Huwebes, Nobyembre 1, 2012

How to create a phishing website

Introduction:

                      Now, I'm gonna show you how does hackers make a phishing website. Which they use in getting emails' and passwords' from their victims. First, they spread emails pretending to be a website that says. "Your account is compromised. Please login to verify that you still own this account." I have a lot of that in my spam or junk of my email. Now back to the phishing website.

Requirements:


                      It is easy to create one. All you need is:

  1. A web hosting site that supports PHP. example: cwahi.net, 000webhost.com, etc.
  2. PHP scripts which you can download here. Link: http://www.mediafire.com/?d7e2591dybe0la2
  3. (Optional) Fake email address

Steps:

  1. Register on a web hosting site of your choice. Follow the instructions upon registration. And upload the necessary files.
  2. (Optional) Change the appearance of 'login.php' into what site do you want to fake.
  3. You're up to go!!!

Explanation:

                      The 'index.php' will be the default page of your website because of it's name 'index' (so don't rename it.). It will direct the victim to 'login.php' where they will be believed that they are not logged in on their account (BlindMind is not a website, it just comes off my mind.). After they log in with their accounts, 'login.php' will make the 'process.php' work. The 'process.php' will save the information given by the victim to a file named 'file.txt' (you can open it with any editor or in the browser). And then, the 'process.php' will leave the user with an error message. Saying that, "Our servers our offline by now, try again for the next 48 hours. If you are not able to login your account, please contact us". And when the victim starts to believe it (which will depend on how realistic your phishing website looks). They will wait for the time that you set to the real web site with their account. And because it is just a fake message they. They will be able to login to their accounts. And ignore the things that they met from your files. And you are there sitting on a corner, celebrating from the informations that you get from your victims.The format of email and password on 'file.txt' is. "email", "password".

                      The use of the fake email is for you to be able to spread out the word. Spam it throughout the internet. And make your victim believe that you are the admin of that site.

Example Website: http://moose1234.cwahi.net/

If you have any questions, just comment below.

Note: I don't know why but Cwahi is not letting 'process.php' to save the information. But this totally work, try it on a local server. Try WAMP or XAMPP.
Ipinaskil ni sa

Walang komento:

Mag-post ng isang Komento

Mag-subscribe sa: I-post ang Mga Komento (Atom)