Hey Folks, in this tutorial weβll show you how we can bypass Google two-factor authentication via a phishing attack. As we know that we have the credentials of the victim account but we are sometimes stuck due to two factor authentication, hence we are not able to acquire the victimβs account even after obtaining the credentials, but through this tool we can bypass two factor authentication with the help of phishing page.
Letβs see how that is possible π !!
We already have done complete installation of this tool on our previous article so you need to revisit that article. You can revisit from here.
git clone https://github.com/Ignitetch/AdvPhishing.git
cd AdvPhishing/
bash Linux-Setup.sh
./AdvPhishing.shAfter fully setup then boot up and choose the β6β option to create a google phishing page.
Got it π !! In the end it gives us the phishing link that we need to share with the victim. Done π !!
This happened to be a normal process that you would have to follow to create a phishing page. But the main part will be started from here. Letβs see π !! After the victim opens the link, the phishing page will look like the image below and obviously he will enter his credit to enter his account.
Alright π !! As you can see we have the credentials entered by the victim on the phishing page.
Without waiting for a second, immediately we need to go to the original web page and enter those credentials to enter the victim account.
OPPS π !! As we told you that if two factor authentication is enabled then we cannot access its account. Relax π !! After entering the credentials by the victim obviously he will wait a few minutes to get the OTP and in the meantime you have to follow the same steps that we have just done.
After trying to access the victim account, the OTP will go to the attacker and the victim will enter on the phishing page without any doubt.
OβNice π !! You can see that we have successfully got the two factor authentication code, due to which we were not able to login to the victim account.
Amazing π !! As you can see that after entered the OTP on the phishing page by victim, we have finally successfully entered the victim account. Its Done π !!
Done π !! This tool also has an interesting feature through which we can get upcoming credentials on our Gmail account.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.
View Comments
Bro there is tunnel error showing even ngrok is installed and token is added