What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

cisco phishing page ( example ) using go

S

Str0ng

Light Weight
Депозит
$0
Hello everyone, I want to share some images of something I'm doing, well I'm about to send spear phishing emails to a company, to steal VPN credentials, so I made a copy of their Cisco VPN website, and some code in go, to serve the website and receive the credentials by post, if you have any suggestions, tell them, I was planning to add a function to the server so that when it receives username:password it also sends them by telegram
 
Str0ng сказал(а):
and question, any people know, any good list with format user pass, for brute force vpn logins ?
Click to expand...

Hey not really a question related to the code, but more to the spear phishing. Are you e-mail spoofing or just create a business email with similar domain to phish? Thanks I dont usually phish
 
nickzfam сказал(а):
Hey not really a question related to the code, but more to the spear phishing. Are you e-mail spoofing or just create a business email with similar domain to phish? Thanks I dont usually phish
Click to expand...

I am creating a website, identical to the company's VPN, and since I have direct access to the company's email, I do not need to impersonate anyone, I will directly use their email of the company to send the phishing, so it is more convincing, If I get results, I will make a report and publish it here, after finishing my work.
 
Or better yet, tell the administrator that my laptop broke and I need my VPN credentials again, as if I were a worker ?
 
Str0ng сказал(а):
I am creating a website, identical to the company's VPN, and since I have direct access to the company's email, I do not need to impersonate anyone, I will directly use their email of the company to send the phishing, so it is more convincing, If I get results, I will make a report and publish it here, after finishing my work.
Click to expand...

Ohh I see, it is indeed better. How did you get initial access in the first place?
 
nickzfam сказал(а):
Ohh I see, it is indeed better. How did you get initial access in the first place?
Click to expand...

I don't have access to your network yet, only your email, because I found an error in a web form
 
Well, as you know, I have a goal to access a company's network, for fun, and since it is for money, but I will publish something so that you can give me your opinion, the point is that I want to send emails to about 3 or 4 employees of the company, to try to obtain personal data, and see how they react, for that I created an email in Outlook with the name of the company in which I will send the following message

Subject: Great opportunity to improve your monthly salary at Company Name !

Dear [Employee Name],

I hope this message finds you well. At [Company Name], we are committed to recognizing and valuing the hard work and
value the hard work and dedication of our talented team. As such, we are pleased to announce an exciting opportunity for you.

We are launching an internal program to offer our current employees the chance to improve their monthly salary with a 10% increase in their salary.
We firmly believe that your contribution and commitment deserve to be rewarded, and this is our way of showing it.

To participate in this program, we need a few additional details from you.
Please take a moment to send us the following documents:

1 - Personal details: full name, personal email, and any relevant contact information.
2 - Description of your current position in the company.
3 - Updated resume.
4- Optionally, a legible photo of your identification document.

All information provided will be treated in the strictest confidence and used only for internal purposes related to this salary increase initiative.
related to this salary increase initiative.

Please send the above documents to company.name@outlook.com .
If you have any questions or need further information, please do not hesitate to contact this email contact.
 
Str0ng сказал(а):
Well, as you know, I have a goal to access a company's network, for fun, and since it is for money, but I will publish something so that you can give me your opinion, the point is that I want to send emails to about 3 or 4 employees of the company, to try to obtain personal data, and see how they react, for that I created an email in Outlook with the name of the company in which I will send the following message

Subject: Great opportunity to improve your monthly salary at Company Name !

Dear [Employee Name],

I hope this message finds you well. At [Company Name], we are committed to recognizing and valuing the hard work and
value the hard work and dedication of our talented team. As such, we are pleased to announce an exciting opportunity for you.

We are launching an internal program to offer our current employees the chance to improve their monthly salary with a 10% increase in their salary.
We firmly believe that your contribution and commitment deserve to be rewarded, and this is our way of showing it.

To participate in this program, we need a few additional details from you.
Please take a moment to send us the following documents:

1 - Personal details: full name, personal email, and any relevant contact information.
2 - Description of your current position in the company.
3 - Updated resume.
4- Optionally, a legible photo of your identification document.

All information provided will be treated in the strictest confidence and used only for internal purposes related to this salary increase initiative.
related to this salary increase initiative.

Please send the above documents to .
Нажмите, чтобы раскрыть...
Click to expand...

Here is my opinion:

Depending on the size of the company, it could be a bad idea to spread a fake news like this, as workers talk among themselves. Therefore, you could maybe craft a personnal email for each individual, regarding somethig personal. Your best option for now is to monitor the inbox and sent emails to try and copy their way of sending emails (if I remember right, you do have access to their mail).

Best of luck!
 
You must log in or register to reply here.
Top