Ethical Hacking/Pen Testing
SquarePhish: QR Code and Auth Device Code authentication Phishing tool
SquarePhish
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks.
_____ _____ _ _ _
/ ____| | __ \| | (_) | |
| (___ __ _ _ _ __ _ _ __ ___| |__) | |__ _ ___| |__
\___ \ / _` | | | |/ _` | '__/ _ \ ___/| '_ \| / __| '_ \
____) | (_| | |_| | (_| | | | __/ | | | | | \__ \ | | |
|_____/ \__, |\__,_|\__,_|_| \___|_| |_| |_|_|___/_| |_|
| |
|_|
_________
| | /(
| O |/ (
|> |\ ( v0.1.0
|_________| \(
usage: squish.py [-h] {email,server} ...
SquarePhish -- v0.1.0
optional arguments:
-h, --help show this help message and exit
modules:
{email,server}
email send a malicious QR Code email to a provided victim
server host a malicious server QR Codes generated via the 'email' module will
point to that will activate the malicious OAuth Device Code flow
Attack Steps
An attacker can use the email module of SquarePhish to send a malicious QR code email to a victim. The default pretext is that the victim is required to update their Microsoft MFA authentication to continue using mobile email. The current client ID in use is the Microsoft Authenticator App.
By sending a QR code first, the attacker can avoid prematurely starting the OAuth Device Code flow that lasts only 15 minutes.
The victim will then scan the QR code found in the email body with their mobile device. The QR code will direct the victim to the attacker controlled server (running the server module of SquarePhish), with a URL paramater set to their email address.
When the victim visits the malicious SquarePhish server, a background process is triggered that will start the OAuth Device Code authentication flow and email the victim a generated Device Code they are then required to enter into the legitimate Microsoft Device Code website (this will start the OAuth Device Code flow 15 minute timer).
The SquarePhish server will then continue to poll for authentication in the background.
[2022-04-08 14:31:51,962] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:31:57,185] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:32:02,372] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:32:07,516] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:32:12,847] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:32:17,993] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:32:23,169] [info] [minnow@square.phish] Polling for user authentication...
[2022-04-08 14:32:28,492] [info] [minnow@square.phish] Polling for user authentication...
The victim will then visit the Microsoft Device Code authentication site from either the link provided in the email or via a redirect from visiting the SquarePhish URL on their mobile device.
The victim will then enter the provided Device Code and will be prompted for consent.
After the victim authenticates and consents, an authentication token is saved locally and will provide the attacker access via the defined scope of the requesting application.
[2022-04-08 14:32:28,796] [info] [minnow@square.phish] Token info saved to minnow@square.phish.tokeninfo.json
The current scope definition:
"scope": ".default offline_access profile openid"
Usage
!IMPORTANT: Before using either module, update the required information in the settings.config file noted with
Required.
Email Module
Send the target victim a generated QR code that will trigger the OAuth Device Code flow.
usage: squish.py email [-h] [-c CONFIG] [--debug] [-e EMAIL]
optional arguments:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
squarephish config file [Default: settings.config]
--debug enable server debugging
-e EMAIL, --email EMAIL
victim email address to send initial QR code email to
Server Module
Host a server that a generated QR code will be pointed to and when requested will trigger the OAuth Device Code flow.
usage: squish.py server [-h] [-c CONFIG] [--debug]
optional arguments:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
squarephish config file [Default: settings.config]
--debug enable server debugging
Configuration
All of the applicable settings for execution can be found and modified via the settings.config file. There are several pieces of required information that do not have a default value that must be filled out by the user: SMTP_EMAIL, SMTP_PASSWORD, and SQUAREPHISH_SERVER (only when executing the email module). All configuration options have been documented within the settings file via in-line comments.
Note: The SQUAREPHISH_ values present in the ‘EMAIL’ section of the configuration should match the values set when running the SquarePhish server.
[DEFAULT]
SMTP_PORT = 465 # SMTP port, defaulted to 465
SMTP_SERVER = "smtp.gmail.com" # SMTP server, defaulted to GMail
SMTP_PROTO = "ssl" # SMTP protocol: {ssl, tls, None (leave empty)}
SMTP_EMAIL = "" # Provide authenticating email address here
SMTP_PASSWORD = "" # Provide authenticating password here
[EMAIL]
SQUAREPHISH_SERVER = "" # Required: Provide IP address/domain name of hosted SquarePhish server
SQUAREPHISH_PORT = 8443 # Hosted SquarePhish server port, defaulted to 8443 (this should match the below server value)
SQUAREPHISH_ENDPOINT = "/mfa" # Hosted SquarePhish endpoint to trigger OAuth Device Code flow, defaulted to an MFA pretext (this should match the below server value)
FROM_EMAIL = "admin@square.phish" # Default FROM address when sending an email
SUBJECT = "ACTION REQUIRED: Multi-Factor Authentication (MFA) Update" # Default SUBJECT when sending an email, defauled to an MFA pretext
EMAIL_TEMPLATE = "pretexts/mfa/qrcode_email.html" # Email body template for QR code email to victim
[SERVER]
PORT = 8443
FROM_EMAIL = "admin@square.phish" # Default FROM address when sending an email
SUBJECT = "ACTION REQUIRED: Multi-Factor Authentication (MFA) Update" # Default SUBJECT when sending an email, defauled to an MFA pretext
CLIENT_ID = "4813382a-8fa7-425e-ab75-3b753aab3abb" # Authenticating client ID, defaulted to Microsoft Authenticator App
ENDPOINT = "/mfa" # Hosted endpoint to trigger OAuth Device Code flow, defaulted to an MFA pretext
CERT_CRT = "" # Server SSL certificate .crt file
CERT_KEY = "" # Server SSL certificate .key file
EMAIL_TEMPLATE = "pretexts/mfa/devicecode_email.html" # Email body template for device code email to victim
PERMISSION_SCOPE = ".default offline_access profile openid" # OAuth permission scope - https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
Custom Pretexts
Currently, the pre-defined pretexts can be found in the pretexts folder.
To write custom pretexts, use the existing template via the pretexts/iphone/ folder. An email template is required for both the initial QR code email as well as the follow up device code email.
Important: When writing a custom pretext, note the existence of %s in both pretext templates. This exists to allow SquarePhish to populate the correct data when generating emails (QR code data and/or device code value).
OPSEC
There are several HTTP response headers defined in the utils.py file. These headers are defined to override any existing Flask response header values and to provide a more ‘legitimate’ response from the server. These header values can be modified, removed and/or additional headers can be included for better OPSEC.
{
"vary": "Accept-Encoding",
"server": "Microsoft-IIS/10.0",
"tls_version": "tls1.3",
"content-type": "text/html; charset=utf-8",
"x-appversion": "1.0.8125.42964",
"x-frame-options": "SAMEORIGIN",
"x-ua-compatible": "IE=Edge;chrome=1",
"x-xss-protection": "1; mode=block",
"x-content-type-options": "nosniff",
"strict-transport-security": "max-age=31536000",
Ethical Hacking/Pen Testing
Lazy Script ( A perfect Automated All in 1 script for all Newbies ) for Ethical Hacking
A video Hackersploit made : https://www.youtube.com/watch?v=oBpo5sElrMY
A video sstec made: https://www.youtube.com/watch?v=gSO7c2MN7TY
For feature-recommendation , add it on the “Issues” tab. NOW!
I AM NOT RESPONSIBLE HOW YOU USE THIS TOOL.BE LEGAL AND NOT STUPID.
This script will make your life easier, and of course faster.
Its not only for noobs.Its for whoever wants to type less and do actually more.
This is a script for Kali Linux that automates many procedures about wifi penetration and hacking. I actually made it for fun for me just to save some time, but i don’t mind publicing it.
NEW FEATURE: Custom keyboard shortcuts!! Launch any tool within lscript , with your own shortcuts!!! (type ks to set your shortcuts)
Enabling-Disabling interfaces faster Changing Mac faster Anonymizing yourself faster View your public IP faster View your MAC faster
TOOLS
You can install whichever tool(s) you want from within lscript!
Fluxion by Deltaxflux
WifiTe by derv82
Wifiphisher by George Chatzisofroniou
Zatacker by LawrenceThePentester
Morpheus by Pedro ubuntu [ r00t-3xp10it ]
Osrframework by i3visio
Hakku by 4shadoww
Trity by Toxic-ig
Cupp by Muris Kurgas
Dracnmap by Edo -maland-
Fern Wifi Cracker by Savio-code
Kichthemout by Nikolaos Kamarinakis & David Schütz
BeeLogger by Alisson Moretto - 4w4k3
Ghost-Phisher by Savio-code
Mdk3-master by Musket Developer
Anonsurf by Und3rf10w
The Eye by EgeBalci
Airgeddon by v1s1t0r1sh3r3
Xerxes by zanyarjamal
Ezsploit by rand0m1ze
Katana framework by PowerScript
4nonimizer by Hackplayers
Sslstrip2 by LeonardoNve
Dns2proxy by LeonardoNve
Pupy by n1nj4sec
Zirikatu by pasahitz
TheFatRat by Sceetsec
Angry IP Scanner by Anton Keks
Sniper by 1N3
ReconDog by UltimateHackers
RED HAWK by Tuhinshubhra
Routersploit by Reverse shell
CHAOS by Tiagorlampert
Winpayloads by Ncc group
Infoga by m4ll0k
nWatch by Suraj
Eternal scanner by Peterpt
Eaphammer by S0lst1c3
Dagon by Ekultek
LALIN by Screetsec
Ngrok by inconshreveable + more
Kwetza by Chris Le Roy
Bleachbit by Andrew Ziem
Operative framework by Tristan Granier
Netattack2 by Christian Klein
Findsploit by 1N3
Howdoi by Benjamin Gleitzman
Dr0p1t-Framework by Karim Shoair
FakeImageExploiter by r00t-3xp10it
Leviathan by Utku Sen, Ozge Barbaros
WiFi-Pumpkin by P0cL4bs
Avet by govolution
Meterpreter_Paranoid_Mode-SSL by r00t-3xp10it
Koadic by zerosum0x0
Empire by Will Schroeder,
Justin Warner,
Matt Nelson,
Steve Borosh,
Alex Rymdeko-harvey,
Chris Ross
Veil by ChrisTruncer
SecHub by JoshDelta
DKMC by Mr.Un1k0d3r RingZer0 Team
Demiguise by Richard Warren
UniByAv by Mr.Un1k0d3r RingZer0 Team
LFISuite by D35m0nd142
Faraday by Infobyte
MSFPC by g0tmi1k
NoSQLMap by codingo, tcsstool
Evil-Droid by Mascerano Bachir
Iftop by Paul Warren, Chris Lightfoot
MORE ARE BEING ADDED ON EVERY UPDATE
Wifi password scripts
Handshake (WPA-WPA2)
Find WPS pin (WPA-WPA2)
WEP hacking (WEP)
Others
Email spoofing
Metasploit automation (create payloads,listeners,save listeners for later etc...)
Auto eternalblue exploiting (check on ks) -> hidden shortcuts
Browser auto-expoiting with BeEF and MITMf
SQLmap automated
+more
(make sure you are a root user)
Official Installation Tutorial on Kali Linux 2020.5: https://youtu.be/xcb5uwP5nSU
Be carefull.If you download it as a .zip file, it will not run.Make sure to follow these simple instructions.
MADE FOR KALI LINUX
cd
apt-get update
git clone https://github.com/arismelachroinos/lscript.git
cd lscript
chmod +x install.sh
./install.sh
(make sure you are a root user)
open terminal
type "l"
press enter
(Not even “lazy”!! Just “l”! The less you type , the better!)
cd /root/lscript
./uninstall.sh
rmdir -r /root/lscript
Run the script
Type "update"
Ethical Hacking/Pen Testing
Wifi Hacking with Fluxion (Need 2 Wifi Adapters with Monitor mode active)
Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters. Read the FAQ before requesting issues.
If you need quick help, fluxion is also available on gitter. You can talk with us on Gitter or on Discord.
Read here before you do the following steps.
Download the latest revision
git clone git@github.com:FluxionNetwork/fluxion.git
# Or if you prefer https
git clone https://www.github.com/FluxionNetwork/fluxion.git
Switch to tool’s directory
cd fluxion
Run fluxion (missing dependencies will be auto-installed)
./fluxion.sh
Fluxion is also available in arch
cd bin/arch
makepkg
or using the blackarch repo
pacman -S fluxion
Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here.
How to contributeAll contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content — whatever you have to offer, it’ll be appreciated but please follow the style guide.
-
Scan for a target wireless network.
-
Launch the
Handshake Snooperattack. -
Capture a handshake (necessary for password verification).
-
Launch
Captive Portalattack. -
Spawns a rogue (fake) AP, imitating the original access point.
-
Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.
-
Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
-
Spawns a jammer, deauthenticating all clients from original AP and luring them to the rogue AP.
-
All authentication attempts at the captive portal are checked against the handshake file captured earlier.
-
The attack will automatically terminate once a correct key has been submitted.
-
The key will be logged and clients will be allowed to reconnect to the target access point.
-
For a guide to the
Captive Portalattack, read the Captive Portal attack guide
Disclaimer
Neither the project nor its developer promote any kind of illegal activity and are not responsible for any misuse or damage caused by this project.
This project is for educational purpose only.
Please do not use this tool on other people’s devices without their permission.
Do not use this tool to harm others.
Use this project responsibly on your own devices only.
It is the end user’s responsibility to obey all applicable local, state, federal, and international laws.
Lazy Script ( A perfect Automated All in 1 script for all Newbies ) for Ethical Hacking
Accessing data from the Devices connected to Same Wifi Network using ARP Poisoning
Wifi Hacking with Fluxion (Need 2 Wifi Adapters with Monitor mode active)
SquarePhish: QR Code and Auth Device Code authentication Phishing tool
Hyundai and Kia patch a bug that allowed USB cable car thefts.
HackBrowserData: Decrypt passwords/cookies/history/bookmarks from the browser
-
Vulnerabilities/Malwares2 years agoHyundai and Kia patch a bug that allowed USB cable car thefts.
-
Ethical Hacking/Pen Testing2 years agoHackBrowserData: Decrypt passwords/cookies/history/bookmarks from the browser
-
Windows/Mac/Linux2 years agoGoogle caught North Korean Hackers Using Chrome Browser Exploit on Americans
-
Mobile Hacking2 years agoWhatsApp now supports proxy servers to bypass government restrictions.
-
Cyber Attacks/Data Breaches2 years agoHackers from the Russian Federation have continued to launch attacks on Ukrainian organisations with info-stealer malware.
-
Ethical Hacking/Pen Testing2 years agoShennina: AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets proceeds with the post-exploitation phase.
-
Windows/Mac/Linux2 years agoMicrosoft disclosed a recent Gatekeeper Bypass vulnerability in macOS.
-
Malwares2 years agoCybercriminals Use the Powerful BatCloak Engine to make malware undetected by AntiVirus