Desktop Phishing Revealed
Let me tell you first what phishing is?
Phishing is a way to
steal the confidential information of end users by fooling them. As far I know,
in every way of phishing the end user gets fooled by varieties of techniques.
Actually in phishing a fake login page of the concerned website is created and
somehow it gets filled by the end users. There is a varieties of way the
hackers convince the end users. Sometime he may employee social engineering to
convince the end user. In social engineering the end users get message such as:
“Dear user, We are updating our
database so please click on the link below and update your information to avoid
suspension of your account.”
http://www.example.com/updateinfo.html"
Hence the
hacker tries to convince you in a varieties of way and steals your confidential
information and later he can blackmail you. Often the end user does not see
even the url and clicks on the url and enters the required information.
While exploring php I just got an idea to hack the desktop and then steal the login id and password of the end users. I got success also and I hacked a lot of accounts. Some of these are(x denotes a character which I don’t want to reveal.):
While exploring php I just got an idea to hack the desktop and then steal the login id and password of the end users. I got success also and I hacked a lot of accounts. Some of these are(x denotes a character which I don’t want to reveal.):
Email/Username Password
prabhats97@gmail.com Duxxxxxxre
sinebindi@gmail.com rxxxxxx23*
nishu_singh85@yahoo.com Nishuxxxxxxx
csesuraj2k10@gmail.com 900xxxxxxx
er.gaurav008@gmail.com 8877xxxx
amlesh.ak47@gmail.com $@r@xxxxx
rajkishorbit@gmail.com xx090xxx
lovelyg987@gmail.com xivixxx
jyotihans.92@gmail.com gxxrixxxxx
arvind.choco@gmail.com ellxxxxxti
farihaahmad6@gmail.com Xxxxactxxx
08smart@gmail.com rmkmistuxxx
supriyatuti@gmail.com sushixxxx
kumarneeraj.mit@gmail.com 98xxxx30
There are even more.
Which might be displayed soon.
So gear up to learn this and stay secure.
Whatever the url you type in the browser address bar at first hosts file is checked for the mapping of the particular url and associated ip address (in windows, it is located in C:\Windows\System32\drivers\etc). If the mapping of ip is not present in hosts file then a query is sent to DNS in order to lookup for the particular ip address associated with the url. The Basic idea of desktop phishing is to map the ip addresses for the concerned website with ip address where our phishing page is present and thus stealing the information. In this tutorial we will be creating a phishing page for facebook to hack facebook username and password.
At first copy the hosts file (in windows, it is located in C:\Windows\System32\drivers\etc) and paste it in some other place. Now open it then you will see the information like this:
Now add the two lines like this:
Now after doing this save the file. Now copy this file and replace the file in C:\Windows\System32\drivers\etc with this file.
Now download xampp server and install it following the instructions
provided in install shield. I installed in c:\. You see there is a htdocs
directory in i.e. “C:\xampp\htdocs\”. This is the directory where you place
your web application.
Open www.my3gb.com in browser and signup for a free account . Here we will be hosting
our main script to store the usernames and passwords.
Follow these steps carefully:
1)On opening www.my3gb.com, you will find the page shown below. Click
on the text Register to register for a free subdomain name.
2) Enter the required fields as shown in the figure. Remember The username you enter that will be your website url. e.g. if I for this example demo01.my3gb.com will be the url of your website.
On submission , you will be asked your further information as shown below. Fill all the required details and submit.
3) On submission you will get an email and activation link. Click
on the activation link to complete the registration. Now open www.my3gb.com and login with the username and
password you entered.
4) On login, you will be redirected to your website control panel which looks like this:
Now click on the File Manager icon and you will see file manager page where you need to upload your script.
5) The File Manager page
looks like the image shown below. Now delete the existing index.html
file.
6) Open notepad and type the following php code :
Replace the email id with your email id so as to receive an email containing username and password. Also a file with pass.txt will be created in the same web directory whenever one visits your website.
7)We have already
installed xampp. Now open htdocs(htdocs folder can be found where xampp is
installed) folder. Delete the existing index.php file from htdocs folder.
Now open www.facebook.com in
browser and press ctrl+s. Save page in htdocs folder as index.html. Open
index.html in any editor and search the word “action”. Change the value
of action with the value “demo01.my3gb.com”. Remember to change demo01 with the
username you used while registering on www.my3gb.com.
See the difference
in two images:
This is the phishing page of facebook which will hold email id and
password and send to demo01.my3gb.com where our php script will run
receiving the email id and password. The email id and password will be
sent to email id provided in the script and a file containing email id and
password will be created in the same directory . You can download this pass.txt
file and see the content in it.
8) Now when you type www.facebook.com in your browser, you will be
redirected to ip 127.0.0.1:80 which is xampp server ip address. But there we
have placed our phishing page in this directory, so user will get fooled and
enter the correct email id and password which will be sent to demo01.my3gb.com
. There password will be stored and the user will be redirected to https://www.0.facebook.com/login.php?login_attempt=1 . http://www.0.facebook.com is the another url of http://www.facebook.com.
One another url is m.facebook.com which is accesed through mobile
devices. Ofcourse you can open m.facebook.com in pc also.
I have tested this tutorial in my computer lab where windows xp is installed and this trick is working efficiently as you can see the username and partial passwords.
Have queries … ? Mail me or contact me on Facebook .
I have tested this tutorial in my computer lab where windows xp is installed and this trick is working efficiently as you can see the username and partial passwords.
Have queries … ? Mail me or contact me on Facebook .
This comment has been removed by the author.
ReplyDelete