CREDENTIAL HARVESTING

#example trigger
root@oco:~$ BROWSER > {cwlab}.{cyberwarfare.live}
 * this URL must be sent to the target user
    - this URL is an example of a spoofed legitimate site
       - the subdomain.domainName.tld must be as close to the legitimate target domain as much as possible
          - this links MUST be sent to the targets via email, etc
 
 * once the link is entered or clicked by the target, they'll get redirected to the evilginx phishing site
   which is exactly similar to the legitimate webpage
    - the only identifier that it isn't a legitimate page MIGHT be the parameters...
 
 * the target can enter their credentials into the form and once they submit the data, the evilginx server will
   forward the request and the user supplied data to the legitimate site where the user will eventually be logged in
    - this is a form of Adversary in the Middle (AitM)
 
 * legit site: cwlab.onelogin.com
   phish site: cwlab.cyberwarfare.live
   
evilginx:
 captured data
  Username - {arbitraryValue}
  Password - {arbitraryValue}

 * one the victim user enters their credentials, evilginx will capture the data
    - the captured credentials can then be used to for account takeover
    
root@oco:~$ BROWSER > {legitimateDomain.com}
 Username field: {arbitraryValue}
 Password field: {arbitraryValue}
 
 * use the captured credentials
PreviousTRIGGERS NextMFA BYPASS
Last updated 3 months ago