You might like

How to Bypass Two Factor Authentication (2FA) | Advanced Phishing Tool : OTP Bypass

 Hello hackers, hope you are doing well. Well, today with the advancement of technology the security of online systems has also been increased by using one of the method 2-Factor Authentication also known as 2FA. 2-Factor Authentication is an additional layer of security in online system that enables system to check that you are the original person who owns account by 2-Factor Authentication.



 What is 2-Factor Authentication? 

The more quiter you become, the more you are able to hear. (Kali Linux)

2-Factor Authentication is an additional layer of security in internet that enables you to verify your identity by producing an One Time PIN by SMS service or using Two Factor Authentication (2-FA) apps like Google Authentication. In Two Factor Authentication method, besides of providing a username and password user also has to give a One Time PIN (OTP) sent on his/her number by SMS or provided to him by using some authentication app. Two Factor Authentication is used widely in bank security systems so that it can be ensured that only real owner of account is making transaction.


DON'T FORGET TO READ HOW TO HACK FACEBOOK IN 5 MINUTES

How Two Factor Authentication Works?

Two Factor Authentication works on the principle by generating a 6-digit PIN also known as OTP which works as a temporary key to access the system. Two Factor Authentication is not generally enabled in Facebook but it is enabled in banking applications. We can manually enable Two Factor Authentication in Facebook. Whats App only operates on One Time Temporary PIN (OTTP). Today, almost all the social media apps and other apps use Two Factor Authentication to ensure their security to users.


 

Bypassing Two Factor Authentication

 Two Factor Authentication can easily be hacked by on of the advanced methods of social engineering instead of using Modilishka (an advanced tool to hack into live mode). There are many other many ways to bypass 2fa. Some of them are discussed below:

  • Advanced Phishing Tool (Adv Phishing)
  • Modilishka (also known as Man in the Middle Attack in live mode)
  • Manually Access to Victim's Mobile
  • Brute-Forcing 6-digit PIN (not works on Facebook after 2016)
  • Using Cookie Hijacking Session (No need of any username, password or PIN)
  • SS7 Attack (An advanced attack that only professionals can do)
  • BeEF, the Browser Exploitation Framework, (for Penetration Testing) 
 

DON'T FORGET TO READ HOW TO HACK Wi-Fi IN 5 MINUTES

Hacking is not crime, it's an art.

And the list goes on. So, we can use any of the method written above to trap our victim. But it doesn't guarantee that it will work 100%. In the list of above methods to bypassing two factor authentication, advanced phishing tool is the most effective to break 2fa security of any app. So let's begin with bypassing two factor authentication by using Adv Phishing tool (an advanced approach to bypass 2fa verification).


Bypassing Two Factor Authentication Using Adv Phishing Toolkit

 Adv Phishing tool also known as Advanced Phishing toolkit is used to break 2fa of any account by using social-engineering method in similar to as we use NexPhisher to hack any Facebook or social media account. It allows hacker to obtain victim's real username and password and one time system generated PIN if 2fa is enabled on user account. Make sure to check it that 2fa is enabled or not to user account. In addition bypassing two factor authentication, you can also gives you victim location as this tool also shows IP Address of the victim.

[+] PREREQUISITES

You should have following in order to install Adv Phishing tool in order to bypass 2fa security:

  • Linux Distribution (Kali Linux or Parrot OS etc.)
  • OR Termux
  • Stable Internet 

[+] INSTALLATION 

In order to install this tool, you need to run following codes in your terminal to bypass two factor authentication.

First download file of tool from github repository using command below: 

git clone https://github.com/Ignitetch/AdvPhishing.git

After downloading file, you have to go to its directory using cd command and run below commands as shown below:

cd AdvPhishing/

chmod + x Linux-Setup.sh 

sudo ./Linux-Setup.sh


On running setup you may have to provide your Ngrok token which you can access by creating free account in Ngrok.


[+] USAGE     

In order to bypass two factor authentication, we have to run this tool by command below:

sudo ./AdvPhishing.sh

After running this tool, you can use whatever account you select to bypass 2fa security. 

Note:

If tool will not work properly run sudo -i
and then run all above commands. You can also let me know if any problem occur. Now after running above command you will see like:

I wanna hack victim's Google account so I will choose option 6 as shown below in figure:
After it, in order to bypass two factor authentication tool Adv Phishing tool will take some time and ask you to modify URL. I have chosen No because we will use MaskPhish for this purpose. After this a Ngrok URL will be on your terminal and you have to send that URL to victim. Screenshots are attached below:
 
 

As your victim clicks on the ngrok link, he/she will see following page:

After he/she has to enter password as seen below:


And finally he/she has to enter 6-digit OTP which he can use to verify his/her identity


You can see all the details in the terminal as shown below:

So, this is the method how you can bypass two factor authentication of any secure account. If you find error please let me know. You can also read How to hack Facebook in 5 minutes.

Thanks for reading this post.

Tags
Reactions

Post a Comment

1 Comments

  1. AnonymousApril 29, 2022 at 9:05 PM

    How can I mask the url so it can appear to come from a legitimate source;is there a tool for it??

    ReplyDelete