Phishing tools are becoming more popular and dangerous than ever. Among these tools, Evilginx2 is one of the phishing tools developed to defraud users and collect their logins, passwords, including cookies and other personal information. .
Join the channel Telegram belong to AnonyViet ???? Link ???? |
With the development of technology and the ubiquity of using online services, it has become even more difficult to prevent these attacks. And Evilginx2 is one of the latest phishing tools to be born and is becoming a growing threat to network security. In this article, we will learn about Evilginx2, how it works and what measures we can take to protect ourselves from these phishing attacks!
Note: This article is for educational purposes only. Please do not perform cyberattacks. Any acts related to illegal, Anonyviet will not bear all such acts!
What is Evilginx2 Phising Tool?
Evilginx2 is a phishing attack tool developed by the author Gretzky. It allows attackers to create fake websites designed to defraud users and collect their logins, passwords, and other personal information. The tool is designed to attack highly secure online services, such as Gmail, Facebook, and online banking sites. Evilginx2 uses IP address navigation and creates fake websites exactly like the original ones.
How Evilginx2 Tool Works
Once the hacker has configured the phishing site, and sent the user this fake access website, Evilginx2 will intercept the network traffic and display a fake web page similar to the login page of the original web. The user will provide their login information on the fake page and Evilginx 2 will log this information.
The tool then redirects the user to the official login page of the original web, minimizing the possibility of detection. Not only that, it also uses sophisticated techniques to spoof the login sites, including the technique of creating a clone of the original website, using fake SSL certificates to create a secure connection. with fake websites and use browser deception techniques to block security warnings. Not only that, Evilginx2 uses techniques to fool two-factor authentication (2FA) means of online websites and applications.
2FA is a security technique where users must provide an additional factor other than a password to verify their identity, such as an authentication code (OTP) sent via text message or via a mobile application. motion. With Evilginx2, hackers can create a fake website to trick users into providing their 2FA credentials. Once the user provides this information, Evilginx2 will take it and use it to log into the user’s account on the real website. So you can see that it can have extremely serious consequences. And that’s how it works, now Anonyviet demo shows you how its consequences are! Let’s go
Demo of phishing attack with Evilginx2 . tool
Before entering the attack, Anonyviet has prepared a linux vps server, and a free domain name taken from Freenom and this domain is named nhaquamienphi.cf. After obtaining the above, Anonyviet configures the following:
Anonyviet will access the linux vps via ssh, then get the VPS’s IP address
After getting the IP address, I will now configure the domain as follows:
I created 2 nameservers that are ns1.nhanquamienphi.cf and ns2.nhanquamienphi.cf and point ip of vps
Next, Anonyviet pointed the previous 2 nameservers to the domain
That’s it, now proceed to install the Evilginx2 phishing tool with the following commands:
wget https://github.com/kgretzky/evilginx2/releases/download/2.4.0/evilginx-linux-amd64.tar.gz
tar zxvf evilginx-linux-amd64.tar.gz
cd evilginx
chmod 700 ./install.sh
sudo ./install.sh
Once installed, you just need to enter the command sudo evilginx
to start the tool and configure the address IP, Domain and redirect url
The syntax of the command is as follows:
-Configure IP address: config ip <YourIP>
-Configure the domain: config domain <YourDomain>
-Configure redirect url: config redirect_url <YourUrl>
Next, we set up a fake website that Evilginx2 supports, in this case we create a phishing web page to log in to the user’s outlook account. The command syntax is as follows:
-Set up the web: phishlets hostname <phishlet> <YourDomain>
-Create link: lures create <phishlet>
–Edit path: lures edit <id> path <path>
–Create redirect link when user successfully login: lures edit <id> redirect_url <YourUrl>
Now, I get the link and start the attack. The syntax is as follows:
–Get phishing link: lures get-url <id>
–Enable web phishing: phishlets enable <phishlet>
Upon successful activation, we have a message about SSL / TLS certificate setup. Now Anonyviet access the link just created and let’s see the results together
Thus, we can see that the login interface is identical to Microsoft’s, even the web effect is the same, but only the domain name is different :>
I will enter Email into phising web then click continue
Cha Cha! Anonyviet tries to enter the wrong password, it also says wrong, make sure you enter the correct password, it will redirect to the url you set up before
So I have successfully logged in, when I click Yes it redirects to the url I set earlier.
And this is the result:
As we can see, not only does it get the user’s password, Evilginx2 also provides Cookie, the victim’s IP address. And I also tried copying the victim’s Cookie and using the Cookie Editor extension on Chrome to log in to the victim’s account without using Email and Password.
How to prevent the Evilginx2 phishing tool
To protect against Evilginx2, websites and online applications should adopt appropriate security measures, such as using stronger two-factor authentication techniques, or using multi-layer security solutions to prevent block impactful attacks.
System administrators also need to keep their security software up to date and watch for signs of attacks to prevent Evilginx2 from entering. Users can also protect themselves from Evilginx2 attacks by using personal security solutions, such as using strong passwords, using stronger authentication applications, and not providing information credentials and authentication for any fake websites.
However, I find the prevention of Evilginx2 is not simple. Hackers are always looking for ways to access users’ personal information and circumvent security measures. Therefore, increasing security and raising awareness about cybersecurity is essential to protect our personal information.
Modern security tools can help users detect Evilginx2 attacks and others, but that’s only part of the solution. To ensure the safety of their personal information and online accounts, users need to make smart decisions about the use and sharing of their personal information.
Conclusion about the Evilginx2 phishing tool
Anonyviet sees the Evilginx2 tool as one of the dangers to users, with its ability to create phishing sites to fool users into providing credentials and logging into accounts. Evilginx2 threatens the security of websites and online applications, as well as users’ personal information. I hope that in the future, increased awareness of cyber security will be essential to protect our personal information. Online websites and applications also need to continuously improve their security to prevent attacks by Evilginx2 and other similar tools. Only when everyone works together to keep our personal information safe can we achieve this goal.
We have learned about the Evilginx2 tool and how it is used to perform phishing attacks, and you have also clearly seen the power and danger of this tool for personal and financial security. our online account. It is essential to put in place security measures for personal information to protect yourself against attacks by Evilginx2 and other tools. However, user awareness and responsibility are also important in reducing the risk of attack!
Goodbye ! Have a nice day!
You can also read more articles Beware of Phishing form clicking some Links but accessing other links