20 April 2020

How Hackers Create Phishing Pages for Social Networks & How to Be Safe!

The phishing🎣 attack is going all-time high on the internet. Most of the hackers work on these phishing pages to find out your credentials. These types of attacks are done by just sending links🔗 and provoking victims to click🖱️ on the link. The main intention of this attack to steal the username & passwords, bank credentials, and other confidential information. These password-stealing attacks rely on tricking users into entering their passwords into a convincing fake webpage, and they have become increasingly easy to make thanks to tools like Z-Phisher.

Z-Phisher is an advanced phishing tool-kit. It is an upgraded version of Shell-phish. It has the main source code from Shell-phish but Z-Phisher has some upgrade and has removed some unnecessary codes from Shell-phish. It is developed by HTR-Tech. Z-Phisher can be run from Kali Linux and also can be run from Android devices using Termux. It is the all-in-one phishing framework in 2020.

ZPhisher is the most complete phishing tool with 30+ social media templates plus 4 port forwarding options. Let's see how we can configure and use z-phisher in Kali Linux.

First, open up your terminal and clone the tool from GitHub.

After successfully cloning, change the directory inside the z-phisher, Then run it by this command.
$ cd zphisher
$ ./zphisher.sh

Excellent! Now we have successfully run the script. Here, we can see 29 phishing templates, let’s select option 5 for NetFlix.

Then we need to choose our port forwarding option. Now it will give you four options to choose the service for port forwarding. Sometimes serveo.net and localhost.run doesn't work then you have to choose Ngrok.

The tool has been started. It will give you a link generated by the port forwarding service chosen by you before.

We can see our link created on ngrok. Now send this link to our victim by SMS or Mail or by any other way with some catchy social engineering technique.

When the victim opens the link, it will ask to enter credentials and the page will be similar to the original NetFlix login.

If our victim inputs the username and password. Then We got the credentials of our victim. Now it can be used to log in to the victim's NetFlix account😊.

There are a lot of different tools we can use to compromise devices but this tool is a little different from them. Every hacking method requires a little skill in social engineering. You can't completely depend on tools to do all of your work.


Video Tutorial



Installing on Termux

We also can use it on Android through the Termux application. First, we need to install Termux from Google Play Store. Then we can open it and run this single command to update, download and run the ZPhisher.
$ apt update && apt install git php curl openssh -y && git clone https://github.com/htr-tech/zphisher && cd zphisher && chmod +x zphisher.sh && bash zphisher.sh 

How to Be Secure

  • Keep informed about phishing techniques.
  • Think before you click on any links (URL).
  • Install an anti-phishing toolbar.
  • Check your online accounts regularly.
  • Keep your browser up to date.
  • Use firewalls.
  • Be wary of pop-ups.
  • Use antivirus software.
What's your idea about this tool? inform us in the comment box below and if you have any idea for future articles/videos send me a message on twitter.

2 comments:

  1. Sir, how to hack 2fa (2step verification code)gmail etc using termux please make video on it

    ReplyDelete
    Replies
    1. You can use Modlishka for your purpose. A tool that can bypass two-factor authentication of websites including Google services. You don't need to clone templates. Modlishka works like a proxy between you and the server, which means the server runs live. This tool taking Phishing to the next level. Give a try to it. https://github.com/drk1wi/Modlishka

      Delete

Whatsapp Button works on Mobile Device only

Start typing and press Enter to search