Blacklist | Stop your Evilginx2 site from getting scanned

Рет қаралды 6,225

VillaRoot

Күн бұрын

Пікірлер: 25

@erasmovaldez7868 Жыл бұрын

Thanks a lot have been over evilginx for long but your video help me understand better under few minutes and works fine

@villaroot Жыл бұрын

You're very welcome! Tomorrow I'm going to make a video about hide/unhide and later on make some more videos. That way I'll have a little playlist with a handful of Evilginx videos.

@erasmovaldez7868 Жыл бұрын

@@villaroot thanks so much

@erasmovaldez7868 Жыл бұрын

@@villaroot just joined your twitter community

@Nikita-yf4vl Жыл бұрын

Great video, very informational

@richardjones9598 Жыл бұрын

Thanks for the video and expliations. Loving the contnet (red team for the win haha!)

@villaroot Жыл бұрын

Very welcome! I'm glad you're enjoying it them, thanks for the support!

@i_am_dumb1070 Жыл бұрын

watched video 2 thankyou again

@lz-oq1lz Жыл бұрын

Thank you so much. Helped a lot

@vincegremillion1533 Жыл бұрын

I'm not seeing consistent MFA Cookie grabbing in O365 lures. Any solutions to that?

@villaroot Жыл бұрын

I don't normally see issues with the 0365 lures. Are you seeing the inconsistency when you test with your own credentials or during a campaign against users? If it's a live campaign, then users might stop before fully entering the creds, maybe they realized it after clicking the link then left. In those cases you'll get the message that link was clicked with an 'auth request' message but won't get anything after that. But if it's from testing with your own creds then I'm not too sure what the issue would be. 0365 is normally one of my favorite phishlets.

@Resolumatique 24 күн бұрын

How to configured evilginx

@villaroot 22 күн бұрын

Hey! I used to have a video on configuration but KZbin gave me a slap on the wrist and deleted it for 'illegal activities'

@elidort8529 11 ай бұрын

You got any idea on how to send the captured cookies and credentials to a telegram bot ?

@villaroot 11 ай бұрын

I dont know if there's a way. I haven't messed with telegram bots to really understand how they can be set up. I have been asked that a few times though, so maybe someone has a post about it in some corner of the Internet

@elidort8529 11 ай бұрын

@villaroot okay. In case I find out, I will let you know.

@FireFistAce222 Жыл бұрын

idk if my first comment sent but I just wanted to say thank you for ur tutorial!! i'm trying to learn more to eventually become a jr pen tester. I was wondering if u could do a O365 tutorial? I set everything up but whenever I hit next to put in my password I get sent to a "We're unable to complete your request" page

@FireFistAce222 Жыл бұрын

for more context it says "invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application."

@villaroot Жыл бұрын

Hi, thanks for liking the video! For O365, it will be pretty similar except you will have to change the 'config' command and lures redirect_url to office[.]com instead of outlook[.]com That might be what's giving you issues since the error you pasted mentions 'redirect_url' O365 is usually what I run on real engagements since that's what clients have running.

@FireFistAce222 Жыл бұрын

@@villaroot im just now realizing that i was trying to sign into o365 when i only have an outlook account. i changed everything to outlook and i'm now able to capture my email and password but it's not capturing the token or redirecting to the outlook site. instead it gives me a 500 error and keeps redirecting me back to my own website in an infinite loop. is it bc i have a ssl certificate for both o365 and outlook? should i get a new domain and test it out or is the problem something else entirely?

@novianindy887 Жыл бұрын

@@FireFistAce222 you have answers for this?