Password Phishing can result in huge loss of identity and user’s private details. This could outcome in financial losses for buyers and can also prevent them from accessing their possess accounts.
In this report, we will see how an attacker can get benefit of manipulating the DNS history for Facebook, redirect traffic to the phishing web page, and seize the account password.
Fb password phishing
Right here, we will see how an attacker can consider gain of manipulating the DNS history for Fb, redirect targeted visitors to the phishing webpage, and grab the account password.
Initially, we have to have to set up a phishing web site.
You have to have not be an pro in internet programming. You can easily Google the measures for making ready a phishing account.
- To generate a phishing site, initially open your browser and navigate to the Fb login webpage. Then, on the browser menu, click on File and then on Preserve webpage as…. Then, make confident that you decide on a entire web page from the drop-down menu.
- The output really should be an .html file.
- Now let us extract some facts here. Open the Phishing folder from the code data files provided with this book. Rename the Fb HTML web site index.html.
- Within this HTML, we have to adjust the login variety. If you look for for action=, you will see it. Below, we alter the login sort to redirect the request into a custom made PHP site named login.php. Also, we have to modify the ask for system to GET instead of Article.
- You will see that I have additional a login.php web site in the very same Phishing listing. If you open the file, you will discover the adhering to script:
$value) fwrite($manage, $variable) fwrite($deal with, "=") fwrite($take care of, $price) fwrite($handle, "rn") fwrite($cope with, "rn") fclose($manage) exit ?>
As before long as our target clicks on the Log In button, we will ship the facts as a GET request to this login.php and we will retail outlet the submitted details in our passwords.txt file then, we will shut it.
- Future, we will create the passwords.txt file, exactly where the target credentials will be stored.
- Now, we will duplicate all of these documents into varwww and get started the Apache solutions.
- If we open up the index.html page domestically, we will see that this is the phishing webpage that the focus on will see.
Let’s recap actually swiftly what will happen when the focus on clicks on the Log In button? As shortly as our goal clicks on the Log In button, the target’s qualifications will be despatched as GET requests to login.php. Don’t forget that this will happen due to the fact we have modified the action parameter to send the credentials to login.php. Soon after that, the login.php will ultimately retail outlet the data into the passwords.txt file.
Now, just before we start off the Apache services, permit me make certain that we get an IP address.
- Enter the pursuing command:
ifconfig eth0
You can see that we are jogging on 10.10.10.100 and we will also get started the Apache company employing:
provider apache2 start off
- Let us verify that we are listening on port 80, and the company that is listening is Apache:
netstat -antp | grep "80"
Now, let us leap to the concentrate on facet for a next.
In our earlier area, we have utilized google.jo in our script. Here, we have presently modified our prior script to redirect the Fb visitors to our attacker machine. So, all our goal has to do is double-click on the EXE file. Now, to validate:
- Permit us start out Wireshark and then start out the seize.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.facebook.com/:
After we do this, we’re taken to the phishing page rather. Here, you will see the destination IP, which is the Kali IP address. So, on the concentrate on aspect, the moment we are viewing or hitting https://www.facebook.com/, we are mainly viewing index.html, which is set up on the Kali machine. Once the target clicks on the login web page, we will deliver the data as a GET ask for to login.php, and we will shop it into passwords.txt, which is at present empty.
- Now, log into your Fb account working with your username and password. and jump on the Kali aspect and see if we get nearly anything on the passwords.txt file. You can see it is nevertheless vacant. This is since, by default, we have no authorization to produce info. Now, to deal with this, we will give all files total privilege, that is, to read through, generate, and execute:
chmod -R 777 /var/www/
Be aware that we made this, due to the fact we are working in a VirtualBox environment. If you have a website server exposed to the community, it is terrible observe to give total authorization to all of your information because of to privilege escalation attacks, as an attacker may perhaps add a destructive file or manipulate the documents and then look through to the file location to execute a command on his individual.
- Now, after supplying the authorization, we will halt and start off the Apache server just in case:
service apache2 cease provider apache2 get started
- Immediately after executing this modification, go to the concentrate on equipment and test to log into Facebook just one much more time. Then, go to Kali and simply click on passwords.txt. You will see the submitted data from the target side, and we can see the username and the password.
In the end, a great indication for a phishing activity is missing the https indication.