I’ve seen lot of social engineering / phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing.
So lets see how can we trick people into clicking on that link.
Now if you click the above link using Firefox browser – you will get a notification that you are about to login to hacking.cool as “www.microsoft.com”. That’s essentially the trick.
This is the URL format from the official RFC document:
Now, there are some reserved characters there, so you can’t put ‘/’ or ‘?’ symbols. However, lets try to find substitutes for them?
| / | ⁄ | ̸ | ∕ | ╱ | / | ノ |
| 0x2f | 0x2044 | 0x338 | 0x2215 | 0x2571 | 0xff0f | 0xff89 |
Looks pretty! Lets see how our website looks with the addition of the alternative slashes! Also, now that we got our fancy slashes – we can dress up our URLs a bit more 🙂
https://www.microsoft.com/en-us/account/@hacking.coolhttps://www.microsoft.com⁄en-us⁄account⁄@hacking.cool
https://www.microsoft.com̸en-us̸account̸@hacking.cool
https://www.microsoft.com∕en-us∕account∕@hacking.cool
https://www.microsoft.com╱en-us╱account╱@hacking.cool
https://www.microsoft.com/en-us/account/@hacking.cool
https://www.microsoft.comノen-usノaccountノ@hacking.cool
As you may have noticed, the first link leads to microsoft.com because we use the ordinary ‘/’ slash, however, the other links are looking GOOD! Of course, some look better than the others, but they do point to hacking.cool. And that’s the trick.
But still…we got that ‘hacking.cool’ – unsavory name that may upset some folks in a respected society. So what should we do? Lets encode it.
In an encoded format our ‘hacking.cool’ url would look like: %68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
https://www.microsoft.com/en-us/account/%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6chttps://www.microsoft.com⁄en-us⁄account⁄%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
https://www.microsoft.com̸en-us̸account̸%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
https://www.microsoft.com∕en-us∕account∕%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
https://www.microsoft.com╱en-us╱account╱%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
https://www.microsoft.com/en-us/account/%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
https://www.microsoft.comノen-usノaccountノ%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c
Imagine how many people will fall for this.
Here more: ⁁ ⼃ ⁄ Ⳇ ⟋ ノ / ╱ ㇓ 〳 ᜵ ∕ ⧸ 𝈺 丿