on my husbands phone
 

Similar to WhatsApp Chat Hacking/Stealing POC

pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issueshekar M
 
Introduction to Docker and Containers- Learning Simple
Introduction to Docker and Containers- Learning SimpleIntroduction to Docker and Containers- Learning Simple
Introduction to Docker and Containers- Learning SimpleSandeep Hijam
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Stay Anonymous app report
Stay Anonymous app reportStay Anonymous app report
Stay Anonymous app reportZx MYS
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Facebook Messenger Platform Framework
Facebook Messenger Platform FrameworkFacebook Messenger Platform Framework
Facebook Messenger Platform FrameworkRam Murat Sharma
 
Zip password cracker
Zip password crackerZip password cracker
Zip password crackerMoTechInc
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiSTO STRATEGY
 
Create Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierCreate Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierHimel Nag Rana
 
Introjs10.5.17SD
Introjs10.5.17SDIntrojs10.5.17SD
Introjs10.5.17SDThinkful
 
OpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in PythonOpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in PythonCodeOps Technologies LLP
 
Information gathering
Information gatheringInformation gathering
Information gatheringMoTechInc
 

Similar to WhatsApp Chat Hacking/Stealing POC (20)

pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issue
 
Introduction to Docker and Containers- Learning Simple
Introduction to Docker and Containers- Learning SimpleIntroduction to Docker and Containers- Learning Simple
Introduction to Docker and Containers- Learning Simple
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
Password Attack
Password Attack Password Attack
Password Attack
 
Stay Anonymous app report
Stay Anonymous app reportStay Anonymous app report
Stay Anonymous app report
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Facebook Messenger Platform Framework
Facebook Messenger Platform FrameworkFacebook Messenger Platform Framework
Facebook Messenger Platform Framework
 
Lann
LannLann
Lann
 
Zip password cracker
Zip password crackerZip password cracker
Zip password cracker
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
Create Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierCreate Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien Potencier
 
How to create a chat application on Android platform?
How to create a chat application on Android platform? How to create a chat application on Android platform?
How to create a chat application on Android platform?
 
LVPHP.org
LVPHP.orgLVPHP.org
LVPHP.org
 
Chatbot application
Chatbot applicationChatbot application
Chatbot application
 
Hacking mail server
Hacking mail serverHacking mail server
Hacking mail server
 
Introjs10.5.17SD
Introjs10.5.17SDIntrojs10.5.17SD
Introjs10.5.17SD
 
OpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in PythonOpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in Python
 
Stagefright (1)
Stagefright (1)Stagefright (1)
Stagefright (1)
 
Information gathering
Information gatheringInformation gathering
Information gathering
 

More from E Hacking

CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyE Hacking
 
Threats against the next billion devices
Threats against the next billion devicesThreats against the next billion devices
Threats against the next billion devicesE Hacking
 
High Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilitiesHigh Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilitiesE Hacking
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
Exploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit SystemsExploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit SystemsE Hacking
 
Most Important steps to become a hacker
Most Important steps to become a hackerMost Important steps to become a hacker
Most Important steps to become a hackerE Hacking
 
Penetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the BattlefieldPenetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the BattlefieldE Hacking
 
Website fingerprinting on TOR
Website fingerprinting on TORWebsite fingerprinting on TOR
Website fingerprinting on TORE Hacking
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidE Hacking
 
Stalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon TalkStalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon TalkE Hacking
 
Hacking Wireless World, RFID hacking
Hacking Wireless World, RFID hackingHacking Wireless World, RFID hacking
Hacking Wireless World, RFID hackingE Hacking
 
Abusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get itAbusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get itE Hacking
 
Searching Shodan For Fun And Profit
Searching Shodan For Fun And ProfitSearching Shodan For Fun And Profit
Searching Shodan For Fun And ProfitE Hacking
 
The Machines that Betrayed their Masters
The Machines that Betrayed their MastersThe Machines that Betrayed their Masters
The Machines that Betrayed their MastersE Hacking
 
Detecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance SystemsDetecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance SystemsE Hacking
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouE Hacking
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at HomeE Hacking
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceE Hacking
 
LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperE Hacking
 
Reversing and Malware Analysis
Reversing and Malware Analysis Reversing and Malware Analysis
Reversing and Malware Analysis E Hacking
 

More from E Hacking (20)

CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH Academy
 
Threats against the next billion devices
Threats against the next billion devicesThreats against the next billion devices
Threats against the next billion devices
 
High Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilitiesHigh Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilities
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Exploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit SystemsExploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit Systems
 
Most Important steps to become a hacker
Most Important steps to become a hackerMost Important steps to become a hacker
Most Important steps to become a hacker
 
Penetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the BattlefieldPenetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the Battlefield
 
Website fingerprinting on TOR
Website fingerprinting on TORWebsite fingerprinting on TOR
Website fingerprinting on TOR
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in Android
 
Stalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon TalkStalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon Talk
 
Hacking Wireless World, RFID hacking
Hacking Wireless World, RFID hackingHacking Wireless World, RFID hacking
Hacking Wireless World, RFID hacking
 
Abusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get itAbusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get it
 
Searching Shodan For Fun And Profit
Searching Shodan For Fun And ProfitSearching Shodan For Fun And Profit
Searching Shodan For Fun And Profit
 
The Machines that Betrayed their Masters
The Machines that Betrayed their MastersThe Machines that Betrayed their Masters
The Machines that Betrayed their Masters
 
Detecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance SystemsDetecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance Systems
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at Home
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligence
 
LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections Paper
 
Reversing and Malware Analysis
Reversing and Malware Analysis Reversing and Malware Analysis
Reversing and Malware Analysis
 

Recently uploaded

Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 

Recently uploaded (20)

Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 

WhatsApp Chat Hacking/Stealing POC

  • 1. Whatsapp ?your LAST SEEN wasn’t my fault.. || Sir I want to hack whatsapp chat ? Please give me a tutorial link :P This question made me to write this simple POC tutorial to hack/steal whatsapp chats from any android mobile (in intial level), so as we know whatsapp is one of the very famous chat messenger used in mobile this days, recently acquired by facebook if you don’t know then here is short information on whatsapp chat database mechanism,the WhatsApp chat database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card, as we know people use many apps, games so its very easy steal whatsapp chats database file from SD card using any android malware app/stealer app. now lets directly make a simple stealer to steal database, you can find whatsapp database in your SD card>Whatsapp>Database folder named as msgstore.db.crypt5 I tried to make this tutorial very noob friendly so things we need to make a stealer Andorid SDK Toolkit (Download here: https://developer.android.com/sdk/ ) A stealer CODE :P A PHP script to grab database and store on server (Basic Sample Source code Download here: https://www.mediafire.com/?0f9xnv27oan7qku) And of course brain I assume you know how to setup your android toolkit , so just open eclipse and now its time to import our android source code into eclipse for compiling it. Now just go to FILE MENU in eclipse and click on IMPORT button, and select Android > Existing Android Code Into Workspace.
  • 2. Now Click on next and in root directory tab browse your android source code file folder which you have downloaded and click on finish. Now just go to Package Explorer in left side you expand your project tree , and double click on AndroidManifest.xml file, in this file we define permission for app , like network access permission , file or SD card access permission etc .
  • 3. Now as you can see here we have basically taken 3 permissions READ_EXTERNAL_STORAGE ( to read SD card and steal database file from whatsapp>Database folder) INTERNET (will use internet to send file to server) GET_ACCOUNTS (will get google account name used by android phone) now just go to SRC in package explorer and you can see source code there which will be used to steal database now before compiling our app we need to upload our database grabber php script in server and use that php script path in our app .so just upload script in server save that as anyname.php ,for me my script url is http://whatsapp123q.byethost16.com/wp.php so now you replace your PHP script path with my path in android app like this , go to res>values>string.xml now click on ur1 string and change your script url , you can also change app_name string to spoof app name in installed apps ;)
  • 4. Now again go to to file> export and export it as android application
  • 5. Before compiling a app/apk we will need to make a keystore , so just make a new one select any location to store that key and ang give a name , also give any pass like , I given name wp stored key in desktop , and pass 123456789. Now in next tab give any alias name , pass any of your choice,validity should be 25, other details according to you.
  • 6. Now in next tab select location to save apk file , and save as something.apk and click on finish. Now just use this apk file in any android mobile install it and open it , when GPRS(internet) mode is on it will start sending your whatsapp database file to your server ,it may take time depending on database file size and internet speed
  • 7. Now lets check our server for whatsapp database file . Hola !! we got the crypt5 file with android account gmail id name
  • 8. Now lets read some messages of our victim ;) before the 2.11. Version of WhatsApp hackers were able to decrypt the encrypted msgstore.db.crypt file without much effort thanks to a WhatsApp Forensic Toolkit known As WhatsApp Xtract Tool having a powerful python script that helps the security professionals to decrypt the encryption of crypt file and after the decryption presents a perfect forensic report through a beautiful HTML interface page with full conversation in it, but as WhatsApp hits version number 2.11 onwards this kit becomes useless as the encryption key used by WhatsApp was changed, according to officials from WhatsApp they are taking the conversation database security in a very serious manner , oh really ? they now changed database to msgstore.db.crypt5 from “msgstore.db.crypt” So here, go through this article http://www.securitybydefault.com/2014/03/descifrando-msgstoredbcrypt5- la-nueva.html this person made a python script to decrypt crypt5 database file you can get the script here , this is alternative of www.recovermessages.com I don’t suggest you to upload your database file in their database ;) So go through this manual method it will be fun too ;) https://github.com/aramosf/pwncrypt5/blob/master/pwncrypt5.py just download this script now open your linux or you can use this on window also but linux as always best ;) so now copy this script save it as anyname.py and also copy you whatsapp database msgstore.db.crypt5 file which you have stole from android mobile , and just rename that as “msgstore.db.crypt5” means remove google account name part from that file .
  • 9. Now use following command to decrypt this file root@kali:- python yourfilename.py msgstore.db.crypt5 gmailaccountid of victim@gmail.com> msgstore.sdb like this. Now we will get msgstore.sdb file which is decrypted ;) lolz security lets read messages now To read messages or open this database file we will use Whatsapp_Xtract_V2.1 , this is python based tool , available in xda-developers forum (http://forum.xda-developers. com/showthread.php?t=1583021&page=91) you can download it , https://hotoloti.googlecode.com/files/Whatsapp_Xtract_V2.1_2012-05-10-2.zip now we will do some small changes in command of this too and this OLD not WORKING tool will work again for us ;)
  • 10. so put your msgstore.sdb file in same Whatsapp_Xtract_V2.1 folder Now give this command root@kali:- python whatsapp_xtract.py msgstore.sdb –o whatsapp.html here –o is used to define output file name , so we will get all our chat logs in html file . Now after executing this our default browser will automatically open that output html file in some time .
  • 11. now we can read all message chat logs of victim, also images and video sent/recieved by him/her The best thing of this is , it’s whatsapp Forensic ;) you can also get all DELETED message of victim, Facebook didn’t need to buy WhatsApp to read your chats You can bind and modify this app , with another apps , make It stealth and use for personal databackup :P, you want video tutorial , you can mail me also for any other queries.
  • 12. Disclaimer :- This guide is for education purpose only. Do not hack others accounts, This is illegal and may put you behind jail and high penalty can be exposed. Learn Hacking For Good Purposes.all the tools used in paper is available in their respective owner website and permissible to use it for personal use, for commercial use grant permission from owner . Special Thanks : http://bas.bosschert.nl/steal-whatsapp-update/ & Google This Paper is Provided to you by Mohit Sahu (Monendra Sahu) Dedicated To My Mom,Dad / My Best Friend/My love About The Author Mohit Sahu is an IT-Security researcher presently working in the field of penetration testing and vulnerability assessments, he is currently holding the posi tion of Security Analyst in ERIS labs, India. As well as he work as corporate trainer/Penetration Tester ( freelance), He is Co-admin at Code104.net A Famous online Forum for Security Researchers, he is Admin at Facebook Group “Tip s & Tricks” (Over then 11,000 members) Established For Support People in technical Queries . Founder of NGO (Chhattisgarh InfoSec Society). A first NGO in chhattisgarh fighting for cyber crime , making people aware . He has Given Seminar/workshops on various Colleges , schools Cyber Cell(CG) He has trained more then 3000 Students. his field of intrest is Vulnerability Assessment, Penetration Testing , Security Audi ting/Training, web devlopment, server management,android exploitation He has been awarded with Hall of Fame & Rewards by Google , Microsoft , Ebay , Apple , Nokia , Paypal , AT&T, Yahoo and many more.. He has been awarded with Gold Medal from Honorable Governor of Chhattisgarh on behalf of NIT Raipur Contact me : monendra.nitrr@gmail.com Facebook: https://www.facebook.com/mohitsahu.in Twitter: https://twitter.com/mohitnitrr Website: www.erislabs.in