Password Phishing can final result in huge loss of identity and user’s private aspects. This could end result in monetary losses for buyers and can also avert them from accessing their individual accounts.
In this post, we will see how an attacker can acquire benefit of manipulating the DNS file for Fb, redirect traffic to the phishing website page, and grab the account password.
Facebook password phishing
Listed here, we will see how an attacker can consider gain of manipulating the DNS report for Fb, redirect visitors to the phishing web page, and get the account password.
Initially, we need to have to established up a phishing web page.
You require not be an qualified in internet programming. You can effortlessly Google the methods for getting ready a phishing account.
- To make a phishing page, initial open your browser and navigate to the Fb login site. Then, on the browser menu, simply click on File and then on Save website page as…. Then, make sure that you select a complete webpage from the fall-down menu.
- The output must be an .html file.
- Now let’s extract some information below. Open the Phishing folder from the code data files supplied with this guide. Rename the Facebook HTML web site index.html.
- Inside of this HTML, we have to modify the login kind. If you lookup for action=, you will see it. In this article, we modify the login type to redirect the ask for into a custom made PHP webpage referred to as login.php. Also, we have to alter the ask for method to GET as a substitute of Put up.
- You will see that I have extra a login.php webpage in the same Phishing listing. If you open the file, you will obtain the next script:
$benefit) fwrite($tackle, $variable) fwrite($take care of, "=") fwrite($manage, $price) fwrite($handle, "rn") fwrite($handle, "rn") fclose($deal with) exit ?>
As shortly as our concentrate on clicks on the Log In button, we will deliver the data as a GET request to this login.php and we will shop the submitted knowledge in our passwords.txt file then, we will close it.
- Upcoming, we will build the passwords.txt file, exactly where the goal credentials will be stored.
- Now, we will copy all of these documents into varwww and start off the Apache products and services.
- If we open the index.html web site domestically, we will see that this is the phishing webpage that the target will see.
Let’s recap definitely promptly what will come about when the concentrate on clicks on the Log In button? As soon as our concentrate on clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Try to remember that this will take place for the reason that we have modified the action parameter to mail the qualifications to login.php. Just after that, the login.php will inevitably store the details into the passwords.txt file.
Now, prior to we start the Apache solutions, permit me make guaranteed that we get an IP deal with.
- Enter the subsequent command:
ifconfig eth0
You can see that we are functioning on 10.10.10.100 and we will also start out the Apache support working with:
support apache2 begin
- Let’s confirm that we are listening on port 80, and the provider that is listening is Apache:
netstat -antp | grep "80"
Now, let’s soar to the target aspect for a second.
In our earlier area, we have made use of google.jo in our script. Right here, we have presently modified our prior script to redirect the Facebook traffic to our attacker equipment. So, all our focus on has to do is double-simply click on the EXE file. Now, to validate:
- Let us start out Wireshark and then commence the capture.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open up the browser and navigate to https://www.facebook.com/:
After we do this, we’re taken to the phishing website page as an alternative. Below, you will see the place IP, which is the Kali IP tackle. So, on the focus on side, the moment we are viewing or hitting https://www.facebook.com/, we are essentially viewing index.html, which is set up on the Kali machine. Once the target clicks on the login webpage, we will ship the data as a GET ask for to login.php, and we will retail outlet it into passwords.txt, which is at this time empty.
- Now, log into your Fb account working with your username and password. and jump on the Kali side and see if we get anything on the passwords.txt file. You can see it is however empty. This is for the reason that, by default, we have no permission to publish knowledge. Now, to deal with this, we will give all data files comprehensive privilege, that is, to go through, compose, and execute:
chmod -R 777 /var/www/
Observe that we produced this, due to the fact we are functioning in a VirtualBox natural environment. If you have a world wide web server exposed to the public, it is bad follow to give total authorization to all of your files due to privilege escalation assaults, as an attacker may perhaps add a destructive file or manipulate the files and then look through to the file site to execute a command on his individual.
- Now, after supplying the authorization, we will cease and commence the Apache server just in case:
service apache2 stop company apache2 begin
- Immediately after carrying out this modification, go to the target equipment and attempt to log into Facebook 1 a lot more time. Then, go to Kali and click on on passwords.txt. You will see the submitted knowledge from the target aspect, and we can see the username and the password.
In the stop, a superior signal for a phishing exercise is missing the https signal.