![]() Have a keylogger running in the background.Grab the session token from the browser (Right Click > Inspect > Application > Cookies) after the user disconnects.Close the VNC session when the user authenticates.Have a HTTP proxy connected to the browser that’s logging everything.The ways that this can be abused are endless: And because you’ve already setup Firefox in kiosk mode all the user will see is a web page, as expected. Send the link to the target user and when the user clicks the URL they’ll be accessing the VNC session without realizing. So how do we use noVNC to steal credentials & bypass 2FA? Setup a server with noVNC, run Firefox (or any other browser) in kiosk mode and head to the website you’d like the user to authenticate to (e.g. Essentially, noVNC allows the web browser to act as a VNC client to remotely access a machine. noVNC runs well in any modern browser including mobile browsers (iOS and Android). NoVNC is both a VNC client JavaScript library as well as an application built on top of that library. For example, if you tried using a Gmail phishlet, you probably ran into an error similar to the one shown below.Īnd so I made it my mission to find a new way of bypassing 2FA which eventually lead to this interesting & unorthodox technique. I couldn’t help but look at some of the outstanding issues on the Github project and realizing that some websites were implementing methods to prevent Evilginx2 and other MITM phishing tools from working. I quickly setup the great Evilginx2 as I usually would. Recently I was on an engagement where all the users had 2FA enabled on their email. Although this post was purely original and did not use any of their work, I believe it is fair to reference it out of respect for the authors’ work and because it clearly goes far more in-depth than this blog post. ![]() It was recently brought to my attention that this technique was previously mentioned in a research article. Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode.
0 Comments
Leave a Reply. |