Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ps-aux-grep root Profile picture
@AuxGrep
Jun 24, 2022 13 tweets 7 min read Read on X
Scrolly
PHISHING Attacks | Twitter
#hackingwithfriends
@TOTTechs @ITexpertTz @HabariTech @blackninja233 @INFLUENCERjr @nicl4ssic @anon_codex @asatayo @abdoolkhery

KILA mtu anajua maana ya phishing attack na currently kuna watu wanadiriki kusema siwezi kuwa hacked via phishing. .....
Jibu ni No Anyways leo kwenye hacking with friends tutachek namna gani unaweza kuwa phished kwa kutumia BITB ATTACK
Phishing ni udanganyifu unafanywa na cyber crimes kupitia cloned web pages ambazo zinaonekana kama legitimate website za mtoa huduma kwa lengo la kupata ur logs
Kupitia hii wanaweza iba credit cards info , social media accounts nk.
Sasa leo lets see ni jinsi unaweza kuwa capture easy bila kujua kutumia browser in the browser attack.

As attacker , Nimegundua miongoni mwa users wengi hupendelea sana kusign up using social media accounts
Yani unakuta website imekupa options usign up kwa kutumia social media acc mfano twitter, Facebook, au even google A/c Na wengi hupendelea kwasabb inaokoa muda na ukichek website ni secured inatumia https kwenye kuexchange data between client na server

Okay as u can see here👇
Na tunajua ukipress kale ka botton sign with Facebook au google huwa inatokea ka window fulan ili ki authenticate user logs na ile service ambayo unataka kuregister nayo.

Sasa kupitia hii unaweza kuwa hacked na usijijue ....lets see

1. Nitaprepare my C&C server kwa host simple
Websites ambayo huwez pata service bila kusign up na nitaweka hizo signing options. Sasa demonstration nitaclone imgbb.com website na kuihost kwenye apache server via port 89. Hii ndo landing page kwa user.

Baada ya hapo nitatumia simple FSOCIETY scripts ku launch
Phishing page . Na hapa nitatumia twitter kama mfano , 👇
Lakini issue iko moja , ukitumia hii script connection zote zitakuwa zinapita kwenye unencrypted channel yani http , na kumbuka apache2 iko kwenye port 89 na hii phishing yangu iko kwenye port 80 .

Now nitakachokifanya ..
Ni kupandisha ssl ili site yangu iwe From http to https (secured) , hapa nitumia cloudflare tunnel nitaiconnect na ile service port 89.

CLOUDFLARE TUNNEL HOOK PORT 89 👇

nitapataaa HTTPS domain name ambayo iko na https na itahook ile apache2 server kwenye port 89
Ukija kwenye browser now my phishing website iko na https na ni secured, 😎
now nadhani kwenye picha utaona kulia kuna hizo sign in options na me hapa ndipo nitahost phishing yangu ambayo ina run kwenye port 80 kama ulivyooiona hapo juu.

(Don't worry ukihitaji video setup ipo)
Kumbuka hii phishing mdukuzi anaweza host evilgnx2 phishing campaign na ubaya hii inauwezo wa kuipa session cookies, logs nk (OTP BYPASSED)

niliwahi iongelea last summer.

So now nitaweka BITB framework iconnect na ile fsociety twitter phishing page iload kwenye iframe ambazo
Itampumbaza user , mfano ukipress ile botton ya sign in with Twitter itatokea kitu hiki hapa 👇, yani kama haupo makini u will never notice hii mambo utaona kwanza legitimate twitter URL kila kitu kiko legitimate na ni secured connection.

Sasa mfano ukisubmit logs zako.
Utaaambiwa tu connection refused by twitter na hapa kama tungetumia evilgnx2 ungekuwa ndani kabisa kwenye ur twitter profile ila tu kwa upande mwingine mdukuzi atapata your username , password + session cookies
Ila kwasasa tutafanikiwa ku capture logs kama inavyoonekana 👇

Stay safe...
@AuxGrep

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ps-aux-grep root

ps-aux-grep root Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AuxGrep

ps-aux-grep root Profile picture
Aug 14, 2021
HOW EASY FOR Hackers to Craft A Malicious Doc Exploit.

- Networking hacking based on STAgers

@TOTTechs @ITexpertTz @asatayo @razaqdm01 @HabariTech @AbilMdone

short Story:
Assume umekaaa offficn na ukapokea email kutoka kwa moja wa wafanyakaz wako, wakidai wameattouch report. Image
na inakupasa upitie , umeopen ile attouchment ukaisoma ila hukujua in background there something special ina run na kutarget ur entire network. How do u feel? perfect

sasa leo tutaenda kucheck ni jinsi gani hzi doc attouched zinavyoweza hack na kuiba takataka zote kwenye network Image
katika hali ya kawaida umesikia matukio mengi ambayo cyber-crimes wanatumia microsoft office doc kuingia kwenye high secured network na kufanya uharibifu na wizi.

mimi kam @AuxGrep leo nitakuonesha jinsi inavyokuwa na mwisho utake action kwa kuwa makini na kila email zinazopata
Read 19 tweets
ps-aux-grep root Profile picture
Jan 26, 2021
PROTECT UR PRIVACY , ANONYMIZE YOUR footprint over internet using TOR.

@TOTTechs @cindybernardtz @JemsiMunisi @ITexpertTz @razaqdm01 @troniofficial @HabariTech @AbilMdone

Juzi kati niliongelea swala la watu kutumia Vpns , tor network kuwa wako 100% naked .

na hii hutokana na Image
kutokuwa na uleelewa zaidi na issue nzima ya jinsi kuji anonymous na kubypass advance filters na scannners ambazo hutumiwa na ISP, network admins , ku pata nyayo zako ukiwa katika network na especiall ukileta uharibifu sehemu.

hivo basi embu leo ujifunzie kitu kidogo sana ambach
kitakusaidia kwneye mihangaiko yako ya deepweb, clearnet, ku hide ur fat ass over internet pasipo kujilikana na ukijikulikana washindwe tambua encryptions traffics ulizokuwa una danga nazo kwenye mihangaiko yako.

sasa KWANINI NILISEMA HAUPO SECURED INGAWA UNATUMIA TOR AU VPN? Image
Read 18 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(