Phishing Attack Using Python Scripting

Nathan Anderson, Matthew Ennis, John LaCava and Mira Yun

Department of Computer Science
Boston College
Chestnut Hill, MA 02467, USA
{anderagh, lacavajo, ennismg, yunmd}@bc.edu

Abstract – Connecting to WiFi networks, Attackers no longer need to directly

both private and public, can be done in
seconds by almost any electronic device.
Despite their widespread use, they are still
incredibly susceptible to attackers attempting
to steal information from individuals and
larger organizations. This paper will propose
a clone phishing attack that provides an
attacker with an undetectable method to steal
WiFi network names and passwords, then
demonstrate a Denial of Service attack on a
victim’s network.
I. INTRODUCTION
Wireless networks have become nearly
unavoidable in our daily twenty-first century
lives. Simply put, wireless networks connect us
to other computers, cell phones, and tablets
without the need for any wires. ​However as the
prevalence of wireless networks increases,
specifically Wireless Local Area Networks
(WLANs), the issue of network security
becomes exceedingly important.
Given that these networks transmit
information through the air, hackers attempting
to intercept and disrupt this traffic have crafted
inventive ways to do so since the inception of
wireless networks. As newer wireless security
protocols are developed and implemented to
prevent these attacks, hackers have begun to
exploit the one aspect of the connective network
that doesn’t receive updates - the user.
target the network in order to obtain sensitive
information - they can simply manipulate the
user into giving it away themselves. While more
technical and advanced hacking tools exist, no
method has been more popular or easier to
implement than the clone phishing attack.
II. CLONE PHISHING ATTACKS
​ Clone phishing, a form of phishing
attack in which fraudulent websites or email
messages are created to impersonate legitimate
sources, has become increasingly dangerous in
recent years. According to a study by
cybersecurity firm Proofpoint, clone phishing
accounted for nearly one-third of all phishing
attacks in 2020, and this number is only
expected to rise in the coming years [1].
The use of advanced tactics and
technologies by attackers has made clone
phishing more difficult to detect and mitigate. In
2020, the number of clone phishing attacks that
leveraged compromised accounts or domains
increased by 200%, according to a report by
cybersecurity firm Cofense [2]. This approach
allows attackers to bypass traditional security
measures and gain access to sensitive
information without being detected.
The consequences of clone phishing
attacks can be severe and long-lasting, as
evidenced by the increasing number of data
breaches and financial losses reported by
individuals and organizations. A recent survey
by cybersecurity company, Ironscales, found identifiers (SSIDs), or simply the
that 75% of IT professionals reported an network names, and passwords from the victim
increase in phishing attacks during the onto a .txt file that would be returned to the
COVID-19 pandemic, with 31% reporting at attacker’s inbox. In the end, the script would
least one successful attack resulting in a data then delete their stored network names and
breach [3]. disconnect them entirely from the internet.
For the success of the attack, it is crucial
III. CLONE PHISHING SIMULATION
for the victim to be using a PC that is running
To prevent and mitigate clone phishing any recent Windows OS. The Python script
attacks, we ran an experiment to test how easy it takes advantage of the Windows specific
could be to execute one that attempts to steal a command line argument “netsh” to fetch then
user’s stored WiFi passwords. In order to fully delete the SSIDs and passwords, which requires
understand a clone phishing attack, we had to do no detectable administrative access. Once this
it from the perspective of the attacker. criteria is met, the script is then free to iterate
Eventually, we hope to brainstorm through the stored network profiles, saving to
implementation methods in which larger the .txt file along the way.
organizations or individuals can use to avoid
clone phishing attacks.
A. Setup and Phishing Attack
For our experiment, we prepared
software and hardware such as Python3,
Windows OS, Gmail, Kali Linux as well as two
Windows computers. The attack loosely follows
the experiment conducted by Harish Musthyala
and P. Nagarjuna Reddy, who provided us with
the basic Python instructions for the attack [4].
We then drafted a clone phishing email that
mimics that of an official Boston College email.
For this email, we based it off of survey emails
that are typically sent by BC to its students. We
surveyed about ten BC students, with a majority
confirming it to be believable.
From this, we embedded a hyperlink
into the BC email as well as step by step
instructions in order for us to run a Python script
Fig. 1. Drafted Clone Phishing Email
[Fig.1]. Then, we wrote a Python script that
successfully obtained stored network service set
B. Denial of Service Attack (DoS)
In order to demonstrate how a hacker
could take this phishing attack a step further, we
showed how a DoS attack would be performed.
Within the Python script we included a line of
code that would retrieve the victim's Basic
Service Set Identifier (BSSID) for the current
network they are using, and send this
information back to the hacker along with the
other SSIDs. For this attack to be feasible, we
are making the assumption that the hacker is
within range of the victim’s wireless network.
After obtaining this information, we switch to a
machine running Kali Linux Live and use the
correct SSID and password from the .txt file to
join the victims network. Once connected to the
network, we use the victim’s BSSID along with
our own machine's Media Access Control
(MAC) address as input arguments to run a DoS
Kali Linux terminal command [Fig. 2].
This deauthentication command will
send packets to the router at an immense rate,
denying any user the ability to connect to it.
Unfortunately, we weren’t able to actually
execute the attack due to configuration issues,
but this is just one simple example of a harmful
action a hacker could do once obtaining this
information.
Fig. 2. Kali Linux DoS Command
IV. EVALUATION
We conducted the WiFi attack in three
separate trials. If the results are consistent
throughout the three trials, we would assume
that the attack is successful and that the Python
script works. Our first hope was to use a
TP-Link router on BC’s campus, but soon came
to realize that the campus’ WiFi protocols
wouldn’t allow us to run this attack. Thus, we
conducted the experiment off campus on a
private WiFi router. Following all these steps,
we could test the effectiveness of a full phishing
attack from the perspective of an attacker.
The phishing attack consistently and
successfully executed on the personal WiFi
network during the three separate trials. The
attack effectively gathered network SSIDs and
their corresponding passwords, which were then
successfully returned to the attackers without
the victim’s knowledge [Fig. 3]. The latter was
especially important for our goals, as the
principal idea behind a phishing attack (and
cyber attacks in general) is the inability for the
user to know that they are falling victim.
Public networks that require no
password or an external method of
authentication were returned with no passwords,
whereas private networks were returned with
their corresponding unique password.
Additionally, the victims were successfully
disconnected from their current network, as
intended. These outcomes demonstrate the
attack's effectiveness in achieving its goals.
Fig. 3. Retrieved SSIDs and Passwords
A. Limitations
One aspect that our team wishes we
could have improved upon was the delivery of
the Python code to the victim. In order for the
attack to correctly execute, the victim needs to
follow a series of suspicious looking
instructions within our email in order to
download the proper components onto their
machine. Attempts using an online Python
hosting website to deploy our attack were
unsuccessful, as server side internet protocol
forbids client side command line execution - the
main conductor of our attack. While the attack
itself functioned exactly as intended, we wish
we were able to make the design seamless and
require less of the victim’s participation.
Another part we unfortunately were
unable to execute was the DoS attack [5].
Ideally, performing a DoS attack and flooding
the TP-Link router with packages would
demonstrate how a hacker could take this
information passively to then actively harm a
network. However, machines we had access to
were not compatible with the Kali Linux OS and
therefore we could only demonstrate the
implementation of how an attacker would
theoretically execute the DoS attack.
The project aimed to showcase the risks
associated with phishing attacks, emphasize the
importance of cybersecurity awareness, and
demonstrate the capabilities of a simulated
attack. The conducted research successfully
achieved these objectives by illustrating how
easily users can be deceived into compromising
their sensitive information. The project
highlights the need for robust security measures
and user education to mitigate such threats
effectively.
V. CONCLUSION
The phishing attack demonstrated high
efficiency in terms of execution time and effort
required. Once the Python script was written, it
could be deployed quickly for efficient and
repetitive testing. The only aspect of the attack
that would need to be changed between victims
is their email address as well as the victim’s
name in the email. Besides those small details,
theoretically a hacker could distribute these
attacks at an immense rate, boosting the
likelihood of success.
The project's impact lies in raising
awareness about the potential risks of phishing
attacks and the significance of user education in
preventing such incidents. There are some
methods we proposed which would be able to
better educate and potentially protect
individuals and employees of corporations
against phishing attacks.
A. Education and Protection
Firstly, companies can conduct their own
mock phishing attacks on their users, to test
individuals and their abilities to detect
suspicious emails. We created our own mock
phishing email in the same format as our attack
phishing email, which upon clicking the
hyperlink redirects the user to a website that
gives them a “strike” [Fig. 4]. These strikes can
be monitored by companies to take note of
which employees or age groups might be most
susceptible to these attacks, prompting some
form of internal training. The first and most
important step in preventing phishing attacks is
spreading awareness and educating users. not conducted with the intent to spread
malicious practices but to educate users on the
ways in which they might be at risk of exposing
private information across a wireless network. If
the network itself is unable to provide sufficient
security for the users connected to it, it is up to
the individual themselves to remain vigilant and
beware of the possible ways in which they could
be attacked.
Fig. 4. Mock Phishing Email with Strike System
REFERENCES
Secondly, we proposed that a program 1. Chapman, Lizzy. "Proofpoint Q4 2020
such as Wireshark, a network protocol analyzer Threat Report: Social Engineering,
(or “packet sniffer”), could be run in the Cloud and Malware Attacks Take Root."
background in order to monitor SMTP traffic on ISBuzz News, 4 Mar. 2021,
the network [6]. Wireshark would be able to not https://www.informationsecuritybuzz.co
only see any unwarranted outbound emails m/news/proofpoint-q4-2020-threat-repor
being sent, but could allow the user to inspect t-social-engineering-cloud-and-malware-
the contents of the initial phishing email without attacks-take-root/.
clicking on the email itself. This would 2. Cofense. "2021 State of Phishing
hopefully alert the user to a potential file Defense Report." Cofense, 2021,
download or unwanted redirect when clicking https://cofense.com/resource/2021-state-
on hyperlinks, as our phishing email took of-phishing-defense-report/.
advantage of. 3. Ironscales. "2021 State of Phishing
Finally, our attack takes advantage of the Attack Report." Ironscales, 2021,
user’s participation in storing network https://ironscales.com/resources/2021-st
passwords on their computer in the first place - ate-of-phishing-attack-report/.
clicking on the “Remember Network” checkbox 4. Musthyala, Harish, and Nagarjuna
when connecting to a network for the first time. Reddy. “Hacking Wireless Network
While inconvenient for the user, opting out of Credentials by Performing Phishing
this choice would prevent an attack like ours Attack Using Python Scripting.” Ieee
from collecting the network’s information at all. Xplore,
This would prevent potential future attacks https://ieeexplore.ieee.org/document/943
(such as DoS) from happening on a personal or 2155.
on a company-wide network. 5. ​Occupytheweb, et al. “How to Hack
By showcasing how easily attackers can Wi-Fi: Performing a Denial of Service
deceive users and gain unauthorized access to (Dos) Attack on a Wireless Access
sensitive information, the project promotes a Point.” WonderHowTo, WonderHowTo,
culture of cybersecurity awareness and 23 July 2013,
proactive defensive strategies. This attack was https://null-byte.wonderhowto.com/how-
 to/hack-wi-fi-performing-denial-service-
dos-attack-wireless-access-point-014798
8/.
6. Wireshark · about. Wireshark. (n.d.).
https://www.wireshark.org/about.html