I'm a Cyber Security student and open always to learning.
This repository is created to make Phishing for workers of any company by cheating people via Secret Santa game which happening in New Year eve.
- Victim reads Email coming from his coworker.
- Victim trusts the link as coming from his coworker and opens a link, add Domain credentials to form without checking company's asset database that such service is valid or non-valid.
- Attacker sets up web application by running
py script.pyon his attacker machine and waits for victims. - Once, victim enter his or her Domain credentials, attacker can see grabbed credentials in this file.
Reminder! I build regex for username and password fields due to a company's policy, you can also change.
Purpose of regex's usecase is to imitate web application as connected to Domain via LDAP. As a result, victim can trust.
If victim doesn't trust to attacker's web application and enters invalid credentials , it can also be seen on this file
