Skip to content
Y M L P-222

Y M L P-222

Did Somebody Say Business?

Primary Menu
  • Foreign Exchange
  • Business Markets
  • Business News
  • Business Ideas
  • Traffic Finance
  • About Us
    • Advertise Here
    • Contact Us
    • Privacy Policy
    • Sitemap
  • Home
  • Facebook password phishing with DNS manipulation [Tutorial]
Facebook password phishing with DNS manipulation [Tutorial]
  • Traffic Finance

Facebook password phishing with DNS manipulation [Tutorial]

By magenet 1 month ago

Table of Contents

Related Posts:

  • What is Ethical Hacking | Types of Ethical Hacking
  • Fb password phishing
    • Examine Following:

Password Phishing can outcome in massive decline of identification and user’s private facts. This could end result in economical losses for consumers and can also avoid them from accessing their individual accounts.

In this article,  we will see how an attacker can acquire gain of manipulating the DNS report for Fb, redirect site visitors to the phishing web page, and grab the account password.

Fb password phishing

Here, we will see how an attacker can consider advantage of manipulating the DNS document for Facebook, redirect targeted visitors to the phishing web page, and seize the account password.

Initial, we have to have to established up a phishing web page.

You need not be an qualified in world-wide-web programming. You can quickly Google the measures for preparing a phishing account.

  1. To create a phishing page, very first open up your browser and navigate to the Facebook login site. Then, on the browser menu, click on File and then on Conserve site as…. Then, make certain that you pick a comprehensive website page from the drop-down menu.
  2. The output should be an .html file.
  3. Now let us extract some knowledge listed here. Open the Phishing folder from the code data files furnished with this e book. Rename the Fb HTML site index.html.
  4. Within this HTML, we have to modify the login sort. If you look for for action=, you will see it. Below, we improve the login kind to redirect the request into a custom PHP web site identified as login.php. Also, we have to improve the ask for approach to GET instead of Submit.
  5. You will see that I have extra a login.php web page in the very same Phishing directory. If you open the file, you will locate the following script:
 $benefit) 
fwrite($deal with, $variable)
fwrite($manage, "=")
fwrite($handle, $price)
fwrite($take care of, "rn")

fwrite($handle, "rn")
fclose($tackle)
exit
?>

As soon as our goal clicks on the Log In button, we will mail the details as a GET ask for to this login.php and we will store the submitted knowledge in our passwords.txt file then, we will near it.

  1. Following, we will create the passwords.txt file, where by the focus on qualifications will be stored.
  2. Now, we will copy all of these data files into varwww and begin the Apache providers.
  3. If we open up the index.html web site locally, we will see that this is the phishing website page that the concentrate on will see.

Let’s recap really speedily what will happen when the concentrate on clicks on the Log In button? As soon as our focus on clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Bear in mind that this will take place for the reason that we have modified the action parameter to ship the qualifications to login.php. Following that, the login.php will at some point store the information into the passwords.txt file.

Now, ahead of we commence the Apache providers, enable me make positive that we get an IP deal with.

  1. Enter the next command:
ifconfig eth0

You can see that we are functioning on 10.10.10.100 and we will also start the Apache assistance employing:

support apache2 commence
  1. Let us verify that we are listening on port 80, and the service that is listening is Apache:
netstat -antp | grep "80"

Now, let us soar to the concentrate on side for a 2nd.

In our preceding part, we have utilized google.jo in our script. Here, we have presently modified our earlier script to redirect the Fb targeted traffic to our attacker machine. So, all our goal has to do is double-simply click on the EXE file. Now, to confirm:

  1. Let us start Wireshark and then begin the capture.
  2. We will filter on the attacker IP, which is 10.10.10.100:
Wireshark
  1. Open the browser and navigate to https://www.facebook.com/:
Wireshark

After we do this, we’re taken to the phishing website page as an alternative. Here, you will see the location IP, which is the Kali IP address. So, on the target side, once we are viewing or hitting https://www.facebook.com/, we are in essence viewing index.html, which is established up on the Kali machine. Once the sufferer clicks on the login webpage, we will send out the info as a GET request to login.php, and we will retail store it into passwords.txt, which is at this time vacant.

  1. Now, log into your Fb account applying your username and password. and jump on the Kali side and see if we get anything on the passwords.txt file. You can see it is still empty. This is because, by default, we have no permission to generate knowledge. Now, to resolve this, we will give all information comprehensive privilege, that is, to read, write, and execute:
chmod -R 777 /var/www/

Take note that we built this, considering the fact that we are functioning in a VirtualBox ecosystem. If you have a world-wide-web server uncovered to the general public, it is poor apply to give comprehensive permission to all of your data files because of to privilege escalation assaults, as an attacker could add a malicious file or manipulate the data files and then search to the file area to execute a command on his possess.

  1. Now, soon after supplying the authorization, we will halt and start out the Apache server just in case:
services apache2 halt
support apache2 start
  1. Immediately after undertaking this modification, go to the concentrate on device and try to log into Fb one particular a lot more time. Then, go to Kali and click on passwords.txt. You will see the submitted facts from the focus on facet, and we can see the username and the password.

In the conclusion, a very good sign for a phishing exercise is lacking the https indicator.

We carried out the password phishing method using Python. If you have loved reading this excerpt, do verify out ‘Python For Offensive PenTest‘ to study how to safeguard by yourself and protected your account from these attacks and code your very own scripts and learn moral hacking from scratch.

Examine Following:

Tags: ""Succeeded His Business"", 2 Of Cups Business, 525 Business 5 Bankruptcies, Accounting Business Letter To Client, Bracken Business Communications Clinic, Business Account No Deposit, Business Administration Fafsa, Business Balance Sheet Explained, Business Card, Business Card Printing La Plata, Business Card To Secret Website, Business Cards Media Bar, Business Central Png, Business Coaching Site Cloudfront, Business Contract Lawyer 47201, Business Marketing Pearson Quizlet, Business Milleage Leager 18, Business Mobile Broadand Plans, Business Plan For Supplement Company, Business Plan Loan Originayor, Disrupting Digital Business Harvard, Ffiec Business Continuity Templates, Gauge Ear Piercing Business, Good Openings For Business Letters, Holton Investment Business, Indiana Wesleyan University Business, Indianapolis Business Times, List Business In Search Engines, List My Business Yahoo, Lunch Susbcription Business Model, Morgan Hill Business Liocense Renewal, Nee Small Business Bill Signed, Negotiating Business Acquisitions Practical Law, Networking Trends Small Business, New Business In Shorewood Il, School Business Officer Being Unethical, Small Business Administration Mass, Small Business Comunity, Small Business Corporation South Africa, Small Business Depew Llc, Small Business Medical Offices Chicago, Small Business Office Lakewood Nj, Small Business Plans Verizon, Small Business Storage Array, Small Business Sucess Stories, South Florida Business Journal Twitter, Torrington Ct, United Business Tech Response Sla, United Domestic Business Food, Video Business Woman Bukkake, Ways To Improve Business Technologyreddit

Continue Reading

Previous How to Become a Guest-Post Contributor to Industry Websites and Blogs
Next 10 Ways to Get More Traffic After You Get Media Coverage

Recent Posts

  • Mortgage risk rises – Globes
  • Guest Commentary: It Is All There in the Numbers … Traffic, Traffic, Traffic!!!
  • Provo is Utah County’s Central Business District. Brandon Fugal on Jessop’s Journeys
  • Can Nokia Stock Continue Weathering The Storm In The Broader Markets?
  • What Is Amazon FBA? Guide to a Fulfillment by Amazon Business

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • December 2016

Categories

  • business
  • Business Ideas
  • Business Markets
  • Business News
  • Foreign Exchange
  • Traffic Finance

Visit Now

Sustainable Fashion

BL

LP

TL

Intellifluence Trusted Blogger

promo toyota malang

ymlp222.net © All rights reserved. | Magazine 7 by AF themes.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT