Phishing

Phishing on Course web at SLIIT


What Is Phishing?

                  Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details , often for malicious reasons, by disgusting as a trustworthy entity in electronic communication.

What is spear phishing attack ?

                 Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.

Introduction ?     

 First you need know some details about how it will be work. Phishing attack can be done creating web pages like original web sites. Attacker create similar site like original one and host that site in the server and send that link to the target person or group. If they trust that link and enter their information to that fake webpage. In that page store what they entering to the fields. Then attacker uses that details use it for the some kind of things since many of victims don't have tech knowledge. They easily fall these kinds of phishing traps. But if you are a tech guy you can do some digging here.
            In now a days technology have been very improved when the attacker create the phishing site, automatically identify this is a phishing site or not and they will block the fake sites immediately because of the security protocols. The developers implement Ajax codes to connect with servers . Sometimes the attacker may not be skillful enough to implement them. When the attacker can remove Ajax files and create the fake web sites too. Way of the identifying a Phishing site is to check the URL in the web browser. It can be different than the original site.

How to create Phishing sites?

Step 01

          Go to course web login page.Right click --> save as (then select the desired format for the web page, Complete) and save it.






Step 02

          Edit the course web html page using notepad++ or Sublime text editor. Why we need to edit that file? the downloaded page has server connecting to Ajax files and they communicate with the server. When we host the web page the hosting server will identify this site is fake,that’s why need to remove the Ajax code in the html. 

login.html file should be like this after removing Ajax codes
https://github.com/chathurangasineth/Phishing/blob/master/login.html.


Step 03
                 
            We need to create the php file to steal the critical information in the login page.
When I’m creating the php file i need to get ID values of the text boxes and login button action should need to change according to the ID value. After that we need to host that php file in the free hosting site. 


vlogin.php file like this.
https://github.com/chathurangasineth/Phishing/blob/master/vlogin.php



Step 04
           Now we can publish the fake web site as a real course web login page.We need to host the web page using free hosting site. I’m using 000webhost .com to host this web page.
            (Before hosting the html page make sure to remove the Ajax codes in the html. If not they communicate with the server and identify the page is fake and the hosting site will immediately ban your webhost account.)

Step 05

            
This is how my fake Course web  page looks like



When a user try to login by entering the username and password it will show "This site can’t be reached and Check your Internet Connection". After 2 seconds it will automatically redirect to the original online registration site at SLIIT site.





Step 06

 How to attack the victims


This is the most important part because if user did not get trapped the whole job is useless. So we have to be careful in here. If we can make him to click on our link and enter the username and password,we can easily get their critical information .

             Link can send to our friends via social media or mail servers. I’m going to try this link by mail server. It’s like spear phishing. We need to create a mail that it seems like security or student affairs division mail. Then we can trap the user easily.
           
            I’m going to act like SLIIT Finance .It’s depends on the situation. 

I Created a new Gmail account for this & it`s sliitfinance@gmail.com  Now I’m going send a mail to my friends using that mail like this.
Now he thinks its SLIIT finance division. When he click that shorted link (I’m shorted my fake URL using https://goo.gl/) then he view the course web login page and he enters the information,then the details of the client & save the details to the file call datalog.txt in webhost server. After 2 sec it will redirect to the online registration site. It’s an offline site. So he thinks the site is now offline then he tries to verify the matter by contacting the finance Dept.So he will not think about the link afterwards. 


How to avoid phishing attacks


            This is very important because if you got trapped into a phishing attack maybe it`s not a big deal. But if an attacker steals your credentials for bank accounts, that’s a disaster. So lets see how can we identify the phishing attacks.


  • Do not click any links sent by unauthorized people or third parties.
  • If clicked any,link first need check web URL (sometimes the URL is same as original but one character must be change so we need to check URL carefully).
  • Use Antivirus software which can trace phishing sites and make sure to keep it updated.
  • Check senders email address and check the original person who sent the email.
  • If you are not sure about the link give some incorrect details and check what happens.
  • Before you click the link make sure to check the URL begins with HTTP or HTTPS,if its HTTPS it is more secure than HTTP. 



This is my blog about phishing. Hope you something learns from it. If you have any problems contact me.

Keep in touch for new blogs!!!

Cheers :D !!!

Comments

Post a Comment

Popular posts from this blog

CySCA 2014 Web Penetration Testing Write-up

Image
Hellow Peeps !!! Today I bring some interesting hacking challenge walkthrough. Let's see what it is, CySCA2014 Web Penetration Testing Write-up We need to first setup the cysca2014 box in VM. When the VM configuring we can check connectivity is their using ping commands. Web Penetration Testing 1 – Club Status Turn on the intercept in the burp suit and go to the web site using cysca2014 IP address. Then you can see the GET request. There are two cookies called PHPSESSID and VIP. Then we have to edit the VIP cookie value from 0 to 1 and forward the request. Then we need to forward this packet in burp suite. Then we can get a website. Index.php Now we cannot access the blog. Now we need to change VIP 0 to 1 then we can access the blog.   Now we can access Blog. Web Penetration Testing 2 – Om nom nom nom After completing challenge 1, you can browse on the Blog page. There is
Read more

Double Submit Cookies Patterns

Image
Cross-Site Request Forgery (CSRF)  Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an
Read more