Saturday, February 18, 2017

Attacker Emailed himself your Phished Credentials

@Techhelplistcom posted a dhl/stripe phish site


The site was still wide open so you could view the file and in particular under the stripe phish the tfo.php file which is a good example of visibility behind the scenes to see what an attacker is doing with your phished credentials after you enter your data in and click submit on their malicious site

As you can see the attacker grabs your ip address


What browser you're using

$useragent = $_SERVER['HTTP_USER_AGENT'];

Your email & password

$message .= "EMAIL : ".$_POST['1KDL23']."\n";
$message .= "PASSWORD : ".$_POST['FZ32FEZ2345']."\n";

and sends it to himself


More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment