Phishing Exercise
The CSV used is in the format of firstname,lastname,emailaddress and the email address is hashed for tracking purposes. Fake Linkedin invites are sent to the users with personalised greetings, and if they click on any of the links, this information can then be retrieved from the server logs because the hashed email forms part of the HREF links.
Further down the page is the output that is produced, the recipient, mail headers, subject and message content are echoed in this example rather than mailed, to show what would have been sent
<?php
if (($csvhandle = fopen("userlist.csv", "r")) !== FALSE) {
while (($csvdata = fgetcsv($csvhandle, 1000, ",")) !== FALSE) {
$csvfname = (array_slice($csvdata,0,-2));
$csvlname = (array_slice($csvdata,1,-1));
$csvemail = (array_slice($csvdata,2));
$tracker = (hash('ripemd160', $values[2]));
$iterator = new MultipleIterator;
$iterator->attachIterator(new ArrayIterator($csvfname));
$iterator->attachIterator(new ArrayIterator($csvlname));
$iterator->attachIterator(new ArrayIterator($csvemail));
foreach($iterator as $values) {
$mailto = ($values[2]);
$mailsubject = ''.$values[0].', please add me to your LinkedIn network';
$mailheaders = "From: test@test.com \r\n";
$mailheaders .= "Reply-To: test@test.com \r\n";
$mailheaders .= "MIME-Version: 1.0 \r\n";
$mailheaders .= "Content-Type: text/html; charset=ISO-8859-1 \r\n";
$mailmessage = '<body><div id="divid01" class="divclass01"> <div style="padding:0;margin:0 auto;width:100%!important;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif> <div style="overflow:hidden;color:transparent;width:0;font-size:0;opacity:0;height:0"> Hi '.$values[0].' '.$values[1].', I'd like to join your LinkedIn network. </div> <table style="background-color:#edf0f3;table-layout:fixed" width="100%" cellspacing="0" cellpadding="0" border="0" bgcolor="#EDF0F3" align="center"> <tbody> <tr> <td align="center"> <center style="width:100%"> <table class="phoenix-email-container" style="background-color:#ffffff;margin:0 auto;max-width:512px;width:inherit" width="512" cellspacing="0" cellpadding="0" border="0" bgcolor="#FFFFFF"> <tbody> <tr> <td style="background-color:#f6f8fa;padding:12px;border-bottom:1px solid #ececec" bgcolor="#F6F8FA"> <table style="width:100%!important;min-width:100%!important" width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td valign="middle" align="left"><a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#008cc9;display:inline-block;text-decoration:none" target="_blank"> <img alt="LinkedIn" src="https://alanberger.me.uk/test/LinkedinFooterLogo.png" style="outline:none;color:#ffffff;text-decoration:none" class="CToWUd" height="34" width="40" border="0"></a> </td> <td style="padding:0 0 0 10px" width="100%" valign="middle" align="right"><a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="margin:0;color:#008cc9;display:inline-block;text-decoration:none" target="_blank"> <span style="word-wrap:break-word;color:#4c4c4c;word-break:break-word;font-weight:400;font-size:14px;line-height:1.429">'.$values[0].' '.$values[1].'</span></a> </td> <td width="1"> </td> </tr> </tbody> </table> </td> </tr> <tr> <td> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td style="padding:24px 24px 36px 24px"> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td id="qatest-hero-headline" colspan="2" style="padding-bottom:12px" align="left"> <p style="margin:0;word-wrap:break-word;color:#4c4c4c;word-break:break-word;font-weight:400;font-size:16px;line-height:1.5">Hi '.$values[0].' '.$values[1].', I'd like to join your LinkedIn network.</p> </td> </tr> <tr> <td style="width:70px" width="70" valign="top"> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td id="qatest-hero-profilepic" style="padding:10px 24px 0 0"><a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#008cc9;display:inline-block;text-decoration:none" target="_blank"> <img src="https://alanberger.me.uk/test/donald-trump.png" alt="" style="border-radius:50%;outline:none;color:#ffffff;text-decoration:none" class="CToWUd" height="70" width="70"></a> </td> </tr> </tbody> </table> </td> <td style="padding-top:5px"> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td id="qatest-hero-profileinfo" valign="top"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#008cc9;display:inline-block;text-decoration:none" target="_blank"> <span style="word-wrap:break-word;color:#262626;word-break:break-word;font-weight:700;font-size:16px;line-height:1.5">Donald Trump</span></a> <p style="margin:0;word-wrap:break-word;color:#737373;word-break:break-word;font-weight:400;font-size:14px;line-height:1.429">POTUS</p> <p style="margin:0;color:#737373;font-weight:400;font-size:14px;line-height:1.429">Trump Tower</p> </td> </tr> <tr> <td dir="rtl" style="direction:rtl!important;text-align:left!important" align="left"> <span id="qatest-cta-accept" style="display:inline-block;margin-top:14px"> <table style="display:inline-block" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td valign="middle" align="center"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="word-wrap:normal;color:#008cc9;word-break:normal;white-space:nowrap;display:block;text-decoration:none" target="_blank"> <table width="auto" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td style="padding:6px 16px;color:#ffffff;font-weight:500;font-size:16px;border-color:#008cc9;background-color:#008cc9;border-radius:2px;border-width:1px;border-style:solid" bgcolor="#008CC9"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#ffffff;display:inline-block;text-decoration:none" target="_blank">Accept</a> </td> </tr> </tbody> </table> </a> </td> </tr> </tbody> </table> </span> <span id="qatest-cta-profile" style="display:inline-block;margin-top:14px;margin-right:12px"> <table style="display:inline-block" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td valign="middle" align="center"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="word-wrap:normal;color:#008cc9;word-break:normal;white-space:nowrap;display:block;text-decoration:none" target="_blank"> <table width="auto" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td style="border-radius:2px;padding:6px 16px;color:#4c4c4c;font-weight:500;font-size:16px;border-color:#737373;border-width:1px;border-style:solid"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#4c4c4c;display:inline-block;text-decoration:none" target="_blank">View profile</a> </td> </tr> </tbody> </table> </a> </td> </tr> </tbody> </table> </span> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> <tr> <td> <table style="background-color:#edf0f3;padding:0 24px;color:#999999;text-align:center" width="100%" cellspacing="0" cellpadding="0" border="0" bgcolor="#EDF0F3" align="center"> <tbody> <tr> <td style="padding:16px 0 0 0;text-align:center" align="center"> <table width="100%" cellspacing="0" cellpadding="0" border="0" align="center"> <tbody> <tr> <td style="padding:0 0 16px 0;vertical-align:middle;text-align:center" valign="middle" align="center"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#737373;text-decoration:underline;display:inline-block" target="_blank"> <span style="color:#737373;font-weight:400;text-decoration:underline;font-size:12px;line-height:1.333">Unsubscribe</span></a> | <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#737373;text-decoration:underline;display:inline-block" target="_blank"> <span style="color:#737373;font-weight:400;text-decoration:underline;font-size:12px;line-height:1.333">Help</span></a> </td> </tr> </tbody> </table> </td> </tr> <tr> <td> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td style="padding:0 0 12px 0;text-align:center" align="center"> <p style="margin:0;color:#737373;font-weight:400;font-size:12px;line-height:1.333">You are receiving Invitation emails.</p> </td> </tr> <tr> <td style="padding:0 0 12px 0;text-align:center" align="center"> <p style="margin:0;word-wrap:break-word;color:#737373;word-break:break-word;font-weight:400;font-size:12px;line-height:1.333">This email was intended for '.$values[0].' '.$values[1].' <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#737373;text-decoration:underline;display:inline-block" target="_blank">Learn why we included this.</a></p> </td> </tr> <tr> <td style="padding:0 0 8px 0;text-align:center" align="center"> <a href="https://www.linkedin.com/tracking.php?ref='.$tracker.'" style="color:#737373;text-decoration:underline;display:inline-block" target="_blank"> <img alt="LinkedIn" src="https://alanberger.me.uk/test/LinkedinHeaderLogo.png" style="outline:none;color:#ffffff;display:block;text-decoration:none" class="CToWUd" height="14" width="58" border="0"></a> </td> </tr> <tr> <td style="padding:0 0 12px 0;text-align:center" align="center"> <p style="margin:0;color:#737373;font-weight:400;font-size:12px;line-height:1.333">© 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.</p> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </center> </td> </tr> </tbody> </table> </div> </div></body>';
echo $mailto;
echo "<br>";
echo $mailheaders;
echo "<br>";
echo $mailsubject;
echo "<br>";
echo $mailmessage;
//mail($mailto, $mailsubject, $mailmessage, $mailheaders);
}
}
}
fclose($csvhandle);
?>
testuser01@alanberger.me.uk
From: test@test.com
Reply-To: test@test.com
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
al, please add me to your LinkedIn network
Hi al pha, I'd like to join your LinkedIn network.
| | | Hi al pha, I'd like to join your LinkedIn network. | | | | | | | | | | You are receiving Invitation emails. | | This email was intended for al pha Learn why we included this. |  | | © 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn. | | | |
testuser02@alanberger.me.uk
From: test@test.com
Reply-To: test@test.com
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
be, please add me to your LinkedIn network
Hi be ta, I'd like to join your LinkedIn network.
| | | Hi be ta, I'd like to join your LinkedIn network. | | | | | | | | | | You are receiving Invitation emails. | | This email was intended for be ta Learn why we included this. | | | | © 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn. | | | |
testuser03@alanberger.me.uk
From: test@test.com
Reply-To: test@test.com
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
char, please add me to your LinkedIn network
Hi char lie, I'd like to join your LinkedIn network.
| | | Hi char lie, I'd like to join your LinkedIn network. | | | | | | | | | | You are receiving Invitation emails. | | This email was intended for char lie Learn why we included this. | | | | © 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn. | | | |
testuser04@alanberger.me.uk
From: test@test.com
Reply-To: test@test.com
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
del, please add me to your LinkedIn network
Hi del ta, I'd like to join your LinkedIn network.
| | | Hi del ta, I'd like to join your LinkedIn network. | | | | | | | | | | You are receiving Invitation emails. | | This email was intended for del ta Learn why we included this. | | | | © 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn. | | | |
testuser05@alanberger.me.uk
From: test@test.com
Reply-To: test@test.com
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
ec, please add me to your LinkedIn network
Hi ec ho, I'd like to join your LinkedIn network.
| | | Hi ec ho, I'd like to join your LinkedIn network. | | | | | | | | | | You are receiving Invitation emails. | | This email was intended for ec ho Learn why we included this. | | | | © 2017 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn. | | | |
