To bypass two-factor authentication (2FA) and gain access to the executives’ accounts, the tester should use Evilginx with a typosquatting domain. Evilginx is a man-in-the-middle attack framework used to bypass 2FA by capturing session tokens.
Phishing with Evilginx:
Evilginx is designed to proxy legitimate login pages, capturing credentials and 2FA tokens in the process.
It uses "phishlets" which are configurations that simulate real login portals.
Typosquatting:
Typosquatting involves registering domains that are misspelled versions of legitimate domains (e.g., example.co instead of example.com).
This technique tricks users into visiting the malicious domain, thinking it's legitimate.
Steps:
Configure an External Domain: Register a typosquatting domain similar to the company’s domain.
Set Up Evilginx: Install and configure Evilginx on a server. Use a phishlet that mimics the company's mail portal.
Send Phishing Emails: Craft phishing emails targeting the executives, directing them to the typosquatting domain.
Capture Credentials and 2FA Tokens: When executives log in, Evilginx captures their credentials and session tokens, effectively bypassing 2FA.
Pentest References:
Phishing: Social engineering technique to deceive users into providing sensitive information.
Two-Factor Authentication Bypass: Advanced phishing attacks like those using Evilginx can capture and reuse session tokens, bypassing 2FA mechanisms.
OSINT and Reconnaissance: Identifying key targets (executives) and crafting convincing phishing emails based on gathered information.
Using Evilginx with a typosquatting domain allows the tester to bypass 2FA and gain access to high-value accounts, demonstrating the effectiveness of advanced phishing techniques.
=================
