What is a Phishing Attack?
Phishing Attack is a fraud attempt to obtain sensitive information like usernames, passwords, credit card information, Bank Account Numbers, etc. Phishing is an example of Social Engineering technique being used to deceive users of popular websites. The way phishing works is that an attacker clones a trusted website or spoof an email of a target known which leads the target to believe that he is visiting a trusted website like social media sites for e.g Facebook, SnapChat, Instagram, Google, Netflix and so on. The target will then put his/her username and password on the malicious website(cloned website) and then the username and password will be sent to the attacker instead of the real website and the target will be redirected to the real website. As a result, the attacker gains access to the victim’s accounts.
How to perform a phishing attack?
- Kali Linux or any other Linux Operating system
- Internet Connection
- Shell Phish that we will be using for this practical
- Firefox or and other browsers
1. Open Firefox in your kali linux.
2. Type (github.com).
3. In the search box type (shell phish).
4. Select the first repository.
5. Click on the (Clone or Download) button and copy the
6. Open your Terminal.
7. Type (git clone) and paste the URL you have copied
and press enter.
8. It will start downloading the shell phish file.
9. When the download is complete.
10. Change your directory to shell phish by typing (cd
11. In the Shell phish directory type command(ls -l) it
will show all files and their permissions.
12. Now we need to change the
permissions of (shellfish.sh) in order for it to run.
13. As you can see its permissions are (-rw-r–r– ) by
(-r) it mean (read) permission by (w) it means (write)
14. There is no execute permission to add an execute
permission we need to give command (chmod +x
shellphish.sh) it will give it a new permission i.e. (x).
15. Now we can execute it by typing (./shellphish.sh)
16. Shellphish has started choose any option from
above just by typing their number for e.g. if i want to
make an Instagram phishing page i will type (1) as
insta is written on number one
17. Then choose a port forwarding service that will give
you the phishing url i will go with ngrok so i typed 2
18. If using for first time it will start downloading ngrok
wait for it
19. When download is complete it will give you a url
which is the url we will use to phish our target
20. Now you can send this link via email ,whatsapp,
messenger or any other media.
21. When the target clicks on this link you will get its
location, IP address, User-agent information.
22. When the link opens the target will see an Instagram login page as he
types his/her username and password it will be sent
to the attacker. And the target will be redirected to
23. The received password/username will be saved and can be viewed later.
Notice:This post is just for educational purpose, our only motive is to educate people, any harm caused by this hs nothing to do with us.