LockPhish is the first phishing tool that can grab Windows credentials, Android PIN and iPhone Passcode using a https link. This tool is originally developed by TheLinuxChoice.
 |
| Phishing attack on Lock Screen |
Key Features of LockPhish
- Lock screen phishing page for Windows, Android and iPhone.
- Auto detect device.
- Port Forwarding by Ngrok.
- IP Tracker.
Lets starts the installation process.
First we open our terminal window and type following command to clone this tool from it's GitHub repository:
Then it will start the cloning process as shown in following screenshot.
After finishing the process we need to go to LockPhish directory by using cd command:
We need to give lockphish root access before run. To do that we apply following command:
Then we need to run the tool by using following command:
The main menu of LockPhish will open as showing in the following screenshot:
Here we need to put the redirecting website's link after phishing. The default value is set to YouTube. YouTube is good for social engineering or we can put other links. Here for an example we keep it default and hit the Enter button.
Then it will download ngrok in our Kali Linux system, and configure the phishing servers on our localhost and finally give us the Phishing URL.
Now we can send this link to our target with some social engineering techniques. When our target opens this link it will ask to redirect on YouTube.
 |
| Phishing attack on device's lock-screen |
 |
| PIN received |
Comments