Vatos Locos, let's go over the basics of phishing, figure out what's what and with what they all eat it. I remember that once I looked at this topic with skepticism and complete misunderstanding.
A bit of terminology
Phishing is a type of Internet fraud, the purpose of which is to gain access to confidential user data - logins and passwords.
Hosting is a service for providing resources for placing information on a server that is constantly on the network (usually the Internet).
Domain name - the symbolic name of the site
Practice
I'll show you on the example of hacking VK by phishing, well, a little SE.
The whole process is divided into three stages:
1) Creation of a fake site.
2) Create an account.
3) Divorce of the victim herself.
Stage one: creating a fake website
For this we need:
1) hosting;
2) domain name;
3) $ 5;
4) the files of our fake site;
1. Hosting
For hosting, it is best to choose little-known companies, because the system of tracking and data protection is less developed. The size of this hosting can be chosen not large. the site itself, which will be on it, weighs quite a bit. Most often, I use the services of the site hostinger.ru (not advertising), a company that offers free hosting up to 2GB and free domain names of the third level. We go there and create hosting.
2. Domain name
It is important to know that domains of the third and higher level, although free, are not suitable for phishing in most cases, since the link of this site has the structure fish.sites.ru (where fish is a third-level domain, sites is a second-level domain and ru - first level) and any social. the network or the same Gmail fires up this shop and when you click on the link, it immediately warns you about the transition to an unsafe site. Therefore, we take our money and register a second level domain. The registration operation is not complicated, it is not much different from the registration of the most ordinary email, with the only exception - instead of mail, we register the name of the site that we will use.
Regarding the creation of a domain name. As a rule, I create long names for my site, besides domain name registration is limited to 255 characters. And I choose the domain zone .XYZ in the final version I have: sdkkjfgnsdjlfgnbsdlffbvfflbvazldfbvslfhbvsthnb.xyz or something like that. Made in order to remove at least some suspicion that this is a phishing site. Roughly speaking, it looks like some kind of systemic link.
3. Files
There are many ways to do this:
There are a bunch of different CMS for creating one page sites.
Order a ready-made website for your needs.
Write yourself.
A powerful tool in terms of creating copies of sites is sold by the user TaganRock (And again, not advertising, I just want to buy myself for a long time).
The main thing is that the information that the victim enters into the fields is saved in the log file on this hosting, and then redirects the victim back to the site.
Phishing site for hacking VK
Bandits, I want to merge you an excellent script for collecting VK accounts. The script is tailored to the site for receiving prizes for attracting referrals, so people themselves will come to the site.
The script is without holes, everything works fine, here is the installation manual:
1. Upload files to the host (host-food.ru works stably, if it doesn't receive it, then use it)
2. Create a database
3. Fill in the database (in phpmyadmin) "MySQL.sql"
4. Go to the site along the path domain / install.php
5. Enter all the data there
6. We go to the admin panel at your site / admin with the data that you specified during installation
7. We go to VK at https://vk.com/apps?act=manage and create a Standalone application (we indicate everything as in the screenshot, specify your site address)
8. In the admin panel we indicate the application id and the secure key, also in the admin panel you can change the site data and a lot of interesting things
9. Congratulations, your site is phishing ready
10. You can check your linked accounts at the address: your site / load / yabazka.php
SCRIPT DOWNLOAD LINK - https://yadi.sk/d/slvq2Dxi3RDPFH
Collection of scripts for hacking VK
The collection contains many useful priblud and scripts for hacking VK.
Download link - https://cloud.mail.ru/public/MH4g/drrJYuL4N
Password - blackbiz
So, at this stage we have a ready-made fish. a site that records all the information that the victim fills in and redirects him back to the original site.
Stage two: creating an account
I will explain using the example of hacking VK, but it will not be so difficult to rebuild this method for hacking mail.
So, we register a user in VK. We give him some neutral name. For example, Vasily Ivanov. Next, we put a picture from the support service on the avatar. Then go to "my groups" and create a public page called "Support Agent" or "Notification". We assign an avatar to the group, if this is a "notification" or something similar, then we put the gramophone icon on the autark, and for the "support agent", respectively. I would like to note right away. Such names in VK are no longer such a rarity, since the topic with VK is already used by many people, so create something individual so that you and your public page are not blocked in VK. Here's what it looks like:
To hack mail, you will need to create a corporate mail that looks like site support. For example: [email protected]
Stage Three: Divorce of the Victim
The first thing we do is shorten the link. There are a lot of different services for shortening links. For VK, I prefer vk.cc after shortening, our link looks like vk.cc/ghklb, you must agree that the link now looks more humane. Next, we type the text to which the victim will not remain indifferent.
For example:
Your personal link: vk.cc/ghklb (the link is just the one we created in the first step).
We place this text on a public page.
The trick is that when we enter the victim's id and conclude this case in "dogs", then this message that we wrote is displayed for the victim not in messages, but in responses. And it is sent from the group that we created, from the "notifications" or from the "VK support agent" or whatever you think of. Thus, even if the victim has their HP closed, she will still see this message. And if it is written correctly, then in a fairly large percentage of cases the victim will follow the link. Further, a matter of technology, the victim sees the fields for entering the login and password, enters them there and presses the "confirm" button. The site saves username and password. And throws the victim back into the messages. After that, we check if the data has been entered correctly.
A bit of terminology
Phishing is a type of Internet fraud, the purpose of which is to gain access to confidential user data - logins and passwords.
Hosting is a service for providing resources for placing information on a server that is constantly on the network (usually the Internet).
Domain name - the symbolic name of the site
Practice
I'll show you on the example of hacking VK by phishing, well, a little SE.
The whole process is divided into three stages:
1) Creation of a fake site.
2) Create an account.
3) Divorce of the victim herself.
Stage one: creating a fake website
For this we need:
1) hosting;
2) domain name;
3) $ 5;
4) the files of our fake site;
1. Hosting
For hosting, it is best to choose little-known companies, because the system of tracking and data protection is less developed. The size of this hosting can be chosen not large. the site itself, which will be on it, weighs quite a bit. Most often, I use the services of the site hostinger.ru (not advertising), a company that offers free hosting up to 2GB and free domain names of the third level. We go there and create hosting.
2. Domain name
It is important to know that domains of the third and higher level, although free, are not suitable for phishing in most cases, since the link of this site has the structure fish.sites.ru (where fish is a third-level domain, sites is a second-level domain and ru - first level) and any social. the network or the same Gmail fires up this shop and when you click on the link, it immediately warns you about the transition to an unsafe site. Therefore, we take our money and register a second level domain. The registration operation is not complicated, it is not much different from the registration of the most ordinary email, with the only exception - instead of mail, we register the name of the site that we will use.
Regarding the creation of a domain name. As a rule, I create long names for my site, besides domain name registration is limited to 255 characters. And I choose the domain zone .XYZ in the final version I have: sdkkjfgnsdjlfgnbsdlffbvfflbvazldfbvslfhbvsthnb.xyz or something like that. Made in order to remove at least some suspicion that this is a phishing site. Roughly speaking, it looks like some kind of systemic link.
3. Files
There are many ways to do this:
There are a bunch of different CMS for creating one page sites.
Order a ready-made website for your needs.
Write yourself.
A powerful tool in terms of creating copies of sites is sold by the user TaganRock (And again, not advertising, I just want to buy myself for a long time).
The main thing is that the information that the victim enters into the fields is saved in the log file on this hosting, and then redirects the victim back to the site.
Phishing site for hacking VK
Bandits, I want to merge you an excellent script for collecting VK accounts. The script is tailored to the site for receiving prizes for attracting referrals, so people themselves will come to the site.
The script is without holes, everything works fine, here is the installation manual:
1. Upload files to the host (host-food.ru works stably, if it doesn't receive it, then use it)
2. Create a database
3. Fill in the database (in phpmyadmin) "MySQL.sql"
4. Go to the site along the path domain / install.php
5. Enter all the data there
6. We go to the admin panel at your site / admin with the data that you specified during installation
7. We go to VK at https://vk.com/apps?act=manage and create a Standalone application (we indicate everything as in the screenshot, specify your site address)
8. In the admin panel we indicate the application id and the secure key, also in the admin panel you can change the site data and a lot of interesting things
9. Congratulations, your site is phishing ready
10. You can check your linked accounts at the address: your site / load / yabazka.php
SCRIPT DOWNLOAD LINK - https://yadi.sk/d/slvq2Dxi3RDPFH
Collection of scripts for hacking VK
The collection contains many useful priblud and scripts for hacking VK.
Download link - https://cloud.mail.ru/public/MH4g/drrJYuL4N
Password - blackbiz
So, at this stage we have a ready-made fish. a site that records all the information that the victim fills in and redirects him back to the original site.
Stage two: creating an account
I will explain using the example of hacking VK, but it will not be so difficult to rebuild this method for hacking mail.
So, we register a user in VK. We give him some neutral name. For example, Vasily Ivanov. Next, we put a picture from the support service on the avatar. Then go to "my groups" and create a public page called "Support Agent" or "Notification". We assign an avatar to the group, if this is a "notification" or something similar, then we put the gramophone icon on the autark, and for the "support agent", respectively. I would like to note right away. Such names in VK are no longer such a rarity, since the topic with VK is already used by many people, so create something individual so that you and your public page are not blocked in VK. Here's what it looks like:
To hack mail, you will need to create a corporate mail that looks like site support. For example: [email protected]
Stage Three: Divorce of the Victim
The first thing we do is shorten the link. There are a lot of different services for shortening links. For VK, I prefer vk.cc after shortening, our link looks like vk.cc/ghklb, you must agree that the link now looks more humane. Next, we type the text to which the victim will not remain indifferent.
For example:
Your personal link: vk.cc/ghklb (the link is just the one we created in the first step).
We place this text on a public page.
The trick is that when we enter the victim's id and conclude this case in "dogs", then this message that we wrote is displayed for the victim not in messages, but in responses. And it is sent from the group that we created, from the "notifications" or from the "VK support agent" or whatever you think of. Thus, even if the victim has their HP closed, she will still see this message. And if it is written correctly, then in a fairly large percentage of cases the victim will follow the link. Further, a matter of technology, the victim sees the fields for entering the login and password, enters them there and presses the "confirm" button. The site saves username and password. And throws the victim back into the messages. After that, we check if the data has been entered correctly.
