How Hackers Control Front Camera of Mobile and PC: CamPhish

Posted: June 24, 2020 in Linux, Networking, Tech hacks

79130281-561ca000-7dc4-11ea-82f7-a25670476083

CamPhish is a camera phishing toolkit inspired from saycheese, it is an upgraded version of saycheese. We can get camera clicks from the victim’s mobile’s front cam or PC’s webcam. We can use this on our Kali Linux and we also can use it on our Android mobile phone using Termux.

CamPhish has two automatic generated webpage templates for the engaging target on that webpage so the attacker can get more camera snaps.

CamPhish needs some tools installed in our system, the tools are PHP OpenSSH git wget. All these tools come pre-installed with our Kali Linux system, so we start the installation process by entering the following command:

git clone https://github.com/techchipnet/CamPhish

It will be cloned on our current working directory, as we can see the process in the following screenshot:

camphish cloning from github

Then we need to to the CamPhish directory by using the following command:

cd CamPhish

Then we give them permission to the shell script by running the following command:

sudo chmod +x camphish.sh

After this we can run the tool by applying the following command:

./camphish.sh

Then it will open it’s the menu as we can see in the following screenshot:

camphish

Here we need to select the port forwarding option we can choose between ngrok and Serveo.net as we know serveo server goes down sometimes so we choose ngrok.

Then it will prompt for choosing phishing template as we can see in the following screenshot:

chooseing phishing templet

Here we got two options, option 1 is a festival wishing and other is YouTube. We can choose whatever depending on our social engineering. For example we choose option 2 for YouTube.

youtube watch id

Here the YouTube watch ID means then end id of a YouTube video URL. The screenshot is following:

what is youtube whatch id
YouTube watch Id is the highlighted text

We copy a YouTube video’s watch ID as per our target’s interest and paste it on CamPhish.

If ngrok is not installed in our system then this tool now downloads and install ngrok in our system. Then it will configure the server and automatically give us a link. This is the link as we can see in the following screenshot.

ngrok link

Here we can see that we got the ngrok link (can be opened from anywhere via the internet) and now we can send this to the victim with some social engineering twists. Sending phishing links to target is an art.

Now, whenever target clicks on the link it will open YouTube video in the target’s browser and prompt for camera permission. Peoples usually don’t read about the permissions and clicked “OK”. BINGO! We got connected and we can get snaps from victim’s webcam/Front cam.

Here we can see that target got connected with our CamPhish server and we are getting camera shots. Those received images files will be saved in CamPhish directory. That is how we can take control of front cameras.

This tutorial is only for educational purpose and Proof of Concept only. Hack Webcam and Phishing is a crime. If anyone does any illegal activity then we are not responsible for that.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.