Как обойти двухфакторку в gmail?

[maxim1of1]

this is why i like hvnc, try to infect the victim with malware with hvnc and you can just use the victim pc to login to the email

Wat HVNC do you use?

 

[Vsssad]

or u can try simple stealer by adverting smth. Getting gmail cookie enough to enter gmail mail. AND if u have valid password with cookies - u can try rebind gmail account (20-50$)

 

[Smallstone]

Wat HVNC do you use?

pandora

 

[JBelfort]

and evilginx isn't a scam lmao.

it's a reverse proxy which essentially mirrors the website so that when someone logs into it from your URL, it'll redirect them back to the login page after hijacking the session/cookies which allows you to take it over (bypassing 2fa as the live session is on the reverse proxy) and also logs the credentials used to login. basic MITM attack.

I've worked with this tool you write about. Do you know anything about the AiTM type of attack? If yes, please share your knowledge. Extremely little information can be found to understand anything.

 

[vei]

I've worked with this tool you write about. Do you know anything about the AiTM type of attack? If yes, please share your knowledge. Extremely little information can be found to understand anything.

evilginx is an AiTM attack, as it logs credentials along with taking the session cookies. not to mention the injection of raw javascript/html for additional fields to phish

 

[xebiyem9]

С гуглом сейчас трудно. Нужно максимально имитировать железо и идентификаторы с которыми пользуются аккаунтом. В идеале, как пишут сверху, это hvnc, но в некоторых случаях может помочь реверс прокси, но это также уже должен быть доступ к его пк с софтом который стучит на ваш сервер. Самый последний вариант который может сработать (но маловароятно), это где-то найти похожий ip как у него, но ip который будет отличаться на последнее число от его ip (например 111.111.111.Х где Х число от 0 до 255) и есть небольшая вероятность, что вас пустит в аккаунт. Но это все если есть лог пас. А так hvnc, различные раты в помощь, с ними можно иметь актуальные куки гугла. Более реальные методы зайти на гмейл не знаю, отпишите если кто-то знает

 

[vei]

Google is difficult now. It is necessary to imitate the hardware and identifiers with which the account is used as much as possible. Ideally, as they say above, this is hvnc, but in some cases a reverse proxy can help, but this should also already have access to his PC with the software that connects to your server. The last option that can work (but is unlikely) is to find somewhere a similar ip like his, but an ip that will differ by the last number from his ip (for example 111.111.111.X where X is a number from 0 to 255) is there is a small chance that you will be allowed into your account. But this is all if there is a log pass. And so hvnc, various raths to help, with them you can have current Google cookies. I don’t know any more realistic methods for logging into Gmail, please post if someone knows.

google is not difficult now, there isn't much a server can do to prevent mitm phishing other than issuing short session TTL, and also that would not work with the ip being close. if the ip is not the same, it won't work. it doesn't matter if it's close to the original ip, but when hijacking a session that doesn't matter as geolocation isn't checked when session cookies are validated

 

[sikidok]

А так hvnc, различные раты в помощь, с ними можно иметь актуальные куки гугла. Более реальные методы зайти на гмейл не знаю, отпишите если кто-то знает

Не знаю ни одного рата с hvnc
Можете подсказать ?

 

[xebiyem9]

Не знаю ни одного рата с hvnc
Можете подсказать ?

Они есть, зависит от бюджета. Ответил в лс

 

[Grach]

Они есть, зависит от бюджета. Ответил в лс

Здравствуйте. Можете мне тоже подсказать?