Skip to content

Dr4ks/Santa_Phish

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

results

results

 
 

static

static

 
 

templates

templates

 
 

README.md

README.md

 
 

email.md

email.md

 
 

example.gif

example.gif

 
 

script.py

script.py

 
 

Repository files navigation

Hi, I'm Dr4ks! 👋

🚀 About Me

I'm a Cyber Security student and open always to learning.

🔗 Links

linkedin hackerrank tryhackme HackTheBox github

Secret Santa Phishing

This repository is created to make Phishing for workers of any company by cheating people via Secret Santa game which happening in New Year eve.

How Phishing works for victim and attacker

  1. Victim reads Email coming from his coworker.
  2. Victim trusts the link as coming from his coworker and opens a link, add Domain credentials to form without checking company's asset database that such service is valid or non-valid.
  3. Attacker sets up web application by running py script.py on his attacker machine and waits for victims.
  4. Once, victim enter his or her Domain credentials, attacker can see grabbed credentials in this file.

Reminder! I build regex for username and password fields due to a company's policy, you can also change.

Purpose of regex's usecase is to imitate web application as connected to Domain via LDAP. As a result, victim can trust.
If victim doesn't trust to attacker's web application and enters invalid credentials , it can also be seen on this file

Phishing Scenario

Video

About

This is Phishing Web Application for Secret Santa game, built in Python, HTML, CSS.

Topics

css python html ldap database credentials email regex secret-santa domain listener policy web-application outlook new-year whaling phishing-attack

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages