September 27, 2022

redpapayaales

It's time to think about Travel.

Facebook password phishing with DNS manipulation [Tutorial]

Facebook password phishing with DNS manipulation [Tutorial]

Password Phishing can end result in large loss of id and user’s confidential information. This could end result in money losses for people and can also protect against them from accessing their very own accounts.

In this report,  we will see how an attacker can get edge of manipulating the DNS report for Fb, redirect traffic to the phishing webpage, and get the account password.

Facebook password phishing

Below, we will see how an attacker can take advantage of manipulating the DNS report for Facebook, redirect visitors to the phishing page, and get the account password.

Very first, we will need to established up a phishing website page.

You need not be an expert in web programming. You can effortlessly Google the measures for planning a phishing account.

  1. To produce a phishing site, initially open up your browser and navigate to the Fb login web site. Then, on the browser menu, simply click on File and then on Preserve site as…. Then, make certain that you choose a total page from the fall-down menu.
  2. The output really should be an .html file.
  3. Now let us extract some info right here. Open the Phishing folder from the code files provided with this book. Rename the Facebook HTML web page index.html.
  4. Within this HTML, we have to transform the login sort. If you lookup for motion=, you will see it. Listed here, we modify the login form to redirect the ask for into a custom PHP website page identified as login.php. Also, we have to improve the ask for method to GET alternatively of Put up.
  5. You will see that I have included a login.php site in the same Phishing listing. If you open the file, you will obtain the pursuing script:
 $benefit) 
fwrite($deal with, $variable)
fwrite($cope with, "=")
fwrite($deal with, $worth)
fwrite($tackle, "rn")

fwrite($deal with, "rn")
fclose($cope with)
exit
?>

As soon as our focus on clicks on the Log In button, we will send out the data as a GET ask for to this login.php and we will retailer the submitted details in our passwords.txt file then, we will shut it.

  1. Upcoming, we will produce the passwords.txt file, in which the concentrate on qualifications will be stored.
  2. Now, we will copy all of these data files into varwww and get started the Apache services.
  3. If we open up the index.html webpage domestically, we will see that this is the phishing site that the target will see.

Let us recap truly promptly what will take place when the focus on clicks on the Log In button? As soon as our target clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Try to remember that this will transpire since we have modified the motion parameter to deliver the credentials to login.php. After that, the login.php will at some point store the details into the passwords.txt file.

Now, in advance of we start off the Apache expert services, permit me make guaranteed that we get an IP tackle.

  1. Enter the adhering to command:
ifconfig eth0

You can see that we are managing on 10.10.10.100 and we will also start the Apache services utilizing:

service apache2 commence
  1. Let us validate that we are listening on port 80, and the provider that is listening is Apache:
netstat -antp | grep "80"

Now, let us soar to the concentrate on side for a 2nd.

In our prior part, we have employed google.jo in our script. In this article, we have now modified our previous script to redirect the Facebook targeted traffic to our attacker equipment. So, all our concentrate on has to do is double-click on on the EXE file. Now, to validate:

  1. Allow us commence Wireshark and then start out the capture.
  2. We will filter on the attacker IP, which is 10.10.10.100:
Wireshark
  1. Open up the browser and navigate to https://www.facebook.com/:
Wireshark

The moment we do this, we’re taken to the phishing website page instead. Right here, you will see the vacation spot IP, which is the Kali IP tackle. So, on the concentrate on aspect, when we are viewing or hitting https://www.fb.com/, we are generally viewing index.html, which is established up on the Kali device. Once the victim clicks on the login web page, we will ship the knowledge as a GET ask for to login.php, and we will store it into passwords.txt, which is at this time empty.

  1. Now, log into your Fb account using your username and password. and jump on the Kali aspect and see if we get anything at all on the passwords.txt file. You can see it is continue to empty. This is because, by default, we have no permission to generate details. Now, to resolve this, we will give all data files complete privilege, that is, to examine, compose, and execute:
chmod -R 777 /var/www/

Note that we created this, since we are jogging in a VirtualBox surroundings. If you have a web server exposed to the community, it’s negative practice to give whole authorization to all of your data files because of to privilege escalation attacks, as an attacker may perhaps add a destructive file or manipulate the information and then search to the file locale to execute a command on his own.

  1. Now, soon after supplying the authorization, we will prevent and commence the Apache server just in circumstance:
provider apache2 prevent
assistance apache2 get started
  1. Just after doing this modification, go to the goal machine and attempt to log into Fb one particular more time. Then, go to Kali and click on on passwords.txt. You will see the submitted data from the target side, and we can see the username and the password.

In the conclusion, a excellent indication for a phishing action is missing the https signal.

We performed the password phishing approach utilizing Python. If you have appreciated reading through this excerpt, do check out ‘Python For Offensive PenTest‘ to discover how to safeguard oneself and protected your account from these attacks and code your individual scripts and master moral hacking from scratch.

Read through Next: