Phishing Using Shellphish

July 29, 2019 | Views: 4383

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What is a Phishing Attack?

A Phishing ​Attack is a fraud attempt to obtain sensitive information like usernames, passwords, credit card information, Bank Account Numbers, etc. Phishing is an example of Social Engineering technique being used to deceive users.
 
The way phishing works is that an attacker clones a trusted website or spoofs an email of a known target which leads the person to believe that he is visiting a trusted website like social media sites, e.g., Facebook, SnapChat, Instagram, Google, Netflix, and so on. The target will then put his/her username and password on the malicious website (cloned website) and then the username and password will be sent to the attacker instead of the real website, and the target will be redirected to the real website. Let’s do a demo of phishing using shellphish.
 

Things Needed:

1. Kali Linux or any other Linux Operating system.
2. Internet Connection.
3. Shell Phish that we will be using for this practical.
4. Firefox or and other browsers.

Develop Your Ethical Hacking Skills for Free >>

Steps:

1. Open Firefox in your Kali Linux.

fig1

2. Type (github.com) in the URL.

fig2

3. In the search box type (shell phish).

fig3

4. Select the first repository.

5. Click on the (Clone or Download) button and copy the URL.

fig4

6. Open your Terminal

7. Type (git clone URL) and paste the URL you have copied and press enter.

8. It will start downloading the shellphish file.

fig5

9. When the download is complete.

10. Change your directory to shellphish by typing (cd shellphish).

fig6

11. In the Shellphish directory type command(ls -l) it will show all files and their permissions.

fig7

12. Now what we will need to change is the permissions of (shellphish.sh)

13. As you can see its permissions are (-rw-r–r– ) by (-r) it means (read) permission by (w) it means (write) permission

14. There is no execute permission, i.e., x. To add an execute permission, we need to give command (chmod +x shellphish.sh) it will provide it with new permission that is (x).

fig8

15. Now we can execute it by typing (./shellphish.sh)

16. Shellphish has started. Choose any option from above just by typing their number, e.g. if I want to make an Instagram phishing page, I will type (1) as insta is written on number one.

fig9

17. Then choose a port forwarding service that will give you the phishing URL I will go with ngrok so I typed 2.

fig10

18. If using for the first time, it will start downloading ngrok wait for it.

19. When the download is complete, it will give you a URL, which is the URL we will use to phish our target.

fig11

20. Now you can send this link via email, WhatsApp, Messenger or any other media.

21. When the target clicks on this link, you will get its location and IP address

22. After that, the page will open, and when the target types his/her username and password, it will be sent to the attacker. And the target will be redirected to their Instagram.

fg12

Because I was using TOR, the location is unknown, but it will show the exact location of the target otherwise.
 

Notice: This article is for ethical hacking and educational purpose only.

p>
Start A Career in Ethical Hacking >>

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 333 / December 14, 2019
How do I Get MTA Certified?
Views: 925 / December 12, 2019
How much does your PAM software really cost?
Views: 1378 / December 10, 2019
How Do I Get into Android Development?
Views: 1756 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel