• XSS.stack #1 – первый литературный журнал от юзеров форума

Help Setting Up Uadmin Panel

Отслеживать
Lipshitz

Lipshitz

(L3) cache
Пользователь
Регистрация
26.11.2021
Сообщения
221
Реакции
114
Does anyone have any information regarding writing pages for Uadmin panels? The documentation I have is very basic and just shows dependencies to install, etc.

This is what I've found so far
fr3d.hk

uAdmin - Show & Tell

In this post I'll be taking a look at Unknown Admin or better known as U-Admin. We'll be taking a look at the code, how it functions, and different use cases for phishing and injects. I'll also be discussing real world instances.
fr3d.hk fr3d.hk
www.domaintools.com

DomainTools | Caught in the Act: A Phishing Expedition - DomainTools | Start Here. Know Now.

Upon the discovery of a suspicious domain name, DomainTools researchers uncovered a phishing attack targeting Tesco Bank. See how they used code analysis and more.
www.domaintools.com www.domaintools.com
github.com

GitHub - syrex1013/UAdmin-Phishlets: UAdmin Phishlets for common sites

UAdmin Phishlets for common sites. Contribute to syrex1013/UAdmin-Phishlets development by creating an account on GitHub.
github.com
 
Последнее редактирование:
Сортировать по дате Сортировать по голосам
Hi. i can help you further.
 
За 0 Против
evilphish сказал(а):
Do you have the working u-admin script ? if yes I can help you write custom uadmin pages.
the working base uAdmin script is everywhere lol id try to upload it when im home


to write uadmin panels, take a day or two to read over a uadmin phishet for it. once you understand how it breaks up pages to send to victims and how to write the json config for it, it's super easy. i have a lot of fun taking shit phish kits and turning them into uadmin phishlets with a little work. just required adding a custom loading page between different pages and creating the config to load it. uadmin already parses all request_uri, so no need to add much php other than the include file really.
 
За 0 Против
vei сказал(а):
the working base uAdmin script is everywhere lol id try to upload it when im home


to write uadmin panels, take a day or two to read over a uadmin phishet for it. once you understand how it breaks up pages to send to victims and how to write the json config for it, it's super easy. i have a lot of fun taking shit phish kits and turning them into uadmin phishlets with a little work. just required adding a custom loading page between different pages and creating the config to load it. uadmin already parses all request_uri, so no need to add much php other than the include file really.
Uadmin is shit. i would better go for evilgenx
 
За 0 Против
oopsgeneration88 сказал(а):
Uadmin is shit. i would better go for evilgenx
depends what your ultimate goal is, saying reverse proxies are better is pretty useless and a little naive. with static phishlets, you can phish for specific 2fa docs like id/password photos, pins and other info that you wouldn't be able to with evilginx without extensive work. phishing kits are good for some things, reverse proxies are good for others. you use whatever is best for your engagement :)

on a side note, uadmin was and still is a very well coded and advanced cms for developing unique live phishlets around. you should take the opportunity to look through the code and see for yourself
 
За 0 Против
vei сказал(а):
depends what your ultimate goal is, saying reverse proxies are better is pretty useless and a little naive. with static phishlets, you can phish for specific 2fa docs like id/password photos, pins and other info that you wouldn't be able to with evilginx without extensive work. phishing kits are good for some things, reverse proxies are good for others. you use whatever is best for your engagement :)

on a side note, uadmin was and still is a very well coded and advanced cms for developing unique live phishlets around. you should take the opportunity to look through the code and see for yourself
i do understand but if it is a basic phishlet then it's fine else you have to go for reverse proxies.

one more thing uadmin has a critical vulnerability :)

so either you fix it or you bear it 🤣
 
За 0 Против
oopsgeneration88 сказал(а):
i do understand but if it is a basic phishlet then it's fine else you have to go for reverse proxies.

one more thing uadmin has a critical vulnerability :)

so either you fix it or you bear it 🤣
that sqli was fixed in a later version, all it requires is to sanitize $_GET['link'] in the download.php file. mysql_real_escape_string($conn, $link) fixes that. the fact that people started fuzzing the kit at all should speak as to how popular and important it was for its time.

what is a basic phishet? do you mean those hackforums single file kits where there's always a crappy antibot working off of static ips? uadmin is far from this. done right, it can be very effective at taking on unique phishing campaigns.

i agree that stealing session cookies is more useful when phishing the actual site, but sometimes you want to get them to enter a pin to a service that's not common, or request file uploads and the real site doesn't have any page to proxify for it. different tools for different jobs, just as there is no best programming language, only the language that best fits the job description.
 
Последнее редактирование:
За 0 Против
vei сказал(а):
that sqli was fixed in a later version, all it requires is to sanitize $_GET['link'] in the download.php file. mysql_real_escape_string($conn, $link) fixes that. the fact that people started fuzzing the kit at all should speak as to how popular and important it was for its time.

what is a basic phishet? do you mean those hackforums single file kits where there's always a crappy antibot working off of static ips? uadmin is far from this. done right, it can be very effective at taking on unique phishing campaigns.

i agree that stealing session cookies is more useful when phishing the actual site, but sometimes you want to get them to enter a pin to a service that's not common, or request file uploads and the real site doesn't have any page to proxify for it. different tools for different jobs, just as there is no best programming language, only the language that best fits the job description.
agreed but i was talking about the extendibility in current time bro
 
За 0 Против
oopsgeneration88 сказал(а):
agreed but i was talking about the extendibility in current time bro

That's the point is uadmin is easily extensible while evilginx isn't. Not to argue further, each use case has it's it's own combination of tools that would be best fit
 
За 0 Против
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх