Password Phishing can outcome in big loss of identity and user’s confidential details. This could consequence in fiscal losses for consumers and can also avoid them from accessing their possess accounts.
In this report, we will see how an attacker can acquire benefit of manipulating the DNS report for Facebook, redirect traffic to the phishing site, and grab the account password.
Facebook password phishing
Here, we will see how an attacker can take benefit of manipulating the DNS file for Facebook, redirect website traffic to the phishing site, and seize the account password.
Initially, we will need to established up a phishing webpage.
You need to have not be an specialist in world wide web programming. You can quickly Google the measures for getting ready a phishing account.
- To develop a phishing web site, initial open up your browser and navigate to the Facebook login webpage. Then, on the browser menu, click on File and then on Preserve webpage as…. Then, make positive that you pick out a complete site from the drop-down menu.
- The output need to be an .html file.
- Now let us extract some knowledge listed here. Open the Phishing folder from the code files supplied with this e book. Rename the Fb HTML website page index.html.
- Inside this HTML, we have to modify the login form. If you research for action=, you will see it. Listed here, we transform the login variety to redirect the ask for into a customized PHP site named login.php. Also, we have to improve the request approach to GET as a substitute of Write-up.
- You will see that I have included a login.php web site in the similar Phishing directory. If you open the file, you will come across the following script:
$price) fwrite($tackle, $variable) fwrite($deal with, "=") fwrite($tackle, $price) fwrite($deal with, "rn") fwrite($take care of, "rn") fclose($manage) exit ?>
As quickly as our focus on clicks on the Log In button, we will send the information as a GET ask for to this login.php and we will retail outlet the submitted info in our passwords.txt file then, we will shut it.
- Upcoming, we will create the passwords.txt file, where the goal qualifications will be saved.
- Now, we will duplicate all of these documents into varwww and start off the Apache expert services.
- If we open the index.html webpage domestically, we will see that this is the phishing site that the concentrate on will see.
Let’s recap seriously speedily what will happen when the goal clicks on the Log In button? As before long as our concentrate on clicks on the Log In button, the target’s credentials will be sent as GET requests to login.php. Recall that this will materialize mainly because we have modified the action parameter to deliver the qualifications to login.php. Right after that, the login.php will sooner or later retail outlet the facts into the passwords.txt file.
Now, prior to we get started the Apache providers, let me make positive that we get an IP handle.
- Enter the subsequent command:
You can see that we are managing on 10.10.10.100 and we will also start the Apache provider making use of:
provider apache2 get started
- Let’s confirm that we are listening on port 80, and the service that is listening is Apache:
netstat -antp | grep "80"
Now, let us leap to the goal aspect for a 2nd.
In our former part, we have utilized google.jo in our script. Here, we have presently modified our previous script to redirect the Fb targeted visitors to our attacker equipment. So, all our goal has to do is double-click on on the EXE file. Now, to validate:
- Let us start out Wireshark and then commence the capture.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.facebook.com/:
When we do this, we’re taken to the phishing site alternatively. Right here, you will see the vacation spot IP, which is the Kali IP deal with. So, on the target aspect, after we are viewing or hitting https://www.fb.com/, we are generally viewing index.html, which is established up on the Kali device. Once the victim clicks on the login webpage, we will deliver the information as a GET ask for to login.php, and we will keep it into passwords.txt, which is at this time vacant.
- Now, log into your Facebook account employing your username and password. and jump on the Kali aspect and see if we get everything on the passwords.txt file. You can see it is still empty. This is because, by default, we have no permission to publish data. Now, to resolve this, we will give all data files full privilege, that is, to examine, produce, and execute:
chmod -R 777 /var/www/
Observe that we produced this, given that we are jogging in a VirtualBox environment. If you have a net server uncovered to the public, it’s poor observe to give total authorization to all of your information thanks to privilege escalation attacks, as an attacker may add a malicious file or manipulate the information and then look through to the file locale to execute a command on his possess.
- Now, following offering the permission, we will prevent and get started the Apache server just in case:
company apache2 stop provider apache2 begin
- Right after accomplishing this modification, go to the concentrate on equipment and consider to log into Fb one particular additional time. Then, go to Kali and click on passwords.txt. You will see the submitted data from the goal side, and we can see the username and the password.
In the conclude, a superior indicator for a phishing action is lacking the https signal.