search

ustayready / CredSniper

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
Apache License 2.0
1.33k stars 296 forks source link

another ip address looks #23

Closed Phoenix1112 closed 6 years ago

Phoenix1112 commented 6 years ago

The site is active after installation with install.sh file ....ip address of visitors to the site appears at the terminal...I tested myself and it seemed my ip address...but different ip addresses started to appear.. in this experiment first the french ip address was seen then the american ip address was seen... I just opened the site yet new and the site has been active for only 20 minutes..there is no one who knows the name of the site other than me...

why does someone else's ip address look like on terminal ?? do somebody have the right to access this program ??can you access the information of people who use this program @ustayready

i think when my site is active you can see it and you can enter my site and look at the passwords @ustayready

ustayready commented 6 years ago

People regularly scan the internet for web ports and unless you're on a dedicated IP address, IP addresses are rotated from customer to customer based on available resources. Another thing to consider is if you used an SSL certificate comma the certificate transparency project is regularly monitored by people and attackers alike which means when a new certificate is registered people know how to find the site. It's not uncommon for new credsniper instances to be visited by bots immediately after launching. This is especially true if you obtained an IP address that was previously used for a website where links to that website might still be active on other sites comma like a backlink.

GitHub does show me who forks and stars the project but that information is available for everybody on public repos. I do not have the ability to see how credsniper is used or any information it harvests.

Hope this helps!

ustayready commented 6 years ago

By the way, all of the code is 100% open source, feel free to comb through it if you have concerns about security.

Phoenix1112 commented 6 years ago

thank you for everything....i am believe you....this program very nice.....When the sms code goes to the victim's phone, the last 2 digits of the phone number are misspelled. Is it because it is a phishing attack??

sms code send **80

my phone last numbers not 80. ...

can you change last numbers whith real last numbers ?

or can we change it because it is a phishing attack?

ustayready commented 6 years ago

The SMS goes to whatever phone number is on file for the account being phished. The numbers displayed to the user are the same numbers that Google shows to the user when they are authenticating. CredSniper literally pulls out the numbers from the authentication on the back-end and renders it in the phishing page showed to the target.

Phoenix1112 commented 6 years ago

yes ... sms code is coming...

now i try again the phone number does not write the last 2 numbers in the place I tried this morning , the last 2 numbers of the phone number were 80 and it was wrong

wrong () *80

true **79 I tried now but did not write anything (...)..... .... .... 2

other problem...

credsniper.py is not working true ??

only i am using install.sh

1

ustayready commented 6 years ago

If the numbers are not showing up, it's because something with the back-end authentication that Google is doing. Something is causing Google to flag the authentication as risky and is possibly either locking out attempts or requesting more information before completing the authentication. This happens when the wrong credentials are supplied from an IP over and over, multiple failed attempts occur on an account, or if the IP is flagged as suspicious. Side note, you only need to run install.sh once. After everything is up and running, you just use: python credsniper.py

Phoenix1112 commented 6 years ago

python credsniper.py is not working.... i am using install.sh

root@CyberTheReapeR:~/CredSniper-master# python credsniper.py --module gmail --twofactor --port 443 --ssl --verbose --final https://www.youtube.com/c/teknolojivesavunma --hostname accounts.google.com.loginin.cf

Traceback (most recent call last): File "credsniper.py", line 118, in cs = CredSniper() File "credsniper.py", line 25, in init self.prepare_module() File "credsniper.py", line 35, in prepare_module loader=PackageLoader('credsniper', package), File "/usr/lib/python2.7/dist-packages/jinja2/loaders.py", line 224, in init provider = get_provider(package_name) File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 348, in get_provider import(moduleOrReq) File "/root/CredSniper-master/credsniper.py", line 118, in cs = CredSniper() File "/root/CredSniper-master/credsniper.py", line 25, in init self.prepare_module() File "/root/CredSniper-master/credsniper.py", line 39, in prepare_module self.module = importlib.import_module(module_path).load(self.enable_2fa) File "/usr/lib/python2.7/importlib/init.py", line 37, in import_module import(name) File "/root/CredSniper-master/modules/gmail/gmail.py", line 193 SyntaxError: Non-ASCII character '\xe2' in file /root/CredSniper-master/modules/gmail/gmail.py on line 193, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details

ustayready commented 6 years ago

Not sure the environment you are operating in. Is this Kali? It's only been tested on Ubuntu 16.04. Also, make sure the Python virtual environment has been activated. For instance: source /root/CredSniper-master/bin/activate

Phoenix1112 commented 6 years ago

OMG --- it is worked now >>>>> source /root/CredSniper-master/bin/activate

i am usng kali linux....(kde desktop)......thank you for everything.... you are big man....

yeni_1

yeni_2

ustayready commented 6 years ago

No problem. Glad it's up and working.