Programming Geek
Rated 4.1/5 based on 446 reviews

Desktop Phishing Revealed


Desktop Phishing Revealed


Let me tell you first what phishing is?
Phishing is a way to steal the confidential information of end users by fooling them. As far I know, in every way of phishing the end user gets fooled by varieties of techniques. Actually in phishing a fake login page of the concerned website is created and somehow it gets filled by the end users. There is a varieties of way the hackers convince the end users. Sometime he may employee social engineering to convince the end user. In social engineering the end users get message such as:


          “Dear user, We are updating our database so please click on the link below and update your information to avoid suspension of your account.”
          http://www.example.com/updateinfo.html"


 Hence the hacker tries to convince you in a varieties of way and steals your confidential information and later he can blackmail you. Often the end user does not see even the url and clicks on the url and enters the required information.

While exploring php I just got an idea to hack the desktop and then steal the login id and password of the end users. I got success also and I hacked a lot of accounts. Some of these are(x denotes a character which I don’t want to reveal.):


          Email/Username                                              Password


          prabhats97@gmail.com                                  Duxxxxxxre


          sinebindi@gmail.com                                      rxxxxxx23*


          nishu_singh85@yahoo.com                           Nishuxxxxxxx


          csesuraj2k10@gmail.com                              900xxxxxxx


          er.gaurav008@gmail.com                              8877xxxx


          amlesh.ak47@gmail.com                                $@r@xxxxx


          rajkishorbit@gmail.com                                 xx090xxx


          lovelyg987@gmail.com                                  xivixxx


          jyotihans.92@gmail.com                                gxxrixxxxx


          arvind.choco@gmail.com                               ellxxxxxti


          farihaahmad6@gmail.com                             Xxxxactxxx


          08smart@gmail.com                                       rmkmistuxxx


          supriyatuti@gmail.com                                  sushixxxx


          kumarneeraj.mit@gmail.com                        98xxxx30


There are even more. Which might be displayed soon.


 So gear up to learn this and stay secure.

Whatever the url you type in the browser address bar at first hosts file is checked for the mapping of the particular url and associated ip address (in windows, it is located in C:\Windows\System32\drivers\etc). If the mapping of ip is not present in hosts file then a query is sent to DNS in order to lookup for the particular ip address associated with the url. The Basic idea of desktop phishing is to map the ip addresses for the concerned website with ip address where our phishing page is present and thus stealing the information. In this tutorial we will be creating a phishing page for facebook to hack facebook username and password.

At first copy the hosts file (in windows, it is located in C:\Windows\System32\drivers\etc) and paste it in some other place. Now open it then you will see the information like this:







Now add the two lines like this:





Now after doing this save the file. Now copy this file and replace the file in C:\Windows\System32\drivers\etc with this file.



Now download xampp server and install it following the instructions provided in install shield. I installed in c:\. You see there is a htdocs directory in i.e. “C:\xampp\htdocs\”. This is the directory where you place your web application.


Open www.my3gb.com in browser and signup for a free account . Here we will be hosting our main script to store the usernames and passwords. Follow these steps carefully:

1)On opening www.my3gb.com, you will find the page shown below. Click on the text Register to register for a free subdomain name.


 




2) Enter the required fields as shown in the figure. Remember The username you enter that will be your website url. e.g. if I for this example demo01.my3gb.com will be the url of your website.





On submission , you will be asked your further information as shown below. Fill all the required details and submit.




 



3) On submission you will get an email and activation link. Click on the activation link to complete the registration. Now open www.my3gb.com and login with the username and password you entered.





4) On login, you will be redirected to your website control panel which looks like this:







 Now click on the File Manager icon and you will see file manager page where you need to upload your script.


5) The File Manager page looks like the image shown below. Now delete the existing index.html file. 






6) Open notepad and type the following php code :








Replace the email id with your email id so as to receive an email containing username and password. Also a file with pass.txt will be created in the same web directory whenever one visits your website.


7)We have already installed xampp. Now open htdocs(htdocs folder can be found where xampp is installed) folder. Delete the existing index.php file from htdocs folder.  Now open www.facebook.com in browser and press ctrl+s. Save page in htdocs folder as index.html. Open index.html in any editor and search the word  “action”. Change the value of action with the value “demo01.my3gb.com”. Remember to change demo01 with the username you used while registering on www.my3gb.com.


See the difference in two images:











This is the phishing page of facebook which will hold email id and password and send to demo01.my3gb.com where our php script will run receiving  the email id and password. The email id and password will be sent to email id provided in the script and a file containing email id and password will be created in the same directory . You can download this pass.txt file and see the content in it.



8) Now when you type www.facebook.com in your browser, you will be redirected to ip 127.0.0.1:80 which is xampp server ip address. But there we have placed our phishing page in this directory, so user will get fooled and enter the correct email id and password which will be sent to demo01.my3gb.com . There password will be stored and the user will be redirected to https://www.0.facebook.com/login.php?login_attempt=1 . http://www.0.facebook.com is the another url of http://www.facebook.com. One another  url is m.facebook.com which is accesed through mobile devices. Ofcourse you can open m.facebook.com in pc also.

I have tested this tutorial in my computer lab where windows xp is installed and this trick is working efficiently as you can see  the username and partial passwords.

Have queries … ? Mail me or contact me on Facebook .