INTRODUCTION

Sometimes we think, is it possible to get location of my friend’s or near ones? Today we will demonstrate step by step process on how we can grab the Geolocation of anybody using Windows 10. It can also be somebody who is trying to hack you or your victim or your friend. This all is done using Wi-Fi positioning system (WiPS/WFPS), which is a geolocation system that utilizes characteristics of nearby Wi-Fi & other access points to find where a particular device is located.

We will be using winlocation tool in a step by step manner, from installation to execution. Earlier researcher of International Institute of cyber Security, demonstrated on how an image or video can leak your location or GPS Coordinates.

ENVIRONMENT

  • OS: Kali Linux 2019.3 64 bit
  • Kernel-Version: 5.2.0
INSTALLATION STEPS

  • Use the cd command to enter into winlocation directory.
  • Use this command to install the dependencies bash install.sh
--------------------------------------------------------------------------------------------------------------------------------------------------


"Enroll Multiple Free & Low Cost Cyber Security Courses "

Click here to Enroll

----------------------------------------------------------------------------------------------------------------------------

  • Use this command to launch the tool, bash winlocation.sh

WinLocation – Malicious Link

  • When we launch the tool, the first option it ask, is to enter the payload name. We entered YouTube
  • In winlocation we have two reverse proxy options, Serveo.net and Ngrok. The aim of these server is to capture the data from your friends machine and send it to you (hacker’s machine).
  • Next, set the listener port or select the default port.
  • Now the tool generates a malicious link, sends this link to your friend.
  • If your friend opens the URL on his windows 10 machine, it will automatically downloads YouTube.exe file.

WinLocation – Payload

  • If the victim opens the YouTube.exe file. You/Hacker will get the Latitude and Longitude details.
  • In the same way, after opening the YouTube.exe file automatically l.PS1 and l.txt files will be downloaded.
  • As you can see that we got the Latitude and Longitude of our friend machine, on which URL/YouTube.exe is opened

WinLocation – Victim’s Loaction

  • After getting the Latitude and Longitude details in the tool console, we will also get Google Map URL or enter option Y to open google map directly to view the location.
  • Here, we got your friend location successfully.
  • Once we got the friends location details, every time he starts his Windows 10 machine, we will get the location details automatically.

CONCLUSION

We saw on how we get the your friend or victim’s location details by a single malicious link using reverse proxy servers. If you want to protect someone from viewing your location, you can turn off the location service in our windows 10 machine. Press Win+I >> Privacy >> Location >> Turn Off Location Service.