Easy Website Keylogging with Metasploit
Hello all, you all know how to create phishing pages. Here is a little preview about creating fake pages.
The History of Phishing:
The Phishing Method was established in 1987, and it was first disclosed in 1995.
Phishing is the technique where an attacker gathers all information from the victim’s machine, like his Username, Passwords and Credit Card details, etc.
Phishing technique allows a user to enter his credentials on a fake site which looks like a real website with a login page like gmail.com, yahoo.com and Facebook.com
Procedure to create phishing page:
- For creating a phishing page of the website, you will need:
- Login Fake Page of the website
- Write.php file
- ftp account for web page hosting
- Creating the write.php file:- code as shown below and save it as write.php:
- Creating phishing page of the website:
- First you need to go to login URL and view the source code of the page.
- Search for “Action =”
- Then add “write.php id=” after “Action =” and method = GET.
- Refer to the figure below as highlighted:
- After that, save page as “login.html”.
- Creating FTP Account: Visit www.my3gb.com , www.110mb.com or one of the many sites available on the internet that allow for free web hosting.
- After registering on free web hosting site. Upload two files ie “login.html” and write.php file.
- Attacker uses various techniques to send the fake url to victim like email, chat and other techniques.
- When a victim accesses your fake site link, it actually looks like a real login page and if he/she enters their credentials, then it will be coming out in our ftp account.
Easy Website Key logging with Metasploit
This is a much easier technique, which was introduced by the rapid7 Team on April 11, 2012. Here in this case an attacker creates a fake page.
Requirement:Latest/ updated Metasploit framework version.
ATTACKER SIDE STEPS:-
- Let’s start with msfconsole:
- Let’s search for Keylogger by typing “search Keylogger“.
- Type show options commands to check available options.
- Note: – Now in this case we do not have any fake page available to show you but rapid7 team made the feature to set demo here.
I am going to show you that demo that rapid7 introduced in the webinar.
- Now set demo to true “set demo true”.
- After that set uripath as keylogger “Set uripath keylogger”
- After setting all the required options let’s start the server by typing run command.
- Once run command gets executed, run server and generate the link as shown in screen shot above:
- In this case, we are going to show you demo and we already set demo as true to access the demo page, just append “/demo” to the URL provided
- An attacker uses many techniques to send the above URL to a victim like sending a link via email or using social engineering techniques etc.
- Victim sidesteps:-
- When the victim gets the fake link, he/she might be unaware of this type of attack and enter the links shown above.
- If you observe the view source of the demo page. It looks like the below screen shot.
- Keystrokes captured and stored to loot. And same towards the attacker console.
- And the typed credentials going back to attacker and in this way the attacker hacks the credentials.
- This is the same way that an attacker can hack credit card information. He just clones the login page URL of the website which he wants to hack and diverts the victim using various techniques.
- Emails:-Do not trust emails requesting for personal and financial information.
- Never fill any forms from email messages which ask you to fill in personal- financial information.
- Always ensure that you are using a secure website while submitting credit card, or other sensitive information via your browsers. This means that you should always be sure to use https://www. Connection instead of http://www. This indicates that you are using a secure website.
- Ensure your browser is up to date and security patches applied.