Dear readers of Hacker's Station, today we will return to the topic of Phishing, which has become topical in recent years. In this guide we will use a tool called AIOPhish.
In the 2.0 era, that of the internet, scams take place online. Not only by browsing websites, but also by e-mail: despite the enormous progress in the cybersecurity sector, with the creation of highly efficient antivirus and antispam filters for e-mail, fraudulent e-mail messages can escape these checks , also creating considerable damage to the unfortunate cheated.
This is the case, for example, of phishing e-mails, which can often also come from a trusted source and sent from addresses considered “reliable” and therefore not blocked by the appropriate filters. Running into a scam is very simple, falling for it much less, but you still need to pay close attention and know how to recognize phishing emails. (See the article Examples of Phishing attacks and how to find them).
As already discussed in some previous articles, the types of phishing used can be divided into 4 ways:
- Greed;
- Kindness;
- Obedience;
- Fear;
To see these types in detail, read the article Phishing: Recognizing an attack and how to defend yourself available at this link.
For our test we will use the AIOPhish script, obviously using our dear friend Kali Linux, a very powerful script that if used by an attacker could damage the victim, with data theft etc.
ATTACK PHISHING WITH AIOPHISH
AIOPhish is a powerful tool with many options you can use, such as:
Send fake emails;
43 models;
3 local.run/serveo/ngrok tunnels;
Choice of page language Spanish / English;
Choice of securities;
Photo insertion;
Insert descriptions;
Mini URL choice;
Inserting an alert box;
Redirect the victim;
Let's start with our test by cloning the script, we write these commands:
apt update && apt upgrade -y
apt install git -y
cd desktop
Let's clone the script:
This will be the menu that we will see and that we can use, (crazy if you think about it), how many modules we have available.
We select option 6 (Facebook):
We select option 1:
When the script has finished creating the selected module, it will produce a link which in our case will start with:
https://www.facebook.com@67tg08l533.ngrok.io.
The special thing about this script is that it provides a portal to send anonymous emails with the ability to change the sender and its content.
From this link it will be possible to access the portal to send emails: https://unavezmasemail.888webhostapp.com.
ATTACK EXAMPLE
Think what an attacker could do…. For example, he could send an email pretending to be a person on the Microsoft team, asking the victim to select the link in order to reset the password of his mailbox.
Some time ago I worked on an email received from a client with the following content:
Sender:
noreply@outlook.com
Object:
Microsoft Outlook account validation "email address" loke.me@outlook.com
Text:
Dear user,
your account has been temporarily blocked due to an unauthorized access attempt.
To reactivate and protect your Microsoft account please select the attached link and follow the instructions.
Analysis of the url received
The initial part contains https://www.microsoft.com, crazy, if the victim does not check the entire url in detail, he bites 100%
The part immediately after the.com however contains a strange thing @67tg08l533.ngrok.io
I continue my verification by clicking on the link, I am redirected to the login page "identical to the original". If the victim had entered the user id and password, the attacker would have received the info live and in clear text.
Always be wary if you receive strange emails if you are not 100% sure.
As always, make good use of it by testing your device / computer, doing them on devices / computers not yours is illegal.
To the next article.
N.B .: I do not take any responsibility for the use you will make of the guide, as it is drawn up for didactic and training use.
Comments
Post a Comment
If you guys have any issue just let me know