LockPhish - Phishing Attack on Lock Screen

LockPhish is the first phishing tool that can grab Windows credentials, Android PIN and iPhone Passcode using a https link. This tool is originally developed by TheLinuxChoice.

Phishing attack on Lock Screen

This creates a fake lock-screen on target devices whenever target puts credential it captures it and sends to attacker using a ngrok tunnel. This tool automatically detect the device. Also track victim’s IP address.

Key Features of LockPhish

Lock screen phishing page for Windows, Android and iPhone.
Auto detect device.
Port Forwarding by Ngrok.
IP Tracker.

Lets starts the installation process.

First we open our terminal window and type following command to clone this tool from it’s GitHub repository:

git clone https://github.com/kali-linux-tutorial/lockphish

Then it will start the cloning process as shown in following screenshot.

After finishing the process we need to go to LockPhish directory by using cd command:

cd lockphish

We need to give lockphish root access before run. To do that we apply following command:

sudo chmod +x lockphish.sh

Then we need to run the tool by using following command:

./lockphish.sh

The main menu of LockPhish will open as showing in the following screenshot:

Here we need to put the redirecting website’s link after phishing. The default value is set to YouTube. YouTube is good for social engineering or we can put other links. Here for an example we keep it default and hit the Enter button.

Then it will download ngrok in our Kali Linux system, and configure the phishing servers on our localhost and finally give us the Phishing URL.

Now we can send this link to our target with some social engineering techniques. When our target opens this link it will ask to redirect on YouTube.

When our target clicks here to be redirected on YouTube, the device shows following kind of screen:

Phishing attack on device’s lock-screen

After our victim inputs his Unlock PIN we got it on our terminal.

PIN received

The same thing will work on Windows PC and iPhone, we just need to send the link it will automatically detect the type of device (Android, Windows, iPhone)

This is how we can use the phishing attack on devices lock-screen and get the login credentials.

Warning:- This tutorial is for educational purpose
only. It shows how the modern day phishing attack works. Phishing is a serious crime. If anyone do any
illegal activity then we are not responsible for that.

If you liked our this tutorial then follow our blog regularly for more good quality Kali Linux tutorials. Follow us on Twitter and Medium for quick updates. Faced any problem or have any thoughts with this article then leave a comment below, we always replay.

38 comments

Anonymous May 27, 2020 8:23 am

please tell bro, how to identify A device location with IMEI number.

Kali Linux May 28, 2020 2:36 am

This is gonna be tough. Articles on Google will lead you to fake articles. We wil try to write an article about it.

Anonymous May 31, 2020 5:39 am

plz bro, try to do the article as soon as possible, eagerly waiting for your article. thak you bro.

Kali Linux June 1, 2020 3:42 am

Hi, we have researched about this. This requires permissions from Network Service Providers. They have access the devices IMEI numbers with SIM cards and they can track location of devices by using signaling towers. Even law enforcement needs help of these service providers to do this kind of location tracking. This is possible but not for everyone, who have high authority permissions in network providers services can do this.

black_snow August 10, 2020 6:09 pm

hey…i am not getting the direct link after everything is complete…am i doing something wrong?

Kali Linux August 11, 2020 3:16 am

You can try after sometime.

alpha August 23, 2020 11:35 am

what error does it bring

Kali Linux August 23, 2020 2:40 pm

The direct links are provided by some free online ssh services. The server might be down because of heavy load.

Aryan kaushik August 27, 2020 9:59 am

is it not possible locate our device if we lost or someone stole it.And the fucking police they never help to find such devices that does not cost high. is there any solution to do it on ourself

Kali Linux August 27, 2020 12:49 pm

This tool is not created for finding or locating phones. You should insure your mobile device.

Anonymous August 31, 2020 2:47 pm

its not showing the pin phising page

Anonymous September 2, 2020 6:55 am

Yeah!! I am facing the same issue

Kali Linux September 2, 2020 12:40 pm

This tool doesn't created by us. The creator of this tool is discontinued this project so we re-uploaded this work. This seems not working.

JaaM Arif September 19, 2020 5:09 am

THANKS FOR INFO MORE INO WAHATSAPP PLEASE

Kovid Srivart September 22, 2020 7:48 pm

i am unable to create the direct link

Päwäñ ßäï September 24, 2020 2:13 pm

I can't access it in my mobile some of that commands are not working for me how can I do.

Kali Linux September 24, 2020 6:02 pm

Can you please specify the error.

cyberdigital November 17, 2020 5:37 am

i am unable to create the direct link
check here: https://subefotos.com/ver/?d26b182ba851ec7257529d7690d07813o.png

Kali Linux November 17, 2020 6:12 am

Sorry to say but this project is discontinued.

cyberdigital November 17, 2020 7:08 pm

thank you…

Unknown March 18, 2021 7:39 am

Not getting a direct link… are servers down?

Kali Linux March 22, 2021 6:28 am

Might be servers are down. If you are using termux then try to run lockphish during mobile wifi hotspot on.

iamKK May 6, 2021 8:37 pm

how come it did not gave a direct link url adress it shows blank in terminal

wishdurgapuja May 8, 2021 5:56 am

I solved the problem after replacing ngrok

HijrahHoleescht June 10, 2021 5:32 pm

Hi bro I Pretty 👍 just visiting the nice article and clear info bout it then your response comment are hint me,what ur said bout google yeah i agree with that,

Kali Linux June 11, 2021 12:48 pm

Thanks a lot. Got lots of motivation from your comment. Keep Visiting. More awesome contents are coming. Thanks again.

Unknown August 20, 2021 10:10 am

It's not giving a link there's an empty space after direct link:
PLZ HELP

Kali Linux August 20, 2021 11:25 pm

Are you on Termux? Then please close everything and first open your WiFi hotspot then open Termux and run the script.

Unknown August 24, 2021 5:52 pm

im getting no linkkkkkkkkkkkkkkkkkkkkkkk im using kali linuxxxxxx helpppppppppp meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

Kali Linux August 24, 2021 7:56 pm

This tool is not updated for a while. It might not work.

Karen Neves October 6, 2021 6:31 pm

Não está aparecendo o link, me ajudem

Kali Linux October 7, 2021 12:58 pm

Esta ferramenta é muito antiga. Tente hospedar a página em seu sistema e encaminhar manualmente a porta via ngrok

Anthony Klean Newtoxton December 23, 2021 10:10 am

its running on 127.0.0.1:3333
just find a way to run ngrok or any forwarder and forward port 3333 under http
get the link and spam…

Anonymous April 12, 2023 8:14 am

Hello, I'm writing with a problem in the code execution.
After writing :
[+] Redirect after phishing (Default: Youtube ):
everything should be green, but I get this:

[+] Starting php server…
[+] Starting ngrok server…
[+] Building webpages
[+] Direct link:

that is, the last two items are not highlighted in green and the code does not work

Anonymous May 14, 2023 6:27 am

I have done everything correctly but the direct link is not showing. Please tell me what to do?

Anonymous October 25, 2023 11:38 am

yeah!! even i have done the process correct everything is going good but it is not displaying the direct link..

Anonymous January 13, 2024 2:21 pm

yes the same issue Direct link is not appearing only blank

Anonymous May 9, 2024 2:24 am

Not giving link

LockPhish — Phishing Attack on Lock Screen