Embed Malicious URL in Popular Websites

Hey Folks, in this tutorial we will show you that how you can embed your malicious URL in popular websites such as : Youtube, Facebook and Google etc. These kind of techniques are useful during the social engineering attacks because we can embed our malicious URLs in well known domains and send to the victim.

Reuirements

Kali Linux = Attacker

Lets take a look 🙂 !!

URLCADIZ TOOL

It is open source tool that is hosted on github page. This allow an attacker to embed his malicious code or URL in well known domains. To do our work, we have to download it from the github page.

git clone https://github.com/PerezMascato/URLCADIZ.git

Install the requirements using the pip command and go to the directory of this tool.

sudo pip3 install pyshorteners
cd URLCADIZ
python3 URLCADIZ.py

It provide us various features as you can see below. For an example we will select the option second.

Here we will paste the original URL of youtube in the first section and our malicious URL in the post link section.

Finalize URL has come before us. Now we can sent this URL to the victim.

You can see that the URL has been successfully redirected to our website.

Manual Method

Now we can embed the URL automatically. The usage guide is given below.
Usage 🙂 < orignal URL > < any keywork > @< malicious URL >

https://google.com-smb-server-can-be-hacked@secnhack.in

As soon we will click on ‘Yes’ button the URL will be redirected on malicious website.

Great 🙂 !! Similarly we can add phishing page and take the advantage of this technique.

About the Author

Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Shubham Goyal

A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.