Welcome to HackeRoyale.

How to Hack Using Umbrella Dropper!? A Phishing Tool

Hello, hackers, Today we are going to know about Umbrella Dropper, which is dedicated to most pen-testing, it downloads files on the target system and executes them without a double execution of .exe, only of embed.

I know most of you might want to hack victims only by sending a real file, which when opened open ups a malicious link which automatically downloads the payload from a remote server and executed it without the need of double execution of .exe file which has been downloaded. even you can hack a victim by simply embedding a malicious backdoor as a zip file with the image and sending it to the victim to read on it follow the article on How To Hack Any Windows 7/8/10 Remotely Using An Image

Well, there are a lot of tools for that and thanks to Github to be an open source for developers and testers for sharing source code and files. Git Hub has been the heaven for penetration testers and n00bies for getting cool and perilous stuff to generate a various payload, scanners and injectors,etc….

Features

  • Download executable on the target system.
  • Silent execution.
  • Download and execute executable once time.
  • If the exe already had downloaded and running, open only pdf/docx/xxls/jpg/png.
  • Some Phishing methods are included.
  • Multiple Session disabled.
  • Bypass UAC.

Needed dependencies

  • apt
  • wine
  • wget
  • Linux
  • sudo access
  • python2.7
  • python 2.7 on Wine Machine

Installation of Umbrella:

  • first, we need to clone[download] the GitHub repository by the command “git clone https://github.com/4w4k3/Umbrella.git
  • Now change your directory to the downloaded folder “cd Umbrella
  • Obtain the permission for the installer file using the command “chmod +x install.sh
  • Run the installer using “./install.sh”. this will attempt to install all the requires dependencies needed for the program to run and update your system

umbrella dropper files

  • To run the script we use “Python.py”, since the script is a python script we first notify terminal that we are running a python script using the term python, we can also run using “./” which means executable file for Linux operating system

umbrella dropper python installation

  • During the installation you will be prompted with wine installation pop-up, we just need to specify Windows 7 or XP which will attempt to install windows .net framework to create an executable file. Next, it will ask you to install Python choose repair option to make necessary changes to the python libraries.

umbrella dropper error

Note: If you face any problems with installation or any error in Python the simply type in “python -m pip install –upgrade pip” this will attempt to upgrade all the python modules and debugs the installation automatically.

Using Umbrella Dropper:

After the installation you will be greeted with the umbrella interface where you will have four options saying:

umbrella dropper interface

  1. [D] GEN DROPPER
  2. [H] HELP
  3. [U] UPDATE
  4. [E] EXIT

umbrella dropper payload options

To generate payload type in D

This time you need to specify the file type you wish to use for the exploit. Next, you need to specify the URL for the .exe file.

Suppose you are running Apache locally then place the malicious payload [say payload.exe] generated from various payload generating tools in your ‘/var/www/html/” directory and the URL would be your local “IPaddress/payload.exe”.To know your local ip type in “ifconfig” in can terminal. If you are conducting a hack on the WAN then you need to upload the malicious file to any open web server accessible through the world wide web publically. but for this tutorial am using my local web server as shown in the screenshot:

umbrella dropper payload URL

When it asks for the URL then enter the URL for the payload on the server, but remember to check if the victim can access it or not. if the victim cant then its complete waste of time. Now it will ask to enter the image URL as a transporter as seen below I have given the URL in the screenshot:

umbrella dropper transport URL

This will produce a file in the “dist/” directory of the umbrella folder. send this to the victim when he opens the image the payload gets automatically executed. But if you think as a hacker, we can take advantage of the feature as When the victim opens the files the web browser opens the embedded link and since our link contains a payload it will be downloaded and automatically executed without the double execution of the payload and we will get a meterpreter session in our terminal. If we can select a favourite image regarding the victim likes by social engineering him as if, an example of a hacker, we can embed a payload to an image which can be selected to be kept as a background image and upload it to a file sharing server we can also create an album regarding the selection of the background image and infect all the image of the album and send the link to the victim to take a look on the album and if the victim suppose to like an image and download’s it then our job is done. now umbrella will do its magic and present us with a meterpreter shell.

But as mentioned to be a hacker you need not hack rather than thinking like a hacker, finally it’s all up to you to develop ideas regarding techniques of hacking a victim. If you like this article kindly rate it above and share it. If you have any queries then comment below to let us know how, to know how to hack Kali Linux then read the article on How To Hack The Hacker’s OS Kali Linux. Thank you.

Tags:
Android anonymity bug cmd commands dark web ddos deep web DNS encryption facebook fbhacks footprinting ftp Hack hacker Hacking info gathering kalilinux keyloggers links malware metasploit password payload phishing proxy root safety sniffing Social Engineering sql tools tor tutorials vpn vulnerability web-hacking wifi-hacking windows wireless hacking wireshark xposed xposed framework xposed modules

SIGN UP FOR OUR MAILING LIST!

Facebook
Twitter
LinkedIn
featured posts
PUBG Mobile Hack, aimbot, wallhack and other cheat codes [2018]

PUBG MOBILE Hack, Aimbot, Wallhack and other cheat codes (2022)

How To Hack Instagram Account Password Account

How Your Instagram Account Password Can Be Hacked - [The Ultimate Guide 2022]

hack facebook account password online

Top 5 Ways Your Facebook Account Password Can Be Hacked Online : 2022

Shadowave apk - hack fb id by sending link

Shadowave : Your Facebook ID Can Be Hacked By Sending Link

Deep Web Links

Deep Web Onion Links Grand List 2019 [8000+ Uncategorized Links]

Termux Hacks Guide [2018] : Tutorial, Commands List, Tools, Apk, Uses, Packages

Termux Hacks Guide [2022] : Tutorial, Commands List, Tools, Apk, Uses, Packages

free netflix accounts passwords hacks

How Hackers Get Netflix for Free – Netflix Account & Password Hacks [2022]

hack facebook account password using phishing

How Anomor Can Be Used To Hack Your Facebook Account – Tutorial [Part 1]

How To Hack Any Facebook Account Using Kali Linux: Tutorial

How Facebook Can Be Hacked Using Kali Linux Brute Force – Working Method [2019]

How To Hack WiFi Password On Android with/Without Root? : 2018

How Your WiFi Password Can Be Hacked On Android with/Without Root? : 2022

Your Website Can Be Hacked Using Android Without Root (SQLMAP Tutorial & Installation)

How To Hack Twitter Account Password Without Them Knowing [Tutorial 2018]

How Twitter Account Owners’ Passwords Get Hacked Without Them Knowing [Tutorial 2019]

categories

ABOUT US

HackeRoyale is a web site by and for hackers and security leaders devoted to making the Internet a safer place. Complete with text, graphic, and video content, our goal is to inform, advise, and exploit for the aforementioned purposes.

CONTACT US

© Copyright 2022 | HackeRoyale | HackeRoyale.com | All Rights Reserved

SUBSCRIBE FOR UPDATES

Get weekly updates by subscribing to our newsletter.