Home Uncategorized phishing attack basics/advance

Uncategorized

phishing attack basics/advance

June 16, 2019

1206

Today’s topic is the phishing attack. In simple words, A phishing attack is a method to hack a victim with a fake web-page.

For this tutorial, I am not using some kinda script or tool. because I want you to teach the whole process of the phishing attack.

scenario:

suppose, I am in the WLAN(Wireless Local Area Network) of my school. it is a day when results are getting announced online. All students will check their results on the #schoolresults.in and there is a login page.

now the thing is that login page is used by users but also it is used by the admin who can upload results on that webpage.

now, I, as an attacker will try to copy that web-page. I have told you about copying a webpage, I am not going to tell you again. check out – HERE

when I have the webpage, I can host it on my local server.

steps to host webpage:

type this command:

service apache2 start

this command will start a web server on port 80(local server).

now just copy the cloned page (.HTML,.PHP, etc) to :

/var/www/html/

NOTE- remove the index.php(default page) and rename the cloned page- index.php or index.html

now, you can check if the page is online

STEPS:

go to your browser

type in the URL:

127.0.0.1/index.php or index.html

you will get the result.

now we need to force the admin to visit our local server, then maybe admin will login from our webpage and we will get the Admin creds.

as I told you that I am in WLAN of my school network. I can redirect a user from the main website to our local web server.

STEPS:

1. open ettercap in GUI mode.
2. make sure you have edited the /etc/ettercap/etter.conf

you need to add your wlan0 interface ip to this file.

(it might be complicated for you if you have no idea about DNS spoof. I will make a tutorial on ettercap tool)

4. use Wireshark or tcpdump to capture packets. (KNOW MORE)

3. just relax and wait for the admin to input his creds. once the admin will input the creds, you will have creds in the data packets, you have captured.

you can log in with creds and edit the info on the main website. now, you might have the idea that how can you hack facebook, twitter, and google, etc.

Thanks For Visiting.

How To Fix Error: Externally-Managed-Environment In Python (Kali Linux)

Understanding Systemctl Command in Linux (Practical)

Macros in docm & Linux memory dump| Hack The Boo …

Android Apps debugging | Frida, JADX, Genymotion

How To Hack MySpace By Phishing (Working)

How To Perform Brute-Force on Facebook Easily

How to enable RDP in Linux | XRDP, SSH

How To Crack WinRAR | Reverse Engineering

KDE VS XFCE | which one is better

How To Edit a Text file in Windows Powershell

How To Fix Error: Externally-Managed-Environment In Python (Kali Linux)

How to extract information from .DMP files

Binary Exploitation | Pwn | Linux

LEAVE A REPLY Cancel reply

Connect With Us

Popular