Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Learning how to bypass two-factor authentication (Google Authenticator, SMS)
Message
<blockquote data-quote="Ghosthunter" data-source="post: 512" data-attributes="member: 6"><p>Checking the settings:</p><p></p><p><img src="https://telegra.ph/file/3737fbd150a46918ce072.png" alt="3737fbd150a46918ce072.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>We specify where we will redirect the user after successful authorization</p><p></p><p>Code:</p><p>phishlets get-okta url https://<target domain>.okta.com/</p><p></p><p>The app will display a link that you want to send out to users in the following format:https://<phishing domain>.com/login/login.htm?rb=9ffe&ec=<unique hash></p><p></p><h4>Step 4-waiting for the catch</h4><p>We send out emails (mailing technologies are material for a separate article) and wait.</p><p></p><p>A weak, trusting user follows the link and logs in. We see it like this:</p><p></p><p><img src="http://www.pvsm.ru/images/2018/11/28/shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-6.png" alt="shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-6.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>All captured accounts are added to sessions. Select the appropriate one and copy cookies from it:</p><p></p><p><img src="http://www.pvsm.ru/images/2018/11/28/shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-7.png" alt="shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-7.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>Open the browser, substitute cookies, and voila-we're inside:</p><p></p><p><img src="https://telegra.ph/file/050380386c5fcef3694f1.png" alt="050380386c5fcef3694f1.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><h4>Afterword</h4><p>Evilginx greatly simplifies the creation of phishing pages, especially for 2FA. It is also convenient to store and share these pages with your friends. Protection methods — use of <a href="https://fidoalliance.org/specifications/overview/" target="_blank">U2F</a>, switching to new authentication <a href="https://fidoalliance.org/specifications/overview/" target="_blank">methods</a>.</p><p></p><p>Thank you for reading this!</p></blockquote><p></p>
[QUOTE="Ghosthunter, post: 512, member: 6"] Checking the settings: [IMG alt="3737fbd150a46918ce072.png"]https://telegra.ph/file/3737fbd150a46918ce072.png[/IMG] We specify where we will redirect the user after successful authorization Code: phishlets get-okta url https://<target domain>.okta.com/ The app will display a link that you want to send out to users in the following format:https://<phishing domain>.com/login/login.htm?rb=9ffe&ec=<unique hash> [HEADING=3]Step 4-waiting for the catch[/HEADING] We send out emails (mailing technologies are material for a separate article) and wait. A weak, trusting user follows the link and logs in. We see it like this: [IMG alt="shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-6.png"]http://www.pvsm.ru/images/2018/11/28/shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-6.png[/IMG] All captured accounts are added to sessions. Select the appropriate one and copy cookies from it: [IMG alt="shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-7.png"]http://www.pvsm.ru/images/2018/11/28/shok-novyi-soft-dlya-fishinga-pobejdaet-vtoroi-faktor-7.png[/IMG] Open the browser, substitute cookies, and voila-we're inside: [IMG alt="050380386c5fcef3694f1.png"]https://telegra.ph/file/050380386c5fcef3694f1.png[/IMG] [HEADING=3]Afterword[/HEADING] Evilginx greatly simplifies the creation of phishing pages, especially for 2FA. It is also convenient to store and share these pages with your friends. Protection methods — use of [URL='https://fidoalliance.org/specifications/overview/']U2F[/URL], switching to new authentication [URL='https://fidoalliance.org/specifications/overview/']methods[/URL]. Thank you for reading this! [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Learning how to bypass two-factor authentication (Google Authenticator, SMS)
Top