The Complete Phishing Guide – Ngrok & Cuteit
What’s social engineering?
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information! Such as phishing attacks, which we will cover today.
What do we need?
We just need 3 things!
Cuteit: https://github.com/D4Vinci/Cuteit – This is a malicious IP obfuscator! Sounds scary huh!?
‘A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. All of that is simply done with obfuscating IP to many forms.’ This is essentially masking a local IP address, that is pointing towards credential harvester, masking it with URLs that look promising to an unsuspected user!
ngrok: https://ngrok.com/ – This helps port forwarding a web based service; a credential harvesting attack. This doesn’t work well with remote access tools!
‘Ngrok is a multiplatform tunnelling, reverse proxy software that establishes secure tunnels from a public endpoint such as internet to a locally running network service while capturing all traffic for detailed inspection and replay.’ Literally! If you don’t understand, don’t worry, I’ll make it all clear for you!
Emkei’s Fake Mailer: https://emkei.cz/ – A cool FREE online mailer. This allows you to send an email from absolutely ANYONE to your target. This is where you can start your social engineering attack! So Crazy cool huh!
QUICK TIP: YOU NEED TO HAVE APACHE 2 INSTALLED. TO DO THIS, JUST TYPE INTO THE TERMINAL:
sudo apt-get install apache2
What on earth do I do now?
- To launch the social engineering toolkit, search for it using the search bar.
- Now you should get a cool screen.
- First press 2, to navigate to the web-attack vectors.
- Then, press 3, for the credential harvester attack method (this is what I was talking about!)
- Now you should see 3 options. You can either use a premade template, clone a website or use your OWN.
- In this case, we will stick to the web templates.
- So, press 1
- It will now ask for the POST IP, this is what is going to be sent back from the web server, to the initial host/server, which is our IP address. This is locally!
- In my case: 192.168.1.101
- When you press enter, you should once AGAIN, see 3 options. A ’Java Required’, which is a warning page telling you that you require java. We have Google and Twitter as well, the login pages.
- In this case, let’s choose Twitter, so press 3.
- In some cases, you will have to move the Apache directory to the HTML directory; this should be done by itself, so no worries. Now press enter!
- Now, what you are supposed to do, is send the IP to your targets, but come on, are they really going to fall for that lazy old textbook trick? NO.
- This is where CuteIt comes into play! You have to have python installed for this to work!
- So if you have your CuteIt file cloned from Github, navigate to that directory.
- Then, type in:
- Now press enter.
- Don’t forget, only type in IP addresses, so in my case, I typed in 192.168.1.101
- This gives us some nice IPs for us to use. Now let’s copy one of those links
- To test it works, pop it into the URL. And type in some fake credentials!
- Wow, looks pretty real huh?
- Now once you have done that, minimize firefox, and open the terminal with the social engineering toolkit. Now if you look carefully, you should see that it has captured the credentials! In my case:
POSSIBLE USERNAME FIELD FOUND: sessions(username or email)= test
POSSIBLE PASSWORD FIELD FOUND: sessions(password)=password
This is how you essentially perform it on your local area network, and how to use Cuteit to make the URL, a little more believable.
So now, let’s look at another situation. Let’s say you are targeting someone on the internet, then port forward will come into play. Ngrok is actually created for something totally different. It was provided so that it gave developers an option where they can have a website they are working on/running on their local host, and they are able to essentially tunnel it onto the internet and then share it with people without having any web hosting solutions available. Completely free! Just make an account, and download it for your OS? Damn, so cool.
- So, to do this, go to where you have saved ngrok, and launch it with the command: ./ngrok
- Then, type: ./ngrok http 80.
- Then hit that enter button. This IP address can also be used, for the local ip.
- Not only does this have a digital certificate, but this also can have HTTPs and HTTP.
- Now do the same test, with ‘test’ as username and ‘password’ as a password to check if it works!
You can send this link to victims over social media, as they click things more often without thinking. Using this mailer, you can try making an email look genuine by using your social engineering skills. You guys are smart and that is easy for you. Social engineering is always hit or miss, so do not always expect 100% results. You can also be a victim of this, be careful and take care of your security.