Evilblog

This time I have decided not to phish the user’s password instead I will pwn his device. I will generate persistent spyware which will log target’s keystrokes, screenshots and webcam snapshots (if the user has a webcam) STEP1: Gathering information This step is about to gather information about my target, as my target does not has any computers knowledge coming from arts medium (from his Facebook profile) it is easy to phish him, but first I am going to gather information about what OS is he using, what version of the operating system he is running. So to do this I created an IP tracer that will gather his user-agent info, his current location(if he gives access), what device is he using. When he opens the link I got all the information I required to prepare my attack and saved everything on the log file. Below is a snapshot of his device details.   Now I know he is using windows 10 operating system so I can prepare my spyware keeping this information in

In this post we will see different technique on how can we detect a similar looking domain, phishing attack using that domain. We will see offline and online methods to detect these attacks. What is typosquatting When ever you search for a domain and sometime you mistype a domain suddenly then what you get with a similar looking domain is a phishing domain this is called typosquatting and this technique could be used to hack or phish you by providing fake and similar looking domain.And this is what we are going to look on how can we detect these similar looking domain and block them. Spotting the similar looking domains STEP 1. Open your terminal and type git clone https://github.com/elceef/dnstwist.git && cd dnstwist STEP 2. Now install the dependencies , in the dnstwist folder type apt-get install libgeoip-dev libffi-dev STEP 3. Now type BUILD_LIB=1 pip install -r requirements.txt   STEP 4. Now we will look for only those domai

 What is Obscure email vulnerability Obscure email vulnerability in Gmail is interaction between two different ways of handling e-mail addresses which means shaquibdexter@gmail.com would be same as shaquib.dexter@gmail.com and this is also same as dexters.h.a.q.u.i.b@gmail.com. But in case of netflix they don't ignore the dotted part so all of them are unique email address for netflix and each one can be used for registering a new account. So this difference can be exploited . The phishing part  Try the Netflix signup form until you get a gmail.com address which is already registered by some user, for example you find the victim shaquibdexter.   Create a Netflix account with address shaquib.dexter   Sign up for free trial with any card no (that card should be throwaway card).   When Netflix applies the active card check, cancel the card. Wait for Netflix to bill the cancelled card. Then Netflix

What is certstream CertStream is an intelligence feed that gives you real-time updates from the Certificate Transparency Log network, allowing you to use it as a building block to make tools that react to new certificates being issued in real time. And by using this we are going to catch phishing sites using certstream SSL certificate live streaming. Steps to catch phishing sites First open your terminal and clone into this url with following command:  git clone https://github.com/x0rz/phishing_catcher.git Go to your downloaded directory with cd phishing_catcher Install required dependencies with pip install -r requirements.txt Finally run the program with   python catch_phishinh.py  and it will start showing list of malicious phishing sites by using live certstream SSL certificate  Caught the malicious phishing site And below you can see we got some fake Apple sites with similar looking interface   So by using follow

What is IDN Homograph Attack?  An IDN Homograph Attack is a technique of spoofing a domain name with similar looking character using UNICODE character. For example http://ĝoogle.com -- ĝ not g , http://ḃing.com -- ḃ not b, http://asĸ.com   -- ĸ not k   Steps for the Attack  Clone in to the following github URL : https://github.com/UndeadSec/EvilURL.git   Move to your EvilURL directory and type "python evilurl.py"  In Insert name options insert your target site name for example i am going to use Google ,and in domain level insert what level of domain you want to spoof as i am choosing .com  Now we got our Homograph URL  Above you can see domain name has been spoof with different characters.In MORE EXTENSIVE URL we can see more character has replaced with Unicode characters, let see what happens if i type this URL in my browser. So first I will choose a Unicode URL and will paste it to my browser and see what happens   An