Saturday, April 6, 2019

Phishing with Z Shadow

Z-Shadow is a web tool that allows you to instantly create a phishing page that can be sent to anyone via Email, chat, forum or social media. Once the victim clicks on the link and signed in using his or her credential, all of that information will be captured and display in plain text for you in your Z-Shadow account. To start using Z-Shadow visit this link here and sign up an account. Once you are signed up, just log in to your Z-Shadow account like I have below.

phishing with z-shadow

Now all you have to do is navigate to the right and under where it says Links choose a language and it should give you a URL. You can now copy this URL and send it to your victim and wait for them to sign in. Once the victim signed in, the username and password should be displayed under the My Victim tab.

I used Facebook as an example for you to see here. I navigate to the right and click on English and copy the URL, then pasted it into my browser address bar. As you can see below I have a page that is identical to the original Facebook page. 

phishing facebook

From here I can type in the username and password, log back into my Z-Shadow account, click on My Victims tab and now I am able to see my username and password. (See screenshot below)

hacking and getting the username and password

You can use Z-Shadow to phish other website as well, just choose a website that is available, choose a language, share the link and wait for the victim to signed in.