In this scenario we want to bypass the e-mail filtering and go straight for the Domain Credentials of the target(s) in Scope. There are several options out there, so please note this is just a generic and simple one for those hungry for a quick idea. Form HTML Code that you would add to your cloned site will look something like this:
Next we need to create the login.php script. This will depend on how you would like the credentials stored. I will post the examples for both E-mail Delivery and Save-to-file options:
You will want to create the credentials.txt file and place it in the same folder as your index.html and login.php files.
NOTE: If you choose to write the credentials to a file, it is advised that you have a robots.txt file to disallow spidering and discovery of the site, as well as implement another control in order to reduce or stop the risk of exposing the file to the public. Because the .txt file is directly referenced in the code, it can still be easily found. This is a high risk for potentially exposing client data. It is recommended that you utilize folder restriction; otherwise, we do not recommend this method.