🐟Phishing

In this project we are going to do something big, we've used a github repository that's gonna help us to learn and understand how phishing works. This github repository has been deleted many times and reuploaded by many users, all of them have the "blackeye" name on it. Different versions and different code from which I've had to take pices, adapt it and finally make it work (I won't upload it because it's going to get banned anyway).

---

⚠️ Disclaimer

This content is provided for educational and learning purposes only. All activities, tools, and techniques mentioned or demonstrated are intended to help individuals understand cybersecurity concepts in a safe and responsible manner.

---

It's a tool very powerful that has two interesting things, a folder with many php files that "immitate" a known enterprise login webpage, that means that we can imitate various login pages that we are going to use to fool the target to give us their user account and password. The second file is the bash file where we:

• Choose the login page we want to imitate.

• We create a local PHP server.

• We create the site with the variables username and password where we are going to store the information.

• We create using ngrok the webpage and the URL we are going to send to the target.

I read all the code and how it worked, learning how to create the php server, how the php files were programed (very accurate gotta say) and how is used in the main program.

1. Redirecting to PHP Server:

   if [ ${file_exists "server IP.txt"} ]; then
     redirect_to_php-server --ip=$user $\{\}\]\$\*\$IP
   else
     create-p-hphp script with a default URL.
   end if

   • If server IP.txt exists, redirects to the php server using $user as the IP. Otherwise, it creates the PHP and NGroK scripts.

2. Creating PHP Script:

   $url=$php-sys-server --ip=$server $\{\}\]\$\*\$IP:5555

   • Creates a php script on the specified IP with a default port number.

3. Starting Server:

   start_server --tunnel=$tunneling-method

   • Starts the PHP server using either start_ngrok() or start_localtunnel() based on the tunneling method.

4. Linking to ngrok.com:

   link.ngrok://$\{\}\]\$ngrok-server $\{\}\]\$NGROK-USER $\{\}\]\$NGROK-PORT

   • Links to the NGroK server at ngrok.com with the specified user and port.

This tool is a littlebit old and many users have used it, I could learn and try for my self once, because literally, once try it I was able to get the credentials (mine) and everything worked properly, then I was banned from ngrok because they detected that the credentials were sent to a particular host and not a known server, meaning that I was phishing myself.

I got litearlly banned from using ngrok again (at least for a little time) but I think it was worth it.

It's interesting how every repository in internet use tunneling (for wich only you can acces your own web, also because google autmatically blocks this type of service) and there's no ngrok version. I had to search and modify the code to actually make it work.