πŸ‘€ Phishing Links with BlackEye

Blackeye?

Blackeye ius a phising tool at heart, but the way it works is technically illegal and should only be used for educational purposes, but sometimes for testing it is not a bad idea to understand how these "dodgy" link work.

I covered this in a previous article, but this is a slightly deeper dive - to see the old article search for “blackeye”

Does it work?

Well, this is the issue here is no it does not, the URL you get from ngrok are very obviously fake, and if you are say faking Microsoft, the URL will not end in nrok.io or nrok.com, so that is fail off the bat, 

This service also used TinyURL which is a link redirector which is also these days just as bad, as the links you get will be https://tinyurl.com/<value> which should also be just as suspicious.

This phishing software only works because many people are not aware of security 101 and the red flags for websites not looking official, the purpose of this site is to harvest your login details, but you do not need to Blackeye for that.


⚠ Warning and Disclaimers

⚠ Yes, there are quite a few of these with this particular piece of software, this software, if use maliciously it’s really not a good idea, the point of a software is it harvests user credentials, the majority of people that get caught by the software will likely have no MFA or 2FA.

⚠ Please ensure you use this for educational or learning purposes only

⚠ The author of this post accepts no responsibility for damages or liabilities caused by incorrectly, using this software.

⚠ Please remember that the people you were sending these links to, have to own lives to live, what people do not need in their life’s it’s a malicious link that starts as a joke that ends up, turning someone’s world upside down due to identity theft, or compromise - educational, or learning purposes ONLY

Installing Blackeye

You will notice I use the folder "blacksocks" this is just a folder name and can be ignored, its just my bad humour.

Open your Terminal in Kali Linux (this choice here) if you are using a GUI, however I will remotely connect with putty, and you need to run this:

git clone https://github.com/thewickedkarma/blackeye-im.git

This will then download the repository from GitHub like this, this downloads to the directory you are running the command from....


Build the application

Once complete you need to move to the directory of blackeye-im then you need to set the setup.sh with execute permissions with these commands, this will do the install as you can see from the image below:

cd blackeye-im 
chmod +x ./setup.sh 

./setup.sh

Blackeye - the tool

Once this is complete you will need to run Blackeye which can do done with this command:

./blackeye.sh

This will show you this, and this is where the sensible fun can begin, please be responsible here, this should only be used for "educational" purposes and not as a "malicious" motive. 

This is where you choose your "payload" lets call it from the option........


Tunnelling Mode

You will then need to choose a tunnel mode for the Blackeye to harvest credentials, you have "localtunnel" and "ngrok" the option is yours but lets look at both.......persdonally I like Ngrok as I have account with them.


Option : nGrok 

You should then see the "targets link" or a "tiny url" link for the tester (not the victim as this should not be malicious)



If you visit the victim link it will look like this:


If you do not see a victim link like this, then there may be some issues with the configuration, home items are covered below......


Networking/Firewalls

You will need to allow port 4040 to be available to your server, so if you are inside a company with a firewall this may be being blocked and not allowing your proxy tunnels to work, that ports needs to come from the internet to your server as well.

Without this port being available the tunnel cannot be setup

ngrok missing Auth token

First you will need to get your auth token to use this service, so you need an account with ngrok, if you do not have an account set one up......its free.....

You require the ngrok agent for this, to get the latest version use this:

wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip

Extracted ngrok (script) from the ZIP:

unzip ngrok-stable-linux-386.zip

Move the ngrok extracted to the folder where Blackeye is:

sudo mv ngrok /blackeye-im

Mark the file as executable:

chmod +x ngrok

Install the auth token:

./ngrok authtoken <auth token>

Check ngrok server manually

TO check the ngrok serfvice is working you can use this command from the folder where the ngrok service is located:

./ngrok http 80

This should show you this and this confirms your auth token is indeed installed.......


If you were still having problems, as each situation will be unique, I suggest you use the power of Google

Option : LocalTunnel

This is the other option you can use, the principal is exactly the same as the first one however, he just uses a different service.

If you choose this option, when you visit the payload URL you will get a nice warning screen about you need to confirm your external facing IP - there is also an in-depth warning about scamming, identity loss or malicious activity - a prime example of a service that can be used for good being used by other people as malicious.


That particular screen looks like this:


Finding your External IP

Simple, use one of these, this will give you the external IP of your server for sure.

curl ipv4.icanhazip.com
wget -q -O - ipv4.icanhazip.com

Stay safe people, and if you are playing with this stuff, play safe and be considerate.
Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„