Introduction to Lockphish
Phishing assaults are a typical tactic for gaining preliminary entry to a system. If an attacker can persuade their goal handy over their login credentials or set up and execute malware on their machine, this supplies an attacker with a foothold that can be utilized to broaden their entry and obtain their operational goals.
The Lockphish toolkit is a bit totally different from many phishing toolkits as a result of it particularly targets Android PINs and iPhone passcodes. If the attacker can persuade the goal to go to a malicious webpage, they’ll be introduced with a display screen that appears like their system’s lock display screen. Getting into a PIN or passcode into this display screen will ship the login data to the attacker.
On this article, we’ll stroll by the method of compromising a consumer’s cellular system credentials utilizing Lockphish. This contains all the pieces from preliminary set up by really compromising credentials for a goal system.
Putting in Lockphish
The Lockphish toolkit is on the market for obtain from GitHub right here. You possibly can both go to the positioning and obtain it immediately or pull a duplicate utilizing Git with the next command:
Lockphish is written in PHP and requires it to be put in on the system to run. Should you don’t have already got PHP put in in your system, set up it with apt-get set up php. Lockphish additionally requires unzip to be put in (apt-get set up unzip).
After the dependencies are put in, use cd to maneuver to the listing the place you’ve got put in Lockphish. Inside this listing, set the Lockphish script to be runnable with the command sudo chmod +x lockphish.sh.
Producing a phishing web page with Lockphish
After finishing the set up of Lockphish, run it with ./lockphish. You ought to be greeted with the next display screen.
For this walkthrough, we’ll use the default redirection URL of YouTube, however (Learn extra…)
Supply from securityboulevard.com