Phishing + ITM University
some months back had the curiosity to see how vulnerable it may be the university where I study, so testing a bit between XSS
,
"I never liked this kind of bugs, has a lot of social engineering that takes a lot to me my-, so I will use them to see if they ever learn. XD. Use [+ Phishing XSS] .
This is a research project to see how far I can go with an XSS
and a little imagination see DISCLAIMER.
started the today (April 5, 2011), with the collaboration of some people such as my good friends:
DarioHxC, Yoyahack and the big sissy Progressive Death (is a fag from here to China maybe after some # FAIL's place I made this queer HDP). I EXPECT TO GET IT?As I said before I never liked this type of vulnerability, I thought I could not get anything unless they successfully apply social engineering to steal user sessions. I always saw him as a low-level bug.
MAINLY FOR MAKING THIS MINI-PROJECTThe main feature at 100% is to get more users and passwords of students from my university to keep track of security implemented in this institution.
DAY 1:
(April 5, 2011)
- Creation file server that housed the reception Information Phishing Page
- (As is a free hosting I need to wait 24 hours for activation) . Creating
- email which is sent from the method of social engineering. (Although I have no idea what message they send to try to cause the access of each student)
- Creating malicious files (data reception, storage and passwords) .
Day 2:
(April 6, 2011) It had planned to create an HTML identical to the original to avoid suspicion. So using JavaScript and HTML page was created successfully Phishing, but when some tests sending and receiving data, the server stopped working free for the amount of characters in the POST request, so I think of play and the only option I found was to make an iframe and call Phishing page that was hosted on my free server. It looks a little more for the scroll of the iframe but just as important is not try to hide it or you do not leave like that. Looking at some post
- sent by the university administration in a higher average was addressing the issue of a survey. So try to get me on that side to see if students fall into the trap: D
- would not be as evil receiving mail, you may not reach your Inbox but the spam. So on second thought I'll leave this option in the background and try to get me one of the institution itself. If I can not get it I'll leave it as I had initially thought.
Day 2:
(April 6, 2011 - 03:00 PM)
At 3 pm on April 6, 2011, we began the first general test of Phishing.
- As said, the malicious mail sent comes the SPAM folder, filter-
- "Damn, I sent it yet as I managed to get the bill.
Day 2:
(April 6, 2011 - 09:15 PM)
-Some repeatedly-
- , wait 5 more days to see what else I can get accounts.
Day 3:
(April 7, 2011 - 02:25 PM)
So far no update.
(April 8, 2011 - 11:43 PM)
- So far no update.
- send e-Phishing again.
Day 5:
Only one record more.
0 comments:
Post a Comment