18 February 2020

Hack Any Android Front Cam using a single link [over internet]

In many cases hackers commonly used rat for android phone hacking, most of you probably already know about the RAT or Remote Administrator tools. Some of you may not like the RAT idea because it needs very creative social engineering methods or skills to install it on the targeted device to control it remotely. Also, most of the RATs have a connection to the server expiration problem. So, in this post, we will be going to discuss how to hack any android smartphone camera using a single link.

Well, that's possible,  the victim just needs too open the link you've generated and it will give the control of the front camera on your hand.

Before knowing about the tool let us clear that the captured photos or video streams you will get may probably go to the owner of the tool too!. Beware of that. Don't try to harm your close one. Don't use it on someone to get his or her sensitive information. Privacy matters!

The name of the tool is SayCheese. As it gets the permission it needs, it will start doing its work. It comes with a pre-installed Ngrok port forwarding feature so that we can target the device remotely by sending an Http link. SayCheese provides an easy access HTML file which has some inbuilt javascript to capture the images using the front camera, after asking for the cam permissions. Ngrok provides a port forwarding facility to route your localhost on a publically accessible HTTP server. Will do some modifications live to make the say cheese more interactive and eye-catching to create a trust illusion.

Let's get into the tutorial.

Fire up your Kali Linux machine and download or clone Saycheese from Github. Then change to the directory where you've downloaded and expand it.
$ git clone https://github.com/thelinuxchoice/saycheese.git
$ cd saycheese
$ ls
Inside the folder, you will find a shell script with the name saycheese.sh, that's the script you need to run to launch the tool. Run it by the following command.
$ bash saycheese.sh
Then, it will give you two options to choose the service for port forwarding. Sometimes serveo.net doesn't work then you have to choose Ngrok (02). Also, choose the subdomain. You can also manually set a subdomain name. Now hit enter and the tool has been started. Then it will give you a link generated by the port forwarding service chosen by you  at the beginning.
Now, sent this malicious URL to your target by using any social engineering technique.

When the victim clicks the link, a pop up will appear asking for permission to use the camera. Here the advantage is, most people don't have the idea that a single link can hack their system. They only know about RATs. You just say to the victim something based on his needs or interest he likes or wants desperately. Just make him allow permission.
That is the only thing you need to do and the left will be done by SayCheese. You will receive the Cam files at a regular interval of time. It also depends on the speed of your internet. The photos will appear in the SayCheese' Folder.
There are a lot of different tools we can use to compromise devices but this tool is a little different from them. Every hacking method requires a little skill in social engineering. You can't completely depend on tools to do all of your work.

Video Tutorial

What's your opinion about Say cheese? lets us know in the comment box below. If you face any problem regarding the installation process of the tool, feel free to leave a comment.
Unknown said...

Amazing work. But Works if only opened In Browsers like Firefox

Unknown said...

It works only when device is connected to same network or else it wont work
it says link not found

Unknown said...

how do i edit the html

Unknown said...


Whatsapp Button works on Mobile Device only

Start typing and press Enter to search