Password Phishing can result in massive decline of identification and user’s private particulars. This could consequence in monetary losses for consumers and can also reduce them from accessing their own accounts.
In this post, we will see how an attacker can take edge of manipulating the DNS history for Facebook, redirect site visitors to the phishing page, and get the account password.
Fb password phishing
Here, we will see how an attacker can choose edge of manipulating the DNS document for Fb, redirect targeted visitors to the phishing web site, and get the account password.
To start with, we require to established up a phishing web page.
You need not be an specialist in world wide web programming. You can effortlessly Google the techniques for preparing a phishing account.
- To produce a phishing website page, very first open your browser and navigate to the Fb login web site. Then, on the browser menu, click on File and then on Save site as…. Then, make sure that you opt for a entire web page from the drop-down menu.
- The output really should be an .html file.
- Now let’s extract some information below. Open the Phishing folder from the code information offered with this book. Rename the Fb HTML web page index.html.
- Inside this HTML, we have to modify the login variety. If you research for motion=, you will see it. Listed here, we modify the login type to redirect the ask for into a custom made PHP page referred to as login.php. Also, we have to adjust the request strategy to GET instead of Post.
- You will see that I have added a login.php web page in the exact same Phishing listing. If you open the file, you will discover the next script:
$worth) fwrite($cope with, $variable) fwrite($take care of, "=") fwrite($cope with, $benefit) fwrite($take care of, "rn") fwrite($deal with, "rn") fclose($take care of) exit ?>
As before long as our concentrate on clicks on the Log In button, we will ship the facts as a GET ask for to this login.php and we will shop the submitted info in our passwords.txt file then, we will near it.
- Up coming, we will create the passwords.txt file, where the target credentials will be stored.
- Now, we will duplicate all of these files into varwww and begin the Apache expert services.
- If we open up the index.html page regionally, we will see that this is the phishing site that the goal will see.
Let us recap definitely quickly what will take place when the focus on clicks on the Log In button? As soon as our target clicks on the Log In button, the target’s qualifications will be despatched as GET requests to login.php. Remember that this will happen because we have modified the action parameter to deliver the credentials to login.php. Soon after that, the login.php will at some point retailer the facts into the passwords.txt file.
Now, ahead of we start out the Apache providers, permit me make absolutely sure that we get an IP tackle.
- Enter the subsequent command:
You can see that we are managing on 10.10.10.100 and we will also commence the Apache services working with:
service apache2 start
- Let us confirm that we are listening on port 80, and the service that is listening is Apache:
netstat -antp | grep "80"
Now, let’s leap to the concentrate on facet for a next.
In our earlier area, we have applied google.jo in our script. Below, we have by now modified our previous script to redirect the Facebook visitors to our attacker equipment. So, all our goal has to do is double-simply click on the EXE file. Now, to validate:
- Enable us get started Wireshark and then start off the seize.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.facebook.com/:
At the time we do this, we’re taken to the phishing website page rather. In this article, you will see the vacation spot IP, which is the Kali IP tackle. So, on the goal aspect, once we are viewing or hitting https://www.facebook.com/, we are in essence viewing index.html, which is established up on the Kali machine. Once the victim clicks on the login web site, we will deliver the details as a GET ask for to login.php, and we will retailer it into passwords.txt, which is now vacant.
- Now, log into your Fb account utilizing your username and password. and jump on the Kali facet and see if we get everything on the passwords.txt file. You can see it is even now empty. This is because, by default, we have no permission to compose details. Now, to take care of this, we will give all information comprehensive privilege, that is, to study, produce, and execute:
chmod -R 777 /var/www/
Be aware that we produced this, because we are operating in a VirtualBox natural environment. If you have a world-wide-web server uncovered to the general public, it is lousy observe to give whole authorization to all of your documents due to privilege escalation assaults, as an attacker may upload a malicious file or manipulate the documents and then look through to the file location to execute a command on his possess.
- Now, immediately after providing the authorization, we will halt and commence the Apache server just in situation:
company apache2 quit provider apache2 begin
- Soon after performing this modification, go to the target equipment and attempt to log into Fb just one more time. Then, go to Kali and simply click on passwords.txt. You will see the submitted data from the focus on side, and we can see the username and the password.
In the stop, a good sign for a phishing activity is missing the https indicator.