Creating WordPress Phishing Pages from Alphabanklogs

Creating WordPress Phishing Pages from Alphabanklogs

Creating WordPress Phishing Pages

Creating WordPress Phishing Pages

Hi, welcome back today I will show you how to create WordPress phishing pages. Phishing is the practice of sending emails or fake pages in order to trick targets into unknowingly giving personal information such as passwords and credit and debit card numbers.

Phishing attacks are a Social Engineering method that relies solely on human error and trickery.

Scenario

Let’s assume we are doing a Pentest on a popular WordPress website the admin has given us permission to try and phish information from staff members without breaking into their WordPress or gaining information from the SQL databases. The site admin has spent thousands of dollars maintaining the security of his website and believes it to be quite safe although he can’t be too sure that his staff members will compromise his website through human error.

A lot of people come to the conclusion that a user must be stupid or an idiot to fall for phishing pages. This is not the case with 1000’s of emails per day going to businesses and personal inboxes it can be quite easy to fall into the trap especially in the shared inbox with multiple staff reading and responding to messages. Phishing pages can look identical and very believable. However, we don’t blame the targets as most have not had sufficient training. The Admin’s idea of the Pentest is not to make the staff users feel stupid for falling for the phishing pages but to educate them in order to prevent further attacks in the future.

We could use SEToolkit to clone a login page to the WordPress site but this can be unconventional if running listeners for long periods of time using the output PHP from WP-Phishing-Maker script we can store plain text, MySQL Databases, etc. This Phishing method will require a Web server to host the files generated by the script.

Requirements

Linux-based operating system
WP-Phishing-Maker

First of all Download WP-Phishing-Maker.

You can download WP-Phishing Maker from the following download location.

https://github.com/4TT4CK3R/WP-Phishing-Maker

First of all we need to navigate to the script directory using cd command (change directory).

For example

Code:

cd Desktop/WP-Phishing-Maker

Then we will need to make the WP-Phishing-Maker bash script executable we can do this by using command chmod.

Code:

chmod +x WP-Phishin-Master

Now the bash script is ready to run from the same directory run command.

Code:

bash WP-Phishing-Maker

Now that WP-Phishing-Maker has loaded use options 1. Start.

The script will then prompt for an output location this can be any directory you would like to save the WordPress phishing page generated by WP-Phisher-Maker. I will create a new directory inside the root.

Open up a new terminal and create an empty directory using mkdir command.

Code:

mkdir /Test

The script will now prompt for a WordPress website to clone as a phishing page.

Choose if the target is using HTTP or HTTPS and press Enter when the script has finished generating a WordPress phishing page you will see a message telling you that the pages have been completed and ready to use.

We can now upload the Php files generated by WP-Phishing-Maker to a Webhost.

So we made a clone of a WordPress website that we own for testing purposes called Iphonegiveaway.co.uk the idea of this type of phishing attack is to trick the website admin into logging into a fake WordPress admin panel.

We have uploaded the generated Php files from the bash scripts output directory to a shared WebHost.

Demo (Don’t enter any personal information into this page.)

You will then be able to gather credentials in plain text and receive them from your FTP directory.

You can also buy instant:

GET ANYTHING FROM G2A FOR FREE

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us

 

Leave a Reply