Blacklist | Stop your Evilginx2 site from getting scanned
ฝัง
- เผยแพร่เมื่อ 28 ก.ค. 2024
- Using the 'blacklist' command to block IPs in Evilginx.
This will block IPs from scanning your Evilginx site. The blacklist command was introduced in Evilginx 2.4 which you can find the documentation here:
breakdev.org/evilginx-2-4-gon...
Disclaimer: For educational use only, and legal Pentesting.
Twitter: / villaroot
00:00 Intro
00:12 Evilginx 2.4 Documentation
01:25 Manual Method
04:37 Automatic Method
05:35 Blacklist All IPs
Great video, very informational
Thank you so much. Helped a lot
Thanks a lot have been over evilginx for long but your video help me understand better under few minutes and works fine
You're very welcome! Tomorrow I'm going to make a video about hide/unhide and later on make some more videos. That way I'll have a little playlist with a handful of Evilginx videos.
@@villaroot thanks so much
@@villaroot just joined your twitter community
watched video 2 thankyou again
Thanks for the video and expliations. Loving the contnet (red team for the win haha!)
Very welcome! I'm glad you're enjoying it them, thanks for the support!
Thanks a lot!
Very welcome!
idk if my first comment sent but I just wanted to say thank you for ur tutorial!! i'm trying to learn more to eventually become a jr pen tester. I was wondering if u could do a O365 tutorial? I set everything up but whenever I hit next to put in my password I get sent to a "We're unable to complete your request" page
for more context it says "invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application."
Hi, thanks for liking the video!
For O365, it will be pretty similar except you will have to change the 'config' command and lures redirect_url to office[.]com instead of outlook[.]com
That might be what's giving you issues since the error you pasted mentions 'redirect_url'
O365 is usually what I run on real engagements since that's what clients have running.
@@villaroot im just now realizing that i was trying to sign into o365 when i only have an outlook account. i changed everything to outlook and i'm now able to capture my email and password but it's not capturing the token or redirecting to the outlook site. instead it gives me a 500 error and keeps redirecting me back to my own website in an infinite loop.
is it bc i have a ssl certificate for both o365 and outlook? should i get a new domain and test it out or is the problem something else entirely?
@@FireFistAce222 you have answers for this?
I'm not seeing consistent MFA Cookie grabbing in O365 lures. Any solutions to that?
I don't normally see issues with the 0365 lures. Are you seeing the inconsistency when you test with your own credentials or during a campaign against users?
If it's a live campaign, then users might stop before fully entering the creds, maybe they realized it after clicking the link then left. In those cases you'll get the message that link was clicked with an 'auth request' message but won't get anything after that.
But if it's from testing with your own creds then I'm not too sure what the issue would be. 0365 is normally one of my favorite phishlets.
You got any idea on how to send the captured cookies and credentials to a telegram bot ?
I dont know if there's a way. I haven't messed with telegram bots to really understand how they can be set up. I have been asked that a few times though, so maybe someone has a post about it in some corner of the Internet
@villaroot okay. In case I find out, I will let you know.
the site got detected lol, it shows up with a red screen now what? Deceptive site ahead
yeah same here, what are you supposed to do to fix this?