Zphisher – Kali Linux 2021 – Phishing Tools for Social Media

Picture of Written by Rob Parker

Written by Rob Parker

Rob is a Certified Ethical Hacker (CEH v11) from EC-Council and a certified EIPA Data Protection Officer that specialises in security and ethical hacking. He has worked in all parts of the world in various security roles and is keen on helping others in their ethical hacking journeys.

Steam Labs Ethical Hacking posts are designed to educate, introduce and demonstrate hacking tools for penetration testing purposes only. We will not be held responsible for people who use these skills for illegal or malicious attacks.

In this tutorial I will explain how hackers use Zphisher on Kali Linux as alternative tool to Shellphish and Blackeye and demonstrate how to set it up and use it for educational purposes when setting up phishing scams.

What is Social Engineering and who are the attackers main target?

Social engineering is an art of manipulating people in order to gain crucial information that can be utilized for performing malicious action. In social engineering instead of targeting on the weakness of network or a machine we target the weakness of people.

  • Receptionist and Help-Desk Personnel: Attacker can extract phone number and email id from them.
  • Technical Support Executives: Attacker can pretend to be senior manager, a customer or a vendor to gain information from them.
  • System Administrator: They are the one who maintains the systems of all the employees
  • User and Clients: Attacker can pretend as technical support and can gain information from them
  • Senior Executive: They can target HR, Finance CxO’s of company to gain critical information

What are the 4 phases of social engineering?

  • Research the Target Company: Before attacking the target organization’s network, an attacker gathers as much information as he/she can in order to infiltrate the system Social engineering is a technique which helps in extracting information. While researching attacker gets indulged in activity like dumpster driving (searching the waste coming out of the organization in order to get some crucial information) browsing company’s website and finding employee details.
  • Select a target: After an attacker has performed enough research on the target company then he selects targets for extracting sensitive information. Most preferably he targets the employee that is frustrated of his job as they are easier to be manipulated.
  • Develop Relationship: Once attacker finds out the target on which he would be performing social engineering he tries to build a relationship with that employee to gain his/her trust.
  • Exploit the Relationship: After an attacker is successful in developing a relationship, he exploits the relationship to gain crucial information about organization’s account finance information, etc.

What is credential grabbing?

We will be learning about how to create a malicious link for credentials grabbing. Credential grabbing is one of the most common phishing attack that tricks user in providing there credentials in some fake website or malicious website.

Pre Requisites

Web Browser = Victim System (compromised)

Kali Linux = Attacker (Metasploit Framework)

You May Also Like