HiddenEye 0.2.7 ( adjusted for TinyPaw )

Discussion in 'Scripts & Commands' started by r1sen, 24 Jul 2019.

  1. r1sen

    r1sen Well-Known Member
    Dev Team VIP

    Joined:
    22 Nov 2017
    Messages:
    244
    Likes Received:
    38
    HiddenEye advanced phishing framework

    What is it?

    "
    Modern Phishing Tool With Advanced Functionality

    PHISHING | KEYLOGGER | INFORMATION_COLLECTOR | ALL_IN_ONE_TOOL | SOCIALENGINEERING
    "

    Quoted from project github: https://github.com/DarkSecDevelopers/HiddenEye

    Tool definitely works, built, tested, modified in latest TinyPaw v1.3.1.1 release build. Some modifications were made to the Actions.py script to fix ascii encode/decode issues. One was for displaying the scripts mainMenu() function which was simply replacing characters from the script that wouldn't display properly in the terminal. The others related to the open(' ') function used to read from or write into php or html files the script generated and modifies on the fly - the issue was fixed by declaring the encoding for python to read/write with which was done by adding encoding="utf-8" to the various lines calling the open('') function. See images below:

    Screenshot.png

    Screenshot-1.png

    This framework requires a internet device, it generates and runs a php "localhost" 127.0.0.1:1111 server and will generate live web available pages for testing. Same in theory could be accomplished using spoofing/poisoning/redirection mitm techniques - that is if you are on the same local network as testing box. Very straightforward command and menu structure and simple implementation. When prompted to input redirection url simply use the url of the legitimate page you have decided to phish with - ie facebook dummy page redirects to facebook.com, etc, etc

    If prompted to do so, and may only need to do this once:

    Open your terminal/cli from the HiddenEye-master dir and enter the following:

    cd Server/www/ && sudo php -S 127.0.0.1:1111 > dev/null

    As stated above - tested and verified within TinyPaw_v1.3.1.1 only.

    HiddenEye adjusted available at:

    @sourceforge:

    tp-hiddeneye.zip


    @bitbucket:

    tp-hiddeneye.zip

    Required deps:

    @sourceforge:

    wget-3.2.tcz
    libssh2.tcz

    @bitbucket:

    wget-3.2.tcz

    libssh2.tcz

    Installation:

    1.) Download tp-hiddeneye.zip from either above repository.

    2.) Open your terminal/cli and enter the following:

    cd /home/tc/Downloads/

    unzip tp-hiddeneye.zip

    3.) Download both above required deps from either above repository.

    4.) Copy the downloads deps *deps only* to your (*/tce/optional/) directory.

    5.) Open your onboot.lst file located in your (*/tce/) directory and make following changes:

    -add line item: "wget-3.2.tcz"
    -add line item: "libssh2.tcz"

    6.) Save the changes you've made by either (file+save) or (cntl+s) and close your editor.

    7.) Reboot your system for required deps to run at boot.

    8) Upon reboot open your terminal/cli and enter following:

    cd /home/tc/Downloads/HiddenEye-master/

    sudo python3.6 HiddenEye.py

    8.) Please post any bugs, I am in the process of next release build v1.4 so trying to make this clean but will be default tool in next builds.

    Screenshot_TinyPaw_v1.3.1.1_2019-07-23_20:19:34.png
     
    #1 r1sen, 24 Jul 2019
    Last edited: 4 Aug 2019
  2. r1sen

    r1sen Well-Known Member
    Dev Team VIP

    Joined:
    22 Nov 2017
    Messages:
    244
    Likes Received:
    38
    More on this:

    the fix for the open( '' ) function was caught and fixed for successful implementation of keylogger.

    Also - unless target box already has cached login credentials for the target site you are phishing with then you will likely enter test credentials into phishing page only to be redirected to official page to login again. However if browser / device has been used to login to service before then after entering credentials into phishing test page you will transition to official site.
     
  3. r1sen

    r1sen Well-Known Member
    Dev Team VIP

    Joined:
    22 Nov 2017
    Messages:
    244
    Likes Received:
    38
    To note:

    If at all during runtime you encounter a blank phishing page or a php error message that there is already an instance running on port:1111

    Please open your terminal/cli and enter the following:

    Sudo netstat -tlp

    *Make note of any pid running php - hint: will either display as listening on: 127.0
    0.1:1111 or 0.0.0.0:1111

    Your process id in netstat should display as:

    #####/php

    Now that you know your pid/php enter the following in your terminal/cli

    Kill #####

    This is only in the event you see an error that your php server on localhost is already running/listening.
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K