Introduction
Most of us are always curious to know what other think about us or talks about us. There are many ways of spying other person audio conversation, today we will talk about Sayhello tool. Using this we can also record the victim’s voice by executing a single malicious link on the victim’s machine or mobile. Earlier with the help from researchers from International Institute of Cyber Security we demonstrated on how we can track location, take pictures of victim by sending a single link.
Sayhello can work in recursive process, like it keeps on recording the victim’s voice and sends back to hacker’s machine for every 10 seconds using port forwarding techniques. All the audio files saved in this extension .wav. We can send this link to any android phone.
Environment
- Os: Kali Linux 2019.3 64 bit
- Kernel-Version: 5.2.0
Installation steps
- Use this to clone the project.
- git clone https://github.com/thelinuxchoice/sayhello
root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/sayhello Cloning into 'sayhello'... remote: Enumerating objects: 21, done. remote: Counting objects: 100% (21/21), done. remote: Compressing objects: 100% (19/19), done. remote: Total 21 (delta 5), reused 0 (delta 0), pack-reused 0 Receiving objects: 100% (21/21), 8.98 KiB | 656.00 KiB/s, done. Resolving deltas: 100% (5/5), done.
- Use the cd command to enter sayhello directory.
root@kali:/home/iicybersecurity# cd sayhello/ root@kali:/home/iicybersecurity/sayhello#
- Now, use this command to launch the tool.
- bash sayhello.sh
- Successfully we launched the tool.
- Here, we have to select port forwarding techniques Serveo.net or Ngrok.
- Choose the required option.
- Here, we selected Ngrok server.
Ngrok server is a traffic collector tool. It’s like a reverse proxy. We can use this tool for communication of localhost and the public internet. Hackers use the Ngrok server for capturing the victim’s details.
- We can set website redirect or leave that default.
- This tool will starts downloading the Ngrok server and starts both Ngrok and PHP server.
- It will displays a malicious link.
- Now, send this malicious link to the victim using social engineering techniques.
- If victims open the malicious link in his browser, the victim gets a pop up “permission to access microphone”. If the victim clicks on yes.
- It identifies IP address and records the victim’s voice using the microphone and sends back to the hacker every 10 seconds.
- Successfully we got the victim’s audio files.
Conclusion
We saw on how somebody can Spy your Friend’s Mobile conversation by sending a link using Sayhello tool. It is always recommended, to not open any link unless you are sure about that link. Always check the green padlock on the browser while opening any website.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.