Tuesday, June 5, 2012

Ghos-Phisher GUI suite for phishing and penetration attacks

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attack.

Ghost Phisher

New Version 1.4 

Ghost Phisher 1.4 includes the following new features
1. Inbuilt High speed RFC 2131 compliant DHCP Server
Requirements:
 
python
python-qt4
xterm
subversion
metasploit


To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

root@host:~# dpkg -i ghost-phisher_1.3_all.deb
 
Icons and Running the application:
 
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "Ghost Phisher.desktop"

In BackTrack 5 R2 run it from /opt/Ghost-Phisher/ and start.

To get the source code for this project from SVN, here's the checkout link:
 
root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher
 
Ghost Phisher Penetration Screenshots
 
Ghost phisher ships in with default Windows and Linux vulnerability pages, These pages can be used for penetration.Ghost automatically recognizes the remote operating system and displays the vulnerability pages according to the information fetched.



Payload Download

This screenshot displays windows machine penetrated upon payload execution using Metasploit


After the remote machines are exploited, Ghost automatically redirects the clients to the internet with the help of the alternate DNS settings and inbuilt cookie system.

Some More Screenshots:
You could Emulate WIFI access points for client redirections


Here shows client connected to fake access point


Heres the Fake-DNS tab; Notice the Fake-IP address specified


Here shows the victim supplied a fake lease by the DHCP


Here shows the victim gettings the fake resolved IP address:


Here shows our HTTP server, with a downloaded webpage intended to be faked:


Since our victim has our fake DHCP server address,therefore he gets directed to our fake http server:


Here shows our database area, which automatically captures and logs forms credentials


Check out his other project:
http://code.google.com/p/fern-wifi-cracker/
 
http://code.google.com/p/hexorbase/
Regards:
Saviour Emmanuel Ekiko

No comments:

Post a Comment