Phishing is a type of cyber attack where attackers send fake emails or messages that appear to be from a legitimate source, such as a bank or online service provider. The goal is to trick victims into revealing sensitive information like passwords, credit card numbers, or personal data by clicking on malicious links or providing login credentials. This can lead to identity theft, financial loss, and compromised online security.
View All Tags
In this room we join the TBFC red team and launch a Python server that hosts a fake login page to capture credentials. Using SET (Social-Engineer Toolkit) we craft a spoofed email pointing to our fake login page.
The victim clicks, submits credentials, and we log the username‑password pair, then reuse it to access the real TBFC portal as factory. Finally, we terminate the server and clean up.
This room focuses on teaching the basics of phishing attacks and their importance in red team engagements.
The room takes you through various aspects of phishing, including setting up infrastructure, writing convincing emails, and using different tools like GoPhish and techniques like Typosquatting to trick targets into opening malicious links or attachments.
