**This is a very common question; some know the answer, some don't, and some exploit it for personal gain (deceiving people). Look, my friend, the issue of hacking a device via its IP address—and by that I mean all devices, whether Android, Windows, or otherwise—is possible, but under certain conditions and with specific tools.
First, we need to understand that there are internal and external IP addresses.
- Internal IP: This is the one you get from the router, either randomly or permanently. This is common for most people. Is it possible to hack a device via its IP address? I say yes, it's possible in three ways: 1- Finding a vulnerability in the victim's browser (always get the latest version and look for vulnerabilities in it; this doesn't require the user to download anything). Or, downloading a known, infected version of a specific browser for the user (this requires the user to download it). Here, you need to know programming, specifically JavaScript, because this language interacts with the browser directly. If you notice, most tools for IP address retrieval, camera capture, and other functions are written in JavaScript. The important thing is that you need to write code. You exploit the vulnerability you found in the browser, or you write the exploit you gave to the person who downloaded the program. If you ask me how I'll reach the user, I'd say you can use a man-in-the-middle attack using tools like xsploit and bettercap, redirecting the user to a link you have that contains the file. Of course, you also need to know HTML, which is easy, but it's not considered a programming language.
2- Also via the browser, but this requires decompiling the browser application, understanding its features, and knowing in detail what you'll do. You also need to know JavaScript. So, what do you do here? Most people (the majority) give their browser permissions to access files and some things. Your job here is to exploit these permissions that were already given to the browser to access files. #And if you say this is impossible, I'd like to tell you it's not. (A few days ago, a scandal broke about a company that added an extension to Chrome without requesting permissions, which was taking screenshots of users' personal information.)
3 - Through an open service on the device such as FTP, SSH, SMTP. This is common (for Windows, Mac, Linux). These services have a vulnerable version, unlike Android. This is something that exists, but it doesn't appear as an open port on the internal network unless the device is running in service mode for a specific service. Therefore, you can easily exploit it here. (#Note: Some vulnerabilities do exist, but you can't exploit them because there is protection from the firewall or a trap called a honeypot. So be aware of this issue.) Or it's considered a fake sub-service. - External IP: This is what you get from your service provider, the company that provides your internet service, such as (Zain, Vodafone, WE, and any company that provides internet in general). This is common and well-known and is also called a public IP. But is it possible to exploit the device through this? Yes, it is possible, but under certain conditions: 1- The external IP must be static, not changing. 2- The IP must have an open port of 80 or A port that allows access to the router login page or directly to the device. 3- There should be no blocking on specific IPs if a firewall is in place or the DMZ option is enabled. //////// :
1- If it has an open service + a specific port > but when it's opened, it connects to the router and not the device (this is common and usually the case). Now you might ask, how do I reach the device when it's connecting me to the router because that's an internal IP and I'm in a different country, for example, or something like that? How will I connect in the first place? Before I talk about this, I want to point out something specific, which is (the issue of username and password, which will be your gateway. This is something you need to know. I don't know about this point; it's up to you if you want to guess or find a loophole, or try some method. Some modern routers or modems, in other words, only require a password, like TP-Link routers. I remember that name; it's important). As for the issue of how you will reach the device or connected devices after bypassing this, look, my friend...
Pay attention And here's a very important point: you know (you know that sometimes people from towers or telecommunications companies can access your tower or router from anywhere in the world; this applies here as well. They'll use an application called OpenVPN to reach you, so you need to configure it to connect to your router so you can access the devices on it, understand?). The same applies to BackBounty and lab owners (like sites like Hack the Box or Try Hack Me, which require a connection through a specific program to access the lab instead of using a browser and opening the entire system). After that, you can scan the devices there as if you were on the network.
2- If the open port is direct, it will take you to a device, but this won't open port 80 for you; instead, it will open other services, but it won't have a direct server.**
Top comments (0)