Password Phishing can result in massive loss of identity and user’s private details. This could outcome in money losses for people and can also stop them from accessing their personal accounts.
In this article, we will see how an attacker can take edge of manipulating the DNS record for Fb, redirect website traffic to the phishing web page, and get the account password.
Fb password phishing
Here, we will see how an attacker can consider benefit of manipulating the DNS document for Facebook, redirect targeted visitors to the phishing web site, and seize the account password.
Initial, we have to have to established up a phishing web page.
You want not be an qualified in website programming. You can conveniently Google the actions for making ready a phishing account.
- To create a phishing web site, to start with open up your browser and navigate to the Fb login web page. Then, on the browser menu, click on File and then on Save site as…. Then, make certain that you decide on a total site from the fall-down menu.
- The output must be an .html file.
- Now let’s extract some details in this article. Open the Phishing folder from the code files provided with this reserve. Rename the Fb HTML webpage index.html.
- Within this HTML, we have to adjust the login type. If you search for action=, you will see it. Below, we improve the login sort to redirect the request into a customized PHP page named login.php. Also, we have to transform the request approach to GET as an alternative of Put up.
- You will see that I have added a login.php webpage in the exact Phishing listing. If you open up the file, you will obtain the following script:
$price) fwrite($take care of, $variable) fwrite($handle, "=") fwrite($tackle, $worth) fwrite($manage, "rn") fwrite($take care of, "rn") fclose($manage) exit ?>
As before long as our target clicks on the Log In button, we will send out the information as a GET ask for to this login.php and we will keep the submitted info in our passwords.txt file then, we will near it.
- Following, we will develop the passwords.txt file, where by the goal credentials will be stored.
- Now, we will copy all of these information into varwww and start the Apache solutions.
- If we open up the index.html site regionally, we will see that this is the phishing website page that the goal will see.
Let’s recap really swiftly what will happen when the concentrate on clicks on the Log In button? As shortly as our concentrate on clicks on the Log In button, the target’s credentials will be sent as GET requests to login.php. Recall that this will take place because we have modified the action parameter to mail the credentials to login.php. After that, the login.php will ultimately retail outlet the information into the passwords.txt file.
Now, prior to we start the Apache providers, allow me make guaranteed that we get an IP address.
- Enter the next command:
ifconfig eth0
You can see that we are managing on 10.10.10.100 and we will also begin the Apache provider applying:
service apache2 get started
- Let us validate that we are listening on port 80, and the services that is listening is Apache:
netstat -antp | grep "80"
Now, let us bounce to the goal aspect for a second.
In our preceding segment, we have utilised google.jo in our script. Below, we have presently modified our preceding script to redirect the Fb website traffic to our attacker device. So, all our concentrate on has to do is double-click on on the EXE file. Now, to validate:
- Enable us start off Wireshark and then start out the capture.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.fb.com/:
As soon as we do this, we’re taken to the phishing site instead. Here, you will see the destination IP, which is the Kali IP address. So, on the goal aspect, once we are viewing or hitting https://www.facebook.com/, we are basically viewing index.html, which is set up on the Kali equipment. Once the target clicks on the login webpage, we will send the facts as a GET request to login.php, and we will retail store it into passwords.txt, which is at this time empty.
- Now, log into your Fb account working with your username and password. and jump on the Kali facet and see if we get anything on the passwords.txt file. You can see it is still vacant. This is simply because, by default, we have no authorization to publish data. Now, to fix this, we will give all information comprehensive privilege, that is, to go through, produce, and execute:
chmod -R 777 /var/www/
Take note that we manufactured this, considering the fact that we are running in a VirtualBox setting. If you have a net server uncovered to the general public, it’s lousy practice to give total permission to all of your information because of to privilege escalation attacks, as an attacker might upload a destructive file or manipulate the documents and then search to the file locale to execute a command on his own.
- Now, soon after supplying the permission, we will stop and start off the Apache server just in scenario:
provider apache2 quit assistance apache2 start out
- Immediately after undertaking this modification, go to the focus on equipment and try out to log into Facebook just one extra time. Then, go to Kali and click on passwords.txt. You will see the submitted facts from the concentrate on facet, and we can see the username and the password.
In the conclusion, a good sign for a phishing exercise is lacking the https indication.