LockPhish -- Phishing Attack on Lock Screen

LockPhish is the first phishing tool that can grab Windows credentials, Android PIN and iPhone Passcode using a https link. This tool is originally developed by TheLinuxChoice.

LockPhish - Phishing Attack on lock screen
Phishing attack on Lock Screen
This creates a fake lock-screen on target devices whenever target puts credential it captures it and sends to attacker using a ngrok tunnel. This tool automatically detect the device. Also track victim's IP address.

Key Features of LockPhish

  • Lock screen phishing page for Windows, Android and iPhone.
  • Auto detect device.
  • Port Forwarding by Ngrok.
  • IP Tracker.

Lets starts the installation process.

First we open our terminal window and type following command to clone this tool from it's GitHub repository:

git clone https://github.com/kali-linux-tutorial/lockphish
Then it will start the cloning process as shown in following screenshot.

git clonning lockphish

After finishing the process we need to go to LockPhish directory by using cd command:

cd lockphish

We need to give lockphish root access before run. To do that we apply following command:

sudo chmod +x lockphish.sh
 
Then we need to run the tool by using following command:

./lockphish.sh

The main menu of LockPhish will open as showing in the following screenshot:

lockphish main menu

Here we need to put the redirecting website's link after phishing. The default value is set to YouTube. YouTube is good for social engineering or we can put other links. Here for an example we keep it default and hit the Enter button.

Then it will download ngrok in our Kali Linux system, and configure the phishing servers on our localhost and finally give us the Phishing URL.


Now we can send this link to our target with some social engineering techniques. When our target opens this link it will ask to redirect on YouTube.
When our target clicks here to be redirected on YouTube, the device shows following kind of screen:

Phish the lockscreen
Phishing attack on device's lock-screen
After our victim inputs his Unlock PIN we got it on our terminal.

PIN received
PIN received
The same thing will work on Windows PC and iPhone, we just need to send the link it will automatically detect the type of device (Android, Windows, iPhone)

This is how we can use the phishing attack on devices lock-screen and get the login credentials.

Warning:-  This tutorial is for educational purpose only. It shows how the modern day phishing attack works. Phishing is a serious crime. If anyone do any illegal activity then we are not responsible for that.

If you liked our this tutorial then follow our blog regularly for more good quality Kali Linux tutorials. Follow us on Twitter and Medium for quick updates. Faced any problem or have any thoughts with this article then leave a comment below, we always replay.
author-img
Kali Linux

Comments

21 comments
Post a Comment
  • AnonymousMay 27, 2020 at 1:23 PM

    please tell bro, how to identify A device location with IMEI number.

    Delete Comment
    • Kali Linux photo
      Kali LinuxMay 28, 2020 at 7:36 AM

      This is gonna be tough. Articles on Google will lead you to fake articles. We wil try to write an article about it.

      Delete Comment
      • AnonymousMay 31, 2020 at 10:39 AM

        plz bro, try to do the article as soon as possible, eagerly waiting for your article. thak you bro.

        Delete Comment
        • Kali Linux photo
          Kali LinuxJune 1, 2020 at 8:42 AM

          Hi, we have researched about this. This requires permissions from Network Service Providers. They have access the devices IMEI numbers with SIM cards and they can track location of devices by using signaling towers. Even law enforcement needs help of these service providers to do this kind of location tracking. This is possible but not for everyone, who have high authority permissions in network providers services can do this.

          Delete Comment
        • black_snowAugust 10, 2020 at 11:09 PM

          hey...i am not getting the direct link after everything is complete...am i doing something wrong?

          Delete Comment
        • Aryan kaushik photo
          Aryan kaushikAugust 27, 2020 at 2:59 PM

          is it not possible locate our device if we lost or someone stole it.And the fucking police they never help to find such devices that does not cost high. is there any solution to do it on ourself

          Delete Comment
          • Kali Linux photo
            Kali LinuxAugust 27, 2020 at 5:49 PM

            This tool is not created for finding or locating phones. You should insure your mobile device.

            Delete Comment
          • AnonymousAugust 31, 2020 at 7:47 PM

            its not showing the pin phising page

            Delete Comment
            • AnonymousSeptember 2, 2020 at 11:55 AM

              Yeah!! I am facing the same issue

              Delete Comment
              • Kali Linux photo
                Kali LinuxSeptember 2, 2020 at 5:40 PM

                This tool doesn't created by us. The creator of this tool is discontinued this project so we re-uploaded this work. This seems not working.

                Delete Comment
              • JaaM Arif photo
                JaaM ArifSeptember 19, 2020 at 10:09 AM

                THANKS FOR INFO MORE INO WAHATSAPP PLEASE

                Delete Comment
                • Kovid SrivartSeptember 23, 2020 at 12:48 AM

                  i am unable to create the direct link

                  Delete Comment
                  • Päwäñ ßäï photo
                    Päwäñ ßäïSeptember 24, 2020 at 7:13 PM

                    I can't access it in my mobile some of that commands are not working for me how can I do.

                    Delete Comment
                  • Steven photo
                    StevenOctober 1, 2020 at 4:55 PM

                    You should know whether somebody has meddled into your space that was not welcomed or welcome. We as a whole have the privilege and opportunity to go where we need, dress how we need and participate in whatever action we need to. check over here

                    Delete Comment
                    • cyberdigital photo
                      cyberdigitalNovember 17, 2020 at 10:37 AM

                      i am unable to create the direct link
                      check here: https://subefotos.com/ver/?d26b182ba851ec7257529d7690d07813o.png

                      Delete Comment
                    google-playkhamsatmostaqltradent